diff options
Diffstat (limited to 'contrib/sendmail/RELEASE_NOTES')
| -rw-r--r-- | contrib/sendmail/RELEASE_NOTES | 8977 |
1 files changed, 0 insertions, 8977 deletions
diff --git a/contrib/sendmail/RELEASE_NOTES b/contrib/sendmail/RELEASE_NOTES deleted file mode 100644 index 16a2d98a3f5d..000000000000 --- a/contrib/sendmail/RELEASE_NOTES +++ /dev/null @@ -1,8977 +0,0 @@ - SENDMAIL RELEASE NOTES - $Id: RELEASE_NOTES,v 8.1340.2.132 2003/03/29 14:02:26 ca Exp $ - - -This listing shows the version of the sendmail binary, the version -of the sendmail configuration files, the date of release, and a -summary of the changes in that release. - -8.12.9/8.12.9 2003/03/29 - SECURITY: Fix a buffer overflow in address parsing due to - a char to int conversion problem which is potentially - remotely exploitable. Problem found by Michal Zalewski. - Note: an MTA that is not patched might be vulnerable to - data that it receives from untrusted sources, which - includes DNS. - To provide partial protection to internal, unpatched sendmail MTAs, - 8.12.9 changes by default (char)0xff to (char)0x7f in - headers etc. To turn off this conversion compile with - -DALLOW_255 or use the command line option -d82.101. - To provide partial protection for internal, unpatched MTAs that may be - performing 7->8 or 8->7 bit MIME conversions, the default - for MaxMimeHeaderLength has been changed to 2048/1024. - Note: this does have a performance impact, and it only - protects against frontal attacks from the outside. - To disable the checks and return to pre-8.12.9 defaults, - set MaxMimeHeaderLength to 0/0. - Do not complain about -ba when submitting mail. Problem noted - by Derek Wueppelmann. - Fix compilation with Berkeley DB 1.85 on systems that do not - have flock(2). Problem noted by Andy Harper of Kings - College London. - Properly initialize data structure for dns maps to avoid various - errors, e.g., looping processes. Problem noted by - Maurice Makaay. - CONFIG: Prevent multiple application of rule to add smart host. - Patch from Andrzej Filip. - CONFIG: Fix queue group declaration in MAILER(`usenet'). - CONTRIB: buildvirtuser: New option -t builds the virtusertable - text file instead of the database map. - Portability: - Revert wrong change made in 8.12.7 and actually use the - builtin getopt() version in sendmail on Linux. - This can be overridden by using -DSM_CONF_GETOPT=0 - in which case the OS supplied version will be used. - -8.12.8/8.12.8 2003/02/11 - SECURITY: Fix a remote buffer overflow in header parsing by - dropping sender and recipient header comments if the - comments are too long. Problem noted by Mark Dowd - of ISS X-Force. - Fix a potential non-exploitable buffer overflow in parsing the - .cf queue settings and potential buffer underflow in - parsing ident responses. Problem noted by Yichen Xie of - Stanford University Compilation Group. - Fix ETRN #queuegroup command: actually start a queue run for - the selected queue group. Problem noted by Jos Vos. - If MaxMimeHeaderLength is set and a malformed MIME header is fixed, - log the fixup as "Fixed MIME header" instead of "Truncated - MIME header". Problem noted by Ian J Hart. - CONFIG: Fix regression bug in proto.m4 that caused a bogus - error message: "FEATURE() should be before MAILER()". - MAIL.LOCAL: Be more explicit in some error cases, i.e., whether - a mailbox has more than one link or whether it is not - a regular file. Patch from John Beck of Sun Microsystems. - -8.12.7/8.12.7 2002/12/29 - Properly clean up macros to avoid persistence of session data - across various connections. This could cause session - oriented restrictions, e.g., STARTTLS requirements, - to erroneously allow a connection. Problem noted - by Tim Maletic of Priority Health. - Do not lookup MX records when sorting the MSP queue. The MSP - only needs to relay all mail to the MTA. Problem found - by Gary Mills of the University of Manitoba. - Do not restrict the length of connection information to 100 - characters in some logging statements. Problem noted by - Erik Parker. - When converting an enhanced status code to an exit status, use - EX_CONFIG if the first digit is not 2, 4, or 5 or if *.1.5 - is used. - Reset macro $x when receiving another MAIL command. Problem - noted by Vlado Potisk of Wigro s.r.o. - Don't bother setting the permissions on the build area statistics - file, the proper permissions will be put on the file at - install time. This fixes installation over NFS for some - users. Problem noted by Martin J. Dellwo of 3-Dimensional - Pharmaceuticals, Inc. - Fix problem of decoding SASLv2 encrypted data. Problem noted by - Alex Deiter of Mobile TeleSystems, Komi Republic. - Log milter socket open errors at MilterLogLevel 1 or higher instead - of 11 or higher. - Print early system errors to the console instead of silently - exiting. Problem noted by James Jong of IBM. - Do not process a queue group if Runners is set to 0, regardless - of whether F=f or sendmail is run in verbose mode (-v). - The use of -qGname will still force queue group "name" - to be run even if Runners=0. - Change the level for logging the fact that a daemon is refusing - connections due to high load from LOG_INFO to LOG_NOTICE. - Patch from John Beck of Sun Microsystems. - Use location information for submit.cf from NetInfo - (/locations/sendmail/submit.cf) if available. - Re-enable ForkEachJob which was lost in 8.12.0. Problem noted by - Neil Rickert of Northern Illinois University. - Make behavior of /canon in debug mode consistent with usage in - rulesets. Patch from Shigeno Kazutaka of IIJ. - Fix a potential memory leak in envelope splitting. Problem noted - by John Majikes of IBM. - Do not try to share an mailbox database LDAP connection across - different processes. Problem noted by Randy Kunkee. - Fix logging for undelivered recipients when the SMTP connection - times out during message collection. Problem noted by Neil - Rickert of Northern Illinois University. - Avoid problems with QueueSortOrder=random due to problems with - qsort() on Solaris (and maybe some other operating systems). - Problem noted by Stephan Schulz of Gruner+Jahr.. - If -f "" is specified, set the sender address to "<>". Problem - noted by Matthias Andree. - Fix formatting problem of footnotes for plain text output on some - versions of tmac. Patch from Per Hedeland. - Portability: - Berkeley DB 4.1 support (requires at least 4.1.25). - Some getopt(3) implementations in GNU/Linux are broken - and pass a NULL pointer to an option which requires - an argument, hence the builtin version of - sendmail is used instead. This can be overridden - by using -DSM_CONF_GETOPT=0. Problem noted by - Vlado Potisk of Wigro s.r.o. - Support for nph-1.2.0 from Mark D. Roth of the University - of Illinois at Urbana-Champaign. - Support for FreeBSD 5.0's MAC labeling from Robert Watson - of the TrustedBSD Project. - Support for reading the number of processors on an IRIX - system from Michel Bourget of SGI. - Support for UnixWare 7.1 based on input from Larry Rosenman. - Interix support from Nedelcho Stanev of Atlantic Sky - Corporation. - Update Mac OS X/Darwin portability from Wilfredo Sanchez. - CONFIG: Enforce tls_client restrictions even if delay_checks - is used. Problem noted by Malte Starostik. - CONFIG: Deal with an empty hostname created via bogus - DNS entries to get around access restrictions. - Problem noted by Kai Schlichting. - CONFIG: Use FEATURE(`msp', `[127.0.0.1]') in submit.mc by default - to avoid problems with hostname resolution for localhost - which on many systems does not resolve to 127.0.0.1 (or - ::1 for IPv6). If you do not use IPv4 but only IPv6 then - you need to change submit.mc accordingly, see the comment - in the file itself. - CONFIG: Set confDONT_INIT_GROUPS to True in submit.mc to avoid - error messages from initgroups(3) on AIX 4.3 when sending - mail to non-existing users. Problem noted by Mark Roth of - the University of Illinois at Urbana-Champaign. - CONFIG: Allow local_procmail to override local_lmtp settings. - CONFIG: Always allow connections from 127.0.0.1 or IPv6:::1 to - relay. - CONTRIB: cidrexpand: Deal with the prefix tags that may be included - in access_db. - CONTRIB: New version of doublebounce.pl contributed by Leo Bicknell. - LIBMILTER: On Solaris libmilter may get into an endless loop if - an error in the communication from/to the MTA occurs. - Patch from Gurusamy Sarathy of Active State. - LIBMILTER: Ignore EINTR from sigwait(3) which may happen on Tru64. - Patch from from Jose Marcio Martins da Cruz of Ecole - Nationale Superieure des Mines de Paris. - MAIL.LOCAL: Fix a truncation race condition if the close() on - the mailbox fails. Problem noted by Tomoko Fukuzawa of - Sun Microsystems. - MAIL.LOCAL: Fix a potential file descriptor leak if mkstemp(3) - fails. Patch from John Beck of Sun Microsystems. - SMRSH: SECURITY: Only allow regular files or symbolic links to be - used for a command. Problem noted by David Endler of - iDEFENSE, Inc. - New Files: - devtools/OS/Interix - include/sm/bdb.h - -8.12.6/8.12.6 2002/08/26 - Do not add the FallbackMXhost (or its MX records) to the list - returned by the bestmx map when -z is used as option. - Otherwise sendmail may act as an open relay if FallbackMXhost - and FEATURE(`relay_based_on_MX') are used together. - Problem noted by Alexander Ignatyev. - Properly split owner- mailing list messages when SuperSafe is set - to interactive. Problem noted by Todd C. Miller of - Courtesan Consulting. - Make sure that an envelope is queued in the selected queue group - even if some recipients are deleted or invalid. Problem - found by Chris Adams of HiWAAY Informations Services. - Do not send a bounce message if a message is completely collected - from the SMTP client. Problem noted by Kari Hurtta of the - Finnish Meteorological Institute. - Provide an 'install-submit-st' target for sendmail/Makefile to - install the MSP statistics file using the file named in the - confMSP_STFILE devtools variable. Requested by Jeff - Earickson of Colby College. - Queue up mail with a temporary error if setusercontext() fails - during a delivery attempt. Patch from Todd C. Miller of - Courtesan Consulting. - Fix handling of base64 encoded client authentication data for - SMTP AUTH. Patch from Elena Slobodnik of life medien GmbH. - Set the OpenLDAP option LDAP_OPT_RESTART so the client libraries - restart interrupted system calls. Problem noted by Luiz - Henrique Duma of BSIOne. - Prevent a segmentation fault if a program passed a NULL envp using - execve(). - Document a problem with the counting of queue runners that may - cause delays if MaxQueueChildren is set too low. Problem - noted by Ian Duplisse of Cable Television Laboratories, Inc. - If discarding a message based on a recipient, don't try to look up - the recipient in the mailbox database if F=w is set. This - allows users to discard bogus recipients when dealing with - spammers without tipping them off. Problem noted by Neil - Rickert of Northern Illinois University. - If applying a header check to a header with unstructured data, - e.g., Subject:, then do not run syntax checks that are - supposed for addresses on the header content. - Count messages rejected/discarded via the check_data ruleset. - Portability: - Fix compilation on systems which do not allow simple - copying of the variable argument va_list. Based on - fix from Scott Walters. - Fix NSD map open bug. From Michel Bourget of SGI. - Add some additional IRIX shells to the default shell - list. From Michel Bourget of SGI. - Fix compilation issues on Mac OS X 10.2 (Darwin 6.0). - NETISO support has been dropped. - CONFIG: There was a seemingly minor change in 8.12.4 with respect - to handling entries of IP nets/addresses with RHS REJECT. - These would be rejected in check_rcpt instead of only - being activated in check_relay. This change has been made to - avoid potential bogus temporary rejection of relay attempts - "450 4.7.1 Relaying temporarily denied. Cannot resolve PTR - record for ..." if delay_checks is enabled. However, this - modification causes a change of behavior if an IP net/address - is listed in the access map with REJECT and a host/domain - name is listed with OK or RELAY, hence it has been reversed - such that the behavior of 8.12.3 is restored. The original - change was made on request of Neil Rickert of Northern - Illinois University, the side effect has been found by - Stefaan Van Hoornick. - CONFIG: Make sure delay_checks works even for sender addresses - using the local hostname ($j) or domains in class {P}. - Based on patch from Neil Rickert of Northern Illinois - University. - CONFIG: Fix temporary error handling for LDAP Routing lookups. - Fix from Andrzej Filip. - CONTRIB: New version of etrn.pl script and external man page - (etrn.0) from John Beck of Sun Microsystems. - LIBMILTER: Protect a free(3) operation from being called with a - NULL pointer. Problem noted by Andrey J. Melnikoff. - LIBMILTER: Protect against more interrupted select() calls. Based - on patch from Jose Marcio Martins da Cruz of Ecole Nationale - Superieure des Mines de Paris. - New Files: - contrib/etrn.0 - -8.12.5/8.12.5 2002/06/25 - SECURITY: The DNS map can cause a buffer overflow if the user - specifies a dns map using TXT records in the configuration - file and a rogue DNS server is queried. None of the - sendmail supplied configuration files use this option hence - they are not vulnerable. Problem noted independently by - Joost Pol of PINE Internet and Anton Rang of Sun Microsystems. - Unprintable characters in responses from DNS servers for the DNS - map type are changed to 'X' to avoid potential problems - with rogue DNS servers. - Require a suboption when setting the Milter option. Problem noted - by Bryan Costales. - Do not silently overwrite command line settings for - DirectSubmissionModifiers. Problem noted by Bryan - Costales. - Prevent a segmentation fault when clearing the event list by - turning off alarms before checking if event list is - empty. Problem noted by Allan E Johannesen of Worcester - Polytechnic Institute. - Close a potential race condition in transitioning a memory buffered - file onto disk. From Janani Devarajan of Sun Microsystems. - Portability: - Include paths.h on Linux systems running glibc 2.0 or later - to get the definition for _PATH_SENDMAIL, used by - rmail and vacation. Problem noted by Kevin - A. McGrail of Peregrine Hardware. - NOTE: Linux appears to have broken flock() again. Unless - the bug is fixed before sendmail 8.13 is shipped, - 8.13 will change the default locking method to - fcntl() for Linux kernel 2.4 and later. You may - want to do this in 8.12 by compiling with - -DHASFLOCK=0. Be sure to update other sendmail - related programs to match locking techniques. - -8.12.4/8.12.4 2002/06/03 - SECURITY: Inherent limitations in the UNIX file locking model - can leave systems open to a local denial of service - attack. Be sure to read the "FILE AND MAP PERMISSIONS" - section of the top level README for more information. - Problem noted by lumpy. - Use TempFileMode (defaults to 0600) for the permissions of PidFile - instead of 0644. - Change the default file permissions for new alias database files - from 0644 to 0640. This can be overridden at compile time - by setting the DBMMODE macro. - Fix a potential core dump problem if the environment variable - NAME is set. Problem noted by Beth A. Chaney of - Purdue University. - Expand macros before passing them to libmilter. Problem noted - by Jose Marcio Martins da Cruz of Ecole Nationale - Superieure des Mines de Paris. - Rewind the df (message body) before truncating it when libmilter - replaces the body of a message. Problem noted by Gisle Aas - of Active State. - Change SMTP reply code for AUTH failure from 500 to 535 and the - initial zero-length response to "=" per RFC 2554. Patches - from Kenneth Murchison of Oceana Matrix Ltd. - Do not try to fix broken message/rfc822 MIME attachments by - inserting a MIME-Version: header when MaxMimeHeaderLength - is set and no 8 to 7 bit conversion is needed. Based on - patch from Rehor Petr of ICZ (Czech Republic). - Do not log "did not issue MAIL/EXPN/VRFY/ETRN" if the connection - is rejected anyway. Noted by Chris Loelke. - Mention the submission mail queue in the mailq man page. Requested - by Bill Fenner of AT&T. - Set ${msg_size} macro when reading a message from the command line - or the queue. - Detach from shared memory before dropping privileges back to - user who started sendmail. - If AllowBogusHELO is set to false (default) then also complain if - the argument to HELO/EHLO contains white space. Suggested - by Seva Gluschenko of Cronyx Plus. - Allow symbolicly linked forward files in writable directory paths - if both ForwardFileInUnsafeDirPath and - LinkedForwardFileInWritableDir DontBlameSendmail options - are set. Problem noted by Werner Spirk of - Leibniz-Rechenzentrum Munich. - Portability: - Operating systems that lack the ftruncate() call will not - be able to use Milter's body replacement feature. - This only affects Altos, Maxion, and MPE/iX. - Digital UNIX 5.0 has changed flock() semantics to be - non-compliant. Problem noted by Martin Mokrejs of - Charles University in Prague. - The sparc64 port of FreeBSD 5.0 now supports shared - memory. - CONFIG: FEATURE(`preserve_luser_host') needs the macro map. - Problem noted by Andrzej Filip. - CONFIG: Using 'local:' as a mailertable value with - FEATURE(`preserve_luser_host') and LUSER_RELAY caused mail - to be misaddressed. Problem noted by Andrzej Filip. - CONFIG: Provide a workaround for DNS based rejection lists that - fail for AAAA queries. Problem noted by Chris Boyd. - CONFIG: Accept the machine's hostname as resolvable when checking - the sender address. This allows locally submitted mail to - be accepted if the machine isn't connected to a nameserver - and doesn't have an /etc/hosts entry for itself. Problem - noted by Robert Watson of the TrustedBSD Project. - CONFIG: Use deferred expansion for checking the ${deliveryMode} - macro in case the SMTP VERB command is used. Problem - noted by Bryan Costales. - CONFIG: Avoid a duplicate '@domain' virtusertable lookup if no - matches are found. Fix from Andrzej Filip. - CONFIG: Fix wording in default dnsbl rejection message. Suggested - by Lou Katz of Metron Computerware, Ltd. - CONFIG: Add mailer cyrusv2 for Cyrus V2. Contributed by - Kenneth Murchison of Oceana Matrix Ltd. - CONTRIB: Fix wording in default dnsblaccess rejection message to - match dnsbl change. - DEVTOOLS: Add new option for access mode of statistics file, - confSTMODE, which specifies the permissions when initially - installing the sendmail statistics file. - LIBMILTER: Mark the listening socket as close-on-exec in case - a user's filter starts other applications. - LIBSM: Allow the MBDB initialize, lookup, and/or terminate - functions in SmMbdbTypes to be set to NULL. - MAKEMAP: Change the default file permissions for new databases from - 0644 to 0640. This can be overridden at compile time - by setting the DBMMODE macro. - SMRSH: Fix man page bug: replace SMRSH_CMDBIN with SMRSH_CMDDIR. - Problem noted by Dave Alden of Ohio State University. - VACATION: When listing the vacation database (-l), don't show - bogus timestamps for excluded (-x) addresses. Problem - noted by Bryan Costales. - New Files: - cf/mailer/cyrusv2.m4 - -8.12.3/8.12.3 2002/04/05 - NOTICE: In general queue files should not be moved if queue groups - are used. In previous versions this could cause mail - not to be delivered if a queue file is repeatedly moved - by an external process whenever sendmail moved it back - into the right place. Some precautions have been taken - to avoid moving queue files if not really necessary. - sendmail may use links to refer to queue files and it - may store the path of data files in queue files. Hence - queue files should not be moved unless those internals - are understood and the integrity of the files is not - compromised. Problem noted by Anne Bennett of Concordia - University. - If an error mail is created, and the mail is split across different - queue directories, and SuperSafe is off, then write the mail - to disk before splitting it, otherwise an assertion is - triggered. Problem tracked down by Henning Schmiedehausen - of INTERMETA. - Fix possible race condition that could cause sendmail to forget - running queues. Problem noted by Jeff Wasilko of smoe.org. - Handle bogus qf files better without triggering assertions. - Problem noted by Guy Feltin. - Protect against interrupted select() call when enforcing Milter - read and write timeouts. Patch from Gurusamy Sarathy of - ActiveState. - Matching queue IDs with -qI should be case sensitive. Problem - noted by Anne Bennett of Concordia University. - If privileges have been dropped, don't try to change group ID to - the RunAsUser group. Problem noted by Neil Rickert of - Northern Illinois University. - Fix SafeFileEnvironment path munging when the specified path - contains a trailing slash. Based on patch from Dirk Meyer - of Dinoex. - Do not limit sendmail command line length to SM_ARG_MAX (usually - 4096). Problem noted by Allan E Johannesen of Worcester - Polytechnic Institute. - Clear full name of sender for each new envelope to avoid bogus data - if several mails are sent in one session and some of them - do not have a From: header. Problem noted by Bas Haakman. - Change timeout check such that cached information about a connection - will be immediately invalid if ConnectionCacheTimeout is zero. - Based on patch from David Burns of Portland State University. - Properly count message size for mailstats during mail collection. - Problem noted by Werner Wiethege. - Log complete response from LMTP delivery agent on failure. Based on - patch from by Motonori Nakamura of Kyoto University. - Provide workaround for getopt() implementations that do not catch - missing arguments. - Fix the message size calculation if the message body is replaced by - a milter filter and buffered file I/O is being used. - Problem noted by Sergey Akhapkin of Dr.Web. - Do not honor SIGUSR1 requests if running with extra privileges. - Problem noted by Werner Wiethege. - Prevent a file descriptor leak on mail delivery if the initial - connect fails and DialDelay is set. Patch from Servaas - Vandenberghe of Katholieke Universiteit Leuven. - Properly deal with a case where sendmail is called by root running - a set-user-ID (non-root) program. Problem noted by Jon - Lusky of ISS Atlanta. - Avoid leaving behind stray transcript (xf) files if multiple queue - directories are used and mail is sent to a mailing list - which has an owner- alias. Problem noted by Anne Bennett - of Concordia University. - Fix class map parsing code if optional key is specified. Problem - found by Mario Nigrovic. - The SMTP daemon no longer tries to fix up improperly dot-stuffed - incoming messages. A leading dot is always stripped by the - SMTP receiver regardless of whether or not it is followed by - another dot. Problem noted by Jordan Ritter of darkridge.com. - Fix corruption when doing automatic MIME 7-bit quoted-printable or - base64 encoding to 8-bit text. Problem noted by Mark - Elvers. - Correct the statistics gathered for total number of connections. - Instead of being the exact same number as the total number - of messages (T line in mailstats) it now represents the - total number of TCP connections. - Be more explicit about syntax errors in addresses, especially - non-ASCII characters, and properly create DSNs if necessary. - Problem noted by Leena Heino of the University of Tampere. - Prevent small timeouts from being lost on slow machines if itimers - are used. Problem noted by Suresh Ramasubramanian. - Prevent a race condition on child cleanup for delivery to files. - Problem noted by Fletcher Mattox of the University of - Texas. - Change the SMTP error code for temporary map failures from 421 - to 451. - Do not assume that realloc(NULL, size) works on all OS (this was - only done in one place: queue group creation). Based on - patch by Bryan Costales. - Initialize Timeout.iconnect in the code to prevent randomly short - timeouts. Problem noted by Bradley Watts of AT&T Canada. - Do not try to send a second SMTP QUIT command if the remote - responds to a MAIL command with a 421 reply or on I/O - errors. By doing so, the host was marked as having a - temporary problem and other mail destined for that host was - queued for the next queue run. Problem noted by Fletcher - Mattox of the University of Texas, Allan E Johannesen of - Worcester Polytechnic Institute, Larry Greenfield of CMU, - and Neil Rickert of Northern Illinois University. - Ignore error replies from the SMTP QUIT command (including servers - which drop the connection instead of responding to the - command). - Portability: - Check LDAP_API_VERSION to determine if ldap_memfree() is - available. - Define HPUX10 when building on HP-UX 10.X. That platform - now gets the proper _PATH_SENDMAIL and SMRSH_CMDDIR - settings. Patch from Elias Halldor Agustsson of - Skyrr. - Fix dependency building on Mac OS X and Darwin. Problem - noted by John Beck. - Preliminary support for the sparc64 port of FreeBSD 5.0. - Add /sbin/sh as an acceptable user shell on HP-UX. From - Rajesh Somasund of Hewlett-Packard. - CONFIG: Add FEATURE(`authinfo') to allow a separate database for - SMTP AUTH information. This feature was actually added in - 8.12.0 but a release note was not included. - CONFIG: Do not bounce mail if FEATURE(`ldap_routing')'s bounce - parameter is set and the LDAP lookup returns a temporary - error. - CONFIG: Honor FEATURE(`relay_hosts_only') when using - FEATURE(`relay_mail_from', `domain'). Problem noted by - Krzysztof Oledzki. - CONFIG: FEATURE(`msp') now disables any type of alias - initialization as aliases are not needed for the MSP. - CONFIG: Allow users to override RELAY_MAILER_ARGS when FEATURE(`msp') - is in use. Patch from Andrzej Filip. - CONFIG: FEATURE(`msp') uses `[localhost]' as default instead of - `localhost' and turns on MX lookups for the SMTP mailers. - This will only have an effect if a parameter is specified, - i.e., an MX lookup will be performed on the hostname unless - it is embedded in square brackets. Problem noted by - Theo Van Dinter of Collective Technologies. - CONFIG: Set confTIME_ZONE to USE_TZ in submit.mc (TimeZoneSpec= in - submit.cf) to use $TZ for time stamps. This is a compromise - to allow for the proper time zone on systems where the - default results in misleading time stamps. That is, syslog - time stamps and Date headers on submitted mail will use the - user's $TZ setting. Problem noted by Mark Roth of the - University of Illinois at Urbana-Champaign, solution proposed - by Neil Rickert of Northern Illinois University. - CONFIG: Mac OS X (Darwin) ships with mail.local as non-set-user-ID - binary. Adjust local mailer flags accordingly. Problem - noted by John Beck. - CONTRIB: Add a warning to qtool.pl to not move queue files around - if queue groups are used. - CONTRIB: buildvirtuser: Add -f option to force rebuild. - CONTRIB: smcontrol.pl: Add -f option to specify control socket. - CONTRIB: smcontrol.pl: Add support for 'memdump' command. - Suggested by Bryan Costales. - DEVTOOLS: Add dependency generation for test programs. - LIBMILTER: Remove conversion of port number for the socket - structure that is passed to xxfi_connect(). Notice: - this fix requires that sendmail and libmilter both have - this change; mixing versions may lead to wrong port - values depending on the endianness of the involved systems. - Problem noted by Gisle Aas of ActiveState. - LIBMILTER: If smfi_setreply() sets a custom reply code of '4XX' but - SMFI_REJECT is returned, ignore the custom reply. Do the - same if '5XX' is used and SMFI_TEMPFAIL is returned. - LIBMILTER: Install include files in ${INCLUDEDIR}/libmilter/ as - required by mfapi.h. Problem noted by Jose Marcio Martins - da Cruz of Ecole Nationale Superieure des Mines de Paris. - LIBSM: Add SM_CONF_LDAP_MEMFREE as a configuration define. Set - this to 1 if your LDAP client libraries include - ldap_memfree(). - LIBSMDB: Avoid a file creation race condition for Berkeley DB 1.X - and NDBM on systems with the O_EXLOCK open(2) flag. - SMRSH: Fix compilation problem on some operating systems. Problem - noted by Christian Krackowizer of schuler technodat GmbH. - VACATION: Allow root to operate on user vacation databases. Based - on patch from Greg Couch of the University of California, - San Francisco. - VACATION: Don't ignore -C option. Based on patch by Bryan Costales. - VACATION: Clarify option usage in the man page. Problem noted by - Joe Barbish. - New Files: - libmilter/docs/smfi_setbacklog.html - -8.12.2/8.12.2 2002/01/13 - Don't complain too much if stdin, stdout, or stderr are missing - at startup, only log an error message. - Fix potential problem if an unknown operation mode (character - following -b) has been specified. - Prevent purgestat from looping even if someone changes the - permissions or owner of hoststatus files. Problem noted - by Kari Hurtta of the Finnish Meteorological Institute. - Properly record dropped connections in persistent host status. - Problem noted by Ulrich Windl of the Universitat - Regensburg. - Remove newlines from recipients read via sendmail -t to prevent - SMTP protocol errors when sending the RCPT command. - Problem noted by William D. Colburn of the New Mexico - Institute of Mining and Technology. - Only log milter body replacements once instead of for each body - chunk sent by a filter. Problem noted by Kari Hurtta of - the Finnish Meteorological Institute. - In 8.12.0 and 8.12.1, the headers were mistakenly not included in - the message size calculation. Problem noted by Kari Hurtta - of the Finnish Meteorological Institute. - Since 8.12 no longer forks at the SMTP MAIL command, the daemon - needs to collect children status to avoid zombie processes. - Problem noted by Chris Adams of HiWAAY Informations Services. - Shut down "nullserver" and ETRN-only connections after 25 bad - commands are issued. This makes it consistent with normal - SMTP connections. - Avoid duplicate logging of milter rejections. Problem noted by - William D. Colburn of the New Mexico Institute of Mining - and Technology. - Error and delay DSNs were being sent to postmaster instead of the - message sender if the sender had used a deprecated RFC822 - source route. Problem noted by Kari Hurtta of the Finnish - Meteorological Institute. - Fix FallbackMXhost behavior for temporary errors during address - parsing. Problem noted by Jorg Bielak from Coastal Web - Online. - For systems on which stat(2) does not return a value for st_blksize - that is the "optimal blocksize for I/O" three new compile - time flags are available: SM_IO_MAX_BUF_FILE, SM_IO_MIN_BUF, - and SM_IO_MAX_BUF, which define an upper limit for - regular files, and a lower and upper limit for other file - types, respectively. - Fix a potential deadlock if two events are supposed to occur at - exactly the same time. Problem noted by Valdis Kletnieks - of Virginia Tech. - Perform envelope splitting for aliases listed directly in the - alias file, not just for include/.forward files. - Problem noted by John Beck of Sun Microsystems. - Allow selection of queue group for mailq using -qGgroup. - Based on patch by John Beck of Sun Microsystems. - Make sure cached LDAP connections used my multiple maps in the same - process are closed. Patch from Taso N. Devetzis. - If running as root, allow reading of class files in protected - directories. Patch from Alexander Talos of the University - of Vienna. - Correct a few LDAP related memory leaks. Patch from David Powell - of Sun Microsystems. - Allow specification of an empty realm via the authinfo ruleset. - This is necessary to interoperate as an SMTP AUTH client - with servers that do not support realms when using - CRAM-MD5. Problem noted by Bjoern Voigt of TU Berlin. - Avoid a potential information leak if AUTH PLAIN is used and the - server gets stuck while processing that command. Problem - noted by Chris Adams from HiWAAY Informations Services. - In addition to printing errors when parsing recipients during - command line invocations log them to make it simpler - to understand possible DSNs to postmaster. - Do not use FallbackMXhost on mailers which have the F=0 flag set. - Allow local mailers (F=l) to specify a host for TCP connections - instead of forcing localhost. - Obey ${DESTDIR} for installation of the client mail queue and - submit.cf. Patch from Peter 'Luna' Runestig. - Re-enable support for -M option which was broken in 8.12.1. Problem - noted by Neil Rickert of Northern Illinois University. - If a remote server violates the SMTP standard by unexpectedly - dropping the connection during an SMTP transaction, stop - sending commands. This prevents bogus "Bad file number" - recipient status. Problem noted by Allan E Johannesen of - Worcester Polytechnic Institute. - Do not use a size estimate of 100 for postmaster bounces, it's - almost always too small; do not guess the size at all. - New VENDOR_DEC for Compaq/DEC. Requested by James Seagraves of - Compaq Computer Corp. - Fix DaemonPortOptions IPv6 address parsing such that ::1 works - properly. Problem noted by Valdis Kletnieks of Virginia - Tech. - Portability: - Fix IPv6 network interface probing on HP-UX 11.X. Based on - patch provided by HP. - Mac OS X (aka Darwin) has a broken setreuid() call, but a - working seteuid() call. From Daniel J. Luke. - Use proper type for a 32-bit integer on SINIX. From Ganu - Sachin of Siemens. - Set SM_IO_MIN_BUF (4K) and SM_IO_MAX_BUF (8K) for HP-UX. - Reduce optimization from +O3 to +O2 on HP-UX 11. This - fixes a problem that caused additional bogus - characters to be written to the qf file. Problem - noted by Tapani Tarvainen. - Set LDA_USE_LOCKF by default for UnixWare. Problem noted - by Boyd Lynn Gerber. - Add support for HP MPE/iX. See sendmail/README for port - information. From Mark Bixby of Hewlett-Packard. - New portability defines HASNICE, HASRRESVPORT, USE_ENVIRON, - USE_DOUBLE_FORK, and NEEDLINK. See sendmail/README - for more information. From Mark Bixby of - Hewlett-Packard. - If an OS doesn't have a method of finding free disk space - (SFS_NONE), lie and say there is plenty of space. - From Mark Bixby of Hewlett-Packard. - Add support for AIX 5.1. From Valdis Kletnieks of - Virginia Tech. - Fix man page location for NeXTSTEP. From Hisanori Gogota - of the NTT/InterCommunication Center. - Do not assume that strerror() always returns a string. - Problem noted by John Beck of Sun Microsystems. - CONFIG: Add OSTYPE(freebsd5) for FreeBSD 5.X, which has removed - UUCP from the base operating system. From Mark Murray of - FreeBSD Services, Ltd. - CONFIG: Add OSTYPE(mpeix) and a generic .mc file for HP MPE/iX - systems. From Mark Bixby of Hewlett-Packard. - CONFIG: Add support for selecting a queue group for all mailers. - Based on proposal by Stephen L. Ulmer of the University of - Florida. - CONFIG: Fix error reporting for compat_check.m4. Problem noted by - Altin Waldmann. - CONFIG: Do not override user selections for confRUN_AS_USER and - confTRUSTED_USER in FEATURE(msp). From Mark Bixby of - Hewlett-Packard. - LIBMILTER: Fix bug that prevented the removal of a socket after - libmilter terminated. Problem reported by Andrey V. Pevnev - of MSFU. - LIBMILTER: Fix configuration error that required libsm for linking. - Problem noted by Kari Hurtta of the Finnish Meteorological - Institute. - LIBMILTER: Portability fix for OpenUNIX. Patch from Larry Rosenman. - LIBMILTER: Fix a theoretical memory leak and a possible attempt - to free memory twice. - LIBSM: Fix a potential segmentation violation in the I/O library. - Problem found and analyzed by John Beck and Tim Haley - of Sun Microsystems. - LIBSM: Do not clear the LDAP configuration information when - terminating the mailbox database connection in the LDAP - example code. Problem noted by Nikos Voutsinas of the - University of Athens. - New Files: - cf/cf/generic-mpeix.cf - cf/cf/generic-mpeix.mc - cf/ostype/freebsd5.m4 - cf/ostype/mpeix.m4 - devtools/OS/AIX.5.1 - devtools/OS/MPE-iX - include/sm/os/sm_os_mpeix.h - libsm/mpeix.c - -8.12.1/8.12.1 2001/10/01 - SECURITY: Check whether dropping group privileges actually succeeded - to avoid possible compromises of the mail system by - supplying bogus data. Add configuration options for - different set*gid() calls to reset saved gid. Problem - found by Michal Zalewski. - PRIVACY: Prevent information leakage when sendmail has extra - privileges by disabling debugging (command line -d flag) - during queue runs and disabling ETRN when sendmail -bs is - used. Suggested by Michal Zalewski. - Avoid memory corruption problems resulting from bogus .cf files. - Problem found by Michal Zalewski. - Set the ${server_addr} macro to name of mailer when doing LMTP - delivery. LMTP systems may offer SMTP Authentication or - STARTTLS causing sendmail to use this macro in rulesets. - If debugging is turned on (-d0.10) print not just the default - values for configuration file and pid file but also the - selected values. Problem noted by Brad Chapman. - Continue dealing with broken nameservers by ignoring SERVFAIL - errors returned on T_AAAA (IPv6) lookups at delivery time - if ResolverOptions=WorkAroundBrokenAAAA is set. Previously - this only applied to hostname canonification. Problem - noted by Bill Fenner of AT&T Research. - Ignore comments in NIS host records when trying to find the - canonical name for a host. - When sendmail has extra privileges, limit mail submission command - line flags (i.e., -G, -h, -F, etc.) to mail submission - operating modes (i.e., -bm, -bs, -bv, etc.). Idea based on - suggestion from Michal Zalewski. - Portability: - AIX: Use `oslevel` if available to determine OS version. - `uname` does not given complete information. - Problem noted by Keith Neufeld of the Cessna - Aircraft Company. - OpenUNIX: Use lockf() for LDA delivery (affects mail.local). - Problem noticed by Boyd Lynn Gerber of ZENEX. - Avoid compiler warnings by not using pointers to pass - integers. Problem noted by Todd C. Miller of - Courtesan Consulting. - CONFIG: Add restrictqrun to PrivacyOptions for the MSP to minimize - problems with potential misconfigurations. - CONFIG: Fix comment showing default value of MaxHopCount. Problem - noted by Greg Robinson of the Defence Science and - Technology Organisation of Australia. - CONFIG: dnsbl: If an argument specifies an error message in case - of temporary lookup failures for DNS based blacklists - then use it. - LIBMILTER: Install mfdef.h, required by mfapi.h. Problem noted by - Richard A. Nelson of Debian. - LIBMILTER: Add __P definition for OS that lack it. Problem noted - by Chris Adams from HiWAAY Informations Services. - LIBSMDB: Fix a lock race condition that affects makemap, praliases, - and vacation. - MAKEMAP: Avoid going beyond the end of an input line if it does - not contain a value for a key. Based on patch from - Mark Bixby from Hewlett-Packard. - New Files: - test/Build - test/Makefile - test/Makefile.m4 - test/README - test/t_dropgid.c - test/t_setgid.c - Deleted Files: - include/sm/stdio.h - include/sm/sysstat.h - -8.12.0/8.12.0 2001/09/08 - *NOTICE*: The default installation of sendmail does not use - set-user-ID root anymore. You need to create a new user and - a new group before installing sendmail (both called smmsp by - default). The installation process tries to install - /etc/mail/submit.cf and creates /var/spool/clientmqueue by - default. Please see sendmail/SECURITY for details. - SECURITY: Check for group and world writable forward and :include: - files. These checks can be turned off if absolutely - necessary using the DontBlameSendmail option and the new - flags: - GroupWritableForwardFile - WorldWritableForwardFile - GroupWritableIncludeFile - WorldWritableIncludeFile - Problem noted by Slawek Zak of Politechnika Warszawska, - SECURITY: Drop privileges when using address test mode. Suggested - by Michal Zalewski of the "Internet for Schools" project - (IdS). - Fixed problem of a global variable being used for a timeout jump - point where the variable could become overused for more than - one timeout concurrently. This erroneous behavior resulted in - a corrupted stack causing a core dump. The timeout is now - handled via libsm. Problem noted by Michael Shapiro, - John Beck, and Carl Smith of Sun Microsystems. - If sendmail is set-group-ID then that group ID is used for permission - checks (group ID of RunAsUser). This allows use of a - set-group-ID sendmail binary for initial message submission - and no set-user-ID root sendmail is needed. For details - see sendmail/SECURITY. - Log a warning if a non-trusted user changes the syslog label. - Based on notice from Bryan Costales of SL3D, Inc. - If sendmail is called for initial delivery, try to use submit.cf - with a fallback of sendmail.cf as configuration file. See - sendmail/SECURITY. - New configuration file option UseMSP to allow group writable queue - files if the group is the same as that of a set-group-ID - sendmail binary. See sendmail/SECURITY. - The .cf file is chosen based on the operation mode. For -bm (default), - -bs, and -t it is submit.cf if it exists for all others it - is sendmail.cf (to be backward compatible). This selection - can be changed by the new option -Ac or -Am (alternative .cf - file: client or mta). See sendmail/SECURITY. - The SMTP server no longer forks on each MAIL command. The ONEX - command has been removed. - Implement SMTP PIPELINING per RFC 2920. It can be turned off - at compile time or per host (ruleset). - New option MailboxDatabase specifies the type of mailbox database - used to look up local mail recipients; the default value - is "pw", which means to use getpwnam(). New mailbox database - types can be added by adding custom code to libsm/mbdb.c. - Queue file names are now 15 characters long, rather than 14 characters - long, to accomodate envelope splitting. File systems with - a 14 character file name length limit are no longer - supported. - Recipient list used for delivery now gets internally ordered by - hostsignature (character string version of MX RR). This orders - recipients for the same MX RR's together meaning smaller - portions of the list need to be scanned (instead of the whole - list) each delivery() pass to determine piggybacking. The - significance of the change is better the larger the recipient - list. Hostsignature is now created during recipient list - creation rather than just before delivery. - Enhancements for more opportunistic piggybacking. Previous - piggybacking (called coincidental) extended to coattail - piggybacking. Rather than complete MX RR matching - (coincidental) piggybacking is done if just the lowest value - preference matches (coattail). - If sendmail receives a temporary error on a RCPT TO: command, it will - try other MX hosts if available. - DefaultAuthInfo can contain a list of mechanisms to be used for - outgoing (client-side) SMTP Authentication. - New modifier 'A' for DaemonPortOptions/ClientPortOptions to disable - AUTH (overrides 'a' modifier in DaemonPortOptions). Based - on patch from Lyndon Nerenberg of Messaging Direct. - Enable AUTH mechanism EXTERNAL if STARTTLS is used. - A new ruleset authinfo can be used to return client side - authentication information for AUTH instead of DefaultAuthInfo. - Therefore the DefaultAuthInfo option is deprecated and will be - removed in future versions. - Accept any SMTP continuation code 3xy for AUTH even though RFC 2554 - requires 334. Mercury 1.48 is a known offender. - Add new option AuthMaxBits to limit the overall encryption strength - for the security layer in SMTP AUTH (SASL). See - doc/op/op.me for details. - Introduce new STARTTLS related macros {cn_issuer}, {cn_subject}, - {cert_md5} which hold the CN (common name) of the CA that - signed the presented certificate, the CN and the MD5 hash - of the presented certificate, respectively. - New ruleset try_tls to decide whether to try (as client) STARTTLS. - New ruleset srv_features to enable/disable certain features in the - server per connection. See doc/op/op.me for details. - New ruleset tls_rcpt to decide whether to send e-mail to a particular - recipient; useful to decide whether a conection is secure - enough on a per recipient basis. - New option TLSSrvOptions to modify some aspects of the server - for STARTTLS. - If no certificate has been requested, the macro {verify} has the - value "NOT". - New M=S modifier for ClientPortOptions/DaemonPortOptions to turn off - using/offering STARTTLS when delivering/receiving e-mail. - Macro expand filenames/directories for certs and keys in the .cf file. - Proposed by Neil Rickert of Northern Illinois University. - Generate an ephemeral RSA key for a STARTTLS connection only if - really required. This change results in a noticable - performance gains on most machines. Moreover, if shared - memory is in use, reuse the key several times. - Add queue groups which can be used to group queue directories with - the same behavior together. See doc/op/op.me for details. - If the new option FastSplit (defaults to one) has a value greater - than zero, it suppresses the MX lookups on addresses when they - are initially sorted which may result in faster envelope - splitting. If the mail is submitted directly from the - command line, then the value also limits the number of - processes to deliver the envelopes; if more envelopes are - created they are only queued up and must be taken care of - by a queue run. - The check for 'enough disk space' now pays attention to which file - system each queue directory resides in. - All queue runners can be cleanly terminated via SIGTERM to parent. - New option QueueFileMode for the default permissions of queue files. - Add parallel queue runner code. Allows multiple queue runners per work - group (one or more queues in a multi-queue environment - collected together) to process the same work list at the - same time. - Option MaxQueueChildren added to limit the number of concurrently - active queue runner processes. - New option MaxRunnersPerQueue to specify the maximum number of queue - runners per queue group. - Queue member selection by substring pattern matching now allows - the pattern to be negated. For -qI, -qR and -qS it is - permissible for -q!I, -q!R and -q!S to mean remove members - of the queue that match during processing. - New -qp[time] option is similar to -qtime, except that instead of - periodically forking a child to process the queue, a single - child is forked for each queue that sleeps between queue - runs. A SIGHUP signal can be sent to restart this - persistent queue runner. - The SIGHUP signal now restarts a timed queue run process (i.e., a - sendmail process which only runs the queue at an interval: - sendmail -q15m). - New option NiceQueueRun to set the priority of queue runners. - Proposed by Thom O'Connor. - sendmail will run the queue(s) in the background when invoked with -q - unless the new -qf option or -v is used. - QueueSortOrder=Random sorts the queue randomly, which is useful if - several queue runners are started by hand to avoid contention. - QueueSortOrder=Modification sorts the queue by the modification time - of the qf file (older entries first). - Support Deliver By SMTP Service Extension (RFC 2852) which allows - a client to specify an amount of time within which an e-mail - should be delivered. New option DeliverByMin added to set the - minimum amount of time or disable the extension. - Non-printable characters (ASCII: 0-31, 127) in mailbox addresses are - not allowed unless escaped or quoted. - Add support for a generic DNS map. Based on a patch contributed - by Leif Johansson of Stockholm University, which was based on - work by Assar Westerlund of Swedish Institute of Computer - Science, Kista, and Johan Danielsson of Royal Institute of - Technology, Stockholm, Sweden. - MX records will be looked up for FallBackMXhost. To use the old - behavior (no MX lookups), put the name in square brackets. - Proposed by Thom O'Connor. - Use shared memory to store free space of filesystems that are used - for queues, if shared memory is available and if a key is set - via SharedMemoryKey. This minimizes the number of system - calls to check the available space. See doc/op/op.me for - details. - If shared memory is compiled in the option -bP can be used to print - the number of entries in the queue(s). - Enable generic mail filter API (milter). See libmilter/README - and the usual documentation for details. - Remove AutoRebuildAliases option, deprecated since 8.10. - Remove '-U' (initial user submission) command line option as - announced in 8.10. - Remove support for non-standard SMTP command XUSR. Use an MSA instead. - New macro {addr_type} which contains whether the current address is - an envelope sender or recipient address. Suggested by - Neil Rickert of Northern Illinois University. - Two new options for host maps: -d (retransmission timeout), - -r (number of retries). - New option for LDAP maps: the -V<sep> allows you to specify a - separator such that a lookup can return both an attribute - and value separated by the given separator. - Add new operators '%', '|', '&' (modulo, binary or, binary and) - to map class arith. - If DoubleBounceAddress expands to an empty string, ``double bounces'' - (errors that occur when sending an error message) are dropped. - New DontBlameSendmail options GroupReadableSASLDBFile and - GroupWritableSASLDBFile to relax requirements for sasldb files. - New DontBlameSendmail options GroupReadableKeyFile to relax - requirements for files containing secret keys. This is - necessary for the MSP if client authentification is used. - Properly handle quoted filenames for class files (to allow for - filenames with spaces). - Honor the resolver option RES_NOALIASES when canonifying hostnames. - Add macros to avoid the reuse of {if_addr} etc: - {if_name_out} hostname of interface of outgoing connection. - {if_addr_out} address of interface of outgoing connection. - {if_family_out} family of interface of outgoing connection. - The latter two are only set if the interface does not belong - to the loopback net. - Add macro {nrcpts} which holds the number of (validated) recipients. - DialDelay option applies only to mailers with flag 'Z'. Patch from - Juergen Georgi of RUS University of Stuttgart. - New Timeout.lhlo,auth,starttls options to limit the time waiting for - an answer to the LMTP LHLO, SMTP AUTH or STARTTLS command. - New Timeout.aconnect option to limit the overall waiting time for - all connections for a single delivery attempt to succeed. - Limit the rate recipients in the SMTP envelope are accepted once - a threshold number of recipients has been rejected (option - BadRcptThrottle). From Gregory A Lundberg of the WU-FTPD - Development Group. - New option DelayLA to delay connections if the load averages - exceeds the specified value. The default of 0 does not - change the previous behavior. A value greater than 0 - will cause sendmail to sleep for one second on most - SMTP commands and before accepting connections if that - load average is exceeded. - Use a dynamic (instead of fixed-size) buffer for the list of - recipients that are sent during a connection to a mailer. - This also introduces a new mailer field 'r' which defines - the maximum number of recipients (defaults to 100). - Based on patch by Motonori Nakamura of Kyoto University. - Add new F=1 mailer flag to disable sending of null characters ('\0'). - Add new F=2 mailer flag to disable use of ESMTP, using SMTP instead. - The deprecated [TCP] builtin mailer pathname (P=) is gone. Use [IPC] - instead. - IPC is no longer available as first mailer argument (A=) for [IPC] - builtin mailer pathnames. Use TCP instead. - PH map code updated to use the new libphclient API instead of the - old libqiapi library. Contributed by Mark Roth of the - University of Illinois at Urbana-Champaign. - New option DirectSubmissionModifiers to define {daemon_flags} - for direct (command line) submissions. - New M=O modifier for DaemonPortOptions to ignore the socket in - case of failures. Based on patch by Jun-ichiro itojun - Hagino of the KAME Project. - Add Disposition-Notification-To: (RFC 2298) to the list of headers - whose content is rewritten similar to Reply-To:. - Proposed by Andrzej Filip. - Use STARTTLS/AUTH=server/client for logging incoming/outgoing - STARTTLS/AUTH connections; log incoming connections at level - 9 or higher. Use AUTH/STARTTLS instead of SASL/TLS for SMTP - AUTH/STARTTLS related logfile entries. - Convert unprintable characters (and backslash) into octal or C format - before logging. - Log recipients if no message is transferred but QUIT/RSET is given - (at LogLevel 9/10 or higher). - Log discarded recipients at LogLevel 10 or higher. - Do not log "did not issue MAIL/EXPN/VRFY/ETRN" for connections - in which most commands are rejected due to check_relay or - TCP Wrappers if the host tries one of those commands anyway. - Change logging format for cloned envelopes to be similar to that for - DSNs ("old id: new id: clone"). Suggested by Ulrich Windl - of the Universitat Regensburg. - Added libsm, a C library of general purpose abstractions including - assertions, tracing and debugging with named debug categories, - exception handling, malloc debugging, resource pools, - portability abstractions, and an extensible buffered I/O - package. It will at some point replace libsmutil. - See libsm/index.html for details. - Fixed most memory leaks in sendmail which were previously taken - care of by fork() and exit(). - Use new sm_io*() functions in place of stdio calls. Allows for - more consistent portablity amongst different platforms - new and old (from new libsm). - Common I/O pkg means just one buffering method needed instead of two - ('bf_portable' and 'bf_torek' now just 'bf'). - Sfio no longer needed as SASL/TLS code uses sm_io*() API's. - New possible value 'interactive' for SuperSafe which can be used - together with DeliveryMode=interactive is to avoid some disk - synchronizations calls. - Add per-recipient status information to mailq -v output. - T_ANY queries are no longer used by sendmail. - When compiling with "gcc -O -Wall" specify "-DSM_OMIT_BOGUS_WARNINGS" - too (see include/sm/cdefs.h for more info). - sendmail -d now has general support for named debug categories. - See libsm/debug.html and section 3.4 of doc/op/op.me - for details. - Eliminate the "postmaster warning" DSNs on address parsing errors - such as unbalanced angle brackets or parentheses. The DSNs - generated by this condition were illegal (not RFC conform). - Problem noted by Ulrich Windl of the Universitaet Regensburg. - Do not issue a DSN if the ruleset localaddr resolves to the $#error - mailer and the recipient has hence been rejected during the - SMTP dialogue. Problem reported by Larry Greenfield of CMU. - Deal with a case of multiple deliveries on misconfigured systems - that do not have postmaster defined. If an email was sent - from an address to which a DSN cannot be returned and - in which at least one recipient address is non-deliverable, - then that email had been delivered in each queue run. - Problem reported by Matteo HCE Valsasna of Universita - degli Studi dell'Insubria. - The compilation options SMTP, DAEMON, and QUEUE have been removed, - i.e., the corresponding code is always compiled in now. - Log the command line in daemon/queue-run mode at LogLevel 10 and - higher. Suggested by Robert Harker of Harker Systems. - New ResolverOptions setting: WorkAroundBrokenAAAA. When - attempting to canonify a hostname, some broken nameservers - will return SERVFAIL (a temporary failure) on T_AAAA (IPv6) - lookups. If you want to excuse this behavior, use this new - flag. Suggested by Chris Foote of SE Network Access and - Mark Roth of the University of Illinois at - Urbana-Champaign. - Free the memory allocated by getipnodeby{addr,name}(). Problem - noted by Joy Latten of IBM. - ConnectionRateThrottle limits the number of connections per second - to each daemon individually, not the overall number of - connections. - Specifying only "ldap:" as an AliasFile specification will force - sendmail to use a default alias schema as outlined in the - ``USING LDAP FOR ALIASES, MAPS, and CLASSES'' section of - cf/README. - Add a new syntax for the 'F' (file class) sendmail.cf command. If - the first character after the class name is not a '/' or a - '|' and it contains an '@' (e.g., F{X}key@class:spec), the - rest of the line will be parsed as a map lookup. This - allows classes to be filled via a map lookup. See op.me - for more syntax information. Specifically, this can be - used for commands such as VIRTUSER_DOMAIN_FILE() to read - the list of domains via LDAP (see the ``USING LDAP FOR - ALIASES, MAPS, and CLASSES'' section of cf/README for an - example). - The new macro ${sendmailMTACluster} determines the LDAP cluster for - the default schema used in the above two items. - Unless DontBlameSendmail=RunProgramInUnsafeDirPath is set, log a - warning if a program being run from a mailer or file class - (e.g., F|/path/to/prog) is in an unsafe directory path. - Unless DontBlameSendmail=RunWritableProgram is set, log a warning - if a program being run from a mailer or file class - (e.g., F|/path/to/prog) is group or world writable. - Loopback interfaces (e.g., "lo0") are now probed for class {w} - hostnames. Setting DontProbeInterfaces to "loopback" - (without quotes) will disable this and return to the - pre-8.12 behavior of only probing non-loopback interfaces. - Suggested by Bryan Stansell of GNAC. - In accordance with RFC 2821 section 4.1.4, accept multiple - HELO/EHLO commands. - Multiple ClientPortOptions settings are now allowed, one for each - possible protocol family which may be used for outgoing - connections. Restrictions placed on one family only affect - outgoing connections on that particular family. Because of - this change, the ${client_flags} macro is not set until the - connection is established. Based on patch from Motonori - Nakamura of Kyoto University. - PrivacyOptions=restrictexpand instructs sendmail to drop privileges - when the -bv option is given by users who are neither root - nor the TrustedUser so users can not read private aliases, - forwards, or :include: files. It also will override the -v - (verbose) command line option. - If the M=b modifier is set in DaemonPortOptions and the interface - address can't be used for the outgoing connection, fall - back to the settings in ClientPortOptions (if set). - Problem noted by John Beck of Sun Microsystems. - New named config file rule check_data for DATA command (input: - number of recipients). Based on patch from Mark Roth of - the University of Illinois at Urbana-Champaign. - Add support for ETRN queue selection per RFC 1985. The queue group - can be specified using the '#' option character. For - example, 'ETRN #queuegroup'. - If an LDAP server times out or becomes unavailable, close the - current connection and reopen to get to one of the fallback - servers. Patch from Paul Hilchey of the University of - British Columbia. - Make default error number on $#error messages 550 instead of 501 - because 501 is not allowed on all commands. - The .cf file option UnsafeGroupWrites is deprecated, it should be - replaced with the settings GroupWritableForwardFileSafe - and GroupWritableIncludeFileSafe in DontBlameSendmail - if required. - The deprecated ldapx map class has been removed. Use the ldap map - class instead. - Any IPv6 addresses used in configuration should be prefixed by the - "IPv6:" tag to identify the address properly. For example, - if you want to add the IPv6 address [2002:c0a8:51d2::23f4] to - class {w}, you would need to add [IPv6:2002:c0a8:51d2::23f4]. - Change the $&{opMode} macro if the operation mode changes while the - MTA is running. For example, during a queue run. - Add "use_inet6" as a new ResolverOptions flag to control the - RES_USE_INET6 resolver option. Based on patch from Rick - Nelson of IBM. - The maximum number of commands before the MTA slows down when too - many "light weight" commands have been received are now - configurable during compile time. The current values and - their defaults are: - MAXBADCOMMANDS 25 unknown commands - MAXNOOPCOMMANDS 20 NOOP, VERB, ONEX, XUSR - MAXHELOCOMMANDS 3 HELO, EHLO - MAXVRFYCOMMANDS 6 VRFY, EXPN - MAXETRNCOMMANDS 8 ETRN - Setting a value to 0 disables the check. Patch from Bryan - Costales of SL3D, Inc. - The header syntax H?${MyMacro}?X-My-Header: now not only checks if - ${MyMacro} is defined but also that it is not empty. - Properly quote usernames with special characters if they are used - in headers. Problem noted by Kari Hurtta of the Finnish - Meteorological Institute. - Be sure to include the proper Final-Recipient: DSN header in bounce - messages for messages for mailing list expanded addresses - which are not delivered on the initial attempt. - Do not treat errors as sticky when doing delivery via LMTP after - the final dot has been sent to avoid affecting future - deliveries. Problem reported by Larry Greenfield of CMU. - New compile time flag REQUIRES_DIR_FSYNC which turns on support for - file systems that require to call fsync() for a directory - if the meta-data in it has been changed. This should be - set at least for ReiserFS; it is enabled by default for Linux. - See sendmail/README for further information. - Avoid file locking deadlock when updating the statistics file if - sendmail is signaled to terminate. Problem noted by - Christophe Wolfhugel of France Telecom. - Set the $c macro (hop count) as it is being set instead of when the - envelope is initialized. Problem noted by Kari Hurtta of - the Finnish Meteorological Institute. - Properly count recipients for DeliveryMode defer and queue. Fix - from Peter A. Friend of EarthLink. - Treat invalid hesiod lookups as permanent errors instead of - temporary errors. Problem noted by Russell McOrmond of - flora.ca. - Portability: - Remove support for AIX 2, which supports only 14 character - filenames and is outdated anyway. Suggested by - Valdis Kletnieks of Virginia Tech. - Change several settings for Irix 6: remove confSBINDIR, - i.e., use default /usr/sbin, change owner/group - of man pages and user-executable to root/sys, set - optimization limit to 0 (unlimited). Based on patch - from Ayamura Kikuchi, M.D, and proposal from Kari - Hurtta of the Finnish Meteorological Institute. - Do not assume LDAP support is installed by default under - Solaris 8 and later. - Add support for OpenUNIX. - CONFIG: Increment version number of config file to 10. - CONFIG: Add an install target and a README file in cf/cf. - CONFIG: Don't accept addresses of the form a@b@, a@b@c, a@[b]c, etc. - CONFIG: Reject empty recipient addresses (in check_rcpt). - CONFIG: The access map uses an option of -T<TMPF> to deal with - temporary lookup failures. - CONFIG: New value for access map: SKIP, which causes the default - action to be taken by aborting the search for domain names - or IP nets. - CONFIG: check_rcpt can deal with TEMPFAIL for either recipient or - relay address as long as the other part allows the email - to get through. - CONFIG: Entries for virtusertable can make use of a third parameter - "%3" which contains "+detail" of a wildcard match, i.e., an - entry like user+*@domain. This allows handling of details by - using %1%3 as the RHS. Additionally, a "+" wildcard has been - introduced to match only non-empty details of addresses. - CONFIG: Numbers for rulesets used by MAILERs have been removed - and hence there is no required order within the MAILER - section anymore except for MAILER(`uucp') which must come - after MAILER(`smtp') if uucp-dom and uucp-uudom are used. - CONFIG: Hosts listed in the generics domain class {G} - (GENERICS_DOMAIN() and GENERICS_DOMAIN_FILE()) are treated - as canonical. Suggested by Per Hedeland of Ericsson. - CONFIG: If FEATURE(`delay_checks') is used, make sure that a lookup - in the access map which returns OK or RELAY actually - terminates check_* ruleset checking. - CONFIG: New tag TLS_Rcpt: for access map to be used by ruleset - tls_rcpt, see cf/README for details. - CONFIG: Change format of Received: header line which reveals whether - STARTTLS has been used to "(version=${tls_version} - cipher=${cipher} bits=${cipher_bits} verify=${verify})". - CONFIG: Use "Spam:" as tag for lookups for FEATURE(`delay_checks') - options friends/haters instead of "To:" and enable - specification of whole domains instead of just users. - Notice: this change is not backward compatible. - Suggested by Chris Adams from HiWAAY Informations Services. - CONFIG: Allow for local extensions for most new rulesets, see - cf/README for details. - CONFIG: New FEATURE(`lookupdotdomain') to lookup also .domain in - the access map. Proposed by Randall Winchester of the - University of Maryland. - CONFIG: New FEATURE(`local_no_masquerade') to avoid masquerading for - the local mailer. Proposed by Ingo Brueckl of Wupper Online. - CONFIG: confRELAY_MSG/confREJECT_MSG can override the default - messages for an unauthorized relaying attempt/for access - map entries with RHS REJECT, respectively. - CONFIG: FEATURE(`always_add_domain') takes an optional argument - to specify another domain to be added instead of the local one. - Suggested by Richard H. Gumpertz of Computer Problem - Solving. - CONFIG: confAUTH_OPTIONS allows setting of Cyrus-SASL specific - options, see doc/op/op.me for details. - CONFIG: confAUTH_MAX_BITS sets the maximum encryption strength for - the security layer in SMTP AUTH (SASL). - CONFIG: If Local_localaddr resolves to $#ok, localaddr is terminated - immediately. - CONFIG: FEATURE(`enhdnsbl') is an enhanced version of dnsbl which - allows checking of the return values of the DNS lookups. - See cf/README for details. - CONFIG: FEATURE(`dnsbl') allows now to specify the behavior for - temporary lookup failures. - CONFIG: New option confDELIVER_BY_MIN to specify minimum time for - Deliver By (RFC 2852) or to turn off the extension. - CONFIG: New option confSHARED_MEMORY_KEY to set the key for shared - memory use. - CONFIG: New FEATURE(`compat_check') to look up a key consisting - of the sender and the recipient address delimited by the - string "<@>", e.g., sender@sdomain<@>recipient@rdomain, - in the access map. Based on code contributed by Mathias - Koerber of Singapore Telecommunications Ltd. - CONFIG: Add EXPOSED_USER_FILE() command to allow an exposed user - file. Suggested by John Beck of Sun Microsystems. - CONFIG: Don't use MAILER-DAEMON for error messages delivered - via LMTP. Problem reported by Larry Greenfield of CMU. - CONFIG: New FEATURE(`preserve_luser_host') to preserve the name of - the recipient host if LUSER_RELAY is used. - CONFIG: New FEATURE(`preserve_local_plus_detail') to preserve the - +detail portion of the address when passing address to - local delivery agent. Disables alias and .forward +detail - stripping. Only use if LDA supports this. - CONFIG: Removed deprecated FEATURE(`rbl'). - CONFIG: Add LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE() - which allow you to specify 'equivalent' hosts for LDAP - Routing lookups. Equivalent hostnames are replaced by the - masquerade domain name for lookups. See cf/README for - additional details. - CONFIG: Add a fourth argument to FEATURE(`ldap_routing') which - instructs the rulesets on what to do if the address being - looked up has +detail information. See cf/README for more - information. - CONFIG: When chosing a new destination via LDAP Routing, also look - up the new routing address/host in the mailertable. Based - on patch from Don Badrak of the United States Census Bureau. - CONFIG: Do not reject the SMTP Mail from: command if LDAP Routing - is in use and the bounce option is enabled. Only reject - recipients as user unknown. - CONFIG: Provide LDAP support for the remaining database map - features. See the ``USING LDAP FOR ALIASES AND MAPS'' - section of cf/README for more information. - CONFIG: Add confLDAP_CLUSTER which defines the ${sendmailMTACluster} - macro used for LDAP searches as described above in ``USING - LDAP FOR ALIASES, MAPS, AND CLASSES''. - CONFIG: confCLIENT_OPTIONS has been replaced by CLIENT_OPTIONS(), - which takes the options as argument and can be used - multiple times; see cf/README for details. - CONFIG: Add configuration macros for new options: - confBAD_RCPT_THROTTLE BadRcptThrottle - confDIRECT_SUBMISSION_MODIFIERS DirectSubmissionModifiers - confMAILBOX_DATABASE MailboxDatabase - confMAX_QUEUE_CHILDREN MaxQueueChildren - confMAX_RUNNERS_PER_QUEUE MaxRunnersPerQueue - confNICE_QUEUE_RUN NiceQueueRun - confQUEUE_FILE_MODE QueueFileMode - confFAST_SPLIT FastSplit - confTLS_SRV_OPTIONS TLSSrvOptions - See above (and related documentation) for further information. - CONFIG: Add configuration variables for new timeout options: - confTO_ACONNECT Timeout.aconnect - confTO_AUTH Timeout.auth - confTO_LHLO Timeout.lhlo - confTO_STARTTLS Timeout.starttls - CONFIG: Add configuration macros for mail filter API: - confINPUT_MAIL_FILTERS InputMailFilters - confMILTER_LOG_LEVEL Milter.LogLevel - confMILTER_MACROS_CONNECT Milter.macros.connect - confMILTER_MACROS_HELO Milter.macros.helo - confMILTER_MACROS_ENVFROM Milter.macros.envfrom - confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt - Mail filters can be defined via INPUT_MAIL_FILTER() and - MAIL_FILTER(). See libmilter/README, cf/README, and - doc/op/op.me for details. - CONFIG: Add support for accepting temporarily unresolvable domains. - See cf/README for details. Based on patch by Motonori - Nakamura of Kyoto University. - CONFIG: confDEQUOTE_OPTS can be used to specify options for the - dequote map. - CONFIG: New macro QUEUE_GROUP() to define queue groups. - CONFIG: New FEATURE(`queuegroup') to select a queue group based - on the full e-mail address or the domain of the recipient. - CONFIG: Any IPv6 addresses used in configuration should be prefixed - by the "IPv6:" tag to identify the address properly. For - example, if you want to use the IPv6 address - 2002:c0a8:51d2::23f4 in the access database, you would need - to use IPv6:2002:c0a8:51d2::23f4 on the left hand side. - This affects the access database as well as the - relay-domains and local-host-names files. - CONFIG: OSTYPE(aux) has been renamed to OSTYPE(a-ux). - CONFIG: Avoid expansion of m4 keywords in SMART_HOST. - CONFIG: Add MASQUERADE_EXCEPTION_FILE() for reading masquerading - exceptions from a file. Suggested by Trey Breckenridge of - Mississippi State University. - CONFIG: Add LOCAL_USER_FILE() for reading local users - (LOCAL_USER() -- $={L}) entries from a file. - CONTRIB: dnsblaccess.m4 is a further enhanced version of enhdnsbl.m4 - which allows to lookup error codes in the access map. - Contributed by Neil Rickert of Northern Illinois University. - DEVTOOLS: Add new options for installation of include and library - files: confINCGRP, confINCMODE, confINCOWN, confLIBGRP, - confLIBMODE, confLIBOWN. - DEVTOOLS: Add new option confDONT_INSTALL_CATMAN to turn off - installation of the the formatted man pages on operating - systems which don't include cat directories. - EDITMAP: New program for editing maps as supplement to makemap. - MAIL.LOCAL: Mail.local now uses the libsm mbdb package to look up - local mail recipients. New option -D mbdb specifies the - mailbox database type. - MAIL.LOCAL: New option "-h filename" which instructs mail.local to - deliver the mail to the named file in the user's home - directory instead of the system mail spool area. Based on - patch from Doug Hardie of the Los Angeles Free-Net. - MAILSTATS: New command line option -P which acts the same as -p but - doesn't truncate the statistics file. - MAKEMAP: Add new option -t to specify a different delimiter - instead of white space. - RMAIL: Invoke sendmail with '-G' to indicate this is a gateway - submission. Problem noted by Kari Hurtta of the Finnish - Meteorological Institute. - SMRSH: Use the vendor supplied directory on FreeBSD 3.3 and later. - VACATION: Change Auto-Submitted: header value from auto-generated to - auto-replied. From Kenneth Murchison of Oceana Matrix Ltd. - VACATION: New option -d to send error/debug messages to stdout - instead of syslog. - VACATION: New option -U which prevents the attempt to lookup login - in the password file. The -f and -m options must be used - to specify the database and message file since there is no - home directory for the default settings for these options. - VACATION: Vacation now uses the libsm mbdb package to look up - local mail recipients; it reads the MailboxDatabase option - from the sendmail.cf file. New option -C cffile which - specifies the path of the sendmail.cf file. - New Directories: - libmilter/docs - New Files: - cf/cf/README - cf/cf/submit.cf - cf/cf/submit.mc - cf/feature/authinfo.m4 - cf/feature/compat_check.m4 - cf/feature/enhdnsbl.m4 - cf/feature/msp.m4 - cf/feature/local_no_masquerade.m4 - cf/feature/lookupdotdomain.m4 - cf/feature/preserve_luser_host.m4 - cf/feature/preserve_local_plus_detail.m4 - cf/feature/queuegroup.m4 - cf/sendmail.schema - contrib/dnsblaccess.m4 - devtools/M4/UNIX/sm-test.m4 - devtools/OS/OpenUNIX.5.i386 - editmap/* - include/sm/* - libsm/* - libsmutil/cf.c - libsmutil/err.c - sendmail/SECURITY - sendmail/TUNING - sendmail/bf.c - sendmail/bf.h - sendmail/sasl.c - sendmail/sm_resolve.c - sendmail/sm_resolve.h - sendmail/tls.c - Deleted Files: - cf/feature/rbl.m4 - cf/ostype/aix2.m4 - devtools/OS/AIX.2 - include/sendmail/cdefs.h - include/sendmail/errstring.h - include/sendmail/useful.h - libsmutil/errstring.c - sendmail/bf_portable.c - sendmail/bf_portable.h - sendmail/bf_torek.c - sendmail/bf_torek.h - sendmail/clock.c - Renamed Files: - cf/cf/generic-solaris2.mc => cf/cf/generic-solaris.mc - cf/cf/generic-solaris2.cf => cf/cf/generic-solaris.cf - cf/ostype/aux.m4 => cf/ostype/a-ux.m4 - -8.11.6/8.11.6 2001/08/20 - SECURITY: Fix a possible memory access violation when specifying - out-of-bounds debug parameters. Problem detected by - Cade Cairns of SecurityFocus. - Avoid leaking recipient information in unrelated DSNs. This could - happen if a connection is aborted, several mails had been - scheduled for delivery via that connection, and the timeout - is reached such that several DSNs are sent next. Problem - noted by Dileepan Moorkanat of Hewlett-Packard. - Fix a possible segmentation violation when specifying too many - wildcard operators in a rule. Problem detected by - Werner Wiethege. - Avoid a segmentation fault on non-matching Hesiod lookups. Problem - noted by Russell McOrmond of flora.ca - -8.11.5/8.11.5 2001/07/31 - Fix a possible race condition when sending a HUP signal to restart - the daemon. This could terminate the current process without - starting a new daemon. Problem reported by Wolfgang Breyha - of SE Netway Communications. - Only apply MaxHeadersLength when receiving a message via SMTP or - the command line. Problem noted by Andrey J. Melnikoff. - When finding the system's local hostname on an IPv6-enabled system - which doesn't have any IPv6 interface addresses, fall back - to looking up only IPv4 addresses. Problem noted by Tim - Bosserman of EarthLink. - When commands were being rejected due to check_relay or TCP - Wrappers, the ETRN command was not giving a response. - Incoming IPv4 connections on a Family=inet6 daemon (using - IPv4-mapped addresses) were incorrectly labeled as "may be - forged". Problem noted by Per Steinar Iversen of Oslo - University College. - Shutdown address test mode cleanly on SIGTERM. Problem noted by - Greg King of the OAO Corporation. - Restore the original real uid (changed in main() to prevent - out of band signals) before invoking a delivery agent. - Some delivery agents use this for the "From " envelope - "header". Problem noted by Leslie Carroll of the - University at Albany. - Mark closed file descriptors properly to avoid reuse. Problem - noted by Jeff Bronson of J.D. Bronson, Inc. - Setting Timeout options on the command line will also override - their sub-suboptions in the .cf file, e.g., -O - Timeout.queuereturn=2d will set all queuereturn timeouts - to 2 days. Problem noted by Roger B.A. Klorese. - Portability: - BSD/OS has a broken setreuid() implementation. Problem - noted by Vernon Schryver of Rhyolite Software. - BSD/OS has /dev/urandom(4) (as of version 4.1/199910 ?). - Noted by Vernon Schryver of Rhyolite Software. - BSD/OS has fchown(2). Noted by Dave Yadallee of Netline - 2000 Internet Solutions Inc. - Solaris 2.X and later have strerror(3). From Sebastian - Hagedorn of Cologne University. - CONFIG: Fix parsing for IPv6 domain literals in addresses - (user@[IPv6:address]). Problem noted by Liyuan Zhou. - -8.11.4/8.11.4 2001/05/28 - Clean up signal handling routines to reduce the chances of heap - corruption and other potential race conditions. - Terminating and restarting the daemon may not be - instantaneous due to this change. Also, non-root users can - no longer send out-of-band signals. Problem reported by - Michal Zalewski of BindView. - If LogLevel is greater than 9 and SASL fails to negotiate an - encryption layer, avoid core dump logging the encryption - strength. Problem noted by Miroslav Zubcic of Crol. - If a server offers "AUTH=" and "AUTH " and the list of mechanisms is - different in those two lines, sendmail might not have - recognized (and used) all of the offered mechanisms. - Fix an IP address lookup problem on Solaris 2.0 - 2.3. Patch - from Kenji Miyake. - This time, really don't use the .. directory when expanding - QueueDirectory wildcards. - If a process is interrupted while closing a map, don't try to close - the same map again while exiting. - Allow local mailers (F=l) to contact remote hosts (e.g., via - LMTP). Problem noted by Norbert Klasen of the University - of Tuebingen. - If Timeout.QueueReturn was set to a value less the time it took - to write a new queue file (e.g., 0 seconds), the bounce - message would be lost. Problem noted by Lorraine L Goff of - Oklahoma State University. - Pass map argument vector into map rewriting engine for the regex - and prog map types. Problem noted by Stephen Gildea of - InTouch Systems, Inc. - When closing an LDAP map due to a temporary error, close all of the - other LDAP maps which share the original map's connection - to the LDAP server. Patch from Victor Duchovni of - Morgan Stanley. - To detect changes of NDBM aliases files check the timestamp of the - .pag file instead of the .dir file. Problem noted by Neil - Rickert of Northern Illinois University. - Don't treat temporary hesiod lookup failures as permanent. Patch - from Werner Wiethege. - If ClientPortOptions is set, make sure to create the outgoing socket - with the family set in that option. Patch from Sean Farley. - Avoid a segmentation fault trying to dereference a NULL pointer - when logging a MaxHopCount exceeded error with an empty - recipient list. Problem noted by Chris Adams of HiWAAY - Internet Services. - Fix DSN for "Too many hops" bounces. Problem noticed by Ulrich - Windl of the Universitaet Regensburg. - Fix DSN for "mail loops back to me" bounces. Problem noticed by - Kari Hurtta of the Finnish Meteorological Institute. - Portability: - OpenBSD has a broken setreuid() implementation. - CONFIG: Undo change from 8.11.1: change 501 SMTP reply code back - to 553 since it is allowed by DRUMS. - CONFIG: Add OSTYPE(freebsd4) for FreeBSD 4.X. - DEVTOOLS: install.sh did not properly handle paths in the source - file name argument. Noted by Kari Hurtta of the Finnish - Meteorological Institute. - DEVTOOLS: Add FAST_PID_RECYCLE to compile time options for OpenBSD - since it generates random process ids. - PRALIASES: Add back adaptive algorithm to deal with different endings - of entries in the database (with/without trailing '\0'). - Patch from John Beck of Sun Microsystems. - New Files: - cf/ostype/freebsd4.m4 - -8.11.3/8.11.3 2001/02/27 - Prevent a segmentation fault when a bogus value was used in the - LDAPDefaultSpec option's -r, -s, or -M flags and if a bogus - option was used. Problem noted by Allan E Johannesen of - Worcester Polytechnic Institute. - Prevent "token too long" message by shortening {currHeader} which - could be too long if the last copied character was a quote. - Problem detected by Jan Krueger of digitalanswers - communications consulting gmbh. - Additional IPv6 check for unspecified addresses. Patch from - Jun-ichiro itojun Hagino of the KAME Project. - Do not ignore the ClientPortOptions setting if DaemonPortOptions - Modifier=b (bind to same interface) is set and the - connection came in from the command line. - Do not bind to the loopback address if DaemonPortOptions - Modifier=b (bind to same interface) is set. Patch from - John Beck of Sun Microsystems. - Properly deal with open failures on non-optional maps used in - check_* rulesets by returning a temporary failure. - Buffered file I/O files were not being properly fsync'ed to disk - when they were committed. - Properly encode '=' for the AUTH= parameter of the MAIL command. - Problem noted by Hadmut Danisch. - Under certain circumstances the macro {server_name} could be set - to the wrong hostname (of a previous connection), which may - cause some rulesets to return wrong results. This would - usually cause mail to be queued up and delivered later on. - Ignore F=z (LMTP) mailer flag if $u is given in the mailer A= - equate. Problem noted by Motonori Nakamura of Kyoto - University. - Work around broken accept() implementations which only partially - fill in the peer address if the socket is closed before - accept() completes. - Return an SMTP "421" temporary failure if the data file can't be - opened where the "354" reply would normally be given. - Prevent a CPU loop in trying to expand a macro which doesn't exist - in a queue run. Problem noted by Gordon Lack of Glaxo - Wellcome. - If delivering via a program and that program exits with EX_TEMPFAIL, - note that fact for the mailq display instead of just showing - "Deferred". Problem noted by Motonori Nakamura of Kyoto - University. - If doing canonification via /etc/hosts, try both the fully - qualified hostname as well as the first portion of the - hostname. Problem noted by David Bremner of the - University of New Brunswick. - Portability: - Fix a compilation problem for mail.local and rmail if SFIO - is in use. Problem noted by Auteria Wally - Winzer Jr. of Champion Nutrition. - IPv6 changes for platforms using KAME. Patch from - Jun-ichiro itojun Hagino of the KAME Project. - OpenBSD 2.7 and higher has srandomdev(3). OpenBSD 2.8 and - higher has BSDI-style login classes. Patch from - Todd C. Miller of Courtesan Consulting. - Unixware 7.1.1 doesn't allow h_errno to be set directly if - sendmail is being compiled with -kthread. Problem - noted by Orion Poplawski of CQG, Inc. - CONTRIB: buildvirtuser: Substitute current domain for $DOMAIN and - current left hand side for $LHS in virtuser files. - DEVTOOLS: Do not pass make targets to recursive Build invocations. - Problem noted by Jeff Bronson of J.D. Bronson, Inc. - MAIL.LOCAL: In LMTP mode, do not return errors regarding problems - storing the temporary message file until after the remote - side has sent the final DATA termination dot. Problem - noted by Allan E Johannesen of Worcester Polytechnic - Institute. - MAIL.LOCAL: If LMTP mode is set, give a temporary error if users - are also specified on the command line. Patch from - Motonori Nakamura of Kyoto University. - PRALIASES: Skip over AliasFile specifications which aren't based on - database files (i.e., only show dbm, hash, and btree). - Renamed Files: - devtools/OS/OSF1.V5.0 => devtools/OS/OSF1.V5.x - -8.11.2/8.11.2 2000/12/29 - Prevent a segmentation fault when trying to set a class in - address test mode due to a negative array index. Audit - other array indexing. This bug is not believed to be - exploitable. Noted by Michal Zalewski of the "Internet for - Schools" project (IdS). - Add an FFR (for future release) to drop privileges when using - address test mode. This will be turned on in 8.12. It can - be enabled by compiling with: - APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_TESTMODE_DROP_PRIVS') - in your devtools/Site/site.config.m4 file. Suggested by - Michal Zalewski of the "Internet for Schools" project (IdS). - Fix potential problem with Cyrus-SASL security layer which may have - caused I/O errors, especially for mechanism DIGEST-MD5. - When QueueSortOrder was set to host, sendmail might not read - enough of the queue file to determine the host, making the - sort sub-optimal. Problem noted by Jeff Earickson of - Colby College. - Don't issue DSNs for addresses which use the NOTIFY parameter (per - RFC 1891) but don't have FAILURE as value. - Initialize Cyrus-SASL library before the SMTP daemon is started. - This implies that every change to SASL related files requires - a restart of the daemon, e.g., Sendmail.conf, new SASL - mechanisms (in form of shared libraries). - Properly set the STARTTLS related macros during a queue run for - a cached connection. Bug reported by Michael Kellen of - NxNetworks, Inc. - Log the server name in relay= for ruleset tls_server instead of the - client name. - Include original length of bad field/header when reporting - MaxMimeHeaderLength problems. Requested by Ulrich Windl of - the Universitat Regensburg. - Fix delivery to set-user-ID files that are expanded from aliases in - DeliveryMode queue. Problem noted by Ric Anderson of the - University of Arizona. - Fix LDAP map -m (match only) flag. Problem noted by Jeff Giuliano - of Collective Technologies. - Avoid using a negative argument for sleep() calls when delaying answers - to EXPN/VRFY commands on systems which respond very slowly. - Problem noted by Mikolaj J. Habryn of Optus Internet - Engineering. - Make sure the F=u flag is set in the default prog mailer - definition. Problem noted by Kari Hurtta of the Finnish - Meteorological Institute. - Fix IPv6 check for unspecified addresses. Patch from - Jun-ichiro itojun Hagino of the KAME Project. - Fix return values for IRIX nsd map. From Kari Hurtta of the Finnish - Meteorological Institute. - Fix parsing of DaemonPortOptions and ClientPortOptions. Read all - of the parameters to find Family= setting before trying to - interpret Addr= and Port=. Problem noted by Valdis - Kletnieks of Virginia Tech. - When delivering to a file directly from an alias, do not call - initgroups(); instead use the DefaultUser group information. - Problem noted by Marc Schaefer of ALPHANET NF. - RunAsUser now overrides the ownership of the control socket, if - created. Otherwise, sendmail can not remove it upon - close. Problem noted by Werner Wiethege. - Fix ConnectionRateThrottle counting as the option is the number of - overall connections, not the number of connections per - socket. A future version may change this to per socket - counting. - Portability: - Clean up libsmdb so it functions properly on platforms - where sizeof(u_int32_t) != sizeof(size_t). Problem - noted by Rein Tollevik of Basefarm AS. - Fix man page formatting for compatibility with Solaris' - whatis. From Stephen Gildea of InTouch Systems, Inc. - UnixWare 7 includes snprintf() support. From Larry - Rosenman. - IPv6 changes for platforms using KAME. Patch from - Jun-ichiro itojun Hagino of the KAME Project. - Avoid a typedef compile conflict with Berkeley DB 3.X and - Solaris 2.5 or earlier. Problem noted by Bob Hughes - of Pacific Access. - Add preliminary support for AIX 5. Contributed by - Valdis Kletnieks of Virginia Tech. - Solaris 9 load average support from Andrew Tucker of Sun - Microsystems. - CONFIG: Reject addresses of the form a!b if FEATURE(`nouucp', `r') - is used. Problem noted by Phil Homewood of Asia Online, - patch from Neil Rickert of Northern Illinois University. - CONFIG: Change the default DNS based blacklist server for - FEATURE(`dnsbl') to blackholes.mail-abuse.org. - CONFIG: Deal correctly with the 'C' flag in {daemon_flags}, i.e., - implicitly assume canonical host names. - CONFIG: Deal with "::" in IPv6 addresses for access_db. Based on - patch by Motonori Nakamura of Kyoto University. - CONFIG: New OSTYPE(`aix5') contributed by Valdis Kletnieks of - Virginia Tech. - CONFIG: Pass the illegal header form <list:;> through untouched - instead of making it worse. Problem noted by Motonori - Nakamura of Kyoto University. - CONTRIB: Added buildvirtuser (see `perldoc contrib/buildvirtuser`). - CONTRIB: qtool.pl: An empty queue is not an error. Problem noted - by Jan Krueger of digitalanswers communications consulting - gmbh. - CONTRIB: domainmap.m4: Handle domains with '-' in them. From Mark - Roth of the University of Illinois at Urbana-Champaign. - DEVTOOLS: Change the internal devtools OS, REL, and ARCH m4 - variables into bldOS, bldREL, and bldARCH to prevent - namespace collisions. Problem noted by Motonori Nakamura - of Kyoto University. - RMAIL: Undo the 8.11.1 change to use -G when calling sendmail. It - causes some changes in behavior and may break rmail for - installations where sendmail is actually a wrapper to - another MTA. The change will re-appear in a future - version. - SMRSH: Use the vendor supplied directory on HPUX 10.X, HPUX 11.X, - and SunOS 5.8. Requested by Jeff A. Earickson of Colby - College and John Beck of Sun Microsystems. - VACATION: Fix pattern matching for addresses to ignore. - VACATION: Don't reply to addresses of the form owner-* - or *-owner. - New Files: - cf/ostype/aix5.m4 - contrib/buildvirtuser - devtools/OS/AIX.5.0 - -8.11.1/8.11.1 2000/09/27 - Fix SMTP EXPN command output if the address expands to a single - name. Fix from John Beck of Sun Microsystems. - Don't try STARTTLS in the client if the PRNG has not been properly - seeded. This problem only occurs on systems without - /dev/urandom. Problem detected by Jan Krueger of - digitalanswers communications consulting gmbh and - Neil Rickert of Northern Illinois University. - Don't use the . and .. directories when expanding QueueDirectory - wildcards. - Do not try to cache LDAP connections across processes as a parent - process may close the connection before the child process - has completed. Problem noted by Lai Yiu Fai of the Hong - Kong University of Science and Technology and Wolfgang - Hottgenroth of UUNET. - Use Timeout.fileopen to limit the amount of time spent trying to - read the LDAP secret from a file. - Prevent SIGTERM from removing a command line submitted item after - the user submits the message and before the first delivery - attempt completes. Problem noted by Max France of AlphaNet. - Fix from Neil Rickert of Northern Illinois University. - Deal correctly with MaxMessageSize restriction if message size is - greater than 2^31. Problem noted by Tim "Darth Dice" Bosserman - of EarthLink. - Turn off queue checkpointing if CheckpointInterval is set to zero. - Treat an empty home directory (from getpw*() or $HOME) as - non-existent instead of treating it as /. Problem noted by - Todd C. Miller of Courtesan Consulting. - Don't drop duplicate headers when reading a queued item. Problem - noted by Motonori Nakamura of Kyoto University. - Avoid bogus error text when logging the savemail panic "cannot - save rejected email anywhere". Problem noted by Marc G. - Fournier of Acadia University. - If an LDAP search fails because the LDAP server went down, close - the map so subsequent searches reopen the map. If there are - multiple LDAP servers, the down server will be skipped and - one of the others may be able to take over. - Set the ${load_avg} macro to the current load average, not the - previous load average query result. - If a non-optional map used in a check_* ruleset can't be opened, - return a temporary failure to the remote SMTP client - instead of ignoring the map. Problem noted by Allan E - Johannesen of Worcester Polytechnic Institute. - Avoid a race condition when queuing up split envelopes by saving - the split envelopes before the original envelope. - Fix a bug in the PH_MAP code which caused mail to bounce instead of - defer if the PH server could not be contacted. From Mark - Roth of the University of Illinois at Urbana-Champaign. - Prevent QueueSortOrder=Filename from interfering with -qR, -qS, and - ETRN. Problem noted by Erik R. Leo of SoVerNet. - Change error code for unrecognized parameters to the SMTP MAIL and - RCPT commands from 501 to 555 per RFC 1869. Problem - reported to Postfix by Robert Norris of Monash University. - Prevent overwriting the argument of -B on certain OS. Problem - noted by Matteo Gelosa of I.NET S.p.A. - Use the proper routine for freeing memory with Netscape's LDAP - client libraries. Patch from Paul Hilchey of the - University of British Columbia. - Portability: - Move the NETINET6 define to devtools/OS/SunOS.5.{8,9} - instead of defining it in conf.h so users can - override the setting. Suggested by - Henrik Nordstrom of Ericsson. - On HP-UX 10.X and 11.X, use /usr/sbin/sendmail instead of - /usr/lib/sendmail for rmail and vacation. From - Jeff A. Earickson of Colby College. - On HP-UX 11.X, use /usr/sbin instead of /usr/libexec (which - does not exist). From Jeff A. Earickson of Colby - College. - Avoid using the UCB subsystem on NCR MP-RAS 3.x. From - Tom Moore of NCR. - NeXT 3.X and 4.X installs man pages in /usr/man. From - Hisanori Gogota of NTT/InterCommunicationCenter. - Solaris 8 and later include /var/run. The default PID file - location is now /var/run/sendmail.pid. From John - Beck of Sun Microsystems. - SFIO includes snprintf() for those operating systems - which do not. From Todd C. Miller of Courtesan - Consulting. - CONFIG: Use the result of _CERT_REGEX_SUBJECT_ not {cert_subject}. - Problem noted by Kaspar Brand of futureLab AG. - CONFIG: Change 553 SMTP reply code to 501 to avoid problems with - errors in the MAIL address. - CONFIG: Fix FEATURE(nouucp) usage in example .mc files. Problem - noted by Ron Jarrell of Virginia Tech. - CONFIG: Add support for Solaris 8 (and later) as OSTYPE(solaris8). - Contributed by John Beck of Sun Microsystems. - CONFIG: Set confFROM_HEADER such that the mail hub can possibly add - GECOS information for an address. This more closely - matches pre-8.10 nullclient behavior. From Per Hedeland of - Ericsson. - CONFIG: Fix MODIFY_MAILER_FLAGS(): apply the flag modifications for - SMTP to all *smtp* mailers and those for RELAY to the relay - mailer as described in cf/README. - MAIL.LOCAL: Open the mailbox as the recipient not root so quotas - are obeyed. Problem noted by Damian Kuczynski of NIK. - MAKEMAP: Do not change a map's owner to the TrustedUser if using - makemap to 'unmake' the map. - RMAIL: Avoid overflowing the list of recipients being passed to - sendmail. - RMAIL: Invoke sendmail with '-G' to indicate this is a gateway - submission. Problem noted by Kari Hurtta of the Finnish - Meteorological Institute. - VACATION: Read the complete message to avoid "broken pipe" signals. - VACATION: Do not cut off vacation.msg files which have a single - dot as the only character on the line. - New Files: - cf/ostype/solaris8.m4 - -8.11.0/8.11.0 2000/07/19 - SECURITY: If sendmail is installed as a non-root set-user-ID binary - (not the normal case), some operating systems will still - keep a saved-uid of the effective-uid when sendmail tries - to drop all of its privileges. If sendmail needs to drop - these privileges and the operating system doesn't set the - saved-uid as well, exit with an error. Problem noted by - Kari Hurtta of the Finnish Meteorological Institute. - SECURITY: sendmail depends on snprintf() NUL terminating the string - it populates. It is possible that some broken - implementations of snprintf() exist that do not do this. - Systems in this category should compile with - -DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your - system and report broken implementations to - sendmail-bugs@sendmail.org and your OS vendor. Problem - noted by Slawomir Piotrowski of TELSAT GP. - Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS). - Implementation influenced by the example programs of - OpenSSL and the work of Lutz Jaenicke of TU Cottbus. - Add new STARTTLS related options CACERTPath, CACERTFile, - ClientCertFile, ClientKeyFile, DHParameters, RandFile, - ServerCertFile, and ServerKeyFile. These are documented in - cf/README and doc/op/op.*. - New STARTTLS related macros: ${cert_issuer}, ${cert_subject}, - ${tls_version}, ${cipher}, ${cipher_bits}, ${verify}, - ${server_name}, and ${server_addr}. These are documented - in cf/README and doc/op/op.*. - Add support for the Entropy Gathering Daemon (EGD) for better - random data. - New DontBlameSendmail option InsufficientEntropy for systems which - don't properly seed the PRNG for OpenSSL but want to - try to use STARTTLS despite the security problems. - Support the security layer in SMTP AUTH for mechanisms which - support encryption. Based on code contributed by Tim - Martin of CMU. - Add new macro ${auth_ssf} to reflect the SMTP AUTH security - strength factor. - LDAP's -1 (single match only) flag was not honored if the -z - (delimiter) flag was not given. Problem noted by ST Wong of - the Chinese University of Hong Kong. Fix from Mark Adamson - of CMU. - Add more protection from accidentally tripping OpenLDAP 1.X's - ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute(). - Suggested by Kurt Zeilenga of OpenLDAP. - Fix the default family selection for DaemonPortOptions. As - documented, unless a family is specified in a - DaemonPortOptions option, "inet" is the default. It is - also the default if no DaemonPortOptions value is set. - Therefore, IPv6 users should configure additional sockets - by adding DaemonPortOptions settings with Family=inet6 if - they wish to also listen on IPv6 interfaces. Problem noted - by Jun-ichiro itojun Hagino of the KAME Project. - Set ${if_family} when setting ${if_addr} and ${if_name} to reflect - the interface information for an outgoing connection. - Not doing so was creating a mismatch between the socket - family and address used in subsequent connections if the - M=b modifier was set in DaemonPortOptions. Problem noted - by John Beck of Sun Microsystems. - If DaemonPortOptions modifier M=b is used, determine the socket - family based on the IP address. ${if_family} is no longer - persistent (i.e., saved in qf files). Patch from John Beck - of Sun Microsystems. - sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family} - macros for both the incoming interface address/family and - the outgoing interface address/family. In order for M=b - modifier in DaemonPortOptions to work properly, preserve - the incoming information in the queue file for later - delivery attempts. - Use SMTP error code and enhanced status code from check_relay in - responses to commands. Problem noted by Jeff Wasilko of - smoe.org. - Add more vigilance in checking for putc() errors on output streams - to protect from a bug in Solaris 2.6's putc(). Problem - noted by Graeme Hewson of Oracle. - The LDAP map -n option (return attribute names only) wasn't working. - Problem noted by Ajay Matia. - Under certain circumstances, an address could be listed as deferred - but would be bounced back to the sender as failed to be - delivered when it really should have been queued. Problem - noted by Allan E Johannesen of Worcester Polytechnic Institute. - Prevent a segmentation fault in a child SMTP process from getting - the SMTP transaction out of sync. Problem noted by Per - Hedeland of Ericsson. - Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT - is defined to avoid a core dump due to incompatibilities - between sfio and stdio. Problem noted by Neil Rickert - of Northern Illinois University. - Don't log useless envelope ID on initial connection log. Problem - noted by Kari Hurtta of the Finnish Meteorological Institute. - Convert the free disk space shown in a control socket status query - to kilobyte units. - If TryNullMXList is True and there is a temporary DNS failure - looking up the hostname, requeue the message for a later - attempt. Problem noted by Ari Heikkinen of Pohjois-Savo - Polytechnic. - Under the proper circumstances, failed connections would be recorded - as "Bad file number" instead of "Connection failed" in the - queue file and persistent host status. Problem noted by - Graeme Hewson of Oracle. - Avoid getting into an endless loop if a non-hoststat directory exists - within the hoststatus directory (e.g., lost+found). - Patch from Valdis Kletnieks of Virginia Tech. - Make sure Timeout.queuereturn=now returns a bounce message to the - sender. Problem noted by Per Hedeland of Ericsson. - If a message data file can't be opened at delivery time, panic and - abort the attempt instead of delivering a message that - states "<<< No Message Collected >>>". - Fixup the GID checking code from 8.10.2 as it was overly - restrictive. Problem noted by Mark G. Thomas of Mark - G. Thomas Consulting. - Preserve source port number instead of replacing it with the ident - port number (113). - Document the queue status characters in the mailq man page. - Suggested by Ulrich Windl of the Universitat Regensburg. - Process queued items in which none of the recipient addresses have - host portions (or there are no recipients). Problem noted - by Valdis Kletnieks of Virginia Tech. - If a cached LDAP connection is used for multiple maps, make sure - only the first to open the connection is allowed to close - it so a later map close doesn't break the connection for - other maps. Problem noted by Wolfgang Hottgenroth of UUNET. - Netscape's LDAP libraries do not support Kerberos V4 - authentication. Patch from Rainer Schoepf of the - University of Mainz. - Provide workaround for inconsistent handling of data passed - via callbacks to Cyrus SASL prior to version 1.5.23. - Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission - noted by Ulrich Windl of the Universitat Regensburg. - Portability: - Add the ability to read IPv6 interface addresses into class - 'w' under FreeBSD (and possibly others). From Jun - Kuriyama of IMG SRC, Inc. and the FreeBSD Project. - Replace code for finding the number of CPUs on HPUX. - NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not - work properly causing problems if the accept() - fails and the socket needs to be reopened. Patch - from Tom Moore of NCR. - NetBSD uses a .0 extension of formatted man pages. From - Andrew Brown of Crossbar Security. - Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED - for calls to getipnodebyname(). The Linux - implementation is broken so AI_ADDRCONFIG is stripped - under Linux. From John Beck of Sun Microsystems and - John Kennedy of Cal State University, Chico. - CONFIG: Catch invalid addresses containing a ',' at the wrong place. - Patch from Neil Rickert of Northern Illinois University. - CONFIG: New variables for the new sendmail options: - confCACERT_PATH CACERTPath - confCACERT CACERTFile - confCLIENT_CERT ClientCertFile - confCLIENT_KEY ClientKeyFile - confDH_PARAMETERS DHParameters - confRAND_FILE RandFile - confSERVER_CERT ServerCertFile - confSERVER_KEY ServerKeyFile - CONFIG: Provide basic rulesets for TLS policy control and add new - tags to the access database to support these policies. See - cf/README for more information. - CONFIG: Add TLS information to the Received: header. - CONFIG: Call tls_client ruleset from check_mail in case it wasn't - called due to a STARTTLS command. - CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent - instead of temporary. - CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with - the access map and relaying to a domain without using a To: - tag. Problem noted by Mark G. Thomas of Mark G. Thomas - Consulting. - CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in - OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of - RootsWeb.com. - CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and - forwarding to make it as close to the old behavior as - possible. Problem noted by George W. Baltz of the - University of Maryland. - CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From - Wilfredo Sanchez of Apple Computer, Inc. - CONFIG: Changed the map names used by FEATURE(`ldap_routing') from - ldap_mailhost and ldap_mailroutingaddress to ldapmh and - ldapmra as underscores in map names cause problems if - underscore is in OperatorChars. Problem noted by Bob Zeitz - of the University of Alberta. - CONFIG: Apply blacklist_recipients also to hosts in class {w}. - Patch from Michael Tratz of Esosoft Corporation. - CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers. - CONTRIB: Add link_hash.sh to create symbolic links to the hash - of X.509 certificates. - CONTRIB: passwd-to-alias.pl: More protection from special characters; - treat special shells as root aliases; skip entries where the - GECOS full name and username match. From Ulrich Windl of the - Universitat Regensburg. - CONTRIB: qtool.pl: Add missing last_modified_time method and fix a - typo. Patch from Graeme Hewson of Oracle. - CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue - and sendmail. Patch from Graeme Hewson of Oracle. - CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as - subroutine Patch from Graeme Hewson of Oracle. - CONTRIB: Add movemail.pl (move old mail messages between queues by - calling re-mqueue.pl) and movemail.conf (configuration - script for movemail.pl). From Graeme Hewson of Oracle. - CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to - makemap). From Derek J. Balling of Yahoo,Inc. - DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any - extension modifications (e.g., MAN8EXT) to the installation - target. Patch from James Ralston of Carnegie Mellon - University. - DEVTOOLS: Add support for SunOS 5.9. - DEVTOOLS: New option confLN contains the command used to create - links. - LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not - reported. - MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of - Denman Tire Corporation. - MAIL.LOCAL: Prevent a possible DoS attack when compiled with - -DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU. - MAILSTATS: Fix usage statement (-p and -o are optional). - MAKEMAP: Change man page layout as workaround for problem with nroff - and -man on Solaris 7. Patch from Larry Williamson. - RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of - Black Diamond Equipment, Limited. - RMAIL: Prevent a segmentation fault if the incoming message does not - have a From line. - VACATION: Read all of the headers before deciding whether or not - to respond instead of stopping after finding recipient. - Added Files: - cf/ostype/darwin.m4 - contrib/cidrexpand - contrib/link_hash.sh - contrib/movemail.conf - contrib/movemail.pl - devtools/OS/SunOS.5.9 - test/t_snprintf.c - -8.10.2/8.10.2 2000/06/07 - SECURITY: Work around broken Linux setuid() implementation. - On Linux, a normal user process has the ability to subvert - the setuid() call such that it is impossible for a root - process to drop its privileges. Problem noted by Wojciech - Purczynski of elzabsoft.pl. - SECURITY: Add more vigilance around set*uid(), setgid(), setgroups(), - initgroups(), and chroot() calls. - Added Files: - test/t_setuid.c - -8.10.1/8.10.1 2000/04/06 - SECURITY: Limit the choice of outgoing (client-side) SMTP - Authentication mechanisms to those specified in - AuthMechanisms to prevent information leakage. We do not - recommend use of PLAIN for outgoing mail as it sends the - password in clear text to possibly untrusted servers. See - cf/README's DefaultAuthInfo section for additional information. - Copy the ident argument for openlog() to avoid problems on some - OSs. Based on patch from Rob Bajorek from Webhelp.com. - Avoid bogus error message when reporting an alias line as too long. - Avoid bogus socket error message if sendmail.cf version level is - greater than sendmail binary supported version. Patch - from John Beck of Sun Microsystems. - Prevent a malformed ruleset (missing right hand side) from causing - a segmentation fault when using address test mode. Based on - patch from John Beck of Sun Microsystems. - Prevent memory leak from use of NIS maps and yp_match(3). Problem - noted by Gil Kloepfer of the University of Texas at Austin. - Fix queue file permission checks to allow for TrustedUser ownership. - Change logging of errors from the trust_auth ruleset to LogLevel 10 - or higher. - Avoid simple password cracking attacks against SMTP AUTH by using - exponential delay after too many tries within one connection. - Encode an initial empty AUTH challenge as '=', not as empty string. - Avoid segmentation fault on EX_SOFTWARE internal error logs. - Problem noted by Allan E Johannesen of Worcester - Polytechnic Institute. - Ensure that a header check which resolves to $#discard actually - discards the message. - Emit missing value warnings for aliases with no right hand side - when newaliases is run instead of only when delivery is - attempted to the alias. - Remove AuthOptions missing value warning for consistency with other - flag options. - Portability: - SECURITY: Specify a run-time shared library search path for - AIX 4.X instead of using the dangerous AIX 4.X - linker semantics. AIX 4.X users should consult - sendmail/README for further information. Problem - noted by Valdis Kletnieks of Virginia Tech. - Avoid use of strerror(3) call. Problem noted by Charles - Levert of Ecole Polytechnique de Montreal. - DGUX requires -lsocket -lnsl and has a non-standard install - program. From Tim Boyer of Denman Tire Corporation. - HPUX 11.0 has a broken res_search() function. - Updates to devtools/OS/NeXT.3.X, NeXT.4.X, and NEXTSTEP.4.X - from J. P. McCann of E I A. - Digital UNIX/Compaq Tru64 5.0 now includes snprintf(3). - Problem noted by Michael Long of Info Avenue Internet - Services, LLC. - Modern (post-199912) OpenBSD versions include working - strlc{at,py}(3) functions. From Todd C. Miller of - Courtesan Consulting. - SINIX doesn't have random(3). From Gerald Rinske of - Siemens Business Services. - CONFIG: Change error message about unresolvable sender domain to - include the sender address. Proposed by Wolfgang Rupprecht - of WSRCC. - CONFIG: Fix usenet mailer calls. - CONFIG: If RELAY_MAILER_FLAGS is not defined, use SMTP_MAILER_FLAGS - to be backward compatible with 8.9. - CONFIG: Change handling of default case @domain for virtusertable - to allow for +*@domain to deal with +detail. - CONTRIB: Remove converting.sun.configs -- it is obsolete. - DEVTOOLS: confUBINMODE was being ignored. Fix from KITAZIMA, Tuneki - of NEC. - DEVTOOLS: Add to NCR platform list and include the architecture - (i486). From Tom J. Moore of NCR. - DEVTOOLS: SECURITY: Change method of linking with sendmail utility - libraries to work around the AIX 4.X and SunOS 4.X linker's - overloaded -L option. Problem noted by Valdis Kletnieks of - Virginia Tech. - DEVTOOLS: configure.sh was overriding the user's choice for - confNROFF. Problem noted by Glenn A. Malling of Syracuse - University. - DEVTOOLS: New variables conf_prog_LIB_POST and confBLDVARIANT added - for other internal projects but included in the open source - release. - LIBSMDB: Check for ".db" instead of simply "db" at the end of the - map name to determine whether or not to add the extension. - This fixes makemap when building the userdb file. Problem - noted by Andrew J Cole of the University of Leeds. - LIBSMDB: Allow a database to be opened for updating and created if - it doesn't already exist. Problem noted by Rand Wacker of - Sendmail. - LIBSMDB: If type is SMDB_TYPE_DEFAULT and both NEWDB and NDBM are - available, fall back to NDBM if NEWDB open fails. This - fixes praliases. Patch from John Beck of Sun Microsystems. - LIBSMUTIL: safefile()'s SFF_NOTEXCL check was being misinterpreted - as SFF_NOWRFILES. - OP.ME: Clarify some issues regarding mailer flags. Suggested by - Martin Mokrejs of The Charles University and Neil Rickert of - Northern Illinois University. - PRALIASES: Restore 8.9.X functionality of being able to search for - particular keys in a database by specifying the keys on the - command line. Man page updated accordingly. Patch from - John Beck of Sun Microsystems. - VACATION: SunOS 4.X portability from Charles Levert of Ecole - Polytechnique de Montreal. - VACATION: Fix -t option which is ignored but available for - compatibility with Sun's version, based on patch from - Volker Dobler of Infratest Burke. - Added Files: - devtools/M4/UNIX/smlib.m4 - devtools/OS/OSF1.V5.0 - Deleted Files: - contrib/converting.sun.configs - Deleted Directories (already done in 8.10.0 but not listed): - doc/intro - doc/usenix - doc/changes - -8.10.0/8.10.0 2000/03/01 - ************************************************************* - * The engineering department at Sendmail, Inc. has suffered * - * the tragic loss of a key member of our engineering team. * - * Julie Van Bourg was the Vice President of Engineering * - * at Sendmail, Inc. during the development and deployment * - * of this release. It was her vision, dedication, and * - * support that has made this release a success. Julie died * - * on October 26, 1999 of cancer. We have lost a leader, a * - * coach, and a friend. * - * * - * This release is dedicated to her memory and to the joy, * - * strength, ideals, and hope that she brought to all of us. * - * Julie, we miss you! * - ************************************************************* - SECURITY: The safe file checks now back track through symbolic - links to make sure the files can't be compromised due - to poor permissions on the parent directories of the - symbolic link target. - SECURITY: Only root, TrustedUser, and users in class t can rebuild - the alias map. Problem noted by Michal Zalewski of the - "Internet for Schools" project (IdS). - SECURITY: There is a potential for a denial of service attack if - the AutoRebuildAliases option is set as a user can kill the - sendmail process while it is rebuilding the aliases file - (leaving it in an inconsistent state). This option and - its use is deprecated and will be removed from a future - version of sendmail. - SECURITY: Make sure all file descriptors (besides stdin, stdout, and - stderr) are closed before restarting sendmail. Problem noted - by Michal Zalewski of the "Internet for Schools" project - (IdS). - Begin using /etc/mail/ for sendmail related files. This affects - a large number of files. See cf/README for more details. - The directory structure of the distribution has changed slightly - for easier code sharing among the programs. - Support SMTP AUTH (see RFC 2554). New macros for this purpose - are ${auth_authen}, ${auth_type}, and ${auth_author} - which hold the client's authentication credentials, - the mechanism used for authentication, and the - authorization identity (i.e., the AUTH= parameter if - supplied). Based on code contributed by Tim Martin of CMU. - On systems which use the Torek stdio library (all of the BSD - distributions), use memory-buffered files to reduce - file system overhead by not creating temporary files on - disk. Contributed by Exactis.com, Inc. - New option DataFileBufferSize to control the maximum size of a - memory-buffered data (df) file before a disk-based file is - used. Contributed by Exactis.com, Inc. - New option XscriptFileBufferSize to control the maximum size of a - memory-buffered transcript (xf) file before a disk-based - file is used. Contributed by Exactis.com, Inc. - sendmail implements RFC 2476 (Message Submission), e.g., it can - now listen on several different ports. Use: - O DaemonPortOptions=Name=MSA, Port=587, M=E - to run a Message Submission Agent (MSA); this is turned - on by default in m4-generated .cf files; it can be turned - off with FEATURE(`no_default_msa'). - The 'XUSR' SMTP command is deprecated. Mail user agents should - begin using RFC 2476 Message Submission for initial user - message submission. XUSR may disappear from a future release. - The new '-G' (relay (gateway) submission) command line option - indicates that the message being submitted from the command - line is for relaying, not initial submission. This means - the message will be rejected if the addresses are not fully - qualified and no canonicalization will be done. Future - releases may even reject improperly formed messages. - The '-U' (initial user submission) command line option is - deprecated and may be removed from a future release. - Mail user agents should begin using '-G' to indicate that - this is a relay submission (the inverse of -U). - The next release of sendmail will assume that any message submitted - from the command line is an initial user submission and act - accordingly. - If sendmail doesn't have enough privileges to run a .forward - program or deliver to file as the owner of that file, the - address is marked as unsafe. This means if RunAsUser is - set, users won't be able to use programs or delivery to - files in their .forward files. Administrators can override - this by setting the DontBlameSendmail option to the new - setting NonRootSafeAddr. - Allow group or world writable directories if the sticky bit is set - on the directory and DontBlameSendmail is set to - TrustStickyBit. Based on patch from Chris Metcalf of - InCert Software. - Prevent logging of unsafe directory paths for non-existent forward - files if the new DontWarnForwardFileInUnsafeDirPath bit is - set in the DontBlameSendmail option. Requested by many. - New Timeout.control option to limit the total time spent satisfying - a control socket request. - New Timeout.resolver options for controlling BIND resolver - settings: - Timeout.resolver.retrans - Sets the resolver's retransmission time interval (in - seconds). Sets both Timeout.resolver.retrans.first - and Timeout.resolver.retrans.normal. - Timeout.resolver.retrans.first - Sets the resolver's retransmission time interval (in - seconds) for the first attempt to deliver a message. - Timeout.resolver.retrans.normal - Sets the resolver's retransmission time interval (in - seconds) for all resolver lookups except the first - delivery attempt. - Timeout.resolver.retry - Sets the number of times to retransmit a resolver - query. Sets both Timeout.resolver.retry.first - and Timeout.resolver.retry.normal. - Timeout.resolver.retry.first - Sets the number of times to retransmit a resolver - query for the first attempt to deliver a message. - Timeout.resolver.retry.normal - Sets the number of times to retransmit a resolver - query for all resolver lookups except the first - delivery attempt. - Contributed by Exactis.com, Inc. - Support multiple queue directories. To use multiple queues, supply - a QueueDirectory option value ending with an asterisk. For - example, /var/spool/mqueue/q* will use all of the - directories or symbolic links to directories beginning with - 'q' in /var/spool/mqueue as queue directories. Keep in - mind, the queue directory structure should not be changed - while sendmail is running. Queue runs create a separate - process for running each queue unless the verbose flag is - given on a non-daemon queue run. New items are randomly - assigned to a queue. Contributed by Exactis.com, Inc. - Support different directories for qf, df, and xf queue files; if - subdirectories or symbolic links to directories of those names - exist in the queue directories, they are used for the - corresponding queue files. Keep in mind, the queue - directory structure should not be changed while sendmail is - running. Proposed by Mathias Koerber of Singapore - Telecommunications Ltd. - New queue file naming system which uses a filename guaranteed to be - unique for 60 years. This allows queue IDs to be assigned - without fancy file system locking. Queued items can be - moved between queues easily. Contributed by Exactis.com, - Inc. - Messages which are undeliverable due to temporary address failures - (e.g., DNS failure) will now go to the FallBackMX host, if - set. Contributed by Exactis.com, Inc. - New command line option '-L tag' which sets the identifier used for - syslog. Contributed by Exactis.com, Inc. - QueueSortOrder=Filename will sort the queue by filename. This - avoids opening and reading each queue file when preparing - to run the queue. Contributed by Exactis.com, Inc. - Shared memory counters and microtimers functionality has been - donated by Exactis.com, Inc. - The SCCS ID tags have been replaced with RCS ID tags. - Allow trusted users (those on a T line or in $=t) to set the - QueueDirectory (Q) option without an X-Authentication-Warning: - being added. Suggested by Michael K. Sanders. - IPv6 support based on patches from John Kennedy of Cal State - University, Chico, Motonori Nakamura of Kyoto University, - and John Beck of Sun Microsystems. - In low-disk space situations, where sendmail would previously refuse - connections, still accept them, but only allow ETRN commands. - Suggested by Mathias Koerber of Singapore Telecommunications - Ltd. - The [IPC] builtin mailer now allows delivery to a UNIX domain socket - on systems which support them. This can be used with LMTP - local delivery agents which listen on a named socket. An - example mailer might be: - Mexecmail, P=[IPC], F=lsDFMmnqSXzA5@/:|, E=\r\n, - S=10, R=20/40, T=DNS/RFC822/X-Unix, - A=FILE /var/run/lmtpd - Code contributed by Lyndon Nerenberg of Messaging Direct. - The [TCP] builtin mailer name is now deprecated. Use [IPC] - instead. - The first mailer argument in the [IPC] mailer is now checked for a - legitimate value. Possible values are TCP (for TCP/IP - connections), IPC (which will be deprecated in a future - version), and FILE (for UNIX domain socket delivery). - PrivacyOptions=goaway no longer includes the noetrn and the noreceipts - flags. - PrivacyOptions=nobodyreturn instructs sendmail not to include the - body of the original message on delivery status - notifications. - Don't announce DSN if PrivacyOptions=noreceipts is set. Problem noted - by Dan Bernstein, fix from Robert Harker of Harker Systems. - Accept the SMTP RSET command even when rejecting commands due to TCP - Wrappers or the check_relay ruleset. Problem noted by - Steve Schweinhart of America Online. - Warn if OperatorChars is set multiple times. OperatorChars should - not be set after rulesets are defined. Suggested by - Mitchell Blank Jr of Exec-PC. - Do not report temporary failure on delivery to files. In - interactive delivery mode, this would result in two SMTP - responses after the DATA command. Problem noted by - Nik Conwell of Boston University. - Check file close when mailing to files. Problem noted by Nik - Conwell of Boston University. - Avoid a segmentation fault when using the LDAP map. Patch from - Curtis W. Hillegas of Princeton University. - Always bind to the LDAP server regardless of whether you are using - ldap_open() or ldap_init(). Fix from Raj Kunjithapadam of - @Home Network. - New ruleset trust_auth to determine whether a given AUTH= - parameter of the MAIL command should be trusted. See SMTP - AUTH, cf/README, and doc/op/op.ps. - Allow new named config file rules check_vrfy, check_expn, and - check_etrn for VRFY, EXPN, and ETRN commands, respectively, - similar to check_rcpt etc. - Introduce new macros ${rcpt_mailer}, ${rcpt_host}, ${rcpt_addr}, - ${mail_mailer}, ${mail_host}, ${mail_addr} that hold - the results of parsing the RCPT and MAIL arguments, i.e. - the resolved triplet from $#mailer $@host $:addr. - From Kari Hurtta of the Finnish Meteorological Institute. - New macro ${client_resolve} which holds the result of the resolve - call for ${client_name}: OK, FAIL, FORGED, TEMP. Proposed - by Kari Hurtta of the Finnish Meteorological Institute. - New macros ${dsn_notify}, ${dsn_envid}, and ${dsn_ret} that hold - the corresponding DSN parameter values. Proposed by - Mathias Herberts. - New macro ${msg_size} which holds the value of the SIZE= parameter, - i.e., usually the size of the message (in an ESMTP dialogue), - before the message has been collected, thereafter it holds - the message size as computed by sendmail (and can be used - in check_compat). - The macro ${deliveryMode} now specifies the current delivery mode - sendmail is using instead of the value of the DeliveryMode - option. - New macro ${ntries} holds the number of delivery attempts. - Drop explicit From: if same as what would be generated only if it is - a local address. From Motonori Nakamura of Kyoto University. - Write pid to file also if sendmail only processes the queue. - Proposed by Roy J. Mongiovi of Georgia Tech. - Log "low on disk space" only when necessary. - New macro ${load_avg} can be used to check the current load average. - Suggested by Scott Gifford of The Internet Ramp. - Return-Receipt-To: header implies DSN request if option RrtImpliesDsn - is set. - Flag -S for maps to specify the character which is substituted - for spaces (instead of the default given by O BlankSub). - Flag -D for maps: perform no lookup in deferred delivery mode. - This flag is set by default for the host map. Based on a - proposal from Ian MacPhedran of the University of Saskatchewan. - Open maps only on demand, not at startup. - Log warning about unsupported IP address families. - New option MaxHeadersLength allows to specify a maximum length - of the sum of all headers. This can be used to prevent - a denial-of-service attack. - New option MaxMimeHeaderLength which limits the size of MIME - headers and parameters within those headers. This option - is intended to protect mail user agents from buffer - overflow attacks. - Added option MaxAliasRecursion to specify the maximum depth of - alias recursion. - New flag F=6 for mailers to strip headers to seven bit. - Map type syslog to log the key via syslogd. - Entries in the alias file can be continued by putting a backslash - directly before the newline. - New option DeadLetterDrop to define the location of the system-wide - dead.letter file, formerly hardcoded to - /usr/tmp/dead.letter. If this option is not set (the - default), sendmail will not attempt to save to a - system-wide dead.letter file if it can not bounce the mail - to the user nor postmaster. Instead, it will rename the qf - file as it has in the past when the dead.letter file - could not be opened. - New option PidFile to define the location of the pid file. The - value of this option is macro expanded. - New option ProcessTitlePrefix specifies a prefix string for the - process title shown in 'ps' listings. - New macros for use with the PidFile and ProcessTitlePrefix options - (along with the already existing macros): - ${daemon_info} Daemon information, e.g. - SMTP+queueing@00:30:00 - ${daemon_addr} Daemon address, e.g., 0.0.0.0 - ${daemon_family} Daemon family, e.g., inet, inet6, etc. - ${daemon_name} Daemon name, e.g., MSA. - ${daemon_port} Daemon port, e.g., 25 - ${queue_interval} Queue run interval, e.g., 00:30:00 - New macros especially for virtual hosting: - ${if_name} hostname of interface of incoming connection. - ${if_addr} address of interface of incoming connection. - The latter is only set if the interface does not belong to the - loopback net. - If a message being accepted via a method other than SMTP and - would be rejected by a header check, do not send the message. - Suggested by Phil Homewood of Mincom Pty Ltd. - Don't strip comments for header checks if $>+ is used instead of $>. - Provide header value as quoted string in the macro - ${currHeader} (possibly truncated to MAXNAME). Suggested by - Jan Krueger of Unix-AG of University of Hannover. - The length of the header value is stored in ${hdrlen}. - H*: allows to specify a default ruleset for header checks. This - ruleset will only be called if the individual header does - not have its own ruleset assigned. Suggested by Jan - Krueger of Unix-AG of University of Hannover. - The name of the header field stored in ${hdr_name}. - Comments (i.e., text within parentheses) in rulesets are not - removed if the config file version is greater than or equal - to 9. For example, "R$+ ( 1 ) $@ 1" matches the - input "token (1)" but does not match "token". - Avoid removing the Content-Transfer-Encoding MIME header on - MIME messages. Problem noted by Sigurbjorn B. Larusson of - Multimedia Consumer Services. Fix from Per Hedeland of - Ericsson. - Avoid duplicate Content-Transfer-Encoding MIME header on - messages with 8-bit text in headers. Problem noted by - Per Steinar Iversen of Oslo College. Fix from Per Hedeland - of Ericsson. - Avoid keeping maps locked longer than necessary when re-opening a - modified database map file. Problem noted by Chris Adams - of Renaissance Internet Services. - Resolving to the $#error mailer with a temporary failure code (e.g., - $#error $@ tempfail $: "400 Temporary failure") will now - queue up the message instead of bouncing it. - Be more liberal in acceptable responses to an SMTP RSET command as - standard does not provide any indication of what to do when - something other than 250 is received. Based on a patch - from Steve Schweinhart of America Online. - New option TrustedUser allows to specify a user who can own - important files instead of root. This requires HASFCHOWN. - Fix USERDB conditional so compiling with NEWDB or HESIOD and - setting USERDB=0 works. Fix from Jorg Zanger of Schock. - Fix another instance (similar to one in 8.9.3) of a network failure - being mis-logged as "Illegal Seek" instead of whatever - really went wrong. From John Beck of Sun Microsystems. - $? tests also whether the macro is non-null. - Print an error message if a mailer definition contains an invalid - equate name. - New mailer equate /= to specify a directory to chroot() into before - executing the mailer program. Suggested by Igor Vinokurov. - New mailer equate W= to specify the maximum time to wait for the - mailer to return after sending all data to it. - Only free memory from the process list when adding a new process - into a previously filled slot. Previously, the memory was - freed at removal time. Since removal can happen in a - signal handler, this may leave the memory map in an - inconsistent state. Problem noted by Jeff A. Earickson and - David Cooley of Colby College. - When using the UserDB @hostname catch-all, do not try to lookup - local users in the passwd file. The UserDB code has - already decided the message will be passed to another host - for processing. Fix from Tony Landells of Burdett - Buckeridge Young Limited. - Support LDAP authorization via either a file containing the - password or Kerberos V4 using the new map options - '-ddistinguished_name', '-Mmethod', and '-Pfilename'. The - distinguished_name is who to login as. The method can be - one of LDAP_AUTH_NONE, LDAP_AUTH_SIMPLE, or - LDAP_AUTH_KRBV4. The filename is the file containing the - secret key for LDAP_AUTH_SIMPLE or the name of the Kerberos - ticket file for LDAP_AUTH_KRBV4. Patch from Booker Bense - of Stanford University. - The ldapx map has been renamed to ldap. The use of ldapx is - deprecated and will be removed in a future version. - If the result of an LDAP search returns a multi-valued attribute - and the map has the column delimiter set, it turns that - response into a delimiter separated string. The LDAP map - will traverse multiple entries as well. LDAP alias maps - automatically set the column delimiter to the comma. - Based on patch from Booker Bense of Stanford University and - idea from Philip A. Prindeville of Mirapoint, Inc. - Support return of multiple values for a single LDAP lookup. The - values to be returned should be in a comma separated string. - For example, `-v "email,emailother"'. Patch from - Curtis W. Hillegas of Princeton University. - Allow the use of LDAP for alias maps. - If no LDAP attributes are specified in an LDAP map declaration, all - attributes found in the match will be returned. - Prevent commas in quoted strings in the AliasFile value from - breaking up a single entry into multiple entries. This is - needed for LDAP alias file specifications to allow for - comma separated key and value strings. - Keep connections to LDAP server open instead of opening and closing - for each lookup. To reduce overhead, sendmail will cache - connections such that multiple maps which use the same - host, port, bind DN, and authentication will only result in - a single connection to that host. - Put timeout in the proper place for USE_LDAP_INIT. - Be more careful about checking for errors and freeing memory on - LDAP lookups. - Use asynchronous LDAP searches to save memory and network - resources. - Do not copy LDAP query results if the map's match only flag is set. - Increase portability to the Netscape LDAP libraries. - Change the parsing of the LDAP filter specification. '%s' is still - replaced with the literal contents of the map lookup key -- - note that this means a lookup can be done using the LDAP - special characters. The new '%0' token can be used instead - of '%s' to encode the key buffer according to RFC 2254. - For example, if the LDAP map specification contains '-k - "(user=%s)"' and a lookup is done on "*", this would be - equivalent to '-k "(user=*)"' -- matching ANY record with a - user attribute. Instead, if the LDAP map specification - contains '-k "(user=%0)"' and a lookup is done on "*", this - would be equivalent to '-k "(user=\2A)"' -- matching a user - with the name "*". - New LDAP map flags: "-1" requires a single match to be returned, if - more than one is returned, it is equivalent to no records - being found; "-r never|always|search|find" sets the LDAP - alias dereference option; "-Z size" limits the number of - matches to return. - New option LDAPDefaultSpec allows a default map specification for - LDAP maps. The value should only contain LDAP specific - settings such as "-h host -p port -d bindDN", etc. The - settings will be used for all LDAP maps unless they are - specified in the individual map specification ('K' - command). This option should be set before any LDAP maps - are defined. - Prevent an NDBM alias file opening loop when the NDBM open - continually fails. Fix from Roy J. Mongiovi of Georgia - Tech. - Reduce memory utilization for smaller symbol table entries. In - particular, class entries get much smaller, which can be - important if you have large classes. - On network-related temporary failures, record the hostname which - gave error in the queued status message. Requested by - Ulrich Windl of the Universitat Regensburg. - Add new F=% mailer flag to allow for a store and forward - configuration. Mailers which have this flag will not attempt - delivery on initial receipt of a message or on queue runs - unless the queued message is selected using one of the - -qI/-qR/-qS queue run modifiers or an ETRN request. Code - provided by Philip Guenther of Gustavus Adolphus College. - New option ControlSocketName which, when set, creates a daemon - control socket. This socket allows an external program to - control and query status from the running sendmail daemon - via a named socket, similar to the ctlinnd interface to the - INN news server. Access to this interface is controlled by - the UNIX file permissions on the named socket on most UNIX - systems (see sendmail/README for more information). An - example control program is provided as contrib/smcontrol.pl. - Change the default values of QueueLA from 8 to (8 * numproc) and - RefuseLA from 12 to (12 * numproc) where numproc is the - number of processors online on the system (if that can be - determined). For single processor machines, this change - has no effect. - Don't return body of message to postmaster on "Too many hops" bounces. - Based on fix from Motonori Nakamura of Kyoto University. - Give more detailed DSN descriptions for some cases. Patch from - Motonori Nakamura of Kyoto University. - Logging of alias, forward file, and UserDB expansion now happens - at LogLevel 11 or higher instead of 10 or higher. - Logging of an envelope's complete delivery (the "done" message) now - happens at LogLevel 10 or higher instead of 11 or higher. - Logging of TCP/IP or UNIX standard input connections now happens at - LogLevel 10 or higher. Previously, only TCP/IP connections - were logged, and on at LogLevel 12 or higher. Setting - LogLevel to 10 will now assist users in tracking frequent - connection-based denial of service attacks. - Log basic information about authenticated connections at LogLevel - 10 or higher. - Log SMTP Authentication mechanism and author when logging the sender - information (from= syslog line). - Log the DSN code for each recipient if one is available as a new - equate (dsn=). - Macro expand PostmasterCopy and DoubleBounceAddress options. - New "ph" map for performing ph queries in rulesets. More - information is available at - http://www-dev.cso.uiuc.edu/sendmail/. Contributed by Mark - Roth of the University of Illinois at Urbana-Champaign. - Detect temporary lookup failures in the host map if looking up a - bracketed IP address. Problem noted by Kari Hurtta of the - Finnish Meteorological Institute. - Do not report a Remote-MTA on local deliveries. Problem noted by - Kari Hurtta of the Finnish Meteorological Institute. - When a forward file points to an alias which runs a program, run - the program as the default user and the default group, not - the forward file user. This change also assures the - :include: directives in aliases are also processed using - the default user and group. Problem noted by Sergiu - Popovici of DNT Romania. - Prevent attempts to save a dead.letter file for a user with - no home directory (/no/such/directory). Problem noted by - Michael Brown of Finnigan FT/MS. - Include message delay and number of tries when logging that a - message has been completely delivered (LogLevel of 10 or - above). Suggested by Nick Hilliard of Ireland Online. - Log the sender of a message even if none of the recipients were - accepted. If some of the recipients were rejected, it is - helpful to know the sender of the message. - Check the root directory (/) when checking a path for safety. - Problem noted by John Beck of Sun Microsystems. - Prevent multiple responses to the DATA command if DeliveryMode is - interactive and delivering to an alias which resolves to - multiple files. - Macros in the helpfile are expanded if the helpfile version is 2 or - greater (see below); the help function doesn't print the - version of sendmail any longer, instead it is placed in - the helpfile ($v). Suggested by Chuck Foster of UUNET - PIPEX. Additionally, comment lines (starting with #) are - skipped and a version line (#vers) is introduced. The - helpfile version for 8.10.0 is 2, if no version or an older - version is found, a warning is logged. The '#vers' - directive should be placed at the top of the help file. - Use fsync() when delivering to a file to guarantee the delivery to - disk succeeded. Suggested by Nick Christenson. - If delivery to a file is unsuccessful, truncate the file back to its - length before the attempt. - If a forward points to a filename for delivery, change to the - user's uid before checking permissions on the file. This - allows delivery to files on NFS mounted directories where - root is remapped to nobody. Problem noted by Harald - Daeubler of Universitaet Ulm. - purgestat and sendmail -bH purge only expired (Timeout.hoststatus) - host status files, not all files. - Any macros stored in the class $={persistentMacros} will be saved - in the queue file for the message and set when delivery - is attempted on the queued item. Suggested by Kyle Jones of - Wonderworks Inc. - Add support for storing information between rulesets using the new - macro map class. This can be used to store information - between queue runs as well using $={persistentMacros}. - Based on an idea from Jan Krueger of Unix-AG of University - of Hannover. - New map class arith to allow for computations in rules. The - operation (+, -, *, /, l (for less than), and =) is given - as key. The two operands are specified as arguments; the - lookup returns the result of the computation. For example, - "$(arith l $@ 4 $@ 2 $)" will return "FALSE" and - "$(arith + $@ 4 $@ 2 $)" will return "6". - Add new syntax for header declarations which decide whether to - include the header based on a macro rather than a mailer - flag: - H?${MyMacro}?X-My-Header: ${MyMacro} - This should be used along with $={persistentMacros}. - It can be used for adding headers to a message based on - the results of check_* and header check rulesets. - Allow new named config file rule check_eoh which is called after - all of the headers have been collected. The input to the - ruleset the number of headers and the size of all of the - headers in bytes separated by $|. This ruleset along with - the macro storage map can be used to correlate information - gathered between headers and to check for missing headers. - See cf/README or doc/op/op.ps for an example. - Change the default for the MeToo option to True to correspond - to the clarification in the DRUMS SMTP Update spec. This - option is deprecated and will be removed from a future - version. - Change the sendmail binary default for SendMimeErrors to True. - Change the sendmail binary default for SuperSafe to True. - Display ruleset names in debug and address test mode output - if referencing a named ruleset. - New mailer equate m= which will limit the number of messages - delivered per connection on an SMTP or LMTP mailer. - Improve QueueSortOrder=Host by reversing the hostname before - using it to sort. Now all the same domains are really run - through the queue together. If they have the same MX host, - then they will have a much better opportunity to use the - connection cache if available. This should be a reasonable - performance improvement. Patch from Randall Winchester of - the University of Maryland. - If a message is rejected by a header check ruleset, log who would - have received the message if it had not been rejected. - New "now" value for Timeout.queuereturn to bounce entries from the - queue immediately. No delivery attempt is made. - Increase sleeping time exponentially after too many "bad" commands - up to 4 minutes delay (compare MAX{BAD,NOOP,HELO,VRFY,ETRN}- - COMMANDS). - New option ClientPortOptions similar to DaemonPortOptions - but for outgoing connections. - New suboptions for DaemonPortOptions: Name (a name used for - error messages and logging) and Modifiers, i.e. - a require authentication - b bind to interface through which mail has - been received - c perform hostname canonification - f require fully qualified hostname - h use name of interface for outgoing HELO - command - C don't perform hostname canonification - E disallow ETRN (see RFC 2476) - New suboption for ClientPortOptions: Modifiers, i.e. - h use name of interface for HELO command - The version number for queue files (qf) has been incremented to 4. - Log unacceptable HELO/EHLO domain name attempts if LogLevel is set - to 10 or higher. Suggested by Rick Troxel of the National - Institutes of Health. - If a mailer dies, print the status in decimal instead of octal - format. Suggested by Michael Shapiro of Sun Microsystems. - Limit the length of all MX records considered for delivery to 8k. - Move message priority from sender to recipient logging. Suggested by - Ulrich Windl of the Universitat Regensburg. - Add support for Berkeley DB 3.X. - Add fix for Berkeley DB 2.X fcntl() locking race condition. - Requires a post-2.7.5 version of Berkeley DB. - Support writing traffic log (sendmail -X option) to a FIFO. - Patch submitted by Rick Heaton of Network Associates, Inc. - Do not ignore Timeout settings in the .cf file when a Timeout - sub-options is set on the command line. Problem noted by - Graeme Hewson of Oracle. - Randomize equal preference MX records each time delivery is - attempted via a new connection to a host instead of once per - session. Suggested by Scott Salvidio of Compaq. - Implement enhanced status codes as defined by RFC 2034. - Add [hostname] to class w for the names of all interfaces unless - DontProbeInterfaces is set. This is useful for sending mails - to hosts which have dynamically assigned names. - If a message is bounced due to bad MIME conformance, avoid bouncing - the bounce for the same reason. If the body is not 8-bit - clean, and EightBitMode isn't set to pass8, the body will - not be included in the bounce. Problem noted by Valdis - Kletnieks of Virginia Tech. - The timeout for sending a message via SMTP has been changed from - '${msgsize} / 16 + (${nrcpts} * 300)' to a timeout which - simply checks for progress on sending data every 5 minutes. - This will detect the inability to send information quicker - and reduce the number of processes simply waiting to - timeout. - Prevent a segmentation fault on systems which give a partial filled - interface address structure when loading the system network - interface addresses. Fix from Reinier Bezuidenhout of - Nanoteq. - Add a compile-time configuration macro, MAXINTERFACES, which - indicates the number of interfaces to read when probing - for hostnames and IP addresses for class w ($=w). The - default value is 512. Based on idea from Reinier - Bezuidenhout of Nanoteq. - If the RefuseLA option is set to 0, do not reject connections based - on load average. - Allow ruleset 0 to have a name. Problem noted by Neil Rickert of - Northern Illinois University. - Expand the Return-Path: header at delivery time, after "owner-" - envelope splitting has occurred. - Don't try to sort the queue if there are no entries. Patch from - Luke Mewburn from RMIT University. - Add a "/quit" command to address test mode. - Include the proper sender in the UNIX "From " line and Return-Path: - header when undeliverable mail is saved to ~/dead.letter. - Problem noted by Kari Hurtta of the Finnish Meteorological - Institute. - The contents of a class can now be copied to another class using - the syntax: "C{Dest} $={Source}". This would copy all of - the items in class $={Source} into the class $={Dest}. - Include original envelope's error transcript in bounces created for - split (owner-) envelopes to see the original errors when - the recipients were added. Based on fix from Motonori - Nakamura of Kyoto University. - Show reason for permanent delivery errors directly after the - addresses. From Motonori Nakamura of Kyoto University. - Prevent a segmentation fault when bouncing a split-envelope - message. Patch from Motonori Nakamura of Kyoto University. - If the specification for the queue run interval (-q###) has a - syntax error, consider the error fatal and exit. - Pay attention to CheckpointInterval during LMTP delivery. Problem - noted by Motonori Nakamura of Kyoto University. - On operating systems which have setlogin(2), use it to set the - login name to the RunAsUserName when starting as a daemon. - This is for delivery to programs which use getlogin(). - Based on fix from Motonori Nakamura of Kyoto University. - Differentiate between "command not implemented" and "command - unrecognized" in the SMTP dialogue. - Strip returns from forward and include files. Problem noted by - Allan E Johannesen of Worcester Polytechnic Institute. - Prevent a core dump when using 'sendmail -bv' on an address which - resolves to the $#error mailer with a temporary failure. - Based on fix from Neil Rickert of Northern Illinois - University. - Prevent multiple deliveries of a message with a "non-local alias" - pointing to a local user, if canonicalization fails - the message was requeued *and* delivered to the alias. - If an invalid ruleset is declared, the ruleset name could be - ignored and its rules added to S0. Instead, ignore the - ruleset lines as well. - Avoid incorrect Final-Recipient, Action, and X-Actual-Recipient - success DSN fields as well as duplicate entries for a - single address due to S5 and UserDB processing. Problems - noted by Kari Hurtta of the Finnish Meteorological - Institute. - Turn off timeouts when exiting sendmail due to an interrupt signal - to prevent the timeout from firing during the exit process. - Problem noted by Michael Shapiro of Sun Microsystems. - Do not append @MyHostName to non-RFC822 addresses output by the EXPN - command or on Final-Recipient: and X-Actual-Recipient: DSN - headers. Non-RFC822 addresses include deliveries to - programs, file, DECnet, etc. - Fix logic for determining if a local user is using -f or -bs to - spoof their return address. Based on idea from Neil Rickert - of Northern Illinois University and patch from Per Hedeland - of Ericsson. - Report the proper UID in the bounce message if an :include: file is - owned by a uid that doesn't map to a username and the - :include: file contains delivery to a file or program. - Problem noted by John Beck of Sun Microsystems. - Avoid the attempt of trying to send a second SMTP QUIT command if - the remote server responds to the first QUIT with a 4xx - response code and drops the connection. This behavior was - noted by Ulrich Windl of the Universitat Regensburg when - sendmail was talking to the Mercury 1.43 MTA. - If a hostname lookup times out and ServiceSwitchFile is set but the - file is not present, the lookup failure would be marked as - a permanent failure instead of a temporary failure. Fix - from Russell King of the ARM Linux Project. - Handle aliases or forwards which deliver to programs using tabs - instead of spaces between arguments. Problem noted by Randy - Wormser. Fix from Neil Rickert of Northern Illinois - University. - Allow MaxRecipientsPerMessage option to be set on the command line - by normal users (e.g., sendmail won't drop its root - privileges) to allow overrides for message submission via - 'sendmail -bs'. - Set the names for help file and statistics file to "helpfile" and - "statistics", respectively, if no parameters are given for - them in the .cf file. - Avoid bogus 'errbody: I/O Error -7' log messages when sending - success DSN messages for messages relayed to non-DSN aware - systems. Problem noted by Juergen Georgi of RUS University - of Stuttgart and Kyle Tucker of Parexel International. - Prevent +detail information from interfering with local delivery to - multiple users in the same transaction (F=m). - Add H_FORCE flag for the X-Authentication-Warning: header, so it - will be added even if one already exists. Problem noted - by Michal Zalewski of Marchew Industries. - Stop processing SMTP commands if the SMTP connection is dropped. - This prevents a remote system from flooding the connection - with commands and then disconnecting. Previously, the - server would process all of the buffered commands. Problem - noted by Michal Zalewski of Marchew Industries. - Properly process user-supplied headers beginning with '?'. Problem - noted by Michal Zalewski of Marchew Industries. - If multiple header checks resolve to the $#error mailer, use the - last permanent (5XX) failure if any exist. Otherwise, use - the last temporary (4XX) failure. - RFC 1891 requires "hexchar" in a "xtext" to be upper case. Patch - from Ronald F. Guilmette of Infinite Monkeys & Co. - Timeout.ident now defaults to 5 seconds instead of 30 seconds to - prevent the now common delays associated with mailing to a - site which drops IDENT packets. Suggested by many. - Persistent host status data is not reloaded disk when current data - is available in the in-memory cache. Problem noted by Per - Hedeland of Ericsson. - mailq displays unprintable characters in addresses as their octal - representation and a leading backslash. This avoids problems - with "unprintable" characters. Problem noted by Michal - Zalewski of the "Internet for Schools" project (IdS). - The mail line length limit (L= equate) was adding the '!' indicator - one character past the limit. This would cause subsequent - hops to break the line again. The '!' is now placed in - the last column of the limit if the line needs to be broken. - Problem noted by Joe Pruett of Q7 Enterprises. Based on fix - from Per Hedeland of Ericsson. - If a resolver ANY query is larger than the UDP packet size, the - resolver will fall back to TCP. However, some - misconfigured firewalls black 53/TCP so the ANY lookup - fails whereas an MX or A record might succeed. Therefore, - don't fail on ANY queries. - If an SMTP recipient is rejected due to syntax errors in the - address, do not send an empty postmaster notification DSN - to the postmaster. Problem noted by Neil Rickert of - Northern Illinois University. - Allow '_' and '.' in map names when parsing a sequence map - specification. Patch from William Setzer of North Carolina - State University. - Fix hostname in logging of read timeouts for the QUIT command on - cached connections. Problem noted by Neil Rickert of - Northern Illinois University. - Use a more descriptive entry to log "null" connections, i.e., - "host did not issue MAIL/EXPN/VRFY/ETRN during connection". - Fix a file descriptor leak in ONEX mode. - Portability: - Reverse signal handling logic such that sigaction(2) with - the SA_RESTART flag is the preferred method and the - other signal methods are only tried if SA_RESTART - is not available. Problem noted by Allan E - Johannesen of Worcester Polytechnic Institute. - AIX 4.x supports the sa_len member of struct sockaddr. - This allows network interface probing to work - properly. Fix from David Bronder of the - University of Iowa. - AIX 4.3 has snprintf() support. - Use "PPC" as the architecture name when building under - AIX. This will be reflected in the obj.* directory - name. - Apple Darwin support based on Apple Rhapsody port. - Fixed AIX 'make depend' method from Valdis Kletnieks of - Virginia Tech. - Digital UNIX has uname(2). - GNU Hurd updates from Mark Kettenis of the University of - Amsterdam. - Improved HPUX 11.0 portability. - Properly determine the number of CPUs on FreeBSD 2.X, - FreeBSD 3.X, HP/UX 10.X and HP/UX 11.X. - Remove special IRIX ABI cases from Build script and the OS - files. Use the standard 'cc' options used by SGI - in building the operating system. Users can - override the defaults by setting confCC and - confLIBSEARCHPATH appropriately. - IRIX nsd map support from Bob Mende of SGI. - Minor devtools fixes for IRIX from Bob Mende of SGI. - Linux patch for IP_SRCROUTE support from Joerg Dorchain - of MW EDV & ELECTRONIC. - Linux now uses /usr/sbin for confEBINDIR in the build - system. From MATSUURA Takanori of Osaka University. - Remove special treatment for Linux PPC in the build - system. From MATSUURA Takanori of Osaka University. - Motorolla UNIX SYSTEM V/88 Release 4.0 support from - Sergey Rusanov of the Republic of Udmurtia. - NCR MP-RAS 3.x includes regular expression support. From - Tom J. Moore of NCR. - NEC EWS-UX/V series settings for _PATH_VENDOR_CF and - _PATH_SENDMAILPID from Oota Toshiya of - NEC Computers Group Planning Division. - Minor NetBSD owner/group tweaks from Ayamura Kikuchi, M.D. - NEWS-OS 6.X listed SYSLOG_BUFSIZE as 256 in confENVDEF and - 1024 in conf.h. Since confENVDEF would be used, - use that value in conf.h. - Use NeXT's NETINFO to get domain name. From Gerd Knops of - BITart Consulting. - Use NeXT's NETINFO for alias and hostname resolution if - AUTO_NETINFO_ALIASES and AUTO_NETINFO_HOSTS are - defined. Patch from Wilfredo Sanchez of Apple - Computer, Inc. - NeXT portability tweaks. Problems reported by Dragan - Milicic of the University of Utah and J. P. McCann - of E I A. - New compile flag FAST_PID_RECYCLE: set this if your system - can reuse the same PID in the same second. - New compile flag HASFCHOWN: set this if your OS has - fchown(2). - New compile flag HASRANDOM: set this to 0 if your OS does - not have random(3). rand() will be used instead. - New compile flag HASSRANDOMDEV: set this if your OS has - srandomdev(3). - New compile flag HASSETLOGIN: set this if your OS has - setlogin(2). - Replace SINIX and ReliantUNIX support with version - specific SINIX files. From Gerald Rinske of - Siemens Business Services. - Use the 60-second load average instead of the 5 second load - average on Compaq Tru64 UNIX (formerly Digital - UNIX). From Chris Teakle of the University of Qld. - Use ANSI C by default for Compaq Tru64 UNIX. Suggested by - Randall Winchester of Swales Aerospace. - Correct setgroups() prototype for Compaq Tru64 UNIX. - Problem noted by Randall Winchester of Swales - Aerospace. - Hitachi 3050R/3050RX and 3500 Workstations running - HI-UX/WE2 4.02, 6.10 and 7.10 from Motonori - NAKAMURA of Kyoto University. - New compile flag NO_GETSERVBYNAME: set this to disable - use of getservbyname() on systems which can - not lookup a service by name over NIS, such as - HI-UX. Patch from Motonori NAKAMURA of Kyoto - University. - Use devtools/bin/install.sh on SCO 5.x. Problem noted - by Sun Wenbing of the China Engineering and - Technology Information Network. - make depend didn't work properly on UNIXWARE 4.2. Problem - noted by Ariel Malik of Netology, Ltd. - Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX). - Set confSTDIO_TYPE to torek for BSD-OS, FreeBSD, NetBSD, - and OpenBSD. - A recent Compaq Ultrix 4.5 Y2K patch has broken detection - of local_hostname_length(). See sendmail/README - for more details. Problem noted by Allan E - Johannesen of Worcester Polytechnic Institute. - CONFIG: Begin using /etc/mail/ for sendmail related files. This - affects a large number of files. See cf/README for more - details. - CONFIG: New macro MAIL_SETTINGS_DIR contains the path (including - trailing slash) for the mail settings directory. - CONFIG: Increment version number of config file to 9. - CONFIG: OSTYPE(`bsdi1.0') and OSTYPE(`bsdi2.0') have been - deprecated and may be removed from a future release. - BSD/OS users should begin using OSTYPE(`bsdi'). - CONFIG: OpenBSD 2.4 installs mail.local non-set-user-ID root. This - requires a new OSTYPE(`openbsd'). From Todd C. Miller of - Courtesan Consulting. - CONFIG: New OSTYPE(`hpux11') for HP/UX 11.X. - CONFIG: A syntax error in check_mail would cause fake top-level - domains (.BITNET, .DECNET, .FAX, .USENET, and .UUCP) to - be improperly rejected as unresolvable. - CONFIG: New FEATURE(`dnsbl') takes up to two arguments (name of - DNS server, rejection message) and can be included - multiple times. - CONFIG: New FEATURE(`relay_mail_from') allows relaying if the - mail sender is listed as RELAY in the access map (and tagged - with From:). - CONFIG: Optional tagging of LHS in the access map (Connect:, - From:, To:) to enable finer control. - CONFIG: New FEATURE(`ldap_routing') implements LDAP address - routing. See cf/README for a complete description of the - new functionality. - CONFIG: New variables for the new sendmail options: - confAUTH_MECHANISMS AuthMechanisms - confAUTH_OPTIONS AuthOptions - confCLIENT_OPTIONS ClientPortOptions - confCONTROL_SOCKET_NAME ControlSocketName - confDEAD_LETTER_DROP DeadLetterDrop - confDEF_AUTH_INFO DefaultAuthInfo - confDF_BUFFER_SIZE DataFileBufferSize - confLDAP_DEFAULT_SPEC LDAPDefaultSpec - confMAX_ALIAS_RECURSION MaxAliasRecursion - confMAX_HEADERS_LENGTH MaxHeadersLength - confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength - confPID_FILE PidFile - confPROCESS_TITLE_PREFIX ProcessTitlePrefix - confRRT_IMPLIES_DSN RrtImpliesDsn - confTO_CONTROL Timeout.control - confTO_RESOLVER_RETRANS Timeout.resolver.retrans - confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first - confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal - confTO_RESOLVER_RETRY Timeout.resolver.retry - confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first - confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal - confTRUSTED_USER TrustedUser - confXF_BUFFER_SIZE XscriptFileBufferSize - CONFIG: confDAEMON_OPTIONS has been replaced by DAEMON_OPTIONS(), - which takes the options as argument and can be used - multiple times; see cf/README for details. - CONFIG: Add a fifth mailer definition to MAILER(`smtp') called - "dsmtp". This mail provides on-demand delivery using the - F=% mailer flag described above. The "dsmtp" mailer - definition uses the new DSMTP_MAILER_ARGS which defaults - to "IPC $h". - CONFIG: New variables LOCAL_MAILER_MAXMSGS, SMTP_MAILER_MAXMSGS, - and RELAY_MAILER_MAXMSGS for setting the m= equate for the - local, smtp, and relay mailers respectively. - CONFIG: New variable LOCAL_MAILER_DSN_DIAGNOSTIC_CODE for setting - the DSN Diagnostic-Code type for the local mailer. The - value should be changed with care. - CONFIG: FEATURE(`local_lmtp') now sets the DSN Diagnostic-Code type - for the local mailer to the proper value of "SMTP". - CONFIG: All included maps are no longer optional by default; if - there there is a problem with a map, sendmail will - complain. - CONFIG: Removed root from class E; use EXPOSED_USER(`root') - to get the old behavior. Suggested by Joe Pruett - of Q7 Enterprises. - CONFIG: MASQUERADE_EXCEPTION() defines hosts/subdomains which - will not be masqueraded. Proposed by Arne Wichmann - of MPI Saarbruecken, Griff Miller of PGS Tensor, - Jayme Cox of Broderbund Software Inc. - CONFIG: A list of exceptions for FEATURE(`nocanonify') can be - specified by CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE, - i.e., a list of domains which are passed to $[ ... $] - for canonification. Based on an idea from Neil Rickert - of Northern Illinois University. - CONFIG: If `canonify_hosts' is specified as parameter for - FEATURE(`nocanonify') then addresses which have only - a hostname, e.g., <user@host>, will be canonified. - CONFIG: If FEATURE(`nocanonify') is turned on, a trailing dot is - nevertheless added to addresses with more than one component - in it. - CONFIG: Canonification is no longer attempted for any host or domain - in class 'P' ($=P). - CONFIG: New class for matching virtusertable entries $={VirtHost} that - can be populated by VIRTUSER_DOMAIN or VIRTUSER_DOMAIN_FILE. - FEATURE(`virtuser_entire_domain') can be used to apply this - class also to entire subdomains. Hosts in this class are - treated as canonical in SCanonify2, i.e., a trailing dot - is added. - CONFIG: If VIRTUSER_DOMAIN() or VIRTUSER_DOMAIN_FILE() are used, - include $={VirtHost} in $=R (hosts allowed to relay). - CONFIG: FEATURE(`generics_entire_domain') can be used to apply the - genericstable also to subdomains of $=G. - CONFIG: Pass "+detail" as %2 for virtusertable lookups. - Patch from Noam Freedman from University of Chicago. - CONFIG: Pass "+detail" as %1 for genericstable lookups. Suggested - by Raymond S Brand of rsbx.net. - CONFIG: Allow @domain in genericstable to override masquerading. - Suggested by Owen Duffy from Owen Duffy & Associates. - CONFIG: LOCAL_DOMAIN() adds entries to class w. Suggested by Steve - Hubert of University of Washington. - CONFIG: OSTYPE(`gnuhurd') has been replaced by OSTYPE(`gnu') as - GNU is now the canonical system name. From Mark - Kettenis of the University of Amsterdam. - CONFIG: OSTYPE(`unixware7') updates from Larry Rosenman. - CONFIG: Do not include '=' in option expansion if there is no value - associated with the option. From Andrew Brown of - Graffiti World Wide, Inc. - CONFIG: Add MAILER(`qpage') to define a new pager mailer. Contributed - by Philip A. Prindeville of Enteka Enterprise Technology - Services. - CONFIG: MAILER(`cyrus') was not preserving case for mail folder - names. Problem noted by Randall Winchester of Swales - Aerospace. - CONFIG: RELAY_MAILER_FLAGS can be used to define additional flags - for the relay mailer. Suggested by Doug Hughes of Auburn - University and Brian Candler. - CONFIG: LOCAL_MAILER_FLAGS now includes 'P' (Add Return-Path: - header) by default. Suggested by Per Hedeland of Ericsson. - CONFIG: Use SMART_HOST for bracketed addresses, e.g., user@[host]. - Suggested by Kari Hurtta of the Finnish Meteorological - Institute. - CONFIG: New macro MODIFY_MAILER_FLAGS to tweak *_MAILER_FLAGS; - i.e., to set, add, or delete flags. - CONFIG: If SMTP AUTH is used then relaying is allowed for any user - who authenticated via a "trusted" mechanism, i.e., one that - is defined via TRUST_AUTH_MECH(`list of mechanisms'). - CONFIG: FEATURE(`delay_checks') delays check_mail and check_relay - after check_rcpt and allows for exceptions from the checks. - CONFIG: Map declarations have been moved into their associated - feature files to allow greater flexibility in use of - sequence maps. Suggested by Per Hedeland of Ericsson. - CONFIG: New macro LOCAL_MAILER_EOL to override the default end of - line string for the local mailer. Requested by Il Oh of - Willamette Industries, Inc. - CONFIG: Route addresses are stripped, i.e., <@a,@b,@c:user@d> is - converted to <user@d> - CONFIG: Reject bogus return address of <@@hostname>, generated by - Sun's older, broken configuration files. - CONFIG: FEATURE(`nullclient') now provides the full rulesets of a - normal configuration, allowing anti-spam checks to be - performed. - CONFIG: Don't return a permanent error (Relaying denied) if - ${client_name} can't be resolved just temporarily. - Suggested by Kari Hurtta of the Finnish Meteorological - Institute. - CONFIG: Change numbered rulesets into named (which still can - be accessed by their numbers). - CONFIG: FEATURE(`nouucp') takes one parameter: reject or nospecial - which describes whether to disallow "!" in the local part - of an address. - CONFIG: Call Local_localaddr from localaddr (S5) which can be used - to rewrite an address from a mailer which has the F=5 flag - set. If the ruleset returns a mailer, the appropriate - action is taken, otherwise the returned tokens are ignored. - CONFIG: cf/ostype/solaris.m4 has been renamed to solaris2.pre5.m4 - and cf/ostype/solaris2.m4 is now a copy of solaris2.ml.m4. - The latter is kept around for backward compatibility. - CONFIG: Allow ":D.S.N:" for mailer/virtusertable "error:" entries, - where "D.S.N" is an RFC 1893 compliant error code. - CONFIG: Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX). - CONFIG: Remove second space between username and date in UNIX From_ - line. Noted by Allan E Johannesen of Worcester Polytechnic - Institute. - CONFIG: Make sure all of the mailers have complete T= equates. - CONFIG: Extend FEATURE(`local_procmail') so it can now take - arguments overriding the mailer program, arguments, and - mailer definition flags. This makes it possible to use - other programs such as maildrop for local delivery. - CONFIG: Emit warning if FEATURE(`local_lmtp') or - FEATURE(`local_procmail') is given after MAILER(`local'). - Patch from Richard A. Nelson of IBM. - CONFIG: Add SMTP Authentication information to Received: header - default value (confRECEIVED_HEADER). - CONFIG: Remove `l' flag from USENET_MAILER_FLAGS as it is not a - local mailer. Problem noted by Per Hedeland of Ericsson. - CONTRIB: Added bounce-resender.pl from Brian R. Gaeke of the - University of California at Berkeley. - CONTRIB: Added domainmap.m4 from Mark D. Roth of the University of - Illinois at Urbana-Champaign. - CONTRIB: etrn.pl now recognizes bogus host names. Patch from - Bruce Barnett of GE's R&D Lab. - CONTRIB: Patches for re-mqueue.pl by Graeme Hewson of Oracle - Corporation UK. - CONTRIB: Added qtool.pl to assist in managing the queues. - DEVTOOLS: Prevent user environment variables from interfering with - the Build scripts. Problem noted by Ezequiel H. Panepucci of - Yale University. - DEVTOOLS: 'Build -M' will display the obj.* directory which will - be used for building. - DEVTOOLS: 'Build -A' will display the architecture that would be - used for a fresh build. - DEVTOOLS: New variable confRANLIB, set automatically by configure.sh. - DEVTOOLS: New variable confRANLIBOPTS for the options to send to - ranlib. - DEVTOOLS: 'Build -O <path>' will have the object files build in - <path>/obj.*. Suggested by Bryan Costales of Exactis. - DEVTOOLS: New variable confNO_MAN_BUILD which will prevent the - building of the man pages when defined. Suggested by Bryan - Costales. - DEVTOOLS: New variables confNO_HELPFILE_INSTALL and - confNO_STATISTICS_INSTALL which will prevent the - installation of the sendmail helpfile and statistics file - respectively. Suggested by Bryan Costales. - DEVTOOLS: Recognize ReliantUNIX as SINIX. Patch from Gerald Rinske - of Siemens Business Services. - DEVTOOLS: New variable confSTDIO_TYPE which defines the type of - stdio library. The new buffered file I/O depends on the - Torek stdio library. This option can be either portable or - torek. - DEVTOOLS: New variables confSRCADD and confSMSRCADD which - correspond to confOBJADD and confSMOBJADD respectively. - They should contain the C source files for the object files - listed in confOBJADD and confSMOBJADD. These file names - will be passed to the 'make depend' stage of compilation. - DEVTOOLS: New program specific variables for each of the programs - in the sendmail distribution. Each has the form - `conf_prog_ENVDEF', for example, `conf_sendmail_ENVDEF'. - The new variables are conf_prog_ENVDEF, conf_prog_LIBS, - conf_prog_SRCADD, and conf_prog_OBJADD. - DEVTOOLS: Build system redesign. This should have little affect on - building the distribution, but documentation on the changes - are in devtools/README. - DEVTOOLS: Don't allow 'Build -f file' if an object directory already - exists. Suggested by Valdis Kletnieks of Virginia Tech. - DEVTOOLS: Rename confSRCDIR to confSMSRCDIR since it only identifies - the path to the sendmail source directory. confSRCDIR is a - new variable which identifies the root of the source - directories for all of the programs in the distribution. - DEVTOOLS: confSRCDIR and confSMSRCDIR are now determined at Build - time. They can both still be overridden by setting the m4 - macro. - DEVTOOLS: confSBINGRP now defaults to bin instead of kmem. - DEVTOOLS: 'Build -Q prefix' uses devtools/Site/prefix.*.m4 for - build configurations, and places objects in obj.prefix.*/. - Complains as 'Build -f file' does for existing object - directories. Suggested by Tom Smith of Digital Equipment - Corporation. - DEVTOOLS: Setting confINSTALL_RAWMAN will install unformatted - manual pages in the directory tree specified by - confMANROOTMAN. - DEVTOOLS: If formatting the manual pages fails, copy in the - preformatted pages from the distribution. The new variable - confCOPY specifies the copying program. - DEVTOOLS: Defining confFORCE_RMAIL will install rmail without - question. Suggested by Terry Lambert of Whistle - Communications. - DEVTOOLS: confSTFILE and confHFFILE can be used to change the names - of the installed statistics and help files, respectively. - DEVTOOLS: Remove spaces in `uname -r` output when determining - operating system identity. Problem noted by Erik - Wachtenheim of Dartmouth College. - DEVTOOLS: New variable confLIBSEARCHPATH to specify the paths that - will be search for the libraries specified in confLIBSEARCH. - Defaults to "/lib /usr/lib /usr/shlib". - DEVTOOLS: New variables confSTRIP and confSTRIPOPTS for specifying - how to strip binaries. These are used by the new - install-strip target. - DEVTOOLS: New config file site.post.m4 which is included after - the others (if it exists). - DEVTOOLS: Change order of LIBS: first product specific libraries - then the default ones. - MAIL.LOCAL: Will not be installed set-user-ID root. To use mail.local - as local delivery agent without LMTP mode, use - MODIFY_MAILER_FLAGS(`LOCAL', `+S') - to set the S flag. - MAIL.LOCAL: Do not reject addresses which would otherwise be - accepted by sendmail. Suggested by Neil Rickert of - Northern Illinois University. - MAIL.LOCAL: New -7 option which causes LMTP mode not to advertise - 8BITMIME in the LHLO response. Suggested by Kari Hurtta of - the Finnish Meteorological Institute. - MAIL.LOCAL: Add support for the maillock() routines by defining - MAILLOCK when compiling. Also requires linking with - -lmail. Patch from Neil Rickert of Northern Illinois - University. - MAIL.LOCAL: Create a Content-Length: header if CONTENTLENGTH is - defined when compiling. Automatically set for Solaris 2.3 - and later. Patch from Neil Rickert of Northern Illinois - University. - MAIL.LOCAL: Move the initialization of the 'notifybiff' address - structure to the beginning of the program. This ensures that - the getservbyname() is done before any seteuid to a possibly - unauthenticated user. If you are using NIS+ and secure RPC - on a Solaris system, this avoids syslog messages such as, - "authdes_refresh: keyserv(1m) is unable to encrypt session - key." Patch from Neil Rickert of Northern Illinois - University. - MAIL.LOCAL: Support group writable mail spool files when MAILGID is - set to the gid to use (-DMAILGID=6) when compiling. - Patch from Neil Rickert of Northern Illinois University. - MAIL.LOCAL: When a mail message included lines longer than 2046 - characters (in LMTP mode), mail.local split the incoming - line up into 2046-character output lines (excluding the - newline). If an input line was 2047 characters long - (excluding CR-LF) and the last character was a '.', - mail.local saw it as the end of input, transfered it to the - user mailbox and tried to write an `ok' back to sendmail. - If the message was much longer, both sendmail and - mail.local would deadlock waiting for each other to read - what they have written. Problem noted by Peter Jeremy of - Alcatel Australia Limited. - MAIL.LOCAL: New option -b to return a permanent error instead of a - temporary error if a mailbox exceeds quota. Suggested by - Neil Rickert of Northern Illinois University. - MAIL.LOCAL: The creation of a lockfile is subject to a global - timeout to avoid starvation. - MAIL.LOCAL: Properly parse addresses with multiple quoted - local-parts. Problem noted by Ronald F. Guilmette of - Infinite Monkeys & Co. - MAIL.LOCAL: NCR MP/RAS 3.X portability from Tom J. Moore of NCR. - MAILSTATS: New -p option to invoke program mode in which stats are - printed in a machine readable fashion and the stats file - is reset. Patch from Kevin Hildebrand of the University - of Maryland. - MAKEMAP: If running as root, automatically change the ownership of - generated maps to the TrustedUser as specified in the - sendmail configuration file. - MAKEMAP: New -C option to accept an alternate sendmail - configuration file to use for finding the TrustedUser - option. - MAKEMAP: New -u option to dump (unmap) a database. Based on - code contributed by Roy Mongiovi of Georgia Tech. - MAKEMAP: New -e option to allow empty values. Suggested by Philip - A. Prindeville of Enteka Enterprise Technology Services. - MAKEMAP: Compile cleanly on 64-bit operating systems. Problem - noted by Gerald Rinske of Siemens Business Services. - OP.ME: Correctly document interaction between F=S and U= mailer - equates. Problem noted by Bob Halley of Internet Engines. - OP.ME: Fixup Timeout documentation. From Graeme Hewson of Oracle - Corporation UK. - OP.ME: The Timeout [r] option was incorrectly listed as "safe" - (e.g., sendmail would not drop root privileges if the - option was specified on the command line). Problem noted - by Todd C. Miller of Courtesan Consulting. - PRALIASES: Handle the hash and btree map specifications for - Berkeley DB. Patch from Brian J. Coan of the - Institute for Global Communications. - PRALIASES: Read the sendmail.cf file for the location(s) of the - alias file(s) if the -f option is not used. Patch from - John Beck of Sun Microsystems. - PRALIASES: New -C option to specify an alternate sendmail - configuration file to use for finding alias file(s). Patch - from John Beck of Sun Microsystems. - SMRSH: allow shell commands echo, exec, and exit. Allow command - lists using || and &&. Based on patch from Brian J. Coan - of the Institute for Global Communications. - SMRSH: Update README for the new Build system. From Tim Pierce - of RootsWeb Genealogical Data Cooperative. - VACATION: Added vacation auto-responder to sendmail distribution. - LIBSMDB: Added abstracted database library. Works with Berkeley - DB 1.85, Berkeley DB 2.X, Berkeley DB 3.X, and NDBM. - Changed Files: - The Build script in the various program subdirectories are - no longer symbolic links. They are now scripts - which execute the actual Build script in - devtools/bin. - All the manual pages are now written against -man and not - -mandoc as they were previously. - Add a simple Makefile to every directory so make instead - of Build will work (unless parameters are - required for Build). - New Directories: - devtools/M4/UNIX - include - libmilter - libsmdb - libsmutil - vacation - Renamed Directories: - BuildTools => devtools - src => sendmail - Deleted Files: - cf/m4/nullrelay.m4 - devtools/OS/Linux.ppc - devtools/OS/ReliantUNIX - devtools/OS/SINIX - sendmail/ldap_map.h - New Files: - INSTALL - PGPKEYS - cf/cf/generic-linux.cf - cf/cf/generic-linux.mc - cf/feature/delay_checks.m4 - cf/feature/dnsbl.m4 - cf/feature/generics_entire_domain.m4 - cf/feature/no_default_msa.m4 - cf/feature/relay_mail_from.m4 - cf/feature/virtuser_entire_domain.m4 - cf/mailer/qpage.m4 - cf/ostype/bsdi.m4 - cf/ostype/hpux11.m4 - cf/ostype/openbsd.m4 - contrib/bounce-resender.pl - contrib/domainmap.m4 - contrib/qtool.8 - contrib/qtool.pl - devtools/M4/depend/AIX.m4 - devtools/M4/list.m4 - devtools/M4/string.m4 - devtools/M4/subst_ext.m4 - devtools/M4/switch.m4 - devtools/OS/Darwin - devtools/OS/GNU - devtools/OS/SINIX.5.43 - devtools/OS/SINIX.5.44 - devtools/OS/m88k - devtools/bin/find_in_path.sh - mail.local/Makefile - mailstats/Makefile - makemap/Makefile - praliases/Makefile - rmail/Makefile - sendmail/Makefile - sendmail/bf.h - sendmail/bf_portable.c - sendmail/bf_portable.h - sendmail/bf_torek.c - sendmail/bf_torek.h - sendmail/shmticklib.c - sendmail/statusd_shm.h - sendmail/timers.c - sendmail/timers.h - smrsh/Makefile - vacation/Makefile - Renamed Files: - cf/ostype/gnuhurd.m4 => cf/ostype/gnu.m4 - sendmail/cdefs.h => include/sendmail/cdefs.h - sendmail/sendmail.hf => sendmail/helpfile - sendmail/mailstats.h => include/sendmail/mailstats.h - sendmail/pathnames.h => include/sendmail/pathnames.h - sendmail/safefile.c => libsmutil/safefile.c - sendmail/snprintf.c => libsmutil/snprintf.c - sendmail/useful.h => include/sendmail/useful.h - cf/ostype/solaris2.m4 => cf/ostype/solaris2.pre5.m4 - Copied Files: - cf/ostype/solaris2.ml.m4 => cf/ostype/solaris2.m4 - -8.9.3/8.9.3 1999/02/04 - SECURITY: Limit message headers to a maximum of 32K bytes (total - of all headers in a single message) to prevent a denial of - service attack. This limit will be configurable in 8.10. - Problem noted by Michal Zalewski of the "Internet for - Schools" project (IdS). - Prevent segmentation fault on an LDAP lookup if the LDAP map - was closed due to an earlier failure. Problem noted by - Jeff Wasilko of smoe.org. Fix from Booker Bense of - Stanford University and Per Hedeland of Ericsson. - Preserve the order of the MIME headers in multipart messages - when performing the MIME header length check. This - will allow PGP signatures to function properly. Problem - noted by Lars Hecking of University College, Cork, Ireland. - If ruleset 5 rewrote the local address to an :include: directive, - the delivery would fail with an "aliasing/forwarding loop - broken" error. Problem noted by Eric C Hagberg of Morgan - Stanley. Fix from Per Hedeland of Ericsson. - Allow -T to work for bestmx maps. Fix from Aaron Schrab of - ExecPC Internet Systems. - During the transfer of a message in an SMTP transaction, if a - TCP timeout occurs, the message would be properly queued - for later retry but the failure would be logged as - "Illegal Seek" instead of a timeout. Problem noted by - Piotr Kucharski of the Warsaw School of Economics (SGH) - and Carles Xavier Munyoz Baldo of CTV Internet. - Prevent multiple deliveries on a self-referencing alias if the - F=w mailer flag is not set. Problem noted by Murray S. - Kucherawy of Concentric Network Corporation and Per - Hedeland of Ericsson. - Do not strip empty headers but if there is no value and a - default is defined in sendmail.cf, use the default. - Problem noted by Philip Guenther of Gustavus Adolphus - College and Christopher McCrory of Netus, Inc. - Don't inherit information about the sender (notably the full name) - in SMTP (-bs) mode, since this might be called from inetd. - Accept any 3xx reply code in response to DATA command instead of - requiring 354. This change will match the wording to be - published in the updated SMTP specification from the DRUMS - group of the IETF. - Portability: - AIX 4.2.0 or 4.2.1 may become updated by the fileset - bos.rte.net level 4.2.0.2. This introduces the - softlink /usr/lib/libbind.a which should - not be used. It conflicts with the resolver - built into libc.a. "bind" has been removed - from the confLIBSEARCH BuildTools variable. - Users who have installed BIND 8.X will have - to add it back in their site.config.m4 file. - Problem noted by Ole Holm Nielsen of the - Technical University of Denmark. - CRAY TS 10.0.x from Sven Nielsen of San Diego - Supercomputer Center. - Improved LDAP version 3 integration based on input - from Kurt D. Zeilenga of the OpenLDAP Foundation, - John Beck of Sun Microsystems, and Booker Bense - of Stanford University. - Linux doesn't have a standard way to get the timezone - between different releases. Back out the - change in 8.9.2 and don't attempt to derive - a timezone. Problem reported by Igor S. Livshits - of the University of Illinois at Urbana-Champaign - and Michael Dickens of Tetranet Communications. - Reliant UNIX, the new name for SINIX, from Gert-Jan Looy - of Siemens/SNI. - SunOS 5.8 from John Beck of Sun Microsystems. - CONFIG: SCO UnixWare 2.1 and 7.0 need TZ to get the proper - timezone. Problem noted by Petr Lampa of Technical - University of Brno. - CONFIG: Handle <@bestmx-host:user@otherhost> addressing properly - when using FEATURE(bestmx_is_local). Patch from Neil W. - Rickert of Northern Illinois University. - CONFIG: Properly handle source routed and %-hack addresses on - hosts which the mailertable remaps to local:. Patch from - Neil W. Rickert of Northern Illinois University. - CONFIG: Internal fixup of mailertable local: map value. Patch from - Larry Parmelee of Cornell University. - CONFIG: Only add back +detail from host portion of mailer triplet - on local mailer triplets if it was originally +detail. - Patch from Neil W. Rickert of Northern Illinois University. - CONFIG: The bestmx_is_local checking done in check_rcpt would - cause later checks to fail. Patch from Paul J Murphy of - MIDS Europe. - New Files: - BuildTools/OS/CRAYTS.10.0.x - BuildTools/OS/ReliantUNIX - BuildTools/OS/SunOS.5.8 - -8.9.2/8.9.2 1998/12/30 - SECURITY: Remove five second sleep on accepting daemon connections - due to an accept() failure. This sleep could be used - for a denial of service attack. - Do not silently ignore queue files with names which are too long. - Patch from Bryan Costales of InfoBeat, Inc. - Do not store failures closing an SMTP session in persistent - host status. Reported by Graeme Hewson of Oracle - Corporation UK. - Allow symbolic link forward files if they are in safe directories. - Problem noted by Andreas Schott of the Max Planck Society. - Missing columns in a text map could cause a segmentation fault. - Fix from David Lee of the University of Durham. - Note that for 8.9.X, PrivacyOptions=goaway also includes the - noetrn flag. This is scheduled to change in a future - version of sendmail. Problem noted by Theo Van Dinter of - Chrysalis Symbolic Designa and Alan Brown of Manawatu - Internet Services. - When trying to do host canonification in a Wildcard MX - environment, try an MX lookup of the hostname without the - default domain appended. Problem noted by Olaf Seibert of - Polderland Language & Speech Technology. - Reject SMTP RCPT To: commands with only comments (i.e. - 'RCPT TO: (comment)'. Problem noted by Earle Ake of - Hassler Communication Systems Technology, Inc. - Handle any number of %s in the LDAP filter spec. Patch from - Per Hedeland of Ericsson. - Clear ldapx open timeouts even if the map open failed to prevent - a segmentation fault. Patch from Wayne Knowles of the - National Institute of Water & Atmospheric Research Ltd. - Do not syslog envelope clone messages when using address - verification (-bv). Problem noted by Kari Hurtta of the - Finnish Meteorological Institute. - Continue to perform queue runs while in daemon mode even if the - daemon is rejecting connections due to a disk full - condition. Problem noted by JR Oldroyd of TerraNet - Internet Services. - Include full filename on installation of the sendmail.hf file - in case the $HFDIR directory does not exist. Problem - noted by Josef Svitak of Montana State University. - Close all maps when exiting the process with one exception. - Berkeley DB can use internal shared memory locking for - its memory pool. Closing a map opened by another process - will interfere with the shared memory and locks of the - parent process leaving things in a bad state. For - Berkeley DB, only close the map if the current process - is also the one that opened the map, otherwise only close - the map file descriptor. Thanks to Yoseff Francus of - Collective Technologies for volunteering his system for - extended testing. - Avoid null pointer dereference on XDEBUG output for SMTP reply - failures. Problem noted by Carlos Canau of EUnet Portugal. - On mailq and hoststat listings being piped to another program, such - as more, if the pipe closes (i.e., the user quits more), - stop sending output and exit. Patch from Allan E Johannesen - of Worcester Polytechnic Institute. - In accordance with the documentation, LDAP map lookup failures - are now considered temporary failures instead of permanent - failures unless the -t flag is used in the map definition. - Problem noted by Booker Bense of Stanford University and - Eric C. Hagberg of Morgan Stanley. - Fix by one error reporting on long alias names. Problem noted by - H. Paul Hammann of the Missouri Research and Education - Network. - Fix DontBlameSendmail=IncludeFileInUnsafeDirPath behavior. Problem - noted by Barry S. Finkel of Argonne National Laboratory. - When automatically converting from 8 bit to quoted printable MIME, - be careful not to miss a multi-part boundary if that - boundary is preceded by a boundary-like line. Problem - noted by Andreas Raschle of Ansid Inc. Fix from - Kari Hurtta of the Finnish Meteorological Institute. - Avoid bogus reporting of "LMTP tobuf overflow" when the buffer - has enough space for the additional address. Problem - noted by Steve Cliffe of the University of Wollongong. - Fix DontBlameSendmail=FileDeliveryToSymlink behavior. Problem - noted by Alex Vorobiev of Swarthmore College. - If the check_compat ruleset resolves to the $#discard mailer, - discard the current recipient. Unlike check_relay, - check_mail, and check_rcpt, the entire envelope is not - discarded. Problem noted by RZ D. Rahlfs. Fix from - Claus Assmann of Christian-Albrechts-University of Kiel. - Avoid segmentation fault when reading ServiceSwitchFile files with - bogus formatting. Patch from Kari Hurtta of the Finnish - Meteorological Institute. - Support Berkeley DB 2.6.4 API change. - OP.ME: Pages weren't properly output on duplexed printers. Fix - from Matthew Black of CSU Long Beach. - Portability: - Apple Rhapsody from Wilfredo Sanchez of Apple Computer, Inc. - Avoid a clash with IRIX 6.2 getopt.h and the UserDatabase - option structure. Problem noted by Ashley M. - Kirchner of Photo Craft Laboratories, Inc. - Break out IP address to hostname translation for - reading network interface addresses into - class 'w'. Patch from John Kennedy of - Cal State University, Chico. - AIX 4.x use -qstrict with -O3 to prevent the optimized - from changing the semantics of the compiled - program. From Simon Travaglia of the - University of Waikato, New Zealand. - FreeBSD 2.2.2 and later support setusercontext(). From - Peter Wemm of DIALix. - FreeBSD 3.x fix from Peter Wemm of DIALix. - IRIX 5.x has a syslog buffer size of 512 bytes. From - Nao NINOMIYA of Utsunomiya University. - IRIX 6.5 64-bit Build support. - LDAP Version 3 support from John Beck and Ravi Iyer - of Sun Microsystems. - Linux does not implement seteuid() properly. From - John Kennedy of Cal State University, Chico. - Linux timezone type was set improperly. From Takeshi Itoh - of Bits Co., Ltd. - NCR MP-RAS 3.x needs -lresolv for confLIBS. From - Tom J. Moore of NCR. - NeXT 4.x correction to man page path. From J. P. McCann - of E I A. - System V Rel 5.x (a.k.a UnixWare7 w/o BSD-Compatibility Libs) - from Paul Gampe of the Asia Pacific Network - Information Center. - ULTRIX now requires an optimization limit of 970 from - Allan E Johannesen of Worcester Polytechnic - Institute. - Fix extern declaration for sm_dopr(). Fix from Henk - van Oers of Algemeen Nederlands Persbureau. - CONFIG: Catch @hostname,user@anotherhost.domain as relaying. - Problem noted by Mark Rogov of AirMedia, Inc. Fix from - Claus Assmann of Christian-Albrechts-University of Kiel. - CONFIG: Do not refer to http://maps.vix.com/ on RBL rejections as - there are multiple RBL's available and the MAPS RBL may - not be the one in use. Suggested by Alan Brown of - Manawatu Internet Services. - CONFIG: Properly strip route addresses (i.e., @host1:user@host2) - when stripping down a recipient address to check for - relaying. Patch from Claus Assmann of - Christian-Albrechts-University of Kiel and Neil W Rickert - of Northern Illinois University. - CONFIG: Allow the access database to override RBL lookups. Patch - from Claus Assmann of Christian-Albrechts-University of - Kiel. - CONFIG: UnixWare 7 support from Phillip P. Porch of The Porch - Dot Com. - CONFIG: Fixed check for deferred delivery mode warning. Patch - from Claus Assmann of Christian-Albrechts-University of - Kiel and Per Hedeland of Ericsson. - CONFIG: If a recipient using % addressing is used, e.g. - user%site@othersite, and othersite's MX records are now - checked for local hosts if FEATURE(relay_based_on_MX) is - used. Problem noted by Alexander Litvin of Lucky Net Ltd. - Patch from Alexander Litvin of Lucky Net Ltd and - Claus Assmann of Christian-Albrechts-University of Kiel. - MAIL.LOCAL: Prevent warning messages from appearing in the LMTP - stream. Do not allow more than one response per recipient. - MAIL.LOCAL: Handle routed addresses properly when using LMTP. Fix - from John Beck of Sun Microsystems. - MAIL.LOCAL: Properly check for CRLF when using LMTP. Fix from - John Beck of Sun Microsystems. - MAIL.LOCAL: Substitute MAILER-DAEMON for the LMTP empty sender in - the envelope From header. - MAIL.LOCAL: Accept underscores in hostnames in LMTP mode. - Problem noted by Glenn A. Malling of Syracuse University. - MAILSTATS: Document msgsrej and msgsdis fields in the man page. - Problem noted by Richard Wong of Princeton University. - MAKEMAP: Build group list so group writable files are allowed with - the -s flag. Problem noted by Curt Sampson of Internet - Portal Services, Inc. - PRALIASES: Automatically handle alias files created without the - NULL byte at the end of the key. Patch from John Beck of - Sun Microsystems. - PRALIASES: Support Berkeley DB 2.6.4 API change. - New Files: - BuildTools/OS/IRIX64.6.5 - BuildTools/OS/UnixWare.5.i386 - cf/ostype/unixware7.m4 - contrib/smcontrol.pl - src/control.c - -8.9.1/8.9.1 1998/07/02 - If both an OS specific site configuration file and a generic - site.config.m4 file existed, only the latter was used - instead of both. Problem noted by Geir Johannessen of - the Norwegian University of Science and Technology. - Fix segmentation fault while converting 8 bit to 7 bit MIME - multipart messages by trying to write to an unopened - file descriptor. Fix from Kari Hurtta of the Finnish - Meteorological Institute. - Do not assume Message: and Text: headers indicate the end of - the header area when parsing MIME headers. Problem noted - by Kari Hurtta of the Finnish Meteorological Institute. - Setting the confMAN#SRC Build variable would only effect the - installation commands. The man pages would still be - built with .0 extensions. Problem noted by Bryan - Costales of InfoBeat, Inc. - Installation of manual pages didn't honor the DESTDIR environment - variable. Problem noted by Bryan Costales of InfoBeat, Inc. - If the check_relay ruleset resolved to the discard mailer, messages - were still delivered. Problem noted by Mirek Luc of NASK. - Mail delivery to files would fail with an Operating System Error - if sendmail was not running as root, i.e., RunAsUser was set. - Problem noted by Leonard N. Zubkoff of Dandelion Digital. - Prevent MinQueueAge from interfering from queued items created - in the future, i.e., if the system clock was set ahead - and then back. Problem noted by Michael Miller of the - University of Natal, Pietermaritzburg. - Do not advertise ETRN support in ESTMP EHLO reply if noetrn is - set in the PrivacyOptions option. Fix from Ted Rule of - Flextech TV. - Log invalid persistent host status file lines instead of - bouncing the message. Problem noted by David Lindes of - DaveLtd Enterprises. - Move creation of empty sendmail.st file from installation to - compilation. Installation may be done from a read-only - mount. Fix from Bryan Costales of InfoBeat, Inc. and Ric - Anderson of the Oasis Research Center, Inc. - Enforce the maximum number of User Database entries limit. Problem - noted by Gary Buchanan of Credence Systems Inc. - Allow dead.letter files in root's home directory. Problem noted - by Anna Ullman of Sun Microsystems. - Program deliveries in forward files could be marked unsafe if - any directory listed in the ForwardPath option did not - exist. Problem noted by Jorg Bielak of Coastal Web Online. - Do not trust the length of the address structure returned by - gethostbyname(). Problem noted by Chris Evans of Oxford - University. - If the SIZE= MAIL From: ESMTP parameter is too large, use the - 5.3.4 DSN status code instead of 5.2.2. Similarly, for - non-local deliveries, if the message is larger than the - mailer maximum message size, use 5.3.4 instead of 5.2.3. - Suggested by Antony Bowesman of - Fujitsu/TeaWARE Mail/MIME System. - Portability: - Fix the check for an IP address reverse lookup for - use in $&{client_name} on 64 bit platforms. - From Gilles Gallot of Institut for Development - and Resources in Intensive Scientific computing. - BSD-OS uses .0 for man page extensions. From Jeff Polk - of BSDI. - DomainOS detection for Build. Also, version 10.4 and later - ship a unistd.h. Fixes from Takanobu Ishimura of - PICT Inc. - NeXT 4.x uses /usr/lib/man/cat for its man pages. From - J. P. McCann of E I A. - SCO 4.X and 5.X include NDBM support. From Vlado Potisk - of TEMPEST, Ltd. - CONFIG: Do not pass spoofed PTR results through resolver for - qualification. Problem noted by Michiel Boland of - Digital Valley Internet Professionals; fix from - Kari Hurtta of the Finnish Meteorological Institute. - CONFIG: Do not try to resolve non-DNS hostnames such as UUCP, - BITNET, and DECNET addresses for resolvable senders. - Problem noted by Alexander Litvin of Lucky Net Ltd. - CONFIG: Work around Sun's broken configuration which sends bounce - messages as coming from @@hostname instead of <>. LMTP - would not accept @@hostname. - OP.ME: Corrections to complex sendmail startup script from Rick - Troxel of the National Institutes of Health. - RMAIL: Do not install rmail by default, require 'make force-install' - as this rmail isn't the same as others. Suggested by - Kari Hurtta of the Finnish Meteorological Institute. - New Files: - BuildTools/OS/DomainOS.10.4 - -8.9.0/8.9.0 1998/05/19 - SECURITY: To prevent users from reading files not normally - readable, sendmail will no longer open forward, :include:, - class, ErrorHeader, or HelpFile files located in unsafe - (i.e., group or world writable) directory paths. Sites - which need the ability to override security can use the - DontBlameSendmail option. See the README file for more - information. - SECURITY: Problems can occur on poorly managed systems, specifically, - if maps or alias files are in world writable directories. - This fixes the change added to 8.8.6 to prevent links in these - world writable directories. - SECURITY: Make sure ServiceSwitchFile option file is not a link if - it is in a world writable directory. - SECURITY: Never pass a tty to a mailer -- if a mailer can get at the - tty it may be able to push bytes back to the senders input. - Unfortunately this breaks -v mode. Problem noted by - Wietse Venema of the Global Security Analysis Lab at - IBM T.J. Watson Research. - SECURITY: Empty group list if DontInitGroups is set to true to - prevent program deliveries from picking up extra group - privileges. Problem reported by Wolfgang Ley of DFN-CERT. - SECURITY: The default value for DefaultUser is now set to the uid and - gid of the first existing user mailnull, sendmail, or daemon - that has a non-zero uid. If none of these exist, sendmail - reverts back to the old behavior of using uid 1 and gid 1. - This is a security problem for Linux which has chosen that - uid and gid for user bin instead of daemon. If DefaultUser - is set in the configuration file, that value overrides this - default. - SECURITY: Since 8.8.7, the check for non-set-user-ID binaries - interfered with setting an alternate group id for the - RunAsUser option. Problem noted by Randall Winchester of - the University of Maryland. - Add support for Berkeley DB 2.X. Based on patch from John Kennedy - of Cal State University, Chico. - Remove support for OLD_NEWDB (pre-1.5 version of Berkeley DB). Users - which previously defined OLD_NEWDB=1 must now upgrade to the - current version of Berkeley DB. - Added support for regular expressions using the new map class regex. - From Jan Krueger of Unix-AG of University of Hannover. - Support for BIND 8.1.1's hesiod for hesiod maps and hesiod - UserDatabases from Randall Winchester of the University - of Maryland. - Allow any shell for user shell on program deliveries on V1 - configurations for backwards compatibility on machines which - do not have getusershell(). Fix from John Beck of Sun - Microsystems. - On operating systems which change the process title by reusing the - argument vector memory, sendmail could corrupt memory if the - last argument was either "-q" or "-d". Problem noted by - Frank Langbein of the University of Stuttgart. - Support Local Mail Transfer Protocol (LMTP) between sendmail and - mail.local on the F=z flag. - Macro-expand the contents of the ErrMsgFile. Previously this was - only done if you had magic characters (0x81) to indicate - macro expansion. Now $x will be expanded. This means that - real dollar signs have to be backslash escaped. - TCP Wrappers expects "unknown" in the hostname argument if the - reverse DNS lookup for the incoming connection fails. - Problem noted by Randy Grimshaw of Syracuse University and - Wietse Venema of the Global Security Analysis Lab at - IBM T.J. Watson Research. - DSN success bounces generated from an invocation of sendmail -t - would be sent to both the sender and MAILER-DAEMON. - Problem noted by Claus Assmann of - Christian-Albrechts-University of Kiel. - Avoid "Error 0" messages on delivery mailers which exit with a - valid exit value such as EX_NOPERM. Fix from Andreas Luik - of ISA Informationssysteme GmbH. - Tokenize $&x expansions on right hand side of rules. This eliminates - the need to use tricks like $(dequote "" $&{client_name} $) - to cause the ${client_name} macro to be properly tokenized. - Add the MaxRecipientsPerMessage option: this limits the number of - recipients that will be accepted in a single SMTP - transaction. After this number is reached, sendmail - starts returning "452 Too many recipients" to all RCPT - commands. This can be used to limit the number of recipients - per envelope (in particular, to discourage use of the server - for spamming). Note: a better approach is to restrict - relaying entirely. - Fixed pointer initialization for LDAP lmap struct, fixed -s option - to ldapx map and added timeout for ldap_open call to - avoid hanging sendmail in the event of hung LDAP servers. - Patch from Booker Bense of Stanford University. - Allow multiple -qI, -qR, or -qS queue run limiters. For example, - '-qRfoo -qRbar' would deliver mail to recipients with foo or - bar in their address. Patch from Allan E Johannesen of - Worcester Polytechnic Institute. - The bestmx map will now return a list of the MX servers for a host if - passed a column delimiter via the -z map flag. This can be - used to check if the server is an MX server for the recipient - of a message. This can be used to help prevent relaying. - Patch from Mitchell Blank Jr of Exec-PC. - Mark failures for the *file* mailer and return bounce messages to the - sender for those failures. - Prevent bogus syslog timestamps on errors in sendmail.cf by - preserving the TZ environment variable until TimeZoneSpec - has been determined. Problem noted by Ralf Hildebrandt of - Technical University of Braunschweig. Patch from Per Hedeland - of Ericsson. - Print test input in address test mode when input is not from the tty - when the -v flag is given (i.e., sendmail -bt -v) to make - output easier to decipher. Problem noted by Aidan Nichol - of Procter & Gamble. - The LDAP map -s flag was not properly parsed and the error message - given included the remainder of the arguments instead of - solely the argument in error. Problem noted by Aidan Nichol - of Procter & Gamble. - New DontBlameSendmail option. This option allows administrators to - bypass some of sendmail's file security checks at the expense - of system security. This should only be used if you are - absolutely sure you know the consequences. The available - DontBlameSendmail options are: - Safe - AssumeSafeChown - ClassFileInUnsafeDirPath - ErrorHeaderInUnsafeDirPath - GroupWritableDirPathSafe - GroupWritableForwardFileSafe - GroupWritableIncludeFileSafe - GroupWritableAliasFile - HelpFileinUnsafeDirPath - WorldWritableAliasFile - ForwardFileInGroupWritableDirPath - IncludeFileInGroupWritableDirPath - ForwardFileInUnsafeDirPath - IncludeFileInUnsafeDirPath - ForwardFileInUnsafeDirPathSafe - IncludeFileInUnsafeDirPathSafe - MapInUnsafeDirPath - LinkedAliasFileInWritableDir - LinkedClassFileInWritableDir - LinkedForwardFileInWritableDir - LinkedIncludeFileInWritableDir - LinkedMapInWritableDir - LinkedServiceSwitchFileInWritableDir - FileDeliveryToHardLink - FileDeliveryToSymLink - WriteMapToHardLink - WriteMapToSymLink - WriteStatsToHardLink - WriteStatsToSymLink - RunProgramInUnsafeDirPath - RunWritableProgram - New DontProbeInterfaces option to turn off the inclusion of all the - interface names in $=w on startup. In particular, if you - have lots of virtual interfaces, this option will speed up - startup. However, unless you make other arrangements, mail - sent to those addresses will be bounced. - Automatically create alias databases if they don't exist and - AutoRebuildAliases is set. - Add PrivacyOptions=noetrn flag to disable the SMTP ETRN command. - Suggested by Christophe Wolfhugel of the Institut Pasteur. - Add PrivacyOptions=noverb flag to disable the SMTP VERB command. - When determining the client host name ($&{client_name} macro), do - a forward (A) DNS lookup on the result of the PTR lookup - and compare results. If they differ or if the PTR lookup - fails, &{client_name} will contain the IP address - surrounded by square brackets (e.g., [127.0.0.1]). - New map flag: -Tx appends "x" to lookups that return temporary failure - (i.e, it is like -ax for the temporary failure case, in - contrast to the success case). - New syntax to do limited checking of header syntax. A config line - of the form: - HHeader: $>Ruleset - causes the indicated Ruleset to be invoked on the Header - when read. This ruleset works like the check_* rulesets -- - that is, it can reject mail on the basis of the contents. - Limit the size of the HELO/EHLO parameter to prevent spammers - from hiding their connection information in Received: - headers. - When SingleThreadDelivery is active, deliveries to locked hosts - are skipped. This will cause the delivering process to - try the next MX host or queue the message if no other MX - hosts are available. Suggested by Alexander Litvin. - The [FILE] mailer type now delivers to the file specified in the - A= equate of the mailer definition instead of $u. It also - obeys all of the F= mailer flags such as the MIME - 7/8 bit conversion flags. This is useful for defining - a mailer which delivers to the same file regardless of the - recipient (e.g., 'A=FILE /dev/null' to discard unwanted mail). - Do not assume the identity of a remote connection is root@localhost - if the remote connection closes the socket before the - remote identity can be queried. - Change semantics of the F=S mailer flag back to 8.7.5 behavior. - Some mailers, including procmail, require that the real - uid is left unchanged by sendmail. Problem noted by Per - Hedeland of Ericsson. - No longer is the src/obj*/Makefile selected from a large list -- it - is now generated using the information in BuildTools/OS/ -- - some of the details are determined dynamically via - BuildTools/bin/configure.sh. - The other programs in the sendmail distribution -- mail.local, - mailstats, makemap, praliases, rmail, and smrsh -- now use - the new Build method which creates an operating system - specific Makefile using the information in BuildTools. - Make 4xx reply codes to the SMTP MAIL command be non-sticky (i.e., - a failure on one message won't affect future messages to the - same host). This is necessary if the remote host sends - a 451 error if the domain of the sender does not resolve - as is common in anti-spam configurations. Problem noted - by Mitchell Blank Jr of Exec-PC. - New "discard" mailer for check_* rulesets and header checking - rulesets. If one of the above rulesets resolves to the - $#discard mailer, the commands will be accepted but the - message will be completely discarded after it is accepting. - This means that even if only one of the recipients - resolves to the $#discard mailer, none of the recipients - will receive the mail. Suggested by Brian Kantor. - All but the last cloned envelope of a split envelope were queued - instead of being delivered. Problem noted by John Caruso - of CNET: The Computer Network. - Fix deadlock situation in persistent host status file locking. - Syslog an error if a user forward file could not be read due to - an error. Patch from John Beck of Sun Microsystems. - Use the first name returned on machine lookups when canonifying a - hostname via NetInfo. Patch from Timm Wetzel of GWDG. - Clear the $&{client_addr}, $&{client_name}, and $&{client_port} - macros when delivering a bounce message to prevent - rejection by a check_compat ruleset which uses these macros. - Problem noted by Jens Hamisch of AgiX Internetservices GmbH. - If the check_relay ruleset resolves to the the error mailer, the - error in the $: portion of the resolved triplet is used - in the rejection message given to the remote machine. - Suggested by Scott Gifford of The Internet Ramp. - Set the $&{client_addr}, $&{client_name}, and $&{client_port} macros - before calling the check_relay ruleset. Suggested by Scott - Gifford of The Internet Ramp. - Sendmail would get a segmentation fault if a mailer exited with an - exit code of 79. Problem noted by Aaron Schrab of ExecPC - Internet. Fix from Christophe Wolfhugel of the Pasteur - Institute. - Separate snprintf/vsnprintf routines into separate file for use by - mail.local. - Allow multiple map lookups on right hand side, e.g., - R$* $( host $1 $) $| $( passwd $1 $). Patch from - Christophe Wolfhugel of the Pasteur Institute. - Properly generate success DSN messages if requested for aliases - which have owner- aliases. Problem noted by Kari Hurtta - of the Finnish Meteorological Institute. - Properly display delayed-expansion macros ($&{macroname}) in - address test mode (-bt). Problem noted by Bryan Costales - of InfoBeat, Inc. - -qR could sometimes match names incorrectly. Problem noted by - Lutz Euler of Lavielle EDV Systemberatung GmbH & Co. - Include a magic number and version in the StatusFile for the - mailstats command. - Record the number of rejected and discarded messages in the - StatusFile for display by the mailstats command. Patch - from Randall Winchester of the University of Maryland. - IDENT returns where the OSTYPE field equals "OTHER" now list the - user portion as IDENT:username@site instead of - username@site to differentiate the two. Suggested by - Kari Hurtta of the Finnish Meteorological Institute. - Enforce timeout for LDAP queries. Patch from Per Hedeland of - Ericsson. - Change persistent host status filename substitution so '/' is - replaced by ':' instead of '|' to avoid clashes. Also - avoid clashes with hostnames with leading dots. Fix from - Mitchell Blank Jr. of Exec-PC. - If the system lock table is full, only attempt to create a new - queue entry five times before giving up. Previously, it - was attempted indefinitely which could cause the partition - to run out of inodes. Problem noted by Suzie Weigand of - Stratus Computer, Inc. - In verbose mode, warn if the sendmail.cf version is less than the - currently supported version. - Sorting for QueueSortOrder=host is now case insensitive. Patch - from Randall S. Winchester of the University of Maryland. - Properly quote a full name passed via the -F command line option, - the Full-Name: header, or the NAME environment variable if - it contains characters which must be quoted. Problem noted - by Kari Hurtta of the Finnish Meteorological Institute. - Avoid possible race condition that unlocked a mail job before - releasing the transcript file on systems that use flock(2). - In some cases, this might result in a "Transcript Unavailable" - message in error bounces. - Accept SMTP replies which contain only a reply code and no - accompanying text. Problem noted by Fernando Fraticelli of - Digital Equipment Corporation. - Portability: - AIX 4.1 uses int for SOCKADDR_LEN_T from Motonori Nakamura - of Kyoto University. - AIX 4.2 requires <userpw.h> before <usersec.h>. Patch from - Randall S. Winchester of the University of - Maryland. - AIX 4.3 from Valdis Kletnieks of Virginia Tech CNS. - CRAY T3E from Manu Mahonen of Center for Scientific Computing - in Finland. - Digital UNIX now uses statvfs for determining free - disk space. Patch from Randall S. Winchester of - the University of Maryland. - HP-UX 11.x from Richard Allen of Opin Kerfi HF and - Regis McEwen of Progress Software Corporation. - IRIX 64 bit fixes from Kari Hurtta of the Finnish - Meteorological Institute. - IRIX 6.2 configuration fix for mail.local from Michael Kyle - of CIC/Advanced Computing Laboratory. - IRIX 6.5 from Thomas H Jones II of SGI. - IRIX 6.X load average code from Bob Mende of SGI. - QNX from Glen McCready <glen@qnx.com>. - SCO 4.2 and 5.x use /usr/bin instead of /usr/ucb for links - to sendmail. Install with group bin instead of kmem - as kmem does not exist. From Guillermo Freige of - Gobernacion de la Pcia de Buenos Aires and Paul - Fischer of BTG, Inc. - SunOS 4.X does not include memmove(). Patch from - Per Hedeland of Ericsson. - SunOS 5.7 includes getloadavg() function for determining - load average. Patch from John Beck of Sun - Microsystems. - CONFIG: Increment version number of config file. - CONFIG: add DATABASE_MAP_TYPE to set the default type of database - map for the various maps. The default is hash. Patch from - Robert Harker of Harker Systems. - CONFIG: new confEBINDIR m4 variable for defining the executable - directory for certain programs. - CONFIG: new FEATURE(local_lmtp) to use the new LMTP support for - local mail delivery. By the default, /usr/libexec/mail.local - is used. This is expected to be the mail.local shipped - with 8.9 which is LMTP capable. The path is based on the - new confEBINDIR m4 variable. - CONFIG: Use confEBINDIR in determining path to smrsh for - FEATURE(smrsh). Note that this changes the default from - /usr/local/etc/smrsh to /usr/libexec/smrsh. To obtain the - old path for smrsh, use FEATURE(smrsh, /usr/local/etc/smrsh). - CONFIG: DOMAIN(generic) changes the default confFORWARD_PATH to - include $z/.forward.$w+$h and $z/.forward+$h which allow - the user to setup different .forward files for - user+detail addressing. - CONFIG: add confMAX_RCPTS_PER_MESSAGE, confDONT_PROBE_INTERFACES, - and confDONT_BLAME_SENDMAIL to set MaxRecipientsPerMessage, - DontProbeInterfaces, and DontBlameSendmail options. - CONFIG: by default do not allow relaying (that is, accepting mail - from outside your domain and sending it to another host - outside your domain). - CONFIG: new FEATURE(promiscuous_relay) to allow mail relaying from - any site to any site. - CONFIG: new FEATURE(relay_entire_domain) allows any host in your - domain as defined by the 'm' class ($=m) to relay. - CONFIG: new FEATURE(relay_based_on_MX) to allow relaying based on - the MX records of the host portion of an incoming recipient. - CONFIG: new FEATURE(access_db) which turns on the access database - feature. This database gives you the ability to allow - or refuse to accept mail from specified domains for - administrative reasons. By default, names that are listed - as "OK" in the access db are domain names, not host names. - CONFIG: new confCR_FILE m4 variable for defining the name of the file - used for class 'R'. Defaults to /etc/mail/relay-domains. - CONFIG: new command RELAY_DOMAIN(domain) and RELAY_DOMAIN_FILE(file) - to add items to class 'R' ($=R) for hosts allowed to relay. - CONFIG: new FEATURE(relay_hosts_only) to change the behavior - of FEATURE(access_db) and class 'R' to lookup individual - host names only. - CONFIG: new FEATURE(loose_relay_check). Normally, if a recipient - using % addressing is used, e.g. user%site@othersite, - and othersite is in class 'R', the check_rcpt ruleset - will strip @othersite and recheck user@site for relaying. - This feature changes that behavior. It should not be - needed for most installations. - CONFIG: new FEATURE(relay_local_from) to allow relaying if the - domain portion of the mail sender is a local host. This - should only be used if absolutely necessary as it opens - a window for spammers. Patch from Randall S. Winchester of - the University of Maryland. - CONFIG: new FEATURE(blacklist_recipients) turns on the ability to - block incoming mail destined for certain recipient - usernames, hostnames, or addresses. - CONFIG: By default, MAIL FROM: commands in the SMTP session will be - refused if the host part of the argument to MAIL FROM: cannot - be located in the host name service (e.g., DNS). - CONFIG: new FEATURE(accept_unresolvable_domains) accepts - unresolvable hostnames in MAIL FROM: SMTP commands. - CONFIG: new FEATURE(accept_unqualified_senders) accepts - MAIL FROM: senders which do not include a domain. - CONFIG: new FEATURE(rbl) Turns on rejection of hosts found in the - Realtime Blackhole List. You can specify the RBL name - server to contact by specifying it as an optional argument. - The default is rbl.maps.vix.com. For details, see - http://maps.vix.com/rbl/. - CONFIG: Call Local_check_relay, Local_check_mail, and - Local_check_rcpt from check_relay, check_mail, and - check_rcpt. Users with local rulesets should place the - rules using LOCAL_RULESETS. If a Local_check_* ruleset - returns $#OK, the message is accepted. If the ruleset - returns a mailer, the appropriate action is taken, else - the return of the ruleset is ignored. - CONFIG: CYRUS_MAILER_FLAGS now includes the /:| mailer flags by - default to support file, :include:, and program deliveries. - CONFIG: Remove the default for confDEF_USER_ID so the binary can - pick the proper default value. See the SECURITY note - above for more information. - CONFIG: FEATURE(nodns) now warns the user that the feature is a - no-op. Patch from Kari Hurtta of the Finnish - Meteorological Institute. - CONFIG: OSTYPE(osf1) now sets DefaultUserID (confDEF_USER_ID) to - daemon since DEC's /bin/mail will drop the envelope - sender if run as mailnull. See the Digital UNIX section - of src/README for more information. Problem noted by - Kari Hurtta of the Finnish Meteorological Institute. - CONFIG: .cf files are now stored in the same directory with the - .mc files instead of in the obj directory. - CONFIG: New options confSINGLE_LINE_FROM_HEADER, - confALLOW_BOGUS_HELO, and confMUST_QUOTE_CHARS for - setting SingleLineFromHeader, AllowBogusHELO, and - MustQuoteChars respectively. - MAIL.LOCAL: support -l flag to run LMTP on stdin/stdout. This - SMTP-like protocol allows detailed reporting of delivery - status on a per-user basis. Code donated by John Myers of - CMU (now of Netscape). - MAIL.LOCAL: HP-UX support from Randall S. Winchester of the - University of Maryland. NOTE: mail.local is not - compatible with the stock HP-UX mail format. Be sure to - read mail.local/README. - MAIL.LOCAL: Prevent other mail delivery agents from stealing a - mailbox lock. Patch from Randall S. Winchester of the - University of Maryland. - MAIL.LOCAL: glibc portability from John Kennedy of Cal State - University, Chico. - MAIL.LOCAL: IRIX portability from Kari Hurtta of the Finnish - Meteorological Institute. - MAILSTATS: Display the number of rejected and discarded messages - in the StatusFile. Patch from Randall Winchester of the - University of Maryland. - MAKEMAP: New -s flag to ignore safety checks on database map files - such as linked files in world writable directories. - MAKEMAP: Add support for Berkeley DB 2.X. Remove OLD_NEWDB support. - PRALIASES: Add support for Berkeley DB 2.X. - PRALIASES: Do not automatically include NDBM support. Problem - noted by Ralf Hildebrandt of the Technical University of - Braunschweig. - RMAIL: Improve portability for other platforms. Patches from - Randall S. Winchester of the University of Maryland and - Kari Hurtta of the Finnish Meteorological Institute. - Changed Files: - src/Makefiles/Makefile.* files have been modified to use - the new build mechanism and are now BuildTools/OS/*. - src/makesendmail changed to symbolic link to src/Build. - New Files: - BuildTools/M4/header.m4 - BuildTools/M4/depend/BSD.m4 - BuildTools/M4/depend/CC-M.m4 - BuildTools/M4/depend/NCR.m4 - BuildTools/M4/depend/Solaris.m4 - BuildTools/M4/depend/X11.m4 - BuildTools/M4/depend/generic.m4 - BuildTools/OS/AIX.4.2 - BuildTools/OS/AIX.4.x - BuildTools/OS/CRAYT3E.2.0.x - BuildTools/OS/HP-UX.11.x - BuildTools/OS/IRIX.6.5 - BuildTools/OS/NEXTSTEP.4.x - BuildTools/OS/NeXT.4.x - BuildTools/OS/NetBSD.8.3 - BuildTools/OS/QNX - BuildTools/OS/SunOS.5.7 - BuildTools/OS/dcosx.1.x.NILE - BuildTools/README - BuildTools/Site/README - BuildTools/bin/Build - BuildTools/bin/configure.sh - BuildTools/bin/find_m4.sh - BuildTools/bin/install.sh - Makefile - cf/cf/Build - cf/cf/generic-hpux10.cf - cf/feature/accept_unqualified_senders.m4 - cf/feature/accept_unresolvable_domains.m4 - cf/feature/access_db.m4 - cf/feature/blacklist_recipients.m4 - cf/feature/loose_relay_check.m4 - cf/feature/local_lmtp.m4 - cf/feature/promiscuous_relay.m4 - cf/feature/rbl.m4 - cf/feature/relay_based_on_MX.m4 - cf/feature/relay_entire_domain.m4 - cf/feature/relay_hosts_only.m4 - cf/feature/relay_local_from.m4 - cf/ostype/qnx.m4 - contrib/doublebounce.pl - mail.local/Build - mail.local/Makefile.m4 - mail.local/README - mailstats/Build - mailstats/Makefile.m4 - makemap/Build - makemap/Makefile.m4 - praliases/Build - praliases/Makefile.m4 - rmail/Build - rmail/Makefile.m4 - rmail/rmail.0 - smrsh/Build - smrsh/Makefile.m4 - src/Build - src/Makefile.m4 - src/snprintf.c - Deleted Files: - cf/cf/Makefile (replaced by Makefile.dist) - mail.local/Makefile - mail.local/Makefile.dist - mailstats/Makefile - mailstats/Makefile.dist - makemap/Makefile - makemap/Makefile.dist - praliases/Makefile - praliases/Makefile.dist - rmail/Makefile - smrsh/Makefile - smrsh/Makefile.dist - src/Makefile - src/Makefiles/Makefile.AIX.4 (split into AIX.4.x and AIX.4.2) - src/Makefiles/Makefile.SMP_DC.OSx.NILE - (renamed BuildTools/OS/dcosx.1.x.NILE) - src/Makefiles/Makefile.Utah (obsolete platform) - Renamed Files: - READ_ME => README - cf/cf/Makefile.dist => Makefile - cf/cf/obj/* => cf/cf/* - src/READ_ME => src/README - -8.8.8/8.8.8 1997/10/24 - If the check_relay ruleset failed, the relay= field was logged - incorrectly. Problem noted by Kari Hurtta of the Finnish - Meteorological Institute. - If /usr/tmp/dead.letter already existed, sendmail could not - add additional bounces to it. Problem noted by Thomas J. - Arseneault of SRI International. - If an SMTP mailer used a non-standard port number for the outgoing - connection, it would be displayed incorrectly in verbose mode. - Problem noted by John Kennedy of Cal State University, Chico. - Log the ETRN parameter specified by the client before altering them - to internal form. Suggested by Bob Kupiec of GES-Verio. - EXPN and VRFY SMTP commands on malformed addresses were logging as - User unknown with bogus delay= values. Change them to log - the same as compliant addresses. Problem noted by Kari E. - Hurtta of the Finnish Meteorological Institute. - Ignore the debug resolver option unless using sendmail debug trace - option for resolver. Problem noted by Greg Nichols of Wind - River Systems. - If SingleThreadDelivery was enabled and the remote server returned a - protocol error on the DATA command, the connection would be - closed but the persistent host status file would not be - unlocked so other sendmail processes could not deliver to - that host. Problem noted by Peter Wemm of DIALix. - If queueing up a message due to an expensive mailer, don't increment - the number of delivery attempts or set the last delivery - attempt time so the message will be delivered on the next - queue run regardless of MinQueueAge. Problem noted by - Brian J. Coan of the Institute for Global Communications. - Authentication warnings of "Processed from queue _directory_" and - "Processed by _username_ with -C _filename_" would be logged - with the incorrect timestamp. Problem noted by Kari E. Hurtta - of the Finnish Meteorological Institute. - Use a better heuristic for detecting GDBM. - Log null connections on dropped connections. Problem noted by - Jon Lewis of Florida Digital Turnpike. - If class dbm maps are rebuilt, sendmail will now detect this and - reopen the map. Previously, they could give stale - results during a single message processing (but would - recover when the next message was received). Fix from - Joe Pruett of Q7 Enterprises. - Do not log failures such as "User unknown" on -bv or SMTP VRFY - requests. Problem noted by Kari E. Hurtta of the - Finnish Meteorological Institute. - Do not send a bounce message back to the sender regarding bad - recipients if the SMTP connection is dropped before the - message is accepted. Problem noted by Kari E. Hurtta of the - Finnish Meteorological Institute. - Use "localhost" instead of "[UNIX: localhost]" when connecting to - sendmail via a UNIX pipe. This will allow rulesets using - $&{client_name} to process without sending the string through - dequote. Problem noted by Alan Barrett of Internet Africa. - A combination of deferred delivery mode, a double bounce situation, - and the inability to save a bounce message to - /var/tmp/dead.letter would cause sendmail to send a bounce - to postmaster but not remove the offending envelope from the - queue causing it to create a new bounce message each time the - queue was run. Problem noted by Brad Doctor of Net Daemons - Associates. - Remove newlines from hostname information returned via DNS. There are - no known security implications of newlines in hostnames as - sendmail filters newlines in all vital areas; however, this - could cause confusing error messages. - Starting with sendmail 8.8.6, mail sent with the '-t' option would be - rejected if any of the specified addresses were bad. This - behavior was modified to only reject the bad addresses and not - the entire message. Problem noted by Jozsef Hollosi of - SuperNet, Inc. - Use Timeout.fileopen when delivering mail to a file. Suggested by - Bryan Costales of InfoBeat, Inc. - Display the proper Final-Recipient on DSN messages for non-SMTP - mailers. Problem noted by Kari E. Hurtta of the - Finnish Meteorological Institute. - An error in calculating the available space in the list of addresses - for logging deliveries could cause an address to be silently - dropped. - Include the initial user environment if sendmail is restarted via - a HUP signal. This will give room for the process title. - Problem noted by Jon Lewis of Florida Digital Turnpike. - Mail could be delivered without a body if the machine does not - support flock locking and runs out of processes during - delivery. Fix from Chuck Lever of the University of Michigan. - Drop recipient address from 251 and 551 SMTP responses per RFC 821. - Problem noted by Kari E. Hurtta of the Finnish Meteorological - Institute. - Make sure non-rebuildable database maps are opened before the - rebuildable maps (i.e., alias files) in case the database maps - are needed for verifying the left hand side of the aliases. - Problem noted by Lloyd Parkes of Victoria University. - Make sure sender RFC822 source route addresses are alias expanded for - bounce messages. Problem noted by Juergen Georgi of - RUS University of Stuttgart. - Minor lint fixes. - Return a temporary error instead of a permanent error if an LDAP map - search returns an error. This will allow sequenced maps which - use other LDAP servers to be checked. Fix from Booker Bense - of Stanford University. - When automatically converting from quoted printable to 8bit text do - not pad bare linefeeds with a space. Problem noted by Theo - Nolte of the University of Technology Aachen, Germany. - Portability: - Non-standard C compilers may have had a problem compiling - conf.c due to a standard C external declaration of - setproctitle(). Problem noted by Ted Roberts of - Electronic Data Systems. - AUX: has a broken O_EXCL implementation. Reported by Jim - Jagielski of jaguNET Access Services. - BSD/OS: didn't compile if HASSETUSERCONTEXT was defined. - Digital UNIX: Digital UNIX (and possibly others) moves - loader environment variables into the loader memory - area. If one of these environment variables (such as - LD_LIBRARY_PATH) was the last environment variable, - an invalid memory address would be used by the process - title routine causing memory corruption. Problem - noted by Sam Hartman of Mesa Internet Systems. - GNU libc: uses an enum for _PC_CHOWN_RESTRICTED which caused - chownsafe() to always return 0 even if the OS does - not permit file giveaways. Problem noted by - Yasutaka Sumi of The University of Tokyo. - IRIX6: Syslog buffer size set to 512 bytes. Reported by - Gerald Rinske of Siemens Business Services VAS. - Linux: Pad process title with NULLs. Problem noted by - Jon Lewis of Florida Digital Turnpike. - SCO OpenServer 5.0: SIOCGIFCONF ioctl call returns an - incorrect value for the number of interfaces. - Problem noted by Chris Loelke of JetStream Internet - Services. - SINIX: Update for Makefile and syslog buffer size from Gerald - Rinske of Siemens Business Services VAS. - Solaris: Make sure HASGETUSERSHELL setting for SunOS is not - used on a Solaris machine. Problem noted by - Stephen Ma of Jtec Pty Limited. - CONFIG: SINIX: Update from Gerald Rinske of Siemens Business - Services VAS. - MAKEMAP: Use a better heuristic for detecting GDBM. - CONTRIB: expn.pl: Updated version from the author, David Muir Sharnoff. - OP.ME: Document the F=i mailer flag. Problem noted by Per Hedeland of - Ericsson. - -8.8.7/8.8.7 1997/08/03 - If using Berkeley DB on systems without O_EXLOCK (open a file with - an exclusive lock already set -- i.e., almost all systems - except 4.4-BSD derived systems), the initial attempt at - rebuilding aliases file if the database didn't already - exist would fail. Patch from Raymund Will of LST Software - GmbH. - Bogus incoming SMTP commands would reset the SMTP conversation. - Problem noted by Fredrik Jönsson of the Royal Institute - of Technology, Stockholm. - Since TCP Wrappers includes setenv(), unsetenv(), and putenv(), - some environments could give "multiple definitions" for these - routines during compilation. If using TCP Wrappers, assume - that these routines are included as though they were in the - C library. Patch from Robert La Ferla. - When a NEWDB database map was rebuilt at the same time it was being - used by a queue run, the maps could be left locked for the - duration of the queue run, causing other processes to hang. - Problem noted by Kendall Libby of Shore.NET. - In some cases, NoRecipientAction=add-bcc was being ignored, so the - mail was passed on without any recipient header. This could - cause problems downstream. Problem noted by Xander Jansen - of SURFnet ExpertiseCentrum. - Give error when GDBM is used with sendmail. GDBM's locking and - linking of the .dir and .pag files interferes with sendmail's - locking and security checks. Problems noted by Fyodor - Yarochkin of the Kyrgyz Republic FreeNet. - Don't fsync qf files if SuperSafe option is not set. - Avoid extra calls to gethostbyname for addresses for which a - gethostbyaddr found no value. Also, ignore any returns - from gethostbyaddr that look like a dotted quad. - If PTR lookup fails when looking up an SMTP peer, don't tag it as - "may be forged", since at the network level we pretty much - have to assume that the information is good. - In some cases, errors during an SMTP session could leave files - open or locked. - Better handling of missing file descriptors (0, 1, 2) on startup. - Better handling of non-set-user-ID binaries -- avoids certain obnoxious - errors during testing. - Errors in file locking of NEWDB maps had the incorrect file name - printed in the error message. - If the AllowBogusHELO option were set and an EHLO with a bad or - missing parameter were issued, the EHLO behaved like a HELO. - Load limiting never kicked in for incoming SMTP transactions if the - DeliveryMode=background and any recipient was an alias or - had a .forward file. From Nik Conwell of Boston University. - On some non-Posix systems, the decision of whether chown(2) permits - file giveaway was undefined. From Tetsu Ushijima of the - Tokyo Institute of Technology. - Fix race condition that could cause the body of a message to be - lost (so only the header was delivered). This only occurs - on systems that do not use flock(2), and only when a queue - runner runs during a critical section in another message - delivery. Based on a patch from Steve Schweinhart of - Results Computing. - If a qf file was found in a mail queue directory that had a problem - (wrong ownership, bad format, etc.) and the file name was - exactly MAXQFNAME bytes long, then instead of being tried - once, it would be tried on every queue run. Problem noted - by Bryan Costales of Mercury Mail. - If the system supports an st_gen field in the status structure, - include it when reporting that a file has changed after open. - This adds a new compile flag, HAS_ST_GEN (0/1 option). - This out to be checked as well as reported, since it is - theoretically possible for an attacker to remove a file after - it is opened and replace it with another file that has the - same i-number, but some filesystems (notably AFS) return - garbage in this field, and hence always look like the file - has changed. As a practical matter this is not a security - problem, since the files can be neither hard nor soft links, - and on no filesystem (that I am aware of) is it possible to - have two files on the same filesystem with the same i-number - simultaneously. - Delete the root Makefile from the distribution -- it is only for - use internally, and does not work at customer sites. - Fix botch that caused the second MAIL FROM: command in a single - transaction to clear the entire transaction. Problem - noted by John Kennedy of Cal State University, Chico. - Work properly on machines that have _PATH_VARTMP defined without - a trailing slash. (And a pox on vendors that decide to - ignore the established conventions!) Problem noted by - Gregory Neil Shapiro of WPI. - Internal changes to make it easier to add another protocol family - (intended for IPv6). Patches are from John Kennedy of - CSU Chico. - In certain cases, 7->8 bit MIME decoding of Base64 text could leave - an extra space at the beginning of some lines. Problem - noted by Charles Karney of Princeton University; fix based - on a patch from Christophe Wolfhugel. - Portability: - Allow _PATH_VENDOR_CF to be set in Makefile for consistency - with the _Sendmail_ book, 2nd edition. Note that - the book is actually wrong: _PATH_SENDMAILCF should - be used instead. - AIX 3.x: Include <sys/select.h>. Patch from Gene Rackow - of Argonne National Laboratory. - OpenBSD from from Paul DuBois of the University of Wisconsin. - RISC/os 4.0 from Paul DuBois of the University of Wisconsin. - SunOS: Include <memory.h> to fix warning from util.c. From - James Aldridge of EUnet Ltd. - Solaris: Change STDIR (location of status file) to /etc/mail - in Makefiles. - Linux, Dynix, UNICOS: Remove -DNDBM and -lgdbm from - Makefiles. Use NEWDB on Linux instead. - NCR MP-RAS 3.x with STREAMware TCP/IP: SIOCGIFNUM ioctl - exists but behaves differently than other OSes. - Add SIOCGIFNUM_IS_BROKEN compile flag to get - around the problem. Problem noted by Tom Moore of - NCR Corp. - HP-UX 9.x: fix compile warnings for old select API. Problem - noted by Tom Smith of Digital Equipment Corp. - UnixWare 2.x: compile warnings on offsetof macro. Problem - noted by Tom Good of the Community Access Information - Resource Network - SCO 4.2: compile problems caused by a change in the type of - the "length" parameters passed to accept, getpeername, - getsockname, and getsockopt. Adds new compile flags - SOCKADDR_SIZE_T and SOCKOPT_SIZE_T. Problem reported - by Tom Good of St. Vincent's North Richmond Community - Mental Health Center Residential Services. - AIX 4: Use size_t for SOCKADDR_SIZE_T and SOCKOPT_SIZE_T. - Suggested by Brett Hogden of Rochester Gas & Electric - Corp. - Linux: avoid compile problem for versions of <setjmp.h> that - #define both setjmp and longjmp. Problem pointed out - by J.R. Oldroyd of TerraNet. - CONFIG: SCO UnixWare 2.1: Support for OSTYPE(sco-uw-2.1) - from Christopher Durham of SCO. - CONFIG: NEXTSTEP: define confCW_FILE to - /etc/sendmail/sendmail.cw to match the usual - configuration. Patch from Dennis Glatting of - PlainTalk. - CONFIG: MAILER(fax) called a program that hasn't existed for a long - time. Convert to use the HylaFAX 4.0 conventions. Suggested - by Harry Styron. - CONFIG: Improve sample anti-spam rulesets in cf/cf/knecht.mc. These - are the rulesets in use on sendmail.org. - MAKEMAP: give error on GDBM files. - MAIL.LOCAL: Make error messages a bit more explicit, for example, - telling more details on what actually changed when "file - changed after open". - CONTRIB: etrn.pl: Ignore comments in Fw files. Support multiple Fw - files. - CONTRIB: passwd-to-alias.pl: Handle 8 bit characters and '-'. - NEW FILES: - src/Makefiles/Makefile.OpenBSD - src/Makefiles/Makefile.RISCos.4_0 - test/t_exclopen.c - cf/ostype/sco-uw-2.1.m4 - DELETED FILES: - Makefile - -8.8.6/8.8.6 1997/06/14 - ************************************************************* - * The extensive assistance of Gregory Neil Shapiro of WPI * - * in preparing this release is gratefully appreciated. * - * Sun Microsystems has also provided resources toward * - * continued sendmail development. * - ************************************************************* - SECURITY: A few systems allow an open with the O_EXCL|O_CREAT open - mode bits set to create a file that is a symbolic link that - points nowhere. This makes it possible to create a root - owned file in an arbitrary directory by inserting the symlink - into a writable directory after the initial lstat(2) check - determined that the file did not exist. The only verified - example of a system having these odd semantics for O_EXCL - and symbolic links was HP-UX prior to version 9.07. Most - systems do not have the problem, since a exclusive create - of a file disallows symbolic links. Systems that have been - verified to NOT have the problem include AIX 3.x, *BSD, - DEC OSF/1, HP-UX 9.07 and higher, Linux, SunOS, Solaris, - and Ultrix. This is a potential exposure on systems that - have this bug and which do not have a MAILER-DAEMON alias - pointing at a legitimate account, since this will cause old - mail to be dropped in /var/tmp/dead.letter. - SECURITY: Problems can occur on poorly managed systems, specifically, - if maps or alias files are in world writable directories. - If your system has alias maps in writable directories, it - is potentially possible for an attacker to replace the .db - (or .dir and .pag) files by symbolic links pointing at - another database; this can be used either to expose - information (e.g., by pointing an alias file at /etc/spwd.db - and probing for accounts), or as a denial-of-service attack - (by trashing the password database). The fix disallows - symbolic links entirely when rebuilding alias files or on - maps that are in writable directories, and always warns on - writable directories; 8.9 will probably consider writable - directories to be fatal errors. This does not represent an - exposure on systems that have alias files in unwritable - system directories. - SECURITY: disallow .forward or :include: files that are links (hard - or soft) if the parent directory (or any directory in the - path) is writable by anyone other than the owner. This is - similar to the previous case for user files. This change - should not affect most systems, but is necessary to prevent - an attacker who can write the directory from pointing such - files at other files that are readable only by the owner. - SECURITY: Tighten safechown rules: many systems will say that they - have a safe (restricted to root) chown even on files that - are mounted from another system that allows owners to give - away files. The new rules are very strict, trusting file - ownership only in those few cases where the system has - been verified to be at least as paranoid as necessary. - However, it is possible to relax the rules to partially - trust the ownership if the directory path is not world or - group writable. This might allow someone who has a legitimate - :include: file (referenced directly from /etc/aliases) to - become another non-root user if the :include: file is in a - non-writable directory on an NFS-mounted filesystem where - the local system says that giveaway is denied but it is - actually permitted. I believe this to be a very small set - of cases. If in doubt, do not point :include: aliases at - NFS-mounted filesystems. - SECURITY: When setting a numeric group id using the RunAsUser option - (e.g., "O RunAsUser=10:20", the group id would not be set. - Implicit group ids (e.g., "O RunAsUser=mailnull") or alpha - group ids (e.g., "O RunAsUser=mailuser:mailgrp") worked fine. - The user id was still set properly. Problem noted by Uli - Pralle of the Technical University of Berlin. - Save the initial gid set for use when checking for if the - PrivacyOptions=restrictmailq option is set. Problem reported - by Wolfgang Ley of DFN-CERT. - Make 55x reply codes to the SMTP DATA-"." be non-sticky (i.e., a - failure on one message won't affect future messages to the - same host). - IP source route printing had an "off by one" error that would - affect any options that came after the route option. Patch - from Theo de Raadt. - The "Message is too large" error didn't successfully bounce the error - back to the sender. Problem reported by Stephen More of - PSI; patch from Gregory Neil Shapiro of WPI. - Change SMTP status code 553 to map into Extended code 5.1.0 (instead - of 5.1.3); it apparently gets used in multiple ways. - Suggested by John Myers of Portola Communications. - Fix possible extra null byte generated during collection if errors - occur at the beginning of the stream. Patch contributed by - Andrey A. Chernov and Gregory Neil Shapiro. - Code changes to avoid possible reentrant call of malloc/free within - a signal handler. Problem noted by John Beck of Sun - Microsystems. - Move map initialization to be earlier so that check_relay ruleset - will have the latest version of the map data. Problem noted - by Paul Forgey of Metainfo; patch from Gregory Neil Shapiro. - If there are fatal errors during the collection phase (e.g., message - too large) don't send the bogus message. - Avoid "cannot open xfAAA00000" messages when sending to aliases that - have errors and have owner- aliases. Problem noted by Michael - Barber of MTU; fix from Gregory Neil Shapiro of WPI. - Avoid null pointer dereference on illegal Boundary= parameters in - multipart/mixed Content-Type: header. Problem noted by - Richard Muirden of RMIT University. - Always print error messages during newaliases (-bi) even if the - ErrorMode is not set to "print". Fix from Gregory Neil - Shapiro. - Test mode could core dump if you did a /map lookup in an optional map - that could not be opened. Based on a fix from John Beck of - Sun Microsystems. - If DNS is misconfigured so that the last MX record tried points to - a host that does not have an A record, but other MX records - pointed to something reasonable, don't bounce the message - with a "host unknown" error. Note that this should really - be fixed in the zone file for the domain. Problem noted by - Joe Rhett of Navigist, Inc. - If a map fails (e.g., DNS times out) on all recipient addresses, mark - the message as having been tried; otherwise the next queue - run will not realize that this is a second attempt and will - retry immediately. Problem noted by Bryan Costales of - Mercury Mail. - If the clock is set backwards, and a MinQueueAge is set, no jobs - will be run until the later setting of the clock is reached. - "Problem" (I use the term loosely) noted by Eric Hagberg of - Morgan Stanley. - If the load average rises above the cutoff threshold (above which - sendmail will not process the queue at all) during a queue - run, abort the queue run immediately. Problem noted by - Bryan Costales of Mercury Mail. - The variable queue processing algorithm (based on the message size, - number of recipients, message precedence, and job age) was - non-functional -- either the entire queue was processed or - none of the queue was processed. The updated algorithm - does no queue run if a single recipient zero size job will - not be run. - If there is a fatal ("panic") message that will cause sendmail to - die immediately, never hold the error message for future - printing. - Force ErrorMode=print in -bt mode so that all errors are printed - regardless of the setting of the ErrorMode option in the - configuration file. Patch from Gregory Neil Shapiro. - New compile flag HASSTRERROR says that this OS has the strerror(3) - routine available in one of the libraries. Use it in conf.h. - The -m (match only) flag now works on host class maps. - If class hash or btree maps are rebuilt, sendmail will now detect - this and reopen the map. Previously, they could give - erroneous results during a single message processing - (but would recover when the next message was received). - Don't delete zero length queue files when doing queue runs until the - files are at least ten minutes old. This avoids a potential - race condition: the creator creates the qf file, getting back - a file descriptor. The queue runner locks it and deletes it - because it is zero length. The creator then writes the - descriptor that is now for a disconnected file, and the - job goes away. Based on a suggestion by Bryan Costales. - When determining the "validated" host name ($_ macro), do a forward - (A) DNS lookup on the result of the PTR lookup and compare - results. If they differ or if the PTR lookup fails, tag the - address as "may be forged". - Log null connections (i.e., hosts that connect but do not do any - substantive activity on the connection before disconnecting; - "substantive" is defined to be MAIL, EXPN, VRFY, or ETRN. - Always permit "writes" to /dev/null regardless of the link count. - This is safe because /dev/null is special cased, and no open - or write is ever actually attempted. Patch from Villy Kruse - of TwinCom. - If a message cannot be sent because of a 552 (exceeded storage - allocation) response to the MAIL FROM:<>, and a SIZE= parameter - was given, don't return the body in the bounce, since there - is a very good chance that the message will double-bounce. - Fix possible line truncation if a quoted-printable had an =00 escape - in the body. Problem noted by Charles Karney of the Princeton - Plasma Physics Laboratory. - Notify flags (e.g., -NSUCCESS) were lost on user+detail addresses. - Problem noted by Kari Hurtta of the Finnish Meteorological - Institute. - The MaxDaemonChildren option wasn't applying to queue runs as - documented. Note that this increases the potential denial - of service problems with this option: an attacker can - connect many times, and thereby lock out queue runs as well - as incoming connections. If you use this option, you should - run the "sendmail -bd" and "sendmail -q30m" jobs separately - to avoid this attack. Failure to limit noted by Matthew - Dillon of BEST Internet Communications. - Always give a message in newaliases if alias files cannot be - opened instead of failing silently. Suggested by Gregory - Neil Shapiro. This change makes the code match the O'Reilly - book (2nd edition). - Some older versions of the resolver could return with h_errno == -1 - if no name server could be reached, causing mail to bounce - instead of queueing. Treat this like TRY_AGAIN. Fix from - John Beck of SunSoft. - If a :include: file is owned by a user that does not have an entry - in the passwd file, sendmail could dereference a null pointer. - Problem noted by Satish Mynam of Sun Microsystems. - Take precautions to make sure that the SMTP protocol cannot get out - of sync if (for example) an alias file cannot be opened. - Fix a possible race condition that can cause a SIGALRM to come in - immediately after a SIGHUP, causing the new sendmail to die. - Avoid possible hang on SVr3 systems when doing child reaping. Patch - from Villy Kruse of TwinCom. - Ignore improperly formatted SMTP reply codes. Previously these were - partially processed, which could cause confusing error - returns. - Fix possible bogus pointer dereference when doing ldapx map lookups - on some architectures. - Portability: - A/UX: from Jim Jagielski of NASA/GSFC. - glibc: SOCK_STREAM was changed from a #define to an enum, - thus breaking #ifdef SOCK_STREAM. Only option seems - to be to assume SOCK_STREAM if __GNU_LIBRARY__ is - defined. Problem reported by A Sun of the University - of Washington. - Solaris: use SIOCGIFNUM to get the number of interfaces on - the system rather than guessing at compile time. - Patch contributed by John Beck of Sun Microsystems. - Intel Paragon: from Wendy Lin of Purdue University. - GNU Hurd: from Miles Bader of the GNU project. - RISC/os 4.50 from Harlan Stenn of PFCS Corporation. - ISC Unix: wait never returns if SIGCLD signals are blocked. - Unfortunately releasing them opens a race condition, - but there appears to be no fix for this. Patch from - Gregory Neil Shapiro. - BIND 8.1 for IPv6 compatibility from John Kennedy. - Solaris: a bug in strcasecmp caused characters with the - high order bit set to apparently randomly match - letters -- for example, $| (0233) matches "i" and "I". - Problem noted by John Gregson of the University of - Cambridge. - IRIX 6.x: make Makefile.IRIX.6.2 apply to all 6.x. From - Kari Hurtta. - IRIX 6.x: Create Makefiles for systems that claim to be - IRIX64 but are 6.2 or higher (so use the regular - IRIX Makefile). - IRIX 6.x: Fix load average computation on 64 bit kernels. - Problem noted by Eric Hagberg of Morgan Stanley. - CONFIG: Some canonification was still done for UUCP-like addresses - even if FEATURE(nocanonify) was set. Problem pointed out by - Brian Candler. - CONFIG: In some cases UUCP mailers wouldn't properly recognize all - local names as local. Problem noted by Jeff Polk of BSDI; - fix provided by Gregory Neil Shapiro. - CONFIG: The "local:user" syntax entries in mailertables and other - "mailer:user" syntax locations returned an incorrect value - for the $h macro. Problem noted by Gregory Neil Shapiro. - CONFIG: Retain "+detail" information when forwarding mail to a - MAIL_HUB, LUSER_RELAY, or LOCAL_RELAY. Patch from Philip - Guenther of Gustavus Adolphus College. - CONFIG: Make sure user+detail works for FEATURE(virtusertable); - rules are the same as for aliasing. Based on a patch from - Gregory Neil Shapiro. - CONFIG: Break up parsing rules into several pieces; this should - have no functional change in this release, but makes it - possible to have better anti-spam rulesets in the future. - CONFIG: Disallow double dots in host names to avoid having the - HostStatusDirectory store status under the wrong name. - In some cases this can be used as a denial-of-service attack. - Problem noted by Ron Jarrell of Virginia Tech, patch from - Gregory Neil Shapiro. - CONFIG: Don't use F=m (multiple recipients per invocation) for - MAILER(procmail), but do pass F=Pn9 (include Return-Path:, - don't include From_, and convert to 8-bit). Suggestions - from Kimmo Suominen and Roderick Schertler. - CONFIG: Domains under $=M (specified with MASQUERADE_DOMAIN) were - being masqueraded as though FEATURE(masquerade_entire_domain) - was specified, even when it wasn't. - MAIL.LOCAL: Solaris 2.6 has snprintf. From John Beck of SunSoft. - MAIL.LOCAL: SECURITY: check to make sure that an attacker doesn't - "slip in" a symbolic link between the lstat(2) call and the - exclusive open. This is only a problem on System V derived - systems that allow an exclusive create on files that are - symbolic links pointing nowhere. - MAIL.LOCAL: If the final mailbox close() failed, the user id was - not reset back to root, which on some systems would cause - later mailboxes to fail. Also, any partial message would - not be truncated, which could result in repeated deliveries. - Problem noted by Bruce Evans via Peter Wemm (FreeBSD - developers). - MAKEMAP: Handle cases where O_EXLOCK is #defined to be 0. A similar - change to the sendmail map code was made in 8.8.3. Problem - noted by Gregory Neil Shapiro. - MAKEMAP: Give warnings on file problems such as map files that are - symbolic links; although makemap is not set-user-ID root, it is - often run as root and hence has the potential for the same - sorts of problems as alias rebuilds. - MAKEMAP: Change compilation so that it will link properly on - NEXTSTEP. - CONTRIB: etrn.pl: search for Cw as well as Fw lines in sendmail.cf. - Accept an optional list of arguments following the server - name for the ETRN arguments to use (instead of $=w). Other - miscellaneous bug fixes. From Christian von Roques via - John Beck of Sun Microsystems. - CONTRIB: Add passwd-to-alias.pl, contributed by Kari Hurtta. This - Perl script converts GECOS information in the /etc/passwd - file into aliases, allowing for faster access to full name - lookups; it is also clever about adding aliases (to root) - for system accounts. - NEW FILES: - src/safefile.c - cf/ostype/gnuhurd.m4 - cf/ostype/irix6.m4 - contrib/passwd-to-alias.pl - src/Makefiles/Makefile.IRIX64.6.1 - src/Makefiles/Makefile.IRIX64.6.x - RENAMED FILES: - src/Makefiles/Makefile.IRIX.6.2 => Makefile.IRIX.6.x - src/Makefiles/Makefile.IRIX64 => Makefile.IRIX64.6.0 - -8.8.5/8.8.5 1997/01/21 - SECURITY: Clear out group list during startup. Without this, sendmail - will continue to run with the group permissions of the caller, - even if RunAsUser is specified. - SECURITY: Make purgestat (-bH) be root-only. This is not in response - to any known attack, but it's best to be conservative. - Suggested by Peter Wemm of DIALix. - SECURITY: Fix buffer overrun problem in MIME code that has possible - security implications. Patch from Alex Garthwaite of the - University of Pennsylvania. - Use of a -f flag with a phrase attached (e.g., "-f 'Full Name <addr>'") - would truncate the address after "Full". Although the -f - syntax is incorrect (since it is in the envelope, it - shouldn't have comments and full names), the failure mode - was unnecessarily awful. - Fix a possible null pointer dereference when converting 8-bit data - to a 7-bit format. Problem noted by Jim Hutchins of - Sandia National Labs and David James of British Telecom. - Clear out stale state that affected F=9 on SMTP mailers in queue - runs. Although this really shouldn't be used (F=9 is for - final delivery only, and using it on an SMTP mailer makes - it possible for a message to be converted from 8->7->8->7 - bits several times), it shouldn't have failed with a syserr. - Problem noted by Eric Hagberg of Morgan Stanley. - _Really_ fix the multiple :maildrop code in the user database - module. Patch from Roy Mongiovi of Georgia Tech. - Let F lines in the configuration file actually read root-only - files if the configuration file is safe. Based on a - patch from Keith Reynolds of SCO. - ETRN followed by QUIT would hold the connection open until the queue - run completed. Problem noted by Truck Lewis of TDK - Semiconductor Corp. - It turns out that despite the documentation, the TCP wrappers library - does _not_ log rejected connections. Do the logging ourselves. - Problem noted by Fletcher Mattox of the University of Texas - at Austin. - If sendmail finds a qf file in its queue directory that is an unknown - version (e.g., when backing out to an old version), the - error is reported on every queue run. Change it to only - give the error once (and rename the qf => Qf). Patch from - William A. Gianopoulos of Raytheon Company. - Start a new session when doing background delivery; currently it - ignored signals but didn't start a new signal, that caused - some problems if a background process tried to send mail - under certain circumstances. Problem noted by Eric Hagberg - of Morgan Stanley; fix from Kari Hurtta. - Simplify test for skipping a queue run to just check if the current - load average is >= the queueing load average. Previously - the check factored in some other parameters that caused it - to essentially never skip the queue run. Patch from Bryan - Costales. - If the SMTP server is running in "nullserver" mode (that is, it is - rejecting all commands), start sleeping after MAXBADCOMMAND - (25) commands; this helps prevent a bad guy from putting - you into a tight loop as a denial-of-service attack. Based - on an e-mail conversation with Brad Knowles of AOL. - Slow down when too many "light weight" commands have been issued; - this helps prevent a class of denial-of-service attacks. - The current values and defaults are: - MAXNOOPCOMMANDS 20 NOOP, VERB, ONEX, XUSR - MAXHELOCOMMANDS 3 HELO, EHLO - MAXVRFYCOMMANDS 6 VRFY, EXPN - MAXETRNCOMMANDS 8 ETRN - These will probably be configurable in a future release. - On systems that have uid_t typedefed to be an unsigned short, programs - that had the F=S flag and no U= equate would be invoked with - the real uid set to 65535 rather than being left unchanged. - In some cases, NOTIFY=NEVER was not being honored. Problem noted - by Steve Hubert of the University of Washington, Seattle. - Mail that was Quoted-Printable encoded and had a soft line break on - the last line (i.e., an incomplete continuation) had the last - line dropped. Since this appears to be illegal it isn't - clear what to do with it, but flushing the last line seems - to be a better "fail soft" approach. Based on a patch from - Eric Hagberg. - If AllowBogusHELO and PrivacyOptions=needmailhelo are both set, a - bogus HELO command still causes the "Polite people say HELO - first" error message. Problem pointed out by Chris Thomas - of UCLA; patch from John Beck of SunSoft. - Handle "sendmail -bp -qSfoobar" properly if restrictqrun is set - in PrivacyOptions. The -q shouldn't turn this command off. - Problem noted by Murray Kucherawy of Pacific Bell Internet; - based on a patch from Gregory Neil Shapiro of WPI. - Don't consider SMTP reply codes 452 or 552 (exceeded storage allocation) - in a DATA transaction to be sticky; these can occur because - a message is too large, and smaller messages should still go - through. Problem noted by Matt Dillon of Best Internet - Communications. - In some cases bounces were saved in /var/tmp/dead.letter even if they - had been successfully delivered to the envelope sender. - Problem noted Eric Hagberg of Morgan Stanley; solution from - Gregory Neil Shapiro of WPI. - Give better diagnostics on long alias lines. Based on code contributed - by Patrick Gosling of the University of Cambridge. - Increase the number of virtual interfaces that will be probed for - alternate names. Problem noted by Amy Rich of Shore.Net. - PORTABILITY: - UXP/DS V20L10 for Fujitsu DS/90: Makefile patches from - Toshiaki Nomura of Fujitsu Limited. - SunOS with LDAP support: compile problems with struct timeval. - Patch from Nick Cuccia of TCSI Corporation. - SCO: from Keith Reynolds of SCO. - Solaris: kstat load average computation wasn't being used. - Fixes from Michael Ju. Tokarev of Telecom Service, JSC - (Moscow). - OpenBSD: from Jason Downs of teeny.org. - Altos System V: from Tim Rice. - Solaris 2.5: from Alan Perry of SunSoft. - Solaris 2.6: from John Beck of SunSoft. - Harris Nighthawk PowerUX (mh6000 box): from Bob Miorelli - of Pratt & Whitney <miorelli@pweh.com>. - CONFIG: It seems that I hadn't gotten the Received: line syntax - _just_right_ yet. Tweak it again. I'll omit the names - of the "contributors" (quantity two) in this one case. - As of now, NO MORE DISCUSSION about the syntax of the - Received: line. - CONFIG: Although FEATURE(nullclient) uses EXPOSED_USER (class $=E), - it never inserts that class into the output file. Fix it - so it will honor EXPOSED_USER but will _not_ include root - automatically in this class. Problem noted by Ronan KERYELL - of Centre de Recherche en Informatique de l'École Nationale - Supérieure des Mines de Paris (CRI-ENSMP). - CONFIG: Clean up handling of "local:" syntax in relay specifications - such as LUSER_RELAY. This change permits the following - syntaxes: ``local:'' will send to the same user on the - local machine (e.g., in a mailertable entry for "host", - ``local:'' will cause an address addressed to user@host to - go to user on the local machone). ``local:user'' will send - to the named user on the local machine. ``local:user@host'' - is equivalent to ``local:user'' (the host is ignored). In - all cases, the original user@host is passed in $@ (i.e., the - detail information). Inspired by a report from Michael Fuhr. - CONFIG: Strip quotes from the first word of an "error:" host - indication. This lets you set (for example) the LUSER_RELAY - to be ``error:\"5.1.1\" Your Message Here''. Note the use - of the \" so that the resulting string is properly quoted. - Problem noted by Gregory Neil Shapiro of WPI. - OP.ME: documentation was inconsistent about whether sendmail did a - NOOP or a RSET to probe the connection (it does a RSET). - Inconsistency noted by Deeran Peethamparam. - OP.ME: insert additional blank pages so it will print properly on - a duplex printer. From Matthew Black of Cal State University, - Long Beach. - -8.8.4/8.8.4 1996/12/02 - SECURITY: under some circumstances, an attacker could get additional - permissions by hard linking to files that were group - writable by the attacker. The solution is to disallow any - files that have hard links -- this will affect .forward, - :include:, and output files. Problem noted by Terry - Kyriacopoulos of Interlog Internet Services. As a - workaround, set UnsafeGroupWrites -- always a good idea. - SECURITY: the TryNullMXList (w) option should not be safe -- if it - is, it is possible to do a denial-of-service attack on - MX hosts that rely on the use of the null MX list. There - is no danger if you have this option turned off (the default). - Problem noted by Dan Bernstein. Also, make the DontInitGroups - unsafe. I know of no specific attack against this, although - a denial-of-service attack is probably possible, but in theory - you should not be able to safely tweak anything that affects - the permissions that are used when mail is delivered. - Purgestat could go into an infinite loop if one of the host status - directories somehow became empty. Problem noted by Roy - Mongiovi of Georgia Tech. - Processes got "lost" when counting children due to a race condition. - This caused "proc_list_probe: lost pid" messages to be logged. - Problem noted by several people. - On systems with System V SIGCLD child signal semantics (notably AIX - and HP-UX), mail transactions would print the message "451 - SMTP-MAIL: lost child: No child processes". Problem noted - by several people. - Miscellaneous compiler warnings on picky compilers (or when setting - gcc to high warning levels). From Tom Moore of NCR Corp. - SMTP protocol errors, and most errors on MAIL FROM: lines should - not be persistent between runs, since they are based on the - message rather than the host. Problem noted by Matt Dillon - of Best Internet Communications. - The F=7 flag was ignored on SMTP mailers. Problem noted by Tom Moore - of NCR (a.k.a., AT&T Global Information Solutions). - Avoid the possibility of having a child daemon run to completion - (including closing the SMTP socket) before the parent has - had a chance to close the socket; this can cause the parent - to hang for a long time waiting for the socket to drain. - Patch from Don Lewis of TDK Semiconductor. - If the fork() failed in a queue run, the queue runners would not be - rescheduled (so queue runs would stop). Patch from Don Lewis. - Some error conditions in ETRN could cause output without an SMTP - status code. Problem noted by Don Lewis. - Multiple :maildrop addresses in the user database didn't work properly. - Patch from Roy Mongiovi of Georgia Tech. - Add ".db" automatically onto any user database spec that does not - already have it; this is for consistency with makemap, the - K line, and the documentation. Inconsistency pointed out - by Roy Mongiovi. - Allow sendmail to be properly called in nohup mode. Patch from - Kyle Jones of UUNET. - Change ETRN to ignore but still update host status files; previously - it would ignore them and not save the updated status, which - caused stale information to be maintained. Based on a patch - from Christopher Davis of Kapor Enterprises Inc. Also, have - ETRN ignore the MinQueueAge option. - Patch long term host status to recover more gracefully from an empty - host status file condition. Patch from NAKAMURA Motonori - of Kyoto University. - Several patches to signal handling code to fix potential race - conditions from Don Lewis. - Make it possible to compile with -DDAEMON=0 (previously it had some - compile errors). This turns DAEMON, QUEUE, and SMTP into - 0/1 compilation flags. Note that DAEMON is an obsolete - compile flag; use NETINET instead. Solution based on a - patch from Bryan Costales. - PORTABILITY FIXES: - AIX4: getpwnam() and getpwuid() do a sequential scan of the - /etc/security/passwd file when called as root. This - is very slow on some systems. To speed it up, use the - (undocumented) _getpw{nam,uid}_shadow() routines. - Patch from Chris Thomas of UCLA/OAC Systems Group. - SCO 5.x: include -lprot in the Makefile. Patch from Bill - Glicker of Burrelle's Information Service. - NEWS-OS 4.x: need a definition for MODE_T to compile. Patch - from Makoto MATSUSHITA of Osaka University. - SunOS 4.0.3: compile problems. Patches from Andrew Cole of - Leeds University and SASABE Tetsuro of the University - of Tokyo. - DG/UX 5.4.4.11 from Brian J. Murrell of InterLinx Support - Services, Inc. - Domain/OS from Don (Truck) Lewis of TDK Semiconductor Corp. - I believe this to have only been a problem if you - compiled with -DUSE_VENDOR_CF_PATH -- another reason - to stick with /etc/sendmail.cf as your One True Path. - Digital UNIX (OSF/1 on Alpha) load average computation from - Martin Laubach of the Technischen Universität Wien. - CONFIG: change default Received: line to be multiple lines rather - than one long one. By popular demand. - MAIL.LOCAL: warnings weren't being logged on some systems. Patch - from Jerome Berkman of U.C. Berkeley. - MAKEMAP: be sure to zero hinfo to avoid cruft that can cause runs - to take a very long time. Problem noted by Yoshiro YONEYA - of NTT Software Corporation. - CONTRIB: add etrn.pl, contributed by John Beck. - NEW FILES: - contrib/etrn.pl - -8.8.3/8.8.3 1996/11/17 - SECURITY: it was possible to get a root shell by lying to sendmail - about argv[0] and then sending it a signal. Problem noted - by Leshka Zakharoff <leshka@leshka.chuvashia.su> on the - best-of-security list. - Log sendmail binary version number in "Warning: .cf version level - (%d) exceeds program functionality (%d) message" -- this - should make it clearer to people that they are running - the wrong binary. - Fix a problem that occurs when you open an SMTP connection and then - do one or more ETRN commands followed by a MAIL command; at - the end of the DATA phase sendmail would incorrectly report - "451 SMTP-MAIL: lost child: No child processes". Problem - noted by Eric Bishop of Virginia Tech. - When doing text-based host canonification (typically /etc/hosts - lookup), a null host name would match any /etc/hosts entry - with space at the end of the line. Problem noted by Steve - Hubert of the University of Washington, Seattle. - 7 to 8 bit BASE64 MIME conversions could duplicate bits of text. - Problem reported by Tom Smith of Digital Equipment Corp. - Increase the size of the DNS answer buffer -- the standard UDP packet - size PACKETSZ (512) is not sufficient for some nameserver - answers containing very many resource records. The resolver - may also switch to TCP and retry if it detects UDP packet - overflow. Also, allow for the fact that the resolver - routines res_query and res_search return the size of the - *un*truncated answer in case the supplied answer buffer it - not big enough to accommodate the entire answer. Patch from - Eric Wassenaar. - Improvements to MaxDaemonChildren code. If you think you have too - many children, probe the ones you have to verify that they - are still around. Suggested by Jared Mauch of CICnet, Inc. - Also, do this probe before growing the vector of children - pids; this previously caused the vector to grow indefinitely - due to a race condition. Problem reported by Kyle Jones of - UUNET. - On some architectures, <db.h> (from the Berkeley DB library) defines - O_EXLOCK to zero; this fools the map compilation code into - thinking that it can avoid race conditions by locking on open. - Change it to check for O_EXLOCK non-zero. Problem noted by - Leif Erlingsson of Data Lege. - Always call res_init() on startup (if compiled in, of course) to - allow the sendmail.cf file to tweak resolver flags; without - it, flag tweaks in ResolverOptions are ignored. Patch from - Andrew Sun of Merrill Lynch. - Improvements to host status printing code. Suggested by Steve Hubert - of the University of Washington, Seattle. - Change MinQueueAge option processing to do the check for the job age - when reading the queue file, rather than at the end; this - avoids parsing the addresses, which can do DNS lookups. - Problem noted by John Beck of InReference, Inc. - When MIME was being 7->8 bit decoded, "From " lines weren't being - properly escaped. Problem noted by Peter Nilsson of the - University of Linkoping. - In some cases, sendmail would retain root permissions during queue - runs even if RunAsUser was set. Problem noted by Mark - Thomas of Mark G. Thomas Consulting. - If the F=l flag was set on an SMTP mailer to indicate that it is - actually local delivery, and NOTIFY=SUCCESS is specified in - the envelope, and the receiving SMTP server speaks DSN, then - the DSN would be both generated locally and propagated to the - other end. - The U= mailer field didn't correctly extract the group id if the - user id was numeric. Problem noted by Kenneth Herron of - MCI Telecommunications Communications. - If a message exceeded the fixed maximum size on input, the body of - the message was included in the bounce. Note that this did - not occur if it exceeded the maximum _output_ size. Problem - reported by Kyle Jones of UUNET. - PORTABILITY FIXES: - AIX4: 4.1 doesn't have a working setreuid(2); change the - AIX4 defines to use seteuid(2) instead, which - works on 4.1 as well as 4.2. Problem noted by - Håkan Lindholm of interAF, Sweden. - AIX4: use tzname[] vector to determine time zone name. - Patch from NAKAMURA Motonori of Kyoto University. - MkLinux: add Makefile.Linux.ppc and OSTYPE(mklinux) support. - Contributed by Paul DuBois <dubois@primate.wisc.edu>. - Solaris: kstat(3k) support for retrieving the load average. - This adds the LA_KSTAT definition for LA_TYPE. - The outline of the implementation was contributed - by Michael Tokarev of Telecom Service, JSC, Moscow. - HP-UX 10.0 gripes about the (perfectly legal!) forward - declaration of struct rusage at the top of conf.h; - change it to only be included if you are using gcc, - which is apparently the only compiler that requires - it in the first place. Problem noted by Jeff - Earickson of Colby College. - IRIX: don't default to using gcc. IRIX is a civilized - operating system that comes with a decent compiler - by default. Problem noted by Barry Bouwsma and - Kari Hurtta. - CONFIG: specify F=9 as default in FEATURE(local_procmail) for - consistency with other local mailers. Inconsistency - pointed out by Teddy Hogeborn <teddy@fukt.hk-r.se>. - CONFIG: if the "limited best mx" feature is used (to reduce DNS - overhead) as part of the bestmx_is_local feature, the - domain part was dropped from the name. Patch from Steve - Hubert of the University of Washington, Seattle. - CONFIG: catch addresses of the form "user@.dom.ain"; these could - end up being translated to the null host name, which would - return any entry in /etc/hosts that had a space at the end - of the line. Problem noted by Steve Hubert of the - University of Washington, Seattle. - CONFIG: add OSTYPE(aix4). From Michael Sofka of Rensselaer - Polytechnic Institute. - MAKEMAP: tweak hash and btree parameters for better performance. - Patch from Matt Dillon of Best Internet Communications. - NEW FILES: - src/Makefiles/Makefile.Linux.ppc - cf/ostype/aix4.m4 - cf/ostype/mklinux.m4 - -8.8.2/8.8.2 1996/10/18 - SECURITY: fix a botch in the 7-bit MIME patch; the previous patch - changed the code but didn't fix the problem. - PORTABILITY FIXES: - Solaris: Don't use the system getusershell(3); it can - apparently corrupt the heap in some circumstances. - Problem found by Ken Pizzini of Spry, Inc. - OP.ME: document several mailer flags that were accidentally omitted - from this document. These flags were F=d, F=j, F=R, and F=9. - CONFIG: no changes. - -8.8.1/8.8.1 1996/10/17 - SECURITY: unset all environment variables that the resolver will - examine during queue runs and daemon mode. Problem noted - by Dan Bernstein of the University of Illinois at Chicago. - SECURITY: in some cases an illegal 7-bit MIME-encoded text/plain - message could overflow a buffer if it was converted back - to 8 bits. This caused core dumps and has the potential - for a remote attack. Problem first noted by Gregory Shapiro - of WPI. - Avoid duplicate deliveries of error messages on systems that don't - have flock(2) support. Patch from Motonori Nakamura of - Kyoto University. - Ignore null FallBackMX (V) options. If this option is null (as - opposed to undefined) it can cause "null signature" syserrs - on illegal host names. - If a Base64 encoded text/plain message has no trailing newline in - the encoded text, conversion back to 8 bits will drop the - final line. Problem noted by Pierre David. - If running with a RunAsUser, sendmail would give bogus "cannot - setuid" (or seteuid, or setreuid) messages on some systems. - Problem pointed out by Jordan Mendelson of Web Services, Inc. - Always print error messages in -bv mode -- previously, -bv would - be absolutely silent on errors if the error mode was sent - to (say) mail-back. Problem noted by Kyle Jones of UUNET. - If -qI/R/S is set (or the ETRN command is used), ignore all long - term host status. This is necessary because it is common - to do this when you know a host has just come back up. - Disallow duplicate HELO/EHLO commands as required by RFC 1651 section - 4.2. Excessive permissiveness noted by Lee Flight of the - University of Leicester. - If a service (such as NIS) is specified as the last entry in the - service switch, but that service is not compiled in, sendmail - would return a temporary failure when an entry was not found - in the map. This caused the message to be queued instead of - bouncing immediately. Problem noted by Harry Edmon of the - University of Washington. - PORTABILITY FIXES: - Solaris 2.3 had compilation problems in conf.c. Several - people pointed this out. - NetBSD from Charles Hannum of MIT. - AIX4 improvements based on info from Steve Bauer of South - Dakota School of Mines & Technology. - CONFIG: ``error:code message'' syntax was broken in virtusertable. - Patch from Gil Kloepfer Jr. - CONFIG: if FEATURE(nocanonify) was specified, hosts in $=M (set - using MASQUERADE_DOMAIN) were not masqueraded unless they - were also in $=w. Problem noted by Zoltan Basti of - Softec. - MAIL.LOCAL: patches to compile and link cleanly on AIX. Based - on a patch from Eric Hagberg of Morgan Stanley. - MAIL.LOCAL: patches to compile on NEXTSTEP. From Patrick Nolan - of Stanford via Robert La Ferla. - -8.8.0/8.8.0 1996/09/26 - Under some circumstances, Bcc: headers would not be properly - deleted. Pointed out by Jonathan Kamens of OpenVision. - Log a warning if the sendmail daemon is invoked without a full - pathname, which prevents "kill -1" from working. I was - urged to put this in by Andrey A. Chernov of DEMOS (Russia). - Fix small buffer overflow. Since the data in this buffer was not - read externally, there was no security problem (and in fact - probably wouldn't really overflow on most compilers). Pointed - out by KIZU takashi of Osaka University. - Fix problem causing domain literals such as [1.2.3.4] to be ignored - if a FallbackMXHost was specified in the configuration file - -- all mail would be sent to the fallback even if the original - host was accessible. Pointed out by Munenari Hirayama of - NSC (Japan). - A message that didn't terminate with a newline would (sometimes) not - have the trailing "." added properly in the SMTP dialogue, - causing SMTP to hang. Patch from Per Hedeland of Ericsson. - The DaemonPortOptions suboption to bind to a particular address was - incorrect and nonfunctional due to a misunderstanding of the - semantics of binding on a passive socket. Patch from - NIIBE Yutaka of Mitsubishi Research Institute. - Increase the number of MX hosts for a single name to 100 to better - handle the truly huge service providers such as AOL, which - has 13 at the moment (and climbing). In order to avoid - trashing memory, the buffer for all names has only been - slightly increased in size, to 12.8K from 10.2K -- this means - that if a single name had 100 MX records, the average size - of those records could not exceed 128 bytes. Requested by - Brad Knowles of America On Line. - Restore use of IDENT returns where the OSTYPE field equals "OTHER". - Urged by Dan Bernstein of U.C. Berkeley. - Print q_statdate and q_specificity in address structure debugging - printout. - Expand MCI structure flag bits for debugging output. - Support IPv6-style domain literals, which can have colons between - square braces. - Log open file descriptors for the "cannot dup" messages in deliver(); - this is an attempt to track down a bug that one person seems - to be having (it may be a Solaris bug!). - DSN NOTIFY parameters were not properly propagated across queue runs; - this caused the NOTIFY info to sometimes be lost. Problem - pointed out by Claus Assmann of the - Christian-Albrechts-University of Kiel. - The statistics gathered in the sendmail.st file were too high; in - some cases failures (e.g., user unknown or temporary failure) - would count as a delivery as far as the statistics were - concerned. Problem noted by Tom Moore of AT&T GIS. - Systems that don't have flock() would not send split envelopes in - the initial run. Problem pointed out by Leonard Zubkoff of - Dandelion Digital. - Move buffer overflow checking -- these primarily involve distrusting - results that may come from NIS and DNS. - 4.4-BSD-derived systems, including FreeBSD, NetBSD, and BSD/OS didn't - include <paths.h> and hence had the wrong pathnames for a few - things like /var/tmp. Reported by Matthew Green. - Conditions were reversed for the Priority: header, resulting in all - values being interpreted as non-urgent except for non-urgent, - which was interpreted as normal. Patch from Bryan Costales. - The -o (optional) flag was being ignored on hash and btree maps - since 8.7.2. Fix from Bryan Costales. - Content-Types listed in class "q" will always be encoded as - Quoted-Printable (or more accurately, will never be encoded - as base64). The class can have primary types (e.g., "text") - or full types (e.g., "text/plain"). Based on a suggestion by - Marius Olafsson of the University of Iceland. - Define ${envid} to be the original envelope id (from the ESMTP DSN - dialogue) so it can be passed to programs in mailers. - Define ${bodytype} to be the body type (from the -B flag or the - BODY= ESMTP parameter) so it can be passed to programs in - mailers. - Cause the VRFY command to return 252 instead of 250 unless the F=q - flag is set in the mailer descriptor. Suggested by John - Myers of CMU. - Implement ESMTP ETRN command to flush the queue for a specific host. - The command takes a host name; data for that host is - immediately (and asynchronously) flushed. Because this shares - the -qR implementation, other hosts may be attempted, but - there should be no security implications. Implementation - from John Beck of InReference, Inc. See RFC 1985 for details. - Add three new command line flags to pass in DSN parameters: -V envid - (equivalent to ENVID=envid on the MAIL command), -R ret - (equivalent to RET=ret on the MAIL command), and -Nnotify - (equivalent to NOTIFY=notify on the RCPT command). Note - that the -N flag applies to all recipients; there is no way - to specify per-address notifications on the command line, - nor is there an equivalent for the ORCPT= per-address - parameter. - Restore LogLevel option to be safe (it can only be increased); - apparently I went into paranoid mode between 8.6 and 8.7 - and made it unsafe. Pointed out by Dabe Murphy of the - University of Maryland. - New logging on log level 15: all SMTP traffic. Patches from - Andrew Gross of San Diego Supercomputer Center. - NetInfo property value searching code wasn't stopping when it found - a match. This was causing the wrong values to be found (and - had a memory leak). Found by Bastian Schleuter of TU-Berlin. - Add new F=0 (zero) mailer flag to turn off MX lookups. It was pointed - out by Bill Wisner of Electronics for Imaging that you can't - use the bracket address form for the MAIL_HUB macro, since - that causes the brackets to remain in the envelope recipient - address used for delivery. The simple fix (stripping off the - brackets in the config file) breaks the use of IP literal - addresses. This flag will solve that problem. - Add MustQuoteChars option. This is a list of characters that must - be quoted if they are found in the phrase part of an address - (that is, the full name part). The characters @,;:\()[] are - always in this list and cannot be removed. The default is - this list plus . and ' to match RFC 822. - Add AllowBogusHELO option; if set, sendmail will allow HELO commands - that do not include a host name for back compatibility with - some stupid SMTP clients. Setting this violates RFC 1123 - section 5.2.5. - Add MaxDaemonChildren option; if this is set, sendmail will start - rejecting connections if it has more than this many - outstanding children accepting mail. Note that you may - see more processes than this because of outgoing mail; this - is for incoming connections only. - Add ConnectionRateThrottle option. If set to a positive value, the - number of incoming SMTP connections that will be permitted - in a single second is limited to this number. Connections are - not refused during this time, just deferred. The intent is to - flatten out demand so that load average limiting can kick in. - It is less radical than MaxDaemonChildren, which will stop - accepting connections even if all the connections are idle - (e.g., due to connection caching). - Add Timeout.hoststatus option. This interval (defaulting to 30m) - specifies how long cached information about the state of a - host will be kept before they are considered stale and the - host is retried. If you are using persistent host status - (i.e., the HostStatusDirectory option is set) this will apply - between runs; otherwise, it applies only within a single queue - run and hence is useful only for hosts that have large queues - that take a very long time to run. - Add SingleLineFromHeader option. If set, From: headers are coerced - into being a single line even if they had newlines in them - when read. This is to get around a botch in Lotus Notes. - Text class maps were totally broken -- if you ever retrieved the last - item in a table it would be truncated. Problem noted by - Gregory Neil Shapiro of WPI. - Extend the lines printed by the mailq command (== the -bp flag) when - -v is given to 120 characters; this allows more information - to be displayed. Suggested by Gregory Neil Shapiro of WPI. - Allow macro definitions (`D' lines) with unquoted commas; previously - this was treated as end-of-input. Problem noted by Bryan - Costales. - The RET= envelope parameter (used for DSNs) wasn't properly written - to the queue file. Fix from John Hughes of Atlantic - Technologies, Inc. - Close /var/tmp/dead.letter after a successful write -- otherwise - if this happens in a queue run it can cause nasty delays. - Problem noted by Mark Horton of AT&T. - If userdb entries pointed to userdb entries, and there were multiple - values for a given key, the database cursor would get - trashed by the recursive call. Problem noted by Roy Mongiovi - of Georgia Tech. Fixed by reading all the values and creating - a comma-separated list; thus, the -v output will be somewhat - different for this case. - Fix buffer allocation problem with Hesiod-based userdb maps when - HES_GETMAILHOST is defined. Based on a patch by Betty Lee - of Stanford University. - When envelopes were split due to aliases with owner- aliases, and - there was some error on one of the lists, more than one of - the owners would get the message. Problem pointed out by - Roy Mongiovi of Georgia Tech. - Detect excessive recursion in macro expansions, e.g., $X defined - in terms of $Y which is defined in terms of $X. Problem - noted by Bryan Costales; patch from Eric Wassenaar. - When using F=U to get "ugly UUCP" From_ lines, a buffer could in - some cases get trashed causing bogus From_ lines. Fix from - Kyle Jones of UUNET. - When doing load average initialization, if the nlist call for avenrun - failed, the second and subsequent lookups wouldn't notice - that fact causing bogus load averages to be returned. Noted - by Casper Dik of Sun Holland. - Fix problem with incompatibility with some versions of inet_aton that - have changed the return value to unsigned, so a check for an - error return of -1 doesn't work. Use INADDR_NONE instead. - This could cause mail to addresses such as [foo.com] to bounce - or get dropped. Problem noted by Christophe Wolfhugel of the - Pasteur Institute. - DSNs were inconsistent if a failure occurred during the DATA phase - rather than the RCPT phase: the Action: would be correct, but - the detailed status information would be wrong. Problem noted - by Bob Snyder of General Electric Company. - Add -U command line flag and the XUSR ESMTP extension, both indicating - that this is the initial MUA->MTA submission. The flag current - does nothing, but in future releases (when MUAs start using - these flags) it will probably turn on things like DNS - canonification. - Default end-of-line string (E= specification on mailer [M] lines) - to \r\n on SMTP mailers. Default remains \n on non-SMTP - mailers. - Change the internal definition for the *file* and *include* mailers - to have $u in the argument vectors so that they aren't - misinterpreted as SMTP mailers and thus use \r\n line - termination. This will affect anyone who has redefined - either of these in their configuration file. - Don't assume that IDENT servers close the connection after a query; - responses can be newline terminated. From Terry Kennedy of - St. Peter's College. - Avoid core dumps on erroneous configuration files that have - $#mailer with nothing following. From Bryan Costales. - Avoid null pointer dereference with high debug values in unlockqueue. - Fix from Randy Martin of Clemson University. - Fix possible buffer overrun when expanding very large macros. Fix - from Kyle Jones of UUNET. - After 25 EXPN or VRFY commands, start pausing for a second before - processing each one. This avoids a certain form of denial - of service attack. Potential attack pointed out by Bryan - Costales. - Allow new named (not numbered!) config file rules to do validity - checking on SMTP arguments: check_mail for MAIL commands and - check_rcpt for RCPT commands. These rulesets can do anything - they want; their result is ignored unless they resolve to the - $#error mailer, in which case the indicated message is printed - and the command is rejected. Similarly, the check_compat - ruleset is called before delivery with "from_addr $| to_addr" - (the $| is a meta-symbol used to separate the two addresses); - it can give a "this sender can't send to this recipient" - notification. Note that this patch allows $| to stand alone - in rulesets. - Define new macros ${client_name}, ${client_addr}, and ${client_port} - that have the name, IP address, and port number (respectively) - of the SMTP client (that is, the entity at the other end of - the connection. These can be used in (e.g.) check_rcpt to - verify that someone isn't trying to relay mail through your - host inappropriately. Be sure to use the deferred evaluation - form, for example $&{client_name}, to avoid having these bound - when sendmail reads the configuration file. - Add new config file rule check_relay to check the incoming connection - information. Like check_compat, it is passed the host name - and host address separated by $| and can reject connections - on that basis. - Allow IDA-style recursive function calls. Code contributed by Mark - Lovell and Paul Vixie. - Eliminate the "No ! in UUCP From address!" message" -- instead, create - a virtual UUCP address using either a domain address or the $k - macro. Based on code contributed by Mark Lovell and Paul - Vixie. - Add Stanford LDAP map. Requires special libraries that are not - included with sendmail. Contributed by Booker C. Bense - <bbense@networking.stanford.edu>; contact him for support. - See also the src/READ_ME file. - Allow -dANSI to turn on ANSI escape sequences in debug output; this - puts metasymbols (e.g., $+) in reverse video. Really useful - only for debugging deep bits of code where it is important to - distinguish between the single-character metasymbol $+ and the - two characters $, +. - Changed ruleset 89 (executed in dumpstate()) to a named ruleset, - debug_dumpstate. - Add new UnsafeGroupWrites option; if set, .forward and :include: - files that are group writable are considered "unsafe" -- that - is, programs and files referenced from such files are not - valid recipients. - Delete bogosity test for FallBackMX host; this prevented it to be a - name that was not in DNS or was a domain-literal. Problem - noted by Tom May. - Change the introduction to error messages to more clearly delineate - permanent from temporary failures; if both existed in a - single message it could be confusing. Suggested by John - Beck of InReference, Inc. - The IngoreDot (i) option didn't work for lines that were terminated - with CRLF. Problem noted by Ted Stockwell of Secure - Computing Corporation. - Add a heuristic to improve the handling of unbalanced `<' signs in - message headers. Problem reported by Matt Dillon of Best - Internet Communications. - Check for bogus characters in the 0200-0237 range; since these are - used internally, very strange errors can occur if those - characters appear in headers. Problem noted by Anders Gertz - of Lysator. - Implement 7 -> 8 bit MIME conversions. This only takes place if the - recipient mailer has the F=9 flag set, and only works on - text/plain body types. Code contributed by Marius Olafsson - of the University of Iceland. - Special case "postmaster" name so that it is always treated as lower - case in alias files regardless of configuration settings; - this prevents some potential problems where "Postmaster" or - "POSTMASTER" might not match "postmaster". In most cases - this change is a no-op. - The -o map flag was ignored for text maps. Problem noted by Bryan - Costales. - The -a map flag was ignored for dequote maps. Problem noted by - Bryan Costales. - Fix core dump when a lookup of a class "prog" map returns no - response. Patch from Bryan Costales. - Log instances where sendmail is deferring or rejecting connections - on LogLevel 14. Suggested by Kyle Jones of UUNET. - Include port number in process title for network daemons. Suggested - by Kyle Jones of UUNET. - Send ``double bounces'' (errors that occur when sending an error - message) to the address indicated in the DoubleBounceAddress - option (default: postmaster). Previously they were always - sent to postmaster. Suggested by Kyle Jones of UUNET. - Add new mode, -bD, that acts like -bd in all respects except that - it runs in foreground. This is useful for using with a - wrapper that "watches" system services. Suggested by Kyle - Jones of UUNET. - Fix botch in spacing around (parenthesized) comments in addresses - when the comment comes before the address. Patch from - Motonori Nakamura of Kyoto University. - Use the prefix "Postmaster notify" on the Subject: lines of messages - that are being bounced to postmaster, rather than "Returned - mail". This permits the person who is postmaster more - easily determine what messages are to their role as - postmaster versus bounces to mail they actually sent. Based - on a suggestion by Motonori Nakamura. - Add new value "time" for QueueSortOrder option; this causes the queue - to be sorted strictly by the time of submission. Note that - this can cause very bad behavior over slow lines (because - large jobs will tend to delay small jobs) and on nodes with - heavy traffic (because old things in the queue for hosts that - are down delay processing of new jobs). Also, this does not - guarantee that jobs will be delivered in submission order - unless you also set DeliveryMode=queue. In general, it should - probably only be used on the command line, and only in - conjunction with -qRhost.domain. In fact, there are very few - cases where it should be used at all. Based on an - implementation by Motonori Nakamura. - If a map lookup in ruleset 5 returns tempfail, queue the message in - the same manner as other rulesets. Previously a temporary - failure in ruleset 5 was ignored. Patch from Booker Bense - of Stanford University. - Don't proceed to the next MX host if an SMTP MAIL command returns a - 5yz (permanent failure) code. The next MX host will still be - tried if the connection cannot be opened in the first place - or if the MAIL command returns a 4yz (temporary failure) code. - (It's hard to know what to do here, since neither RFC 974 nor - RFC 1123 specify when to proceed to the next MX host.) - Suggested by Jonathan Kamens of OpenVision, Inc. - Add new "-t" flag for map definitions (the "K" line in the .cf file). - This causes map lookups that get a temporary failure (e.g., - name server failure) to _not_ defer the delivery of the - message. This should only be used if your configuration file - is prepared to do something sensible in this case. Based on - an idea by Gregory Shapiro of WPI. - Fix problem finding network interface addresses. Patch from - Motonori Nakamura. - Don't reject qf entries that are not owned by your effective uid if - you are not running set-user-ID; this makes management of - certain kinds of firewall setups difficult. Patch - suggested by Eamonn Coleman of Qualcomm. - Add persistent host status. This keeps the information normally - maintained within a single queue run in disk files that are - shared between sendmail instances. The HostStatusDirectory - is the directory in which the information is maintained. If - not set, persistent host status is turned off. If not a full - pathname, it is relative to the queue directory. A common - value is ".hoststat". - There are also two new operation modes: - * -bh prints the status of hosts that have had recent - connections. - * -bH purges the host statuses. No attempt is made to save - recent status information. - This feature was originally written by Paul Vixie of Vixie - Enterprises for KJS and adapted for V8 by Mark Lovell of - Bigrock Consulting. Paul's funding of Mark and Mark's patience - with my insistence that things fit cleanly into the V8 - framework is gratefully appreciated. - New SingleThreadDelivery option (requires HostStatusDirectory to - operate). Avoids letting two sendmails on the local machine - open connections to the same remote host at the same time. - This reduces load on the other machine, but can cause mail to - be delayed (for example, if one sendmail is delivering a huge - message, other sendmails won't be able to send even small - messages). Also, it requires another file descriptor (for the - lock file) per connection, so you may have to reduce - ConnectionCacheSize to avoid running out of per-process - file descriptors. Based on the persistent host status code - contributed by Paul Vixie and Mark Lovell. - Allow sending to non-simple files (e.g., /dev/null) even if the - SafeFileEnvironment option is set. Problem noted by Bryan - Costales. - The -qR flag mistakenly matched flags in the "R" line of the queue - file. Problem noted by Bryan Costales. - If a job was aborted using the interrupt signal (e.g., control-C from - the keyboard), on some occasions an empty df file would be - left around; these would collect in the queue directory. - Problem noted by Bryan Costales. - Change the makesendmail script to enhance the search for Makefiles - based on release number. For example, on SunOS 5.5.1, it will - search for Makefile.SunOS.5.5.1, Makefile.SunOS.5.5, and then - Makefile.SunOS.5.x (in addition to the other rules, e.g., - adding $arch). Problem noted by Jason Mastaler of Atlanta - Webmasters. - When creating maps using "newaliases", always map the keys to lower - case when creating the map unless the -f flag is specified on - the map itself. Previously this was done based on the F=u - flag in the local mailer, which meant you could create aliases - that you could never access. Problem noted by Bob Wu of DEC. - When a job was read from the queue, the bits causing notification on - failure or delay were always set. This caused those - notifications to be sent even if NOTIFY=NEVER had been - specified. Problem noted by Steve Hubert of the University - of Washington, Seattle. - Add new configurable routine validate_connection (in conf.c). This - lets you decide if you are willing to accept traffic from - this host. If it returns FALSE, all SMTP commands will return - "550 Access denied". -DTCPWRAPPERS will include support for - TCP wrappers; you will need to add -lwrap to the link line. - (See src/READ_ME for details.) - Don't include the "THIS IS A WARNING MESSAGE ONLY" banner on postmaster - bounces. Some people seemed to think that this could be - confusing (even though it is true). Suggested by Motonori - Nakamura. - Add new RunAsUser option; this causes sendmail to do a setuid to that - user early in processing to avoid potential security problems. - However, this means that all .forward and :include: files must - be readable by that user, and all files to be written must be - writable by that user and all programs will be executed by that - user. It is also incompatible with the SafeFileEnvironment - option. In other words, it may not actually add much to - security. However, it should be useful on firewalls and other - places where users don't have accounts and the aliases file is - well constrained. - Add Timeout.iconnect. This is like Timeout.connect except it is used - only on the first attempt to delivery to an address. It could - be set to be lower than Timeout.connect on the principle that - the mail should go through quickly to responsive hosts; less - responsive hosts get to wait for the next queue run. - Fix a problem on Solaris that occasionally causes programs - (such as vacation) to hang with their standard input connected - to a UDP port. It also created some signal handling problems. - The problems turned out to be an interaction between vfork(2) - and some of the libraries, particularly NIS/NIS+. I am - indebted to Tor Egge <tegge@idt.ntnu.no> for this fix. - Change user class map to do the same matching that actual delivery - will do instead of just a /etc/passwd lookup. This adds - fuzzy matching to the user map. Patch from Dan Oscarsson. - The Timeout.* options are not safe -- they can be used to create a - denial-of-service attack. Problem noted by Christophe - Wolfhugel. - Don't send PostmasterCopy messages in the event of a "delayed" - notification. Suggested by Barry Bouwsma. - Don't advertise "VERB" ESMTP extension if the "noexpn" privacy - option is set, since this disables VERB mode. Suggested - by John Hawkinson of MIT. - Complain if the QueueDirectory (Q) option is not set. Problem noted - by Motonori Nakamura of Kyoto University. - Only queue messages on transient .forward open failures if there - were no successful opens. The previous behavior caused it - to queue even if a "fall back" .forward was found. Problem - noted by Ann-Kian Yeo of the Dept. of Information Systems - and Computer Science (DISCS), NUS, Singapore. - Don't do 8->7 bit conversions when bouncing a MIME message that - is bouncing because of a MIME error during 8->7 bit conversion; - the encapsulated message will bounce again, causing a loop. - Problem noted by Steve Hubert of the University of Washington. - Create xf (transcript) files using the TempFileMode option value - instead of 0644. Suggested by Ann-Kian Yeo of the - National University of Singapore. - Print errors if setgid/setuid/etc. fail during delivery. This helps - detect cases where DefaultUid is set to something that the - system can't cope with. - PORTABILITY FIXES: - Support for AIX/RS 2.2.1 from Mark Whetzel of Western - Atlas International. - Patches for Intel Paragon OSF/1 1.3 from Leo Bicknell - <bicknell@ufp.org>. - On DEC OSF/1 3.2 and earlier, the MatchGECOS code would only - work on the first recipient of a message due to a - bug in the getpwent family. If this is something you - use, you can define DEC_OSF_BROKEN_GETPWENT=1 for a - workaround. From Maximum Entropy of Sanford C. - Bernstein and Associates. - FreeBSD 1.1.5.1 uname -r returns a string containing - parentheses, which breaks makesendmail. Reported - by Piero Serini <piero@strider.ibenet.it>. - Sequent DYNIX/ptx 4.0.2 patches from Jack Woolley of - Systems and Computer Technology Corporation. - Solaris 2.x: omit the UUCP grade parameter (-g flag) because - it is system-dependent. Problem noted by J.J. Bailey - of Bailey Computer Consulting. - Pyramid NILE running DC/OSx support from Earle F. Ake of - Hassler Communication Systems Technology, Inc. - HP-UX 10.x compile glitches, reported by Anne Brink of the - U.S. Army and James Byrne of Harte & Lyne Limited. - NetBSD from Matthew Green of the NetBSD crew. - SCO 5.x from Keith Reynolds of SCO. - IRIX 6.2 from Robert Tarrall of the University of - Colorado and Kari Hurtta of the Finnish Meteorological - Institute. - UXP/DS (Fujitsu/ICL DS/90 series) support from Diego R. - Lopez, CICA (Seville). - NCR SVR4 MP-RAS 3.x support from Tom Moore of NCR. - PTX 3.2.0 from Kenneth Stailey of the US Department of Labor - Employment Standards Administration. - Altos System V (5.3.1) from Tim Rice of Multitalents. - Concurrent Systems Corporation Maxion from Donald R. Laster - Jr. - NetInfo maps (improved debugging and multi-valued aliases) - from Adrian Steinmann of Steinmann Consulting. - ConvexOS 11.5 (including SecureWare C2 and the Share Scheduler) - from Eric Schnoebelen of Convex. - Linux 2.0 mail.local patches from Horst von Brand. - NEXTSTEP 3.x compilation from Robert La Ferla. - NEXTSTEP 3.x code changes from Allan J. Nathanson of NeXT. - Solaris 2.5 configuration fixes for mail.local by Jim Davis - of the University of Arizona. - Solaris 2.5 has a working setreuid. Noted by David Linn of - Vanderbilt University. - Solaris changes for praliases, makemap, mailstats, and smrsh. - Previously you had to add -DSOLARIS in Makefile.dist; - this auto-detects. Based on a patch from Randall - Winchester of the University of Maryland. - CONFIG: add generic-nextstep3.3.mc file. Contributed by - Robert La Ferla of Hot Software. - CONFIG: allow mailertables to resolve to ``error:code message'' - (where "code" is an exit status) on domains (previously - worked only on hosts). Patch from Cor Bosman of Xs4all - Foundation. - CONFIG: hooks for IPv6-style domain literals. - CONFIG: predefine ALIAS_FILE and change the prototype file so that - if it is undefined the AliasFile option is never set; this - should be transparent for most everyone. Suggested by John - Myers of CMU. - CONFIG: add FEATURE(limited_masquerade). Without this feature, any - domain listed in $=w is masqueraded. With it, only those - domains listed in a MASQUERADE_DOMAIN macro are masqueraded. - CONFIG: add FEATURE(masquerade_entire_domain). This causes - masquerading specified by MASQUERADE_DOMAIN to apply to all - hosts under those domains as well as the domain headers - themselves. For example, if a configuration had - MASQUERADE_DOMAIN(foo.com), then without this feature only - foo.com would be masqueraded; with it, *.foo.com would be - masqueraded as well. Based on an implementation by Richard - (Pug) Bainter of U. Texas. - CONFIG: add FEATURE(genericstable) to do a more general rewriting of - outgoing addresses. Defaults to ``hash -o /etc/genericstable''. - Keys are user names; values are outgoing mail addresses. Yes, - this does overlap with the user database, and figuring out - just when to use which one may be tricky. Based on code - contributed by Richard (Pug) Bainter of U. Texas with updates - from Per Hedeland of Ericsson. - CONFIG: add FEATURE(virtusertable) to do generalized rewriting of - incoming addresses. Defaults to ``hash -o /etc/virtusertable''. - Keys are either fully qualified addresses or just the host - part (with the @ sign). For example, a table containing: - info@foo.com foo-info - info@bar.com bar-info - @baz.org jane@elsewhere.net - would send all mail destined for info@foo.com to foo-info - (which is presumably an alias), mail addressed to info@bar.com - to bar-info, and anything addressed to anyone at baz.org will - be sent to jane@elsewhere.net. The names foo.com, bar.com, - and baz.org must all be in $=w. Based on discussions with - a great many people. - CONFIG: add nullclient configurations to define SMTP_MAILER_FLAGS. - Suggested by Richard Bainter. - CONFIG: add FAX_MAILER_ARGS to tweak the arguments passed to the - "fax" mailer. - CONFIG: allow mailertable entries to resolve to local:user; this - passes the original user@host in to procmail-style local - mailers as the "detail" information to allow them to do - additional clever processing. From Joe Pruett of - Teleport Corporation. Delivery to the original user can - be done by specifying "local:" (with nothing after the colon). - CONFIG: allow any context that takes "mailer:domain" to also take - "mailer:user@domain" to force mailing to the given user; - "local:user" can also be used to do local delivery. This - applies on *_RELAY and in the mailertable entries. Based - on a suggestion by Ribert Kiessling of Easynet. - CONFIG: Allow FEATURE(bestmx_is_local) to take an argument that - limits the possible domains; this reduces the number of DNS - lookups required to support this feature. For example, - FEATURE(bestmx_is_local, my.site.com) limits the lookups - to domains under my.site.com. Code contributed by Anthony - Thyssen <anthony@cit.gu.edu.au>. - CONFIG: LOCAL_RULESETS introduces any locally defined rulesets, - such as the check_rcpt ruleset. Suggested by Gregory Shapiro - of WPI. - CONFIG: MAILER_DEFINITIONS introduces any mailer definitions, in the - event you have to define local mailers. Suggested by - Gregory Shapiro of WPI. - CONFIG: fix cases where a three- (or more-) stage route-addr could - be misinterpreted as a list:...; syntax. Based on a patch by - Vlado Potisk <Vlado_Potisk@tempest.sk>. - CONFIG: Fix masquerading of UUCP addresses when the UUCP relay is - remotely connected. The address host!user was being - converted to host!user@thishost instead of host!user@uurelay. - Problem noted by William Gianopoulos of Raytheon Company. - CONFIG: add confTO_ICONNECT to set Timeout.iconnect. - CONFIG: change FEATURE(redirect) message from "User not local" to - "User has moved"; the former wording was confusing if the - new address is still on the local host. Based on a suggestion - by Andreas Luik. - CONFIG: add support in FEATURE(nullclient) for $=E (exposed users). - However, the class is not pre-initialized to contain root. - Suggested by Gregory Neil Shapiro. - CONTRIB: Remove XLA code at the request of the author, Christophe - Wolfhugel. - CONTRIB: Add re-mqueue.pl, contributed by Paul Pomes of Qualcomm. - MAIL.LOCAL: make it possible to compile mail.local on Solaris. Note - well: this produces a slightly different mailbox format (no - Content-Length: headers), file ownerships and modes are - different (not owned by group mail; mode 600 instead of 660), - and the local mailer flags will have to be tweaked (make them - match bsd4.4) in order to use this mailer. Patches from Paul - Hammann of the Missouri Research and Education Network. - MAIL.LOCAL: in some cases it could return EX_OK even though there - was a delivery error, such as if the ownership on the file - was wrong or the mode changed between the initial stat and - the open. Problem reported by William Colburn of the New - Mexico Institute of Mining and Technology. - MAILSTATS: handle zero length files more reliably. Patch from Bryan - Costales. - MAILSTATS: add man page contributed by Keith Bostic of BSDI. - MAKEMAP: The -d flag (to allow duplicate keys) to a btree map wasn't - honored. Fix from Michael Scott Shappe. - PRALIASES: add man page contributed by Keith Bostic of BSDI. - NEW FILES: - src/Makefiles/Makefile.AIX.2 - src/Makefiles/Makefile.IRIX.6.2 - src/Makefiles/Makefile.maxion - src/Makefiles/Makefile.NCR.MP-RAS.3.x - src/Makefiles/Makefile.SCO.5.x - src/Makefiles/Makefile.UXPDSV20 - mailstats/mailstats.8 - praliases/praliases.8 - cf/cf/generic-nextstep3.3.mc - cf/feature/genericstable.m4 - cf/feature/limited_masquerade.m4 - cf/feature/masquerade_entire_domain.m4 - cf/feature/virtusertable.m4 - cf/ostype/aix2.m4 - cf/ostype/altos.m4 - cf/ostype/maxion.m4 - cf/ostype/solaris2.ml.m4 - cf/ostype/uxpds.m4 - contrib/re-mqueue.pl - DELETED FILES: - src/Makefiles/Makefile.Solaris - contrib/xla/README - contrib/xla/xla.c - RENAMED FILES: - src/Makefiles/Makefile.NCR3000 => Makefile.NCR.MP-RAS.2.x - src/Makefiles/Makefile.SCO.3.2v4.2 => Makefile.SCO.4.2 - src/Makefiles/Makefile.UXPDS => Makefile.UXPDSV10 - src/Makefiles/Makefile.NeXT => Makefile.NeXT.2.x - src/Makefiles/Makefile.NEXTSTEP => Makefile.NeXT.3.x - -8.7.6/8.7.3 1996/09/17 - SECURITY: It is possible to force getpwuid to fail when writing the - queue file, causing sendmail to fall back to running programs - as the default user. This is not exploitable from off-site. - Workarounds include using a unique user for the DefaultUser - (old u & g options) and using smrsh as the local shell. - SECURITY: fix some buffer overruns; in at least one case this allows - a local user to get root. This is not known to be exploitable - from off-site. The workaround is to disable chfn(1) commands. - -8.7.5/8.7.3 1996/03/04 - Fix glitch in 8.7.4 when putting certain internal lines; this can - in some case cause connections to hang or messages to have - extra spaces in odd places. Patch from Eric Wassenaar; - reports from Eric Hall of Chiron Corporation, Stephen - Hansen of Stanford University, Dean Gaudet of HotWired, - and others. - -8.7.4/8.7.3 1996/02/18 - SECURITY: In some cases it was still possible for an attacker to - insert newlines into a queue file, thus allowing access to - any user (except root). - CONFIG: no changes -- it is not a bug that the configuration - version number is unchanged. - -8.7.3/8.7.3 1995/12/03 - Fix botch in name server timeout in RCPT code; this problem caused - two responses in SMTP, which breaks things horribly. Fix - from Gregory Neil Shapiro of WPI. - Verify that L= value on M lines cannot be negative, which could cause - negative array subscripting. Not a security problem since - this has to be in the config file, but it could have caused - core dumps. Pointed out by Bryan Costales. - Fix -d21 debug output for long macro names. Pointed out by Bryan - Costales. - PORTABILITY FIXES: - SCO doesn't have ftruncate. From Bill Aten of Computerizers. - IBM's version of arpa/nameser.h defaults to the wrong byte - order. Tweak it to work properly. Based on fixes - from Fletcher Mattox of UTexas and Betty Lee of - Stanford University. - CONFIG: add confHOSTS_FILE m4 variable to set HostsFile option. - Deficiency pointed out by Bryan Costales of ICSI. - -8.7.2/8.7.2 1995/11/19 - REALLY fix the backslash escapes in SmtpGreetingMessage, - OperatorChars, and UnixFromLine options. They were not - properly repaired in 8.7.1. - Completely delete the Bcc: header if and only if there are other - valid recipient headers (To:, Cc: or Apparently-To:, the - last being a historic botch, of course). If Bcc: is the - only recipient header in the message, its value is tossed, - but the header name is kept. The old behavior (always keep - the header name and toss the value) allowed primary recipients - to see that a Bcc: went to _someone_. - Include queue id on ``Authentication-Warning: <host>: <user> set - sender to <address> using -f'' syslog messages. Suggested - by Kari Hurtta. - If a sequence or switch map lookup entry gets a tempfail but then - continues on to another map type, but the name is not found, - return a temporary failure from the sequence or switch map. - For example, if hosts search ``dns files'' and DNS fails - with a tempfail, the hosts map will go on and search files, - but if it fails the whole thing should be a tempfail, not - a permanent (host unknown) failure, even though that is the - failure in the hosts.files map. This error caused hard - bounces when it should have requeued. - Aliases to files such as /users/bar/foo/inbox, with /users/bar/foo - owned by bar mode 700 and inbox being set-user-ID bar stopped - working properly due to excessive paranoia. Pointed out by - John Hawkinson of Panix. - An SMTP RCPT command referencing a host that gave a nameserver - timeout would return a 451 command (8.6 accepted it and - queued it locally). Revert to the 8.6 behavior in order - to simplify queue management for clustered systems. Suggested - by Gregory Neil Shapiro of WPI. The same problem could break - MH, which assumes that the SMTP session will succeed (tsk, tsk - -- mail gets lost!); this was pointed out by Stuart Pook of - Infobiogen. - Fix possible buffer overflow in munchstring(). This was not a security - problem because you couldn't specify any argument to this - without first giving up root privileges, but it is still a - good idea to avoid future problems. Problem noted by John - Hawkinson and Sam Hartman of MIT. - ``452 Out of disk space for temp file'' messages weren't being - printed. Fix from David Perlin of Nanosoft. - Don't advertise the ESMTP DSN extension if the SendMimeErrors option - is not set, since this is required to get the actual DSNs - created. Problem pointed out by John Gardiner Myers of CMU. - Log permission problems that cause .forward and :include: files to - be untrusted or ignored on log level 12 and higher. Suggested - by Randy Martin of Clemson University. - Allow user ids in U= clauses of M lines to have hyphens and - underscores. - Fix overcounting of recipients -- only happened when sending to an - alias. Pointed out by Mark Andrews of SGI and Jack Woolley - of Systems and Computer Technology Corporation. - If a message is sent to an address that fails, the error message that - is returned could show some extraneous "success" information - included even if the user did not request success notification, - which was confusing. Pointed out by Allan Johannesen of WPI. - Config files that had no AliasFile definition were defaulting to - using /etc/aliases; this caused problems with nullclient - configurations. Change it back to the 8.6 semantics of - having no local alias file unless it is declared. Problem - noted by Charles Karney of Princeton University. - Fix compile problem if NOTUNIX is defined. Pointed out by Bryan - Costales of ICSI. - Map lookups of class "userdb" maps were always case sensitive; they - should be controlled by the -f flag like other maps. Pointed - out by Bjart Kvarme <bjart.kvarme@usit.uio.no>. - Fix problem that caused some addresses to be passed through ruleset 5 - even when they were tagged as "sticky" by prefixing the - address with an "@". Patch from Thomas Dwyer III of Michigan - Technological University. - When converting a message to Quoted-Printable, prevent any lines with - dots alone on a line by themselves. This is because of the - preponderance of broken mailers that still get this wrong. - Code contributed by Per Hedeland of Ericsson. - Fix F{macro}/file construct -- it previously did nothing. Pointed - out by Bjart Kvarme of USIT/UiO (Norway). - Announce whether a cached connection is SMTP or ESMTP (in -v mode). - Requested by Allan Johannesen. - Delete check for text format of alias files -- it should be legal - to have the database format of the alias files without the - text version. Problem pointed out by Joe Rhett of Navigist, - Inc. - If "Ot" was specified with no value, the TZ variable was not properly - imported from the environment. Pointed out by Frank Crawford - <frank@ansto.gov.au>. - Some architectures core dumped on "program" maps that didn't have - extra arguments. Patch from Booker C. Bense of Stanford - University. - Queue run processes would re-spawn daemons when given a SIGHUP; only - the parent should do this. Fix from Brian Coan of the - Association for Progressive Communications. - If MinQueueAge was set and a message was considered but not run - during a queue run and the Timeout.queuereturn interval was - reached, a "timed out" error message would be returned that - didn't include the failed address (and claimed to be a warning - even though it was fatal). The fix is to not return such - messages until they are actually tried, i.e., in the next - MinQueueAge interval. Problem noted by Rein Tollevik of - SINTEF RUNIT, Oslo. - Add HES_GETMAILHOST compile flag to support MIT Hesiod distributions - that have the hes_getmailhost() routine. DEC Hesiod - distributions do not have this routine. Based on a patch - from Betty Lee of Stanford University. - Extensive cleanups to map open code to handle a locking race condition - in ndbm, hash, and btree format database files on some (most - non-4.4-BSD based) OS architectures. This should solve the - occasional "user unknown" problem during alias rebuilds that - has plagued me for quite some time. Based on a patch from - Thomas Dwyer III of Michigan Technological University. - PORTABILITY FIXES: - Solaris: Change location of newaliases and mailq from - /usr/ucb to /usr/bin to match Sun settings. From - James B. Davis of TCI. - DomainOS: Makefile.DomainOS doesn't require -ldbm. From - Don Lewis of Silicon Systems. - HP-UX 10: rename Makefile.HP-UX.10 => Makefile.HP-UX.10.x - so that the makesendmail script will find it. Pointed - out by Richard Allen of the University of Iceland. - Also, use -Aa -D_HPUX_SOURCE instead of -Ae, which - isn't supported on all compilers. - UXPDS: compilation fixes from Diego R. Lopez. - CONFIG: FAX mailer wasn't setting .FAX as a pseudo-domain unless - you also had a FAX_RELAY. From Thomas.Tornblom@Hax.SE. - CONFIG: Minor glitch in S21 -- attachment of local domain name - didn't have trailing dot. From Jim Hickstein of Teradyne. - CONFIG: Fix best_mx_is_local feature to allow nested addresses such as - user%host@thishost. From Claude Scarpelli of Infobiogen - (France). - CONFIG: OSTYPE(hpux10) failed to define the location of the help file. - Pointed out by Hannu Martikka of Nokia Telecommunications. - CONFIG: Diagnose some inappropriate ordering in configuration files, - such as FEATURE(smrsh) listed after MAILER(local). Based on - a bug report submitted by Paul Hoffman of Proper Publishing. - CONFIG: Make OSTYPE files consistently not override settings that - have already been set. Previously it worked differently - for different files. - CONFIG: Change relay mailer to do masquerading like 8.6 did. My take - is that this is wrong, but the change was causing problems - for some people. From Per Hedeland of Ericsson. - CONTRIB: bitdomain.c patch from John Gardiner Myers <jgm+@CMU.EDU>; - portability changes for Posix environments (no functional - changes). - -8.7.1/8.7.1 1995/10/01 - Old macros that have become options (SmtpGreetingMessage, - OperatorChars, and UnixFromLine) didn't allow backslash - escapes in the options, where they previously had. Bug - pointed out by John Hawkinson of MIT. - Fix strange case of an executable called by a program map that - returns a value but also a non-zero exit status; this - would give contradictory results in the higher level; in - particular, the default clause in the map lookup would be - ignored. Change to ignore the value if the program returns - non-zero exit status. From Tom Moore of AT&T GIS. - Shorten parameters passed to syslog() in some contexts to avoid a - bug in many vendors' implementations of that routine. Although - this isn't really a bug in sendmail per se, and my solution - has to assume that syslog() has at least a 1K buffer size - internally (I know some vendors have shortened this - dramatically -- they're on their own), sendmail is a popular - target. Also, limit the size of %s arguments in sprintf. - These both have possible security implications. Solutions - suggested by Casper Dik of Sun's Network Security Group - (Holland), Mark Seiden, and others. - Fix a problem that might cause a non-standard -B (body type) - parameter to be passed to the next server with undefined - results. This could have security implications. - If a filesystem was at > 100% utilization, the freediskspace() - routine incorrectly returned an error rather than zero. - Problem noted by G. Paul Ziemba of Alantec. - Change MX sort order so that local hostnames (those in $=w) always - sort first within a given preference. This forces the bestmx - map to always return the local host first, if it is included - in the list of highest priority MX records. From K. Robert - Elz. - Avoid some possible null pointer dereferences. Fixes from Randy - Martin <WOLF@CLEMSON.EDU> - When sendmail starts up on systems that have no fully qualified - domain name (FQDN) anywhere in the first matching host map - (e.g., /etc/hosts if the hosts service searches "files dns"), - sendmail would sleep to try to find a FQDN, which it really - really needs. This has been changed to fall through to the - next map type if it can't find a FQDN -- i.e., if the hosts - file doesn't have a FQDN, it will try dns even though the - short name was found in /etc/hosts. This is probably a crock, - but many people have hosts files without FQDNs. Remember: - domain names are your friends. - Log a high-priority message if you can't find your FQDN during startup. - Suggested by Simon Barnes of Schlumberger Limited. - When using Hesiod, initialize it early to improve error reporting. - Patch from Don Lewis of Silicon Systems, Inc. - Apparently at least some versions of Linux have a 90 !minute! TCP - connection timeout in the kernel. Add a new "connect" timeout - to limit this time. Defaults to zero (use whatever the - kernel provides). Based on code contributed by J.R. Oldroyd - of TerraNet. - Under some circumstances, a failed message would not be properly - removed from the queue, causing tons of bogus error messages. - (This fix eliminates the problematic EF_KEEPQUEUE flag.) - Problem noted by Allan E Johannesen and Gregory Neil Shapiro - of WPI. - PORTABILITY FIXES: - On IRIX 5.x, there was an inconsistency in the setting - of sendmail.st location. Change the Makefile to - install it in /var/sendmail.st to match the OSTYPE - file and SGI standards. From Andre - <andre@curry.zfe.siemens.de>. - Support for Fujitsu/ICL UXP/DS (For the DS/90 Series) - from Diego R. Lopez <drlopez@cica.es>. - Linux compilation patches from J.R. Oldroyd of TerraNet, Inc. - LUNA 2 Mach patches from Motonori Nakamura. - SunOS Makefile was including -ldbm, which is for the old - dbm library. The ndbm library is part of libc. - CONFIG: avoid bouncing ``user@host.'' (note trailing dot) with - ``local configuration error'' in nullclient configuration. - Patch from Gregory Neil Shapiro of WPI. - CONFIG: don't allow an alias file in nullclient configurations -- - since all addresses are relayed, they give errors during - rebuild. Suggested by Per Hedeland of Ericsson. - CONFIG: local mailer on Solaris 2 should always get a -f flag because - otherwise the F=S causes the From_ line to imply that root is - the sender. Problem pointed out by Claude Scarpelli of - Infobiogen (France). - NEW FILES: - cf/feature/use_ct_file.m4 (omitted from 8.7 by mistake) - src/Makefiles/Makefile.KSR (omitted from 8.7 by mistake) - src/Makefiles/Makefile.UXPDS - -8.7/8.7 1995/09/16 - Fix a problem that could cause sendmail to run out of file - descriptors due to a trashed data structure after a - vfork. Fix from Brian Coan of the Institute for - Global Communications. - Change the VRFY response if you have disabled VRFY -- some - people seemed to think that it was too rude. - Avoid reference to uninitialized file descriptor if HASFLOCK - was not defined. This was used "safely" in the sense - that it only did a stat, but it would have set the - map modification time improperly. Problem pointed out - by Roy Mongiovi of Georgia Tech. - Clean up the Subject: line on warning messages and return - receipts so that they don't say "Returned mail:"; this - can be confusing. - Move ruleset entry/exit debugging from 21.2 to 21.1 -- this is - useful enough to make it worthwhile printing on "-d". - Avoid logging alias statistics every time you read the alias - file on systems with no database method compiled in. - If you have a name with a trailing dot, and you try looking it - up using gethostbyname without the dot (for /etc/hosts - compatibility), be sure to turn off RES_DEFNAMES and - RES_DNSRCH to avoid finding the wrong name accidentally. - Problem noted by Charles Amos of the University of - Maryland. - Don't do timeouts in collect if you are not running SMTP. - There is nothing that says you can't have a long - running program piped into sendmail (possibly via - /bin/mail, which just execs sendmail). Problem reported - by Don "Truck" Lewis of Silicon Systems. - Try gethostbyname() even if the DNS lookup fails iff option I - is not set. This allows you to have hosts listed in - NIS or /etc/hosts that are not known to DNS. It's normally - a bad idea, but can be useful on firewall machines. This - should really be broken out on a separate flag, I suppose. - Avoid compile warnings against BIND 4.9.3, which uses function - prototypes. From Don Lewis of Silicon Systems. - Avoid possible incorrect diagnosis of DNS-related errors caused - by things like attempts to resolve uucp names using - $[ ... $] -- the fix is to clear h_errno at appropriate - times. From Kyle Jones of UUNET. - SECURITY: avoid denial-of-service attacks possible by destroying - the alias database file by setting resource limits low. - This involves adding two new compile-time options: - HASSETRLIMIT (indicating that setrlimit(2) support is - available) and HASULIMIT (indicating that ulimit(2) support - is available -- the Release 3 form is used). The former - is assumed on BSD-based systems, the latter on System - V-based systems. Attack noted by Phil Brandenberger of - Swarthmore University. - New syntaxes in test (-bt) mode: - ``.Dmvalue'' will define macro "m" to "value". - ``.Ccvalue'' will add "value" to class "c". - ``=Sruleset'' will dump the contents of the indicated - ruleset. - ``=M'' will display the known mailers. - ``-ddebug-spec'' is equivalent to the command-line - -d debug flag. - ``$m'' will print the value of macro $m. - ``$=c'' will print the contents of class $=c. - ``/mx host'' returns the MX records for ``host''. - ``/parse address'' will parse address, returning the value of - crackaddr (essentially, the comment information) - and the parsed address. - ``/try mailer address'' will rewrite address into the form - it will have when presented to the indicated mailer. - ``/tryflags flags'' will set flags used by parsing. The - flags can be `H' for header or `E' for envelope, - and `S' for sender or `R' for recipient. These - can be combined, so `HR' sets flags for header - recipients. - ``/canon hostname'' will try to canonify hostname and - return the result. - ``/map mapname key'' will look up `key' in the indicated - `mapname' and return the result. - Somewhat better handling of UNIX-domain socket addresses -- it - should show the pathname rather than hex bytes. - Restore ``-ba'' mode -- this reads a file from stdin and parses - the header for envelope sender information and uses - CR-LF as message terminators. It was thought to be - obsolete (used only for Arpanet NCP protocols), but it - turns out that the UK ``Grey Book'' protocols require - that functionality. - Fix a fix in previous release -- if gethostname and gethostbyname - return a name without dots, and if an attempt to canonify - that name fails, wait one minute and try again. This can - result in an extra 60 second delay on startup if your system - hostname (as returned by hostname(1)) has no dot and no names - listed in /etc/hosts or your NIS map have a dot. - Check for proper domain name on HELO and EHLO commands per - RFC 1123 section 5.2.5. Problem noted by Thomas Dwyer III - of Michigan Technological University. - Relax chownsafe rules slightly -- old version said that if you - can't tell if _POSIX_CHOWN_RESTRICTED is set (that is, - if fpathconf returned EINVAL or ENOSYS), assume that - chown is not safe. The new version falls back to whether - you are on a BSD system or not. This is important for - SunOS, which apparently always returns one of those - error codes. This impacts whether you can mail to files - or not. - Syntax errors such as unbalanced parentheses in the configuration - file could be omitted if you had "Oem" prior to the - syntax error in the config file. Change to always print - the error message. It was especially weird because it - would cause a "warning" message to be sent to the Postmaster - for every message sent (but with no transcript). Problem - noted by Gregory Paris of Motorola. - Rewrite collect and putbody to handle full 8-bit data, including - zero bytes. These changes are internally extensive, but - should have minimal impact on external function. - Allow full words for option names -- if the option letter is - (apparently) a space, then take the word following -- e.g., - O MatchGECOS=TRUE - The full list of old and new names is as follows: - 7 SevenBitInput - 8 EightBitMode - A AliasFile - a AliasWait - B BlankSub - b MinFreeBlocks/MaxMessageSize - C CheckpointInterval - c HoldExpensive - D AutoRebuildAliases - d DeliveryMode - E ErrorHeader - e ErrorMode - f SaveFromLine - F TempFileMode - G MatchGECOS - H HelpFile - h MaxHopCount - i IgnoreDots - I ResolverOptions - J ForwardPath - j SendMimeErrors - k ConnectionCacheSize - K ConnectionCacheTimeout - L LogLevel - l UseErrorsTo - m MeToo - n CheckAliases - O DaemonPortOptions - o OldStyleHeaders - P PostmasterCopy - p PrivacyOptions - Q QueueDirectory - q QueueFactor - R DontPruneRoutes - r, T Timeout - S StatusFile - s SuperSafe - t TimeZoneSpec - u DefaultUser - U UserDatabaseSpec - V FallbackMXHost - v Verbose - w TryNullMXList - x QueueLA - X RefuseLA - Y ForkEachJob - y RecipientFactor - z ClassFactor - Z RetryFactor - The old macros that passed information into sendmail have - been changed to options; those correspondences are: - $e SmtpGreetingMessage - $l UnixFromLine - $o OperatorChars - $q (deleted -- not necessary) - To avoid possible problems with an older sendmail, - configuration level 6 is accepted by this version of - sendmail; any config file using the new names should - specify "V6" in the configuration. - Change address parsing to properly note that a phrase before a - colon and a trailing semicolon are essentially the same - as text outside of angle brackets (i.e., sendmail should - treat them as comments). This is to handle the - ``group name: addr1, addr2, ..., addrN;'' syntax (it will - assume that ``group name:'' is a comment on the first - address and the ``;'' is a comment on the last address). - This requires config file support to get right. It does - understand that :: is NOT this syntax, and can be turned - off completely by setting the ColonOkInAddresses option. - Level 6 config files added with new mailer flags: - A Addresses are aliasable. - i Do udb rewriting on envelope as well as header - sender lines. Applies to the from address mailer - flags rather than the recipient mailer flags. - j Do udb rewriting on header recipient addresses. - Applies to the sender mailer flags rather than the - recipient mailer flags. - k Disable check for loops when doing HELO command. - o Always run as the mail recipient, even on local - delivery. - w Check for an /etc/passwd entry for this user. - 5 Pass addresses through ruleset 5. - : Check for :include: on this address. - | Check for |program on this address. - / Check for /file on this address. - @ Look up sender header addresses in the user - database. Applies to the mailer flags for the - mailer corresponding to the envelope sender - address, rather than to recipient mailer flags. - Pre-level 6 configuration files set A, w, 5, :, |, /, and @ - on the "local" mailer, the o flag on the "prog" and "*file*" - mailers, and the ColonOkInAddresses option. - Eight-to-seven bit MIME conversions. This borrows ideas from - John Beck of Hewlett-Packard, who generously contributed - their implementation to me, which I then didn't use (see - mime.c for an explanation of why). This adds the - EightBitMode option (a.k.a. `8') and an F=8 mailer flag - to control handling of 8-bit data. These have to cope with - two types of 8-bit data: unlabelled 8-bit data (that is, - 8-bit data that is entered without declaring it as 8-bit - MIME -- technically this is illegal according to the - specs) and labelled 8-bit data (that is, it was declared - as 8BITMIME in the ESMTP session or by using the - -B8BITMIME command line flag). If the F=8 mailer flag is - set then 8-bit data is sent to non-8BITMIME machines - instead of converting to 7 bit (essentially using - just-send-8 semantics). The values for EightBitMode are: - m convert unlabelled 8-bit input to 8BITMIME, and do - any necessary conversion of 8BITMIME to 7BIT - (essentially, the full MIME option). - p pass unlabelled 8-bit input, but convert labelled - 8BITMIME input to 7BIT as required (default). - s strict adherence: reject unlabelled 8-bit input, - convert 8BITMIME to 7BIT as required. The F=8 - flag is ignored. - Unlabelled 8-bit data is rejected in mode `s' regardless of - the setting of F=8. - Add new internal class 'n', which is the set of MIME Content-Types - which can not be 8 to 7 bit encoded because of other - considerations. Types "multipart/*" and "message/*" are - never directly encoded (although their components can be). - Add new internal class 's', which is the set of subtypes of the - MIME message/* content type that can be treated as though - they are an RFC822 message. It is predefined to have - "rfc822". Suggested By Kari Hurtta. - Add new internal class 'e'. This is the set of MIME - Content-Transfer-Encodings that can be converted to - a seven bit format (Quoted-Printable or Base64). It is - preinitialized to contain "7bit", "8bit", and "binary". - Add C=charset mailer parameter and the the DefaultCharSet option (no - short name) to set the default character set to use in the - Content-Type: header when doing encoding of an 8-bit message - which isn't marked as MIME into MIME format. If the C= - parameter is set on the Envelope From address, use that as - the default encoding; else use the DefaultCharSet option. - If neither is set, it defaults to "unknown-8bit" as - suggested by RFC 1428 section 3. - Allow ``U=user:group'' field in mailer definition to set a default - user and group that a mailer will be executed as. This - overrides the 'u' and 'g' options, and if the `F=S' flag is - also set, it is the uid/gid that will always be used (that - is, the controlling address is ignored). The values may be - numeric or symbolic; if only a symbolic user is given (no - group) that user's default group in the passwd file is used - as the group. Based on code donated by Chip Rosenthal of - Unicom. - Allow `u' option to also accept user:group as a value, in the same - fashion as the U= mailer option. - Add the symbolic time zone name in the Arpanet format dates (as - a comment). This adds a new compile-time configuration - flag: TZ_TYPE can be set to TZ_TM_NAME (use the value - of (struct tm *)->tm_name), TZ_TM_ZONE (use the value - of (struct tm *)->tm_zone), TZ_TZNAME (use extern char - *tzname[(struct tm *)->tm_isdst]), TZ_TIMEZONE (use - timezone()), or TZ_NONE (don't include the comment). Code - from Chip Rosenthal. - The "Timeout" option (formerly "r") is extended to allow suboptions. - For example, - O Timeout.helo = 2m - There are also two new suboptions "queuereturn" and - "queuewarn"; these subsume the old T option. Thus, to - set them both the preferred new syntax is - O Timeout.queuereturn = 5d - O Timeout.queuewarn = 4h - Sort queue by host name instead of by message priority if the - QueueSortOrder option (no short name) is set is set to - ``host''. This makes better use of the connection cache, - but may delay more ``interactive'' messages behind large - backlogs under some circumstances. This is probably a - good option if you have high speed links or don't do lots - of ``batch'' messages, but less good if you are using - something like PPP on a 14.4 modem. Based on code - contributed by Roy Mongiovi of Georgia Tech (my main - contribution was to make it configurable). - Save i-number of df file in qf file to simplify rebuilding of queue - after disastrous disk crash. Suggested by Kyle Jones of - UUNET; closely based on code from KJS DECWRL code written - by Paul Vixie. NOTA BENE: The qf files produced by 8.7 - are NOT back compatible with 8.6 -- that is, you can convert - from 8.6 to 8.7, but not the other direction. - Add ``F=d'' mailer flag to disable all use of angle brackets in - route-addrs in envelopes; this is because in some cases - they can be sent to the shell, which interprets them as - I/O redirection. - Don't include error file (option E) with return-receipts; this - can be confusing. - Don't send "Warning: cannot send" messages to owner-* or - *-request addresses. Suggested by Christophe Wolfhugel - of the Institut Pasteur, Paris. - Allow -O command line flag to set long form options. - Add "MinQueueAge" option to set the minimum time between attempts - to run the queue. For example, if the queue interval - (-q value) is five minutes, but the minimum queue age - is fifteen minutes, jobs won't be tried more often than - once every fifteen minutes. This can be used to give - you more responsiveness if your delivery mode is set to - queue-only. - Allow "fileopen" timeout (default: 60 seconds) for opening - :include: and .forward files. - Add "-k", "-v", and "-z" flags to map definitions; these set the - key field name, the value field name, and the field - delimiter. The field delimiter can be a single character - or the sequence "\t" or "\n" for tab or newline. - These are for use by NIS+ and similar access methods. - Change maps to always strip quotes before lookups; the -q flag - turns off this behavior. Suggested by Motonori Nakamura. - Add "nisplus" map class. Takes -k and -v flags to choose the - key and value field names respectively. Code donated by - Sun Microsystems. - Add "hesiod" map class. The "file name" is used as the - "HesiodNameType" parameter to hes_resolve(3). Returns the - first value found for the match. Code donated by Scott - Hutton of Indiana University. - Add "netinfo" (NeXT NetInfo) map class. Maps can have a -k flag to - specify the name of the property that is searched as the - key and a -v flag to specify the name of the property that - is returned as the value (defaults to "members"). The - default map is "/aliases". Some code based on code - contributed by Robert La Ferla of Hot Software. - Add "text" map class. This does slow, linear searches through - text files. The -z flag specifies a column delimiter - (defaults to any sequence of white space), the -k flag - sets the key column number, and the -v flag sets the - value column number. Lines beginning with `#' are treated - as comments. - Add "program" map class to execute arbitrary programs. The search - key is presented as the last argument; the output is one - line read from the programs standard output. Exit statuses - are from sysexits.h. - Add "sequence" map class -- searches maps in sequence until it - finds a match. For example, the declarations: - Kmap1 ... - Kmap2 ... - Kmapseq sequence map1 map2 - defines a map "mapseq" that first searches map1; if the - value is found it is returned immediately, otherwise - map2 is searched and the value returned. - Add "switch" map class. This is much like "sequence" except that - the ordering is fetched from an external file, usually - the system service switch. The parameter is the name of - the service to switch on, and the maps that it will use - are the name of the switch map followed by ".service_type". - For example, if the declaration of the map is - Ksample switch hosts - and the system service switch specifies that hosts are - looked up using dns and nis in that order, then this is - equivalent to - Ksample sequence sample.dns sample.nis - The subordinate maps (sample.*) must already be defined. - Add "user" map class -- looks up users using getpwnam. Takes a - "-v field" flag on the definition that tells what passwd - entry to return -- legal values are name, passwd, uid, gid, - gecos, dir, and shell. Generally expected to be used with - the -m (matchonly) flag. - Add "bestmx" map class -- returns the best MX value for the host - listed as the value. If there are several "best" MX records - for this host, one will be chosen at random. - Add "userdb" map class -- looks up entries in the user database. - The "file name" is actually the tag that will be used, - typically "mailname". If there are multiple entries - matching the name, the one chosen is undefined. - Add multiple queue timeouts (both return and warning). These are - set by the Precedence: or Priority: header fields to one of - three values. If a Priority: is set and has value "normal", - "urgent", or "non-urgent" the corresponding timeouts are - used. If no priority is set, the Precedence: is consulted; - if negative, non-urgent timeouts are used; if greater than - zero, urgent timeouts are used. Otherwise, normal timeouts - are used. The timeouts are set by setting the six timeouts - queue{warn,return}.{urgent,normal,non-urgent}. - Fix problem when a mail address is resolved to a $#error mailer - with a temporary failure indication; it works in SMTP, - but when delivering locally the mail is silently discarded. - This patch, from Kyle Jones of UUNET, bounces it instead - of queueing it (queueing is very hard). - When using /etc/hosts or NIS-style lookups, don't assume that - the first name in the list is the best one -- instead, - search for the first one with a dot. For example, if - an /etc/hosts entry reads - 128.32.149.68 mammoth mammoth.CS.Berkeley.EDU - this change will use the second name as the canonical - machine name instead of the initial, unqualified name. - Change dequote map to replace spaces in quoted text with a value - indicated by the -s flag on the dequote map definition. - For example, ``Mdequote dequote -s_'' will change - "Foo Bar" into an unquoted Foo_Bar instead of leaving it - quoted (because of the space character). Suggested by Dan - Oscarsson for use in X.400 addresses. - Implement long macro names as ${name}; long class names can - be similarly referenced as $={name} and $~{name}. - Definitions are (e.g.) ``D{name}value''. Names that have - a leading lower case letter or punctuation characters are - reserved for internal use by sendmail; i.e., config files - should use names that begin with a capital letter. Based - on code contributed by Dan Oscarsson. - Fix core dump if getgrgid returns a null group list (as opposed - to an empty group list, that is, a pointer to a list - with no members). Fix from Andrew Chang of Sun Microsystems. - Fix possible core dump if malloc fails -- if the malloc in xalloc - failed, it called syserr which called newstr which called - xalloc.... The newstr is now avoided for "panic" messages. - Reported by Stuart Kemp of James Cook University. - Improve connection cache timeouts; previously, they were not even - checked if you were delivering to anything other than an - IPC-connected host, so a series of (say) local mail - deliveries could cause cached connections to be open - much longer than the specified timeout. - If an incoming message exceeds the maximum message size, stop - writing the incoming bytes to the queue data file, since - this can fill your mqueue partition -- this is a possible - denial-of-service attack. - Don't reject all numeric local user names unless HESIOD is - defined. It turns out that Posix allows all-numeric - user names. Fix from Tony Sanders of BSDI. - Add service switch support. If the local OS has a service - switch (e.g., /etc/nsswitch.conf on Solaris or /etc/svc.conf - on DEC systems) that will be used; otherwise, it falls back - to using a local mechanism based on the ServiceSwitchFile - option (default: /etc/service.switch). For example, if the - service switch lists "files" and "nis" for the aliases - service, that will be the default lookup order. the "files" - ("local" on DEC) service type expands to any alias files - you listed in the configuration file, even if they aren't - actually file lookups. - Option I (NameServerOptions) no longer sets the "UseNameServer" - variable which tells whether or not DNS should be considered - canonical. This is now determined based on whether or not - "dns" is in the service list for "hosts". - Add preliminary support for the ESMTP "DSN" extension (Delivery - Status Notifications). DSN notifications override - Return-Receipt-To: headers, which are bogus anyhow -- - support for them has been removed. - Add T=mts-name-type/address-type/diagnostic-type keyletter to mailer - definitions to define the types used in DSN returns for - MTA names, addresses, and diagnostics respectively. - Extend heuristic to force running in ESMTP mode to look for the - five-character string "ESMTP" anywhere in the 220 greeting - message (not just the second line). This is to provide - better compatibility with other ESMTP servers. - Print sequence number of job when running the queue so you can - easily see how much progress you have made. Suggested - by Peter Wemm of DIALix. - Map newlines to spaces in logged message-ids; some versions of - syslog truncate the rest of the line after newlines. - Suggested by Fletcher Mattox of U. Texas. - Move up forking for job runs so that if a message is split into - multiple envelopes you don't get "fork storms" -- this - also improves the connection cache utilization. - Accept "<<>>", "<<<>>>", and so forth as equivalent to "<>" for - the purposes of refusing to send error returns. Suggested - by Motonori Nakamura of Ritsumeikan University. - Relax rules on when a file can be written when referenced from - the aliases file: use the default uid/gid instead of the - real uid/gid. This allows you to create a file owned by - and writable only by the default uid/gid that will work - all the time (without having the set-user-ID bit set). Change - suggested by Shau-Ping Lo and Andrew Cheng of Sun - Microsystems. - Add "DialDelay" option (no short name) to provide an "extra" - delay for dial on demand systems. If this is non-zero - and a connect fails, sendmail will wait this long and - then try again. If it takes longer than the kernel - timeout interval to establish the connection, this - option can give the network software time to establish - the link. The default units are seconds. - Move logging of sender information to be as early as possible; - previously, it could be delayed a while for SMTP mail - sent to aliases. Suggested by Brad Knowles of the - Defense Information Systems Agency. - Call res_init() before setting RES_DEBUG; this is required by - BIND 4.9.3, or so I'm told. From Douglas Anderson of - the National Computer Security Center. - Add xdelay= field in logs -- this is a transaction delay, telling - you how long it took to deliver to this address on the - last try. It is intended to be used for sorting mailing - lists to favor "quick" addresses. Provided for use by - the mailprio scripts (see below). - If a map cannot be opened, and that map is non-optional, and - an address requires that map for resolution, queue the - map instead of bouncing it. This involves creating a - pseudo-class of maps called "bogus-map" -- if a required - map cannot be opened, the class is changed to bogus-map; - all queries against bogus-map return "tempfail". The - bogus-map class is not directly accessible. A sample - implementation was donated by Jem Taylor of Glasgow - University Computing Service. - Fix a possible core dump when mailing to a program that talks - SMTP on its standard input. Fix from Keith Moore of - the University of Kentucky. - Make it possible to resolve filenames to $#local $: @ /filename; - previously, the "@" would cause it to not be recognized - as a file. Problem noted by Brian Hill of U.C. Davis. - Accept a -1 signal to re-exec the daemon. This only works if - argv[0] is a full path to sendmail. - Fix bug in "addr=..." field in O option on little-endian machines - -- the network number wasn't being converted to network - byte order. Patch from Kurt Lidl of Pix Technologies - Corporation. - Pre-initialize the resolver early on; this is to avoid a bug with - BIND 4.9.3 that can cause the _res.retry field to get - reset to zero, causing all name server lookups to time - out. Fix from Matt Day of Artisoft. - Restore T line (trusted users) in config file -- but instead of - locking out the -f flag, they just tell whether or not - an X-Authentication-Warning: will be added. This really - just creates new entries in class 't', so "Ft/file/name" - can be used to read trusted user names from a file. - Trusted users are also allowed to execute programs even - if they have a shell that isn't in /etc/shells. - Improve NEWDB alias file rebuilding so it will create them - properly if they do not already exist. This had been - a MAYBENEXTRELEASE feature in 8.6.9. - Check for @:@ entry in NIS maps before starting up to avoid - (but not prevent, sigh) race conditions. This ought to - be handled properly in ypserv, but isn't. Suggested by - Michael Beirne of Motorola. - Refuse connections if there isn't enough space on the filesystem - holding the queue. Contributed by Robert Dana of Wolf - Communications. - Skip checking for directory permissions in the path to a file - when checking for file permissions iff setreuid() - succeeded -- it is unnecessary in that case. This avoids - significant performance problems when looking for .forward - files. Based on a suggestion by Win Bent of USC. - Allow symbolic ruleset names. Syntax can be "Sname" to get an - arbitrary ruleset number assigned or "Sname = integer" - to assign a specific ruleset number. Reference is - $>name_or_number. Names can be composed of alphas, digits, - underscore, or hyphen (first character must be non-numeric). - Allow -o flag on AliasFile lines to make the alias file optional. - From Bryan Costales of ICSI. - Add NoRecipientAction option to handle the case where there is - no legal recipient header in the message. It can take - on values: - None Leave the message as is. The - message will be passed on even - though it is in technically - illegal syntax. - Add-To Add a To: header with any - recipients that it can find from - the envelope. This risks exposing - Bcc: recipients. - Add-Apparently-To Add an Apparently-To: header. This - has almost no redeeming social value, - and is provided only for back - compatibility. - Add-To-Undisclosed Add a header reading - To: undisclosed-recipients:; - which will have the effect of - making the message legal without - exposing Bcc: recipients. - Add-Bcc To add an empty Bcc: header. - There is a chance that mailers down - the line will delete this header, - which could cause exposure of Bcc: - recipients. - The default is NoRecipientAction=None. - Truncate (rather than delete) Bcc: lines in the header. This - should prevent later sendmails (at least, those that don't - themselves delete Bcc:) from considering this message to - be non-conforming -- although it does imply that non-blind - recipients can see that a Bcc: was sent, albeit not to whom. - Add SafeFileEnvironment option. If declared, files named as delivery - targets must be regular files in addition to the regular - checks. Also, if the option is non-null then it is used as - the name of a directory that is used as a chroot(2) - environment for the delivery; the file names listed in an - alias or forward should include the name of this root. - For example, if you run with - O SafeFileEnvironment=/arch - then aliases should reference "/arch/rest/of/path". If a - value is given, sendmail also won't try to save to - /usr/tmp/dead.letter (instead it just leaves the job in the - queue as Qfxxxxxx). Inspired by *Hobbit*'s sendmail patch kit. - Support -A flag for alias files; this will comma concatenate like - entries. For example, given the aliases: - list: member1 - list: member2 - and an alias file declared as: - OAhash:-A /etc/aliases - the final alias inserted will be "list: member1,member2"; - without -A you will get an error on the second and subsequent - alias for "list". Contributed by Bryan Costales of ICSI. - Line-buffer transcript file. Suggested by Liudvikas Bukys. - Fix a problem that could cause very long addresses to core dump in - some special circumstances. Problem pointed out by Allan - Johannesen. - (Internal change.) Change interface to expand() (macro expansion) - to be simpler and more consistent. - Delete check for funny qf file names. This didn't really give - any extra security and caused some people some problems. - (If you -really- want this, define PICKY_QF_NAME_CHECK - at compile time.) Suggested by Kyle Jones of UUNET. - (Internal change.) Change EF_NORETURN to EF_NO_BODY_RETN and - merge with DSN code; this is simpler and more consistent. - This may affect some people who have written their own - checkcompat() routine. - (Internal change.) Eliminate `D' line in qf file. The df file - is now assumed to be the same name as the qf file (with - the `q' changed to a `d', of course). - Avoid forking for delivery if all recipient mailers are marked as - "expensive" -- this can be a major cost on some systems. - Essentially, this forces sendmail into "queue only" mode - if all it is going to do is queue anyway. - Avoid sending a null message in some rather unusual circumstances - (specifically, the RCPT command returns a temporary - failure but the connection is lost before the DATA - command). Fix from Scott Hammond of Secure Computing - Corporation. - Change makesendmail to use a somewhat more rational naming scheme: - Makefiles and obj directories are named $os.$rel.$arch, - where $os is the operating system (e.g., SunOS), $rel is - the release number (e.g., 5.3), and $arch is the machine - architecture (e.g., sun4). Any of these can be omitted, - and anything after the first dot in a release number can - be replaced with "x" (e.g., SunOS.4.x.sun4). The previous - version used $os.$arch.$rel and was rather less general. - Change makesendmail to do a "make depend" in the target directory - when it is being created. This involves adding an empty - "depend:" entry in most Makefiles. - Ignore IDENT return value if the OSTYPE field returns "OTHER", - as indicated by RFC 1413. Pointed out by Kari Hurtta - of the Finnish Meteorological Institute. - Fix problem that could cause multiple responses to DATA command - on header syntax errors (e.g., lines beginning with colons). - Problem noted by Jens Thomassen of the University of Oslo. - Don't let null bytes in headers cause truncation of the rest of - the header. - Log Authentication-Warning:s. Suggested by Motonori Nakamura. - Increase timeouts on message data puts to allow time for receivers - to canonify addresses in headers on the fly. This is still - a rather ugly heuristic. From Motonori Nakamura. - Add "HasWildcardMX" suboption to ResolverOptions; if set, MX - records are not used when canonifying names, and when MX - lookups are done for addressing they must be fully - qualified. This is useful if you have a wildcard MX record, - although it may cause other problems. In general, don't use - wildcard MX records. Patch from Motonori Nakamura. - Eliminate default two-line SMTP greeting message. Instead of - adding an extra "ESMTP spoken here" line, the word "ESMTP" - is added between the first and second word of the first - line of the greeting message (i.e., immediately after the - host name). This eliminates the need for the BROKEN_SMTP_PEERS - compile flag. Old sendmails won't see the ESMTP, but that's - acceptable because SIZE was the only useful extension that - old sendmails understand. - Avoid gethostbyname calls on UNIX domain sockets during SIGUSR1 - invoked state dumps. From Masaharu Onishi. - Allow on-line comments in .forward and :include: files; they are - introduced by the string "<LWSP>#@#<LWSP>", where <LWSP> - is a space or a tab. This is intended for native - representation of non-ASCII sets such as Japanese, where - existing encodings would be unreadable or would lose - data -- for example, - <motonori@cs.ritsumei.ac.jp> NAKAMURA Motonori - (romanized/less information) - <motonori@cs.ritsumei.ac.jp> =?ISO-2022-JP?B?GyRCQ2ZCPBsoQg==?= - =?ISO-2022-JP?B?GyRCQUdFNRsoQg==?= - (with MIME encoding, not human readable) - <motonori@cs.ritsumei.ac.jp> #@# ^[$BCfB<^[(B ^[$BAGE5^[(B - (native encoding with ISO-2022-JP) - The last form is human readable in the Japanese environment. - Based on a fix from (surprise!) Motonori Nakamura. - Don't make SMTP error returns on MAIL FROM: line be "sticky" for all - messages to that host; these are most frequently associated - with addresses rather than the host, with the exception of - 421 (service shutting down). The effect was to cause queues - to sometimes take an excessive time to flush. Reported by - Robert Sargent of Southern Geographics Technologies and - Eric Prestemon of American University. - Add Nice=N mailer option to set the niceness at which a mailer will - run. This is actually a relative niceness (that is, an - increment on the background value). - Log queue runs that are skipped due to high loads. They are logged - at LOG_INFO priority iff the log level is > 8. Contributed - by Bruce Nagel of Data General. - Allow the error mailer to accept a DSN-style error status code - instead of an sysexits status code in the host part. - Anything with a dot will be interpreted as a DSN-style code. - Add new mailer flag: F=3 will tell translations to Quoted-Printable - to encode characters that might be munged by an EBCDIC system - in addition to the set required by RFC 1521. The additional - characters are !, ", #, $, @, [, \, ], ^, `, {, |, }, and ~. - (Think of "IBM 360" as the mnemonic for this flag.) - Change check for mailing to files to look for a pathname of [FILE] - rather than looking for the mailer named *file*. The mapping - of leading slashes still goes to the *file* mailer. This - allows you to implement the *file* mailer as a separate - program, for example, to insert a Content-Length: header - or do special security policy. However, note that the usual - initial checking for the file permissions is still done, and - the program in question needs to be very careful about how - it does the file write to avoid security problems. - Be able to read ~root/.forward even if the path isn't accessible to - regular users. This is disrecommended because sendmail - sometimes does not run as root (e.g., when an unsafe option - is specified on the command line), but should otherwise be - safe because .forward files must be owned by the user for - whom mail is being forwarded, and cannot be a symbolic link. - Suggested by Forrest Aldrich of Wang Laboratories. - Add new "HostsFile" option that is the pathname to the /etc/hosts - file. This is used for canonifying hostnames when the - service type is "files". - Implement programs on F (read class from file) line. The syntax is - Fc|/path/to/program to read the output from the program - into class "c". - Probe the network interfaces to find alternate names for this - host. Requires the SIOCGIFCONF ioctl call. Code - contributed by SunSoft. - Add "E" configuration line to set or propagate environment - variables into children. "E<envar>" will propagate - the named variable from the environment when sendmail - was invoked into any children it calls; "E<envar>=<value>" - sets the named variable to the indicated value. Any - variables not explicitly named will not be in the child - environment. However, sendmail still forces an - "AGENT=sendmail" environment variable, in part to enforce - at least one environment variable, since many programs and - libraries die horribly if this is not guaranteed. - Change heuristic for rebuilding both NEWDB and NDBM versions of - alias databases -- new algorithm looks for the substring - "/yp/" in the file name. This is more portable and involves - less overhead. Suggested by Motonori Nakamura. - Dynamically allocate the queue work list so that you don't lose - jobs in large queue runs. The old QUEUESIZE compile parameter - is replaced by QUEUESEGSIZE (the unit of allocation, which - should not need to be changed) and the MaxQueueRunSize option, - which is the absolute maximum number of jobs that will ever - be handled in a single queue run. Based on code contributed - by Brian Coan of the Institute for Global Communications. - Log message when a message is dropped because it exceeds the maximum - message size. Suggested by Leo Bicknell of Virginia Tech. - Allow trusted users (those on a T line or in $=t) to use -bs without - an X-Authentication-Warning: added. Suggested by Mark Thomas - of Mark G. Thomas Consulting. - Announce state of compile flags on -d0.1 (-d0.10 throws in the - OS-dependent defines). The old semantic of -d0.1 to not - run the daemon in background has been moved to -d99.100, - and the old 52.5 flag (to avoid disconnect() from closing - all output files) has been moved to 52.100. This makes - things more consistent (flags below .100 don't change - semantics) and separates out the backgrounding so that - it doesn't happen automatically on other unrelated debugging - flags. - If -t is used but no addresses are found in the header, give an - error message rather than just doing nothing. Fix from - Motonori Nakamura. - On systems (like SunOS) where the effective gid is not necessarily - included in the group list returned by getgroups(), the - `restrictmailq' option could sometimes cause an authorized - user to not be able to use `mailq'. Fix from Charles Hannum - of MIT. - Allow symbolic service names for [IPC] mailers. Suggested by - Gerry Magennis of Logica International. - Add DontExpandCnames option to prevent $[ ... $] from expanding CNAMEs - when running DNS. For example, if the name FTP.Foo.ORG is - a CNAME for Cruft.Foo.ORG, then when sitting on a machine in - the Foo.ORG domain a lookup of "FTP" returns "Cruft.Foo.ORG" - if this option is not set, or "FTP.Foo.ORG" if it is set. - This is technically illegal under RFC 822 and 1123, but the - IETF is moving toward legalizing it. Note that turning on - this option is not sufficient to guarantee that a downstream - neighbor won't rewrite the address for you. - Add "-m" flag to makesendmail script -- this tells you what object - directory and Makefile it will use, but doesn't actually do - the make. - Do some additional checking on the contents of the qf file to try - to detect attacks against the qf file. In particular, - abort on any line beginning "From ", and add an "end of - file" line -- any data after that line is prohibited. - Always use /etc/sendmail.cf, regardless of the arbitrary vendor - choices. This can be overridden in the Makefile by using - either -DUSE_VENDOR_CF_PATH to get the vendor location - (to the extent that we know it) or by defining - _PATH_SENDMAILCF (which is a "hard override"). This allows - sendmail 8 to have more consistent installation instructions. - Allow macros on `K' line in config file. Suggested by Andrew Chang - of Sun Microsystems. - Improved symbol table hash function from Eric Wassenaar. This one - is at least 50% faster. - Fix problem that didn't notice that timeout on file open was a - transient error. Fix from Larry Parmelee of Cornell - University. - Allow comments (lines beginning with a `#') in files read for - classes. Suggested by Motonori Nakamura. - Make SIGINT (usually ^C) in test mode return to the prompt instead - of dropping out entirely. This makes testing some of the - name server lookups easier to deal with when there are - hung servers. From Motonori Nakamura. - Add new ${opMode} macro that is set to the current operation mode - (e.g., `s' for -bs, `t' for -bt, etc.). Suggested by - Claude Marinier <MARINIER@emp.ewd.dreo.dnd.ca>. - Add new delivery mode (Odd) that defers all map lookups to queue runs. - Kind of like queue-only mode (Odq) except it tries to avoid - any external service requests; for dial-on-demand hosts that - want to minimize DNS lookups when mail is being queued. For - this to work you will also have to make sure that gethostbyname - of your local host name does not do a DNS lookup. - Improved handling of "out of space" conditions from John Myers of - Carnegie Mellon. - Improved security for mailing to files on systems that have fchmod(2) - support. - Improve "cannot send message for N days" message -- now says "could - not send for past N days". Suggested by Tom Moore of AT&T - Global Information Solutions. - Less misleading Subject: line on messages sent to postmaster only. - From Motonori Nakamura. - Avoid duplicate error messages on bad command line flags. From - Motonori Nakamura. - Better error message for case where ruleset 0 falls off the end - or otherwise does not resolve to a canonical triple. - Fix a problem that could cause multiple bounce messages if a bad - address was sent along with a good address to an SMTP - site where that SMTP site returned a 4yz code in response - to the final dot of the data. Problem reported by David - James of British Telecom. - Add "volatile" declarations so that gcc -O2 will work. Patches - from Alexander Dupuy of System Management ARTS. - Delete duplicates in MX lists -- believe it or not, there are sites - that list the same host twice in an MX list. This deletion - only works on adjacent preferences, so an MX list that - had A=5, B=10, A=15 would leave both As, but one that had - A=5, A=10, B=15 would reduce to A, B. This is intentional, - just in case there is something weird I haven't thought of. - Suggested by Barry Shein of Software Tool & Die. - SECURITY: .forward files cannot be symbolic links. If they are, - a bad guy can read your private files. - PORTABILITY FIXES: - Solaris 2 from Rob McMahon <cudcv@csv.warwick.ac.uk>. - System V Release 4 from Motonori Nakamura of Ritsumeikan - University. This expands the disk size - checking to include all (?) SVR4 configurations. - System V Release 4 from Kimmo Suominen -- initgroups(3) - and setrlimit(2) are both available. - System V Release 4 from sob@sculley.ffg.com -- some versions - apparently "have EX_OK defined in other headerfiles." - Linux Makefile typo. - Linux getusershell(3) is broken in Slackware 2.0 -- - from Andrew Pam of Xanadu Australia. - More Linux tweaking from John Kennedy of California State - University, Chico. - Cray changes from Eric Wassenaar: ``On Cray, shorts, - ints, and longs are all 64 bits, and all structs - are multiples of 64 bits. This means that the - sizeof operator returns only multiples of 8. - This requires adaptation of code that really - deals with 32 bit or 16 bit fields, such as IP - addresses or nameserver fields.'' - DG/UX 5.4.3 from Mark T. Robinson <mtr@ornl.gov>. To - get the old behavior, use -DDGUX_5_4_2. - DG/UX hack: add _FORCE_MAIL_LOCAL_=yes environment - variable to fix bogus /bin/mail behavior. - Tandem NonStop-UX from Rick McCarty <mccarty@mpd.tandem.com>. - This also cleans up some System V Release 4 compile - problems. - Solaris 2: sendmail.cw file should be in /etc/mail to - match all the other configuration files. Fix - from Glenn Barry of Emory University. - Solaris 2.3: compile problem in conf.c. Fix from Alain - Nissen of the University of Liege, Belgium. - Ultrix: freespace calculation was incorrect. Fix from - Takashi Kizu of Osaka University. - SVR4: running in background gets a SIGTTOU because the - emulation code doesn't realize that "getpeername" - doesn't require reading the file. Fix from Peter - Wemm of DIALix. - Solaris 2.3: due to an apparent bug in the socket emulation - library, sockets can get into a "wedged" state where - they just return EPROTO; closing and re-opening the - socket clears the problem. Fix from Bob Manson - of Ohio State University. - Hitachi 3050R & 3050RX running HI-UX/WE2: portability - fixes from Akihiro Hashimoto ("Hash") of Chiba - University. - AIX changes to allow setproctitle to work from Rainer Schöpf - of Zentrum für Datenverarbeitung der Universität - Mainz. - AIX changes for load average from Ed Ravin of NASA/Goddard. - SCO Unix from Chip Rosenthal of Unicom (code was using the - wrong statfs call). - ANSI C fixes from Adam Glass (NetBSD project). - Stardent Titan/ANSI C fixes from Kate Hedstrom of Rutgers - University. - DG-UX fixes from Bruce Nagel of Data General. - IRIX64 updates from Mark Levinson of the University of - Rochester Medical Center. - Altos System V (``the first UNIX/XENIX merge the Altos - did for their Series 1000 & Series 2000 line; - their merged code was licensed back to AT&T and - Microsoft and became System V release 3.2'') from - Tim Rice <timr@crl.com>. - OSF/1 running on Intel Paragon from Jeff A. Earickson - <jeff@ssd.intel.com> of Intel Scalable Systems - Division. - Amdahl UTS System V 2.1.5 (SVr3-based) from Janet Jackson - <janet@dialix.oz.au>. - System V Release 4 (statvfs semantic fix) from Alain - Durand of I.M.A.G. - HP-UX 10.x multiprocessor load average changes from - Scott Hutton and Jeff Sumler of Indiana University. - Cray CSOS from Scott Bolte of Cray Computer Corporation. - Unicos 8.0 from Douglas K. Rand of the University of North - Dakota, Scientific Computing Center. - Solaris 2.4 fixes from Sanjay Dani of Dani Communications. - ConvexOS 11.0 from Christophe Wolfhugel. - IRIX 4.0.5 from David Ashton-Reader of CADcentre. - ISC UNIX from J. J. Bailey. - HP-UX 9.xx on the 8xx series machines from Remy Giraud - of Meteo France. - HP-UX configuration from Tom Lane <tgl@sss.pgh.pa.us>. - IRIX 5.2 and 5.3 from Kari E. Hurtta. - FreeBSD 2.0 from Mike Hickey of Federal Data Corporation. - Sony NEWS-OS 4.2.1R and 6.0.3 from Motonori Nakamura. - Omron LUNA unios-b, mach from Motonori Nakamura. - NEC EWS-UX/V 4.2 from Motonori Nakamura. - NeXT 2.1 from Bryan Costales. - AUX patch thanks to Mike Erwin of Apple Computer. - HP-UX 10.0 from John Beck of Hewlett-Packard. - Ultrix: allow -DBROKEN_RES_SEARCH=0 if you are using a - non-DEC resolver. Suggested by Allan Johannesen. - UnixWare 2.0 fixes from Petr Lampa of the Technical - University of Brno (Czech Republic). - KSR OS 1.2.2 support from Todd Miller of the University - of Colorado. - UX4800 support from Kazuhisa Shimizu of NEC. - MAKEMAP: allow -d flag to allow insertion of duplicate aliases - in type ``btree'' maps. The semantics of this are undefined - for regular maps, but it can be useful for the user database. - MAKEMAP: lock database file while rebuilding to avoid sendmail - lookups while the rebuild is going on. There is a race - condition between the open(... O_TRUNC ...) and the lock - on the file, but it should be quite small. - SMRSH: sendmail restricted shell added to the release. This can - be used as an alternative to /bin/sh for the "prog" mailer, - giving the local administrator more control over what - programs can be run from sendmail. - MAIL.LOCAL: add this local mailer to the tape. It is not really - part of the release proper, and isn't fully supported; in - particular, it does not run on System V based systems and - never will. - CONTRIB: a patch to rmail.c from Bill Gianopoulos of Raytheon - to allow rmail to compile on systems that don't have - function prototypes and systems that don't have snprintf. - CONTRIB: add the "mailprio" scripts that will help you sort mailing - lists by transaction delay times so that addresses that - respond quickly get sent first. This is to prevent very - sluggish servers from delaying other peoples' mail. - Contributed by Tony Sanders of BSDI. - CONTRIB: add the "bsdi.mc" file as contributed by Tony Sanders - of BSDI. This has a lot of comments to help people out. - CONFIG: Don't have .mc files include(../m4/cf.m4) -- instead, - put this on the m4 command line. On GNU m4 (which - supports the __file__ primitive) you can run m4 in an - arbitrary directory -- use either: - m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf - or - m4 -I${CFDIR} m4/cf.m4 config.mc > config.cf - On other versions of m4 that don't support __file__, you - can use: - m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 ... - (Note the trailing slash on the _CF_DIR_ definition.) - Old versions of m4 will default to _CF_DIR_=.. for back - compatibility. - CONFIG: fix mail from <> so it will properly convert to - MAILER-DAEMON on local addresses. - CONFIG: fix code that was supposed to catch colons in host - names. Problem noted by John Gardiner Myers of CMU. - CONFIG: allow use of SMTP_MAILER_MAX in nullclient configuration. - From Paul Riddle of the University of Maryland, Baltimore - County. - CONFIG: Catch and reject "." as a host address. - CONFIG: Generalize domaintable to look up all domains, not - just unqualified ones. - CONFIG: Delete OLD_SENDMAIL support -- as near as I can tell, it - was never used and didn't work anyway. - CONFIG: Set flags A, w, 5, :, /, |, and @ on the "local" mailer - and d on all mailers in the UUCP class. - CONFIG: Allow "user+detail" to be aliased specially: it will first - look for an alias for "user+detail", then for "user+*", and - finally for "user". This is intended for forwarding mail - for system aliases such as root and postmaster to a - centralized hub. - CONFIG: add confEIGHT_BIT_HANDLING to set option 8 (see above). - CONFIG: add smtp8 mailer; this has the F=8 (just-send-8) flag set. - The F=8 flag is also set on the "relay" mailer, since - this is expected to be another sendmail. - CONFIG: avoid qualifying all UUCP addresses sent via SMTP with - the name of the UUCP_RELAY -- in some cases, this is the - wrong value (e.g., when we have local UUCP connections), - and this can create unreplyable addresses. From Chip - Rosenthal of Unicom. - CONFIG: add confRECEIVED_HEADER to change the format of the - Received: header inserted into all messages. Suggested by - Gary Mills of the University of Manitoba. - CONFIG: Make "notsticky" the default; use FEATURE(stickyhost) - to get the old behavior. I did this upon observing - that almost everyone needed this feature, and that the - concept I was trying to make happen didn't work with - some user agents anyway. FEATURE(notsticky) still works, - but it is a no-op. - CONFIG: Add LUSER_RELAY -- the host to which unrecognized user - names are sent, rather than immediately diagnosing them - as User Unknown. - CONFIG: Add SMTP_MAILER_ARGS, ESMTP_MAILER_ARGS, SMTP8_MAILER_ARGS, - and RELAY_MAILER_ARGS to set the arguments for the - indicated mailers. All default to "IPC $h". Patch from - Larry Parmelee of Cornell University. - CONFIG: pop mailer needs F=n flag to avoid "annoying side effects - on the client side" and F=P to get an appropriate - return-path. From Kimmo Suominen. - CONFIG: add FEATURE(local_procmail) to use the procmail program - as the local mailer. For addresses of the form "user+detail" - the "detail" part is passed to procmail via the -a flag. - Contributed by Kimmo Suominen. - CONFIG: add MAILER(procmail) to add an interface to procmail for - use from mailertables. This lets you execute arbitrary - procmail scripts. Contributed by Kimmo Suominen. - CONFIG: add T= fields (MTS type) to local, smtp, and uucp mailers. - CONFIG: add OSTYPE(ptx2) for DYNIX/ptx 2.x from Sequent. From - Paul Southworth of CICNet Systems Support. - CONFIG: use -a$g as default to UUCP mailers, instead of -a$f. - This causes the null return path to be rewritten as - MAILER-DAEMON; otherwise UUCP gets horribly confused. - From Michael Hohmuth of Technische Universitat Dresden. - CONFIG: Add FEATURE(bestmx_is_local) to cause any hosts that - list us as the best possible MX record to be treated as - though they were local (essentially, assume that they - are included in $=w). This can cause additional DNS - traffic, but is easier to administer if this fits your - local model. It does not work reliably if there are - multiple hosts that share the best MX preference. - Code contributed by John Oleynick of Rutgers. - CONFIG: Add FEATURE(smrsh) to use smrsh (the SendMail Restricted - SHell) instead of /bin/sh as the program used for delivery - to programs. If an argument is included, it is used as - the path to smrsh; otherwise, /usr/local/etc/smrsh is - assumed. - CONFIG: Add LOCAL_MAILER_MAX and PROCMAILER_MAILER_MAX to limit the - size of messages to the local and procmail mailers - respectively. Contributed by Brad Knowles of the Defense - Information Systems Agency. - CONFIG: Handle leading ``phrase:'' and trailing ``;'' as comments - (just like text outside of angle brackets) in order to - properly deal with ``group: addr1, ... addrN;'' syntax. - CONFIG: Require OSTYPE macro (the defaults really don't apply to - any real systems any more) and tweak the DOMAIN macro - so that it is less likely that users will accidentally use - the Berkeley defaults. Also, create some generic files - that really can be used in the real world. - CONFIG: Add new configuration macros to set character sets for - messages _arriving from_ various mailers: LOCAL_MAILER_CHARSET, - SMTP_MAILER_CHARSET, and UUCP_MAILER_CHARSET. - CONFIG: Change UUCP_MAX_SIZE to UUCP_MAILER_MAX for consistency. - The old name will still be accepted for a while at least. - CONFIG: Implement DECNET_RELAY as spec for host to which DECNET - mail (.DECNET pseudo-domain or node::user) will be sent. - As with all relays, it can be ``mailer:hostname''. Suggested - by Scott Hutton. - CONFIG: Add MAILER(mail11) to get DECnet support. Code contributed - by Barb Dijker of Labyrinth Computer Services. - CONFIG: change confCHECK_ALIASES to default to False -- it has poor - performance for large alias files, and this confused many - people. - CONFIG: Add confCF_VERSION to append local information to the - configuration version number displayed during SMTP startup. - CONFIG: fix some.newsgroup.usenet@local.host syntax (previously it - would only work when locally addressed. Fix from - Edvard Tuinder of Cistron Internet Services. - CONFIG: use ${opMode} to avoid error on .REDIRECT addresses if option - "n" (CheckAliases) is set when rebuilding alias database. - Based on code contributed by Claude Marinier. - CONFIG: Allow mailertable to have values of the form - ``error:code message''. The ``code'' is a status code - derived from the sysexits codes -- e.g., NOHOST or UNAVAILABLE. - Contributed by David James <dwj@agw.bt.co.uk>. - CONFIG: add MASQUERADE_DOMAIN(domain list) to extend the list of - sender domains that will be replaced with the masquerade name. - These domains will not be treated as local, but if mail passes - through with sender addresses in those domains they will be - replaced by the masquerade name. These can also be specified - in a file using MASQUERADE_DOMAIN_FILE(filename). - CONFIG: add FEATURE(masquerade_envelope) to masquerade the envelope - as well as the header. Substantial improvements to this - code were contributed by Per Hedeland. - CONFIG: add MAILER(phquery) to define a new "ph" mailer; this can be - accessed from a mailertable to do CCSO ph lookups. Contributed - by Kimmo Suominen. - CONFIG: add MAILER(cyrus) to define a new Cyrus mailer; this can be - used to define cyrus and cyrusbb mailers (for IMAP support). - Contributed by John Gardiner Myers of Carnegie Mellon. - CONFIG: add confUUCP_MAILER to select default mailer to use for - UUCP addressing. Suggested by Tom Moore of AT&T GIS. - NEW FILES: - cf/cf/cs-hpux10.mc - cf/cf/cs-solaris2.mc - cf/cf/cyrusproto.mc - cf/cf/generic-bsd4.4.mc - cf/cf/generic-hpux10.mc - cf/cf/generic-hpux9.mc - cf/cf/generic-osf1.mc - cf/cf/generic-solaris2.mc - cf/cf/generic-sunos4.1.mc - cf/cf/generic-ultrix4.mc - cf/cf/huginn.cs.mc - cf/domain/berkeley-only.m4 - cf/domain/generic.m4 - cf/feature/bestmx_is_local.m4 - cf/feature/local_procmail.m4 - cf/feature/masquerade_envelope.m4 - cf/feature/smrsh.m4 - cf/feature/stickyhost.m4 - cf/feature/use_ct_file.m4 - cf/m4/cfhead.m4 - cf/mailer/cyrus.m4 - cf/mailer/mail11.m4 - cf/mailer/phquery.m4 - cf/mailer/procmail.m4 - cf/ostype/amdahl-uts.m4 - cf/ostype/bsdi2.0.m4 - cf/ostype/hpux10.m4 - cf/ostype/irix5.m4 - cf/ostype/isc4.1.m4 - cf/ostype/ptx2.m4 - cf/ostype/unknown.m4 - contrib/bsdi.mc - contrib/mailprio - contrib/rmail.oldsys.patch - mail.local/mail.local.0 - makemap/makemap.0 - smrsh/README - smrsh/smrsh.0 - smrsh/smrsh.8 - smrsh/smrsh.c - src/Makefiles/Makefile.CSOS - src/Makefiles/Makefile.EWS-UX_V - src/Makefiles/Makefile.HP-UX.10 - src/Makefiles/Makefile.IRIX.5.x - src/Makefiles/Makefile.IRIX64 - src/Makefiles/Makefile.ISC - src/Makefiles/Makefile.KSR - src/Makefiles/Makefile.NEWS-OS.4.x - src/Makefiles/Makefile.NEWS-OS.6.x - src/Makefiles/Makefile.NEXTSTEP - src/Makefiles/Makefile.NonStop-UX - src/Makefiles/Makefile.Paragon - src/Makefiles/Makefile.SCO.3.2v4.2 - src/Makefiles/Makefile.SunOS.5.3 - src/Makefiles/Makefile.SunOS.5.4 - src/Makefiles/Makefile.SunOS.5.5 - src/Makefiles/Makefile.UNIX_SV.4.x.i386 - src/Makefiles/Makefile.uts.systemV - src/Makefiles/Makefile.UX4800 - src/aliases.0 - src/mailq.0 - src/mime.c - src/newaliases.0 - src/sendmail.0 - test/t_seteuid.c - RENAMED FILES: - cf/cf/alpha.mc => cf/cf/s2k-osf1.mc - cf/cf/chez.mc => cf/cf/chez.cs.mc - cf/cf/hpux-cs-exposed.mc => cf/cf/cs-hpux9.mc - cf/cf/osf1-cs-exposed.mc => cf/cf/cs-osf1.mc - cf/cf/s2k.mc => cf/cf/s2k-ultrix4.mc - cf/cf/sunos4.1-cs-exposed.mc => cf/cf/cs-sunos4.1.mc - cf/cf/ultrix4.1-cs-exposed.mc => cf/cf/cs-ultrix4.mc - cf/cf/vangogh.mc => cf/cf/vangogh.cs.mc - cf/domain/Berkeley.m4 => cf/domain/Berkeley.EDU.m4 - cf/domain/cs-exposed.m4 => cf/domain/CS.Berkeley.EDU.m4 - cf/domain/eecs-hidden.m4 => cf/domain/EECS.Berkeley.EDU.m4 - cf/domain/s2k.m4 => cf/domain/S2K.Berkeley.EDU.m4 - cf/ostype/hpux.m4 => cf/ostype/hpux9.m4 - cf/ostype/irix.m4 => cf/ostype/irix4.m4 - cf/ostype/ultrix4.1.m4 => cf/ostype/ultrix4.m4 - src/Makefile.* => src/Makefiles/Makefile.* - src/Makefile.AUX => src/Makefiles/Makefile.A-UX - src/Makefile.BSDI => src/Makefiles/Makefile.BSD-OS - src/Makefile.DGUX => src/Makefiles/Makefile.dgux - src/Makefile.RISCos => src/Makefiles/Makefile.UMIPS - src/Makefile.SunOS.4.0.3 => src/Makefiles/Makefile.SunOS.4.0 - OBSOLETED FILES: - cf/cf/cogsci.mc - cf/cf/cs-exposed.mc - cf/cf/cs-hidden.mc - cf/cf/hpux-cs-hidden.mc - cf/cf/knecht.mc - cf/cf/osf1-cs-hidden.mc - cf/cf/sunos3.5-cs-exposed.mc - cf/cf/sunos3.5-cs-hidden.mc - cf/cf/sunos4.1-cs-hidden.mc - cf/cf/ultrix4.1-cs-hidden.mc - cf/domain/cs-hidden.m4 - contrib/rcpt-streaming - src/Makefiles/Makefile.SunOS.5.x - -8.6.13/8.6.12 1996/01/25 - SECURITY: In some cases it was still possible for an attacker to - insert newlines into a queue file, thus allowing access to - any user (except root). - CONFIG: no changes -- it is not a bug that the configuration - version number is unchanged. - -8.6.12/8.6.12 1995/03/28 - Fix to IDENT code (it was getting the size of the reply buffer - too small, so nothing was ever accepted). Fix from several - people, including Allan Johannesen, Shane Castle of the - Boulder County Information Services, and Jeff Smith of - Warwick University (all arrived within a few hours of - each other!). - Fix a problem that could cause large jobs to run out of - file descriptors on systems that use vfork() rather - than fork(). - -8.6.11/8.6.11 1995/03/08 - The ``possible attack'' message would be logged more often - than necessary if you are using Pine as a user agent. - The wrong host would be reported in the ``possible attack'' - message when attempted from IDENT. - In some cases the syslog buffer could be overflowed when - reporting the ``possible attack'' message. This can - cause denial of service attacks. Truncate the message - to 80 characters to prevent this problem. - When reading the IDENT response a loop is needed around the - read from the network to ensure that you don't get - partial lines. - Password entries without any shell listed (that is, a null - shell) wouldn't match as "ok". Problem noted by - Rob McMahon. - When running BIND 4.9.x a problem could occur because the - _res.options field is initialized differently than it - was historically -- this requires that sendmail call - res_init before it tweaks any bits. - Fix an incompatibility in openxscript() between the file open mode - and the stdio mode passed to fdopen. This caused UnixWare - 2.0 to have conniptions. Fix from Martin Sohnius of - Novell Labs Europe. - Fix problem with static linking of local getopt routine when - using GNU's ld command. Fix from John Kennedy of - Cal State Chico. - It was possible to turn off privacy flags. Problem noted by - *Hobbit*. - Be more paranoid about writing files. Suggestions by *Hobbit* - and Liudvikas Bukys. - MAKEMAP: fixes for 64 bit machines (DEC Alphas in particular) - from Spider Boardman. - CONFIG: No changes (version number only, to keep it in sync - with the binaries). - -8.6.10/8.6.10 1995/02/10 - SECURITY: Diagnose bogus values to some command line flags that - could allow trash to get into headers and qf files. - Validate the name of the user returned by the IDENT protocol. - Some systems that really dislike IDENT send intentionally - bogus information. Problem pointed out by Michael Bushnell - of the Free Software Foundation. Has some security - implications. - Fix a problem causing error messages about DNS problems when - the host name contained a percent sign to act oddly - because it was passed as a printf-style format string. - In some cases this could cause core dumps. - Avoid possible buffer overrun in returntosender() if error - message is quite long. From Fletcher Mattox of the - University of Texas. - Fix a problem that would silently drop "too many hops" error - messages if and only if you were sending to an alias. - From Jon Giltner of the University of Colorado and - Dan Harton of Oak Ridge National Laboratory. - Fix a bug that caused core dumps on some systems if -d11.2 was - set and e->e_message was null. Fix from Bruce Nagel of - Data General. - Fix problem that can still cause df files to be left around - after "hop count exceeded" messages. Fix from Andrew - Chang and Shau-Ping Lo of SunSoft. - Fix a problem that can cause buffer overflows on very long - user names (as might occur if you piped to a program - with a lot of arguments). - Avoid returning an error and re-queueing if the host signature - is null; this can occur on addresses like ``user@.''. - Problem noted by Wesley Craig and the University of - Michigan. - Avoid possible calls to malloc(0) if MCI caching is turned - off. Bug fix from Pierre David of the Laboratoire - Parallelisme, Reseaux, Systemes et Modelisation (PRiSM), - Universite de Versailles - St Quentin, and Jacky - Thibault. - Make a local copy of the line being sent via senttolist() -- in - some cases, buffers could get trashed by map lookups - causing it to do unexpected things. This also simplifies - some of the map code. - CONFIG: No changes (version number only, to keep it in sync - with the binaries). - -8.6.9/8.6.9 1994/04/19 - Do all mail delivery completely disconnected from any terminal. - This provides consistency with daemon delivery and - may have some security implications. - Make sure that malloc doesn't get called with zero size, - since that fails on some systems. Reported by Ed - Hill of the University of Iowa. - Fix multi-line values for $e (SMTP greeting message). Reported - by Mike O'Connor of Ford Motor Company. - Avoid syserr if no NIS domain name is defined, but the map it - is trying to open is optional. From Win Bent of USC. - Changes for picky compilers from Ed Gould of Digital Equipment. - Hesiod support for UDB from Todd Miller of the University of - Colorado. Use "hesiod" as the service name in the U - option. - Fix a problem that failed to set the "authentic" host name (that - is, the one derived from the socket info) if you called - sendmail -bs from inetd. Based on code contributed by - Todd Miller (this problem was also reported by Guy Helmer - of Dakota State University). This also fixes a related - problem reported by Liudvikas Bukys of the University of - Rochester. - Parameterize "nroff -h" in all the Makefiles so people with - variant versions can use them easily. Suggested by - Peter Collinson of Hillside Systems. - SMTP "MAIL" commands with multiple ESMTP parameters required two - spaces between parameters instead of one. Reported by - Valdis Kletnieks of Virginia Tech. - Reduce the number of system calls during message collection by - using global timeouts around the collect() loop. This - code was contributed by Eric Wassenaar. - If the initial hostname name gathering results in a name - without a dot (usually caused by NIS misconfiguration) - and BIND is compiled in, directly access DNS to get - the canonical name. This should make life easier for - Solaris systems. If it still can't be resolved, and - if the name server is listed as "required", try again - in 30 seconds. If that also fails, exit immediately to - avoid bogus "config error: mail loops back to myself" - messages. - Improve the "MAIL DELETED BECAUSE OF LACK OF DISK SPACE" error - message to explain how much space was available and - sound a bit less threatening. Suggested by Stan Janet - of the National Institute of Standards and Technology. - If mail is delivered to an alias that has an owner, deliver any - requested return-receipt immediately, and strip the - Return-Receipt-To: header from the subsequent message. - This prevents a certain class of denial of service - attack, arguably gives more reasonable semantics, and - moves things more towards what will probably become a - network standard. Suggested by Christopher Davis of - Kapor Enterprises. - Add a "noreceipts" privacy flag to turn off all return receipts - without recompiling. - Avoid printing ESMTP parameters as part of the error message - if there are errors during parsing. This change is - purely cosmetic. - Avoid sending out error messages during the collect phase of - SMTP; there is an MVS mailer from UCLA that gets - confused by this. Of course, I think it's their bug.... - Check for the $j macro getting undefined, losing a dot, or getting - lost from $=w in the daemon before accepting a connection; - if it is, it dumps state, prints a LOG_ALERT message, - and drops core for debugging. This is an attempt to - track down a bug that I thought was long since gone. - If you see this, please forward the log fragment to - sendmail@sendmail.ORG. - Change OLD_NEWDB from a #ifdef to a #if so it can be turned off - with -DOLD_NEWDB=0 on the command line. From Christophe - Wolfhugel. - Instead of trying to truncate the listen queue for the server - SMTP port when the load average is too high, just close - the port completely and reopen it later as needed. - This ensures that the other end gets a quick "connection - refused" response, and that the connection can be - recovered later. In particular, some socket emulations - seem to get confused if you tweak the listen queue - size around and can never start listening to connections - again. The down side is that someone could start up - another daemon process in the interim, so you could - have multiple daemons all not listening to connections; - this could in turn cause the sendmail.pid file to be - incorrect. A better approach might be to accept the - connection and give a 421 code, but that could break - other mailers in mysterious ways and have paging behavior - implications. - Fix a glitch in TCP-level debugging that caused flag 16.101 to - set debugging on the wrong socket. From Eric Wassenaar. - When creating a df* temporary file, be sure you truncate any - existing data in the file -- otherwise system crashes - and the like could result in extra data being sent. - DOC: Replace the CHANGES-R5-R8 readme file with a paper in the - doc directory. This includes some additional - information. - CONFIG: change UUCP rules to never add $U! or $k! on the front - of recipient envelope addresses. This should have been - handled by the $&h trick, but broke if people were - mixing domainized and UUCP addresses. They should - probably have converted all the way over to uucp-uudom - instead of uucp-{new,old}, but the failure mode was to - loop the mail, which was bad news. - Portability fixes: - Newer BSDI systems (several people). - Older BSDI systems from Christophe Wolfhugel. - Intergraph CLIX, from Paul Southworth of CICNet. - UnixWare, from Evan Champion. - NetBSD from Adam Glass. - Solaris from Quentin Campbell of the University of - Newcastle upon Tyne. - IRIX from Dean Cookson and Bill Driscoll of Mitre - Corporation. - NCR 3000 from Kevin Darcy of Chrysler Financial Corporation. - SunOS (it has setsid() and setvbuf() calls) from - Jonathan Kamens of OpenVision Technologies. - HP-UX from Tor Lillqvist. - New Files: - src/Makefile.CLIX - src/Makefile.NCR3000 - doc/changes/Makefile - doc/changes/changes.me - doc/changes/changes.ps - -8.6.8/8.6.6 1994/03/21 - SECURITY: it was possible to read any file as root using the - E (error message) option. Reported by Richard Jones; - fixed by Michael Corrigan and Christophe Wolfhugel. - -8.6.7/8.6.6 1994/03/14 - SECURITY: it was possible to get root access by using weird - values to the -d flag. Thanks to Alain Durand of - INRIA for forwarding me the notice from the bugtraq - list. - -8.6.6/8.6.6 1994/03/13 - SECURITY: the ability to give files away on System V-based - systems proved dangerous -- don't run as the owner - of a :include: file on a system that allows giveaways. - Unfortunately, this also applies to determining a - valid shell. - IMPORTANT: Previous versions weren't expiring old connections - in the connection cache for a long time under some - circumstances. This could result in resource exhaustion, - both at your end and at the other end. This checks the - connections for timeouts much more frequently. From - Doug Anderson of NCSC. - Fix a glitch that snuck in that caused programs to be run as - the sender instead of the recipient if the mail was - from a local user to another local user. From - Motonori Nakamura of Kyoto University. - Fix "wildcard" on /etc/shells matching -- instead of looking - for "*", look for "/SENDMAIL/ANY/SHELL/". From - Bryan Costales of ICSI. - Change the method used to declare the "statfs" availability; - instead of HASSTATFS and/or HASUSTAT with a ton of - tweaking in conf.c, there is a single #define called - SFS_TYPE which takes on one of six values (SFS_NONE - for no statfs availability, SFS_USTAT for the ustat(2) - syscall, SFS_4ARGS for a four argument statfs(2) call, - and SFS_VFS, SFS_MOUNT, or SFS_STATFS for a two argument - statfs(2) call with the declarations in <sys/vfs.h>, - <sys/mount.h>, or <sys/statfs.h> respectively). - Fix glitch in NetInfo support that could return garbage if - there was no "/locations/sendmail" property. From - David Meyer of the University of Virginia. - Change HASFLOCK from defined/not-defined to a 0/1 definition - to allow Linux to turn it off even though it is a - BSD-like system. - Allow setting of "ident" timeout to zero to turn off the ident - protocol entirely. - Make 7-bit stripping local to a connection (instead of to a - mailer); this allows you to specify that SMTP is a - 7-bit channel, but revert to 8-bit should it advertise - that it supports 8BITMIME. You still have to specify - mailer flag 7 to get this stripping at all. - Improve makesendmail script so it handles more cases automatically. - Tighten up restrictions on taking ownership of :include: files - to avoid problems on systems that allow you to give away - files. - Fix a problem that made it impossible to rebuild the alias - file if it was on a read-only file system. From - Harry Edmon of the University of Washington. - Improve MX randomization function. From John Gardiner Myers - of CMU. - Fix a minor glitch causing a bogus message to be printed (used - %s instead of %d in a printf string for the line number) - when a bad queue file was read. From Harry Edmon. - Allow $s to remain NULL on locally generated mail. I'm not - sure this is necessary, but a lot of people have complained - about it, and there is a legitimate question as to whether - "localhost" is legal as an 822-style domain. - Fix a problem with very short line lengths (mailer L= flag) in - headers. This causes a leading space to be added onto - continuation lines (including in the body!), and also - tries to wrap headers containing addresses (From:, To:, - etc) intelligently at the shorter line lengths. Problem - Reported by Lars-Johan Liman of SUNET Operations Center. - Log the real user name when logging syserrs, since these can have - security implications. Suggested by several people. - Fix address logging of cached connections -- it used to always - log the numeric address as zero. This is a somewhat - bogus implementation in that it does an extra system - call, but it should be an inexpensive one. Fix from - Motonori Nakamura. - Tighten up handling of short syslog buffers even more -- there - were cases where the outgoing relay= name was too long - to share a line with delay= and mailer= logging. - Limit the overhead on split envelopes to one open file descriptor - per envelope -- previously the overhead was three - descriptors. This was in response to a problem reported - by P{r (Pell) Emanuelsson. - Fixes to better handle the case of unexpected connection closes; - this redirects the output to the transcript so the info - is not lost. From Eric Wassenaar. - Fix potential string overrun if you macro evaluate a string that - has a naked $ at the end. Problem noted by James Matheson - <jmrm@eng.cam.ac.uk>. - Make default error number on $#error messages 553 (``Requested - action not taken: mailbox name not allowed'') instead of - 501 (``Syntax error in parameters or arguments'') to - avoid bogus "protocol error" messages. - Strip off any existing trailing dot on names during $[ ... $] - lookup. This prevents it from ending up with two dots - on the end of dot terminated names. From Wesley Craig - of the University of Michigan and Bryan Costales of ICSI. - Clean up file class reading so that the debugging information is - more informative. It hadn't been using setclass, so you - didn't see the class items being added. - Avoid core dump if you are running a version of sendmail where - NIS is compiled in, and you specify an NIS map, but - NIS is not running. Fix from John Oleynick of - Rutgers. - Diagnose bizarre case where res_search returns a failure value, - but sets h_errno to a success value. - Make sure that "too many hops" messages are considered important - enough to send an error to the Postmaster (that is, the - address specified in the P option). This fix should - help problems that cause the df file to be left around - sometimes -- unfortunately, I can't seem to reproduce - the problem myself. - Avoid core dump (null pointer reference) on EXPN command; this - only occurred if your log level was set to 10 or higher - and the target account was an alias or had a .forward file. - Problem noted by Janne Himanka. - Avoid "denial of service" attacks by someone who is flooding your - SMTP port with bad commands by shutting the connection - after 25 bad commands are issued. From Kyle Jones of - UUNET. - Fix core dump on error messages with very long "to" buffers; - fmtmsg overflows the message buffer. Fixed by trimming - the to address to 203 characters. Problem reported by - John Oleynick. - Fix configuration for HASFLOCK -- there were some spots where - a #ifndef was incorrectly #ifdef. Pointed out by - George Baltz of the University of Maryland. - Fix a typo in savemail() that could cause the error message To: - lists to be incorrect in some places. From Motonori - Nakamura. - Fix a glitch that can cause duplicate error messages on split - envelopes where an address on one of the lists has a - name server failure. Fix from Voradesh Yenbut of the - University of Washington. - Fix possible bogus pointer reference on ESMTP parameters that - don't have an ``=value'' part. - CNAME loops caused an error message to be generated, but also - re-queued the message. Changed to just re-queue the - message (it's really hard to just bounce it because - of the weird way the name server works in the presence - of CNAME loops). Problem noted by James M.R.Matheson - of Cambridge University. - Avoid giving ``warning: foo owned process doing -bs'' messages - if they use ``MAIL FROM:<foo>'' where foo is their true - user name. Suggested by Andreas Stolcke of ICSI. - Change the NAMED_BIND compile flag to be a 0/1 flag so you can - override it easily in the Makefile -- that is, you can - turn it off using -DNAMED_BIND=0. - If a gethostbyname(...) of an address with a trailing dot fails, - try it without the trailing dot. This is because if - you have a version of gethostbyname() that falls back - to NIS or the /etc/hosts file it will fail to find - perfectly reasonable names that just don't happen to - be dot terminated in the hosts file. You don't want to - strip the dot first though because we're trying to ensure - that country names that match one of your subdomains get - a chance. - PRALIASES: fix bogus output on non-null-terminated strings. - From Bill Gianopoulos of Raytheon. - CONFIG: Avoid rewriting anything that matches $w to be $j. - This was in code intended to only catch the self-literal - address (that is, [1.2.3.4], where 1.2.3.4 is your - IP address), but the code was broken. However, it will - still do this if $M is defined; this is necessary to - get client configurations to work (sigh). Note that this - means that $M overrides :mailname entries in the user - database! Problem noted by Paul Southworth. - CONFIG: Fix definition of Solaris help file location. From - Steve Cliffe <steve@gorgon.cs.uow.edu.au>. - CONFIG: Fix bug that broke news.group.USENET mappings. - CONFIG: Allow declaration of SMTP_MAILER_MAX, FAX_MAILER_MAX, - and USENET_MAILER_MAX to tweak the maximum message - size for various mailers. - CONFIG: Change definition of USENET_MAILER_ARGS to include argv[0] - instead of assuming that it is "inews" for consistency - with other mailers. From Michael Corrigan of UC San Diego. - CONFIG: When mail is forwarded to a LOCAL_RELAY or a MAIL_HUB, - qualify the address in the SMTP envelope as user@{relay|hub} - instead of user@$j. From Bill Wisner of The Well. - CONFIG: Fix route-addr syntax in nullrelay configuration set. - CONFIG: Don't turn off case mapping of user names in the local - mailer for IRIX. This was different than most every other - system. - CONFIG: Avoid infinite loops on certainly list:; syntaxes in - envelope. Noted by Thierry Besancon - <besancon@excalibur.ens.fr>. - CONFIG: Don't include -z by default on uux line -- most systems - don't want it set by default. Pointed out by Philippe - Michel of Thomson CSF. - CONFIG: Fix some bugs with mailertables -- for example, if your - host name was foo.bar.ray.com and you matched against - ".ray.com", the old implementation bound %1 to "bar" - instead of "foo.bar". Also, allow "." in the mailertable - to match anything -- essentially, take over SMART_HOST. - This also moves matching of explicit local host names - before the mailertable so they don't have to be special - cased in the mailertable data. Reported by Bill - Gianopoulos of Raytheon; the fix for the %1 binding - problem was contributed by Nicholas Comanos of the - University of Sydney. - CONFIG: Don't include "root" in class $=L (users to deliver - locally, even if a hub or relay exists) by default. - This is because of the known bug where definition of - both a LOCAL_RELAY and a MAIL_HUB causes $=L to ignore - both and deliver into the local mailbox. - CONFIG: Move up bitdomain and uudomain handling so that they - are done before .UUCP class matching; uudomain was - reported as ineffective before. This also frees up - diversion 8 for future use. Problem reported by Kimmo - Suominen. - CONFIG: Don't try to convert dotted IP address (e.g., [1.2.3.4]) - into host names. As pointed out by Jonathan Kamens, - these are often used because either the forward or reverse - mapping is broken; this translation makes it broken again. - DOC: Clarify $@ and $: in the Install & Op Guide. From Kimmo - Suominen. - Portability fixes: - Unicos from David L. Kensiski of Sterling Software. - DomainOS from Don Lewis of Silicon Systems. - GNU m4 1.0.3 from Karst Koymans of Utrecht University. - Convex from Kimmo Suominen <kim@tac.nyc.ny.us>. - NetBSD from Adam Glass <glass@sun-lamp.cs.berkeley.edu>. - BSD/386 from Tony Sanders of BSDI. - Apollo from Eric Wassenaar. - DGUX from Doug Anderson. - Sequent DYNIX/ptx 2.0 from Tim Wright of Sequent. - NEW FILES: - src/Makefile.DomainOS - src/Makefile.PTX - src/Makefile.SunOS.5.1 - src/Makefile.SunOS.5.2 - src/Makefile.SunOS.5.x - src/mailq.1 - cf/ostype/domainos.m4 - doc/op/Makefile - doc/intro/Makefile - doc/usenix/Makefile - -8.6.5/8.6.5 1994/01/13 - Security fix: /.forward could be owned by anyone (the test - to allow root to own any file was backwards). From - Bob Campbell at U.C. Berkeley. - Security fix: group ids were not completely set when programs - were invoked. This caused programs to have group - permissions they should not have had (usually group - daemon instead of their own group). In particular, - Perl scripts would refuse to run. - Security: check to make sure files that are written are not - symbolic links (at least under some circumstances). - Although this does not respond to a specific known - attack, it's just a good idea. Suggested by - Christian Wettergren. - Security fix: if a user had an NFS mounted home directory on - a system with a restricted shell listed in their - /etc/passwd entry, they could still execute any - program by putting that in their .forward file. - This fix prevents that by insisting that their shell - appear in /etc/shells before allowing a .forward to - execute a program or write a file. You can disable - this by putting "*" in /etc/shells. It also won't - permit world-writable :include: files to reference - programs or files (there's no way to disable this). - These behaviors are only one level deep -- for - example, it is legal for a world-writable :include: - file to reference an alias that writes a file, on - the assumption that the alias file is well controlled. - Security fix: root was not treated suspiciously enough when - looking into subdirectories. This would potentially - allow a cracker to examine files that were publicly - readable but in a non-publicly searchable directory. - Fix a problem that causes an error on QUIT on a cached - connection to create problems on the current job. - These are typically unrelated, so errors occur in - the wrong place. - Reset CurrentLA in sendall() -- this makes sendmail queue - runs more responsive to load average, and fixes a - problem that ignored the load average in locally - generated mail. From Eric Wassenaar. - Fix possible core dump on aliases with null LHS. From - John Orthoefer of BB&N. - Revert to using flock() whenever possible -- there are just - too many bugs in fcntl() locking, particularly over - NFS, that cause sendmail to fail in perverse ways. - Fix a bug that causes the connection cache to get confused - when sending error messages. This resulted in - "unexpected close" messages. It should fix itself - on the following queue run. Problem noted by - Liudvikas Bukys of the University of Rochester. - Include $k in $=k as documented in the Install & Op Guide. - This seems odd, but it was documented.... From - Michael Corrigan of UCSD. - Fix problem that caused :include:s from alias files to be - forced to be owned by root instead of daemon - (actually DefUid). From Tim Irvin. - Diagnose unrecognized I option values -- from Mortin Forssen - of the Chalmers University of Technology. - Make "error" mailer work consistently when there is no error - code associated with it -- previously it returned OK - even though there was a real problem. Now it assumes - EX_UNAVAILABLE. - Fix bug that caused the last header line of messages that had - no body and which were terminated with EOF instead of - "." to be discarded. Problem noted by Liudvikas Bukys. - Fix core dump on SMTP mail to programs that failed -- it tried - to go to a "next MX host" when none existed, causing - a core dump. From der Mouse at McGill University. - Change IDENTPROTO from a defined/not defined to a 0/1 switch; - this makes it easier to turn it off (using - -DIDENTPROTO=0 in the Makefile). From der Mouse. - Fix YP_MASTER_NAME store to use the unupdated result of - gethostname() (instead of myhostname(), which tries - to fully qualify the name) to be consistent with - SunOS. If your hostname is unqualified, this fixes - transfers to slave servers. Bug noted by Keith - McMillan of Ameritech Services, Inc. - Fix Ultrix problem: gethostbyname() can return a very large - (> 500) h_length field, which causes the sockaddr - to be trashed. Use the size of the sockaddr instead. - Fix from Bob Manson of Ohio State. - Don't assume "-a." on host lookups if NAMED_BIND is not - defined -- this confuses gethostbyname on hosts - file lookups, which doesn't understand the trailing - dot convention. - Log SMTP server subprocesses that die with a signal instead - of from a clean exit. - If you don't have option "I" set, don't assume that a DNS - "host unknown" message is authoritative -- it - might still be found in /etc/hosts. - Fix a problem that would cause Deferred: messages to be sent - as the subject of an error message, even though the - actual cause of a message was more severe than that. - Problem noted by Chris Seabrook of OSSI. - Fix race condition in DBM alias file locking. From Kyle - Jones of UUNET. - Limit delivery syslog line length to avoid bugs in some - versions of syslog(3). This adds a new compile time - variable SYSLOG_BUFSIZE. From Jay Plett of Princeton - University, which is in turn derived from IDA. - Fix quotes inside of comments in addresses -- previously - it insisted that they be balanced, but the 822 spec - says that they should be ignored. - Dump open file state to syslog upon receiving SIGUSR1 (for - debugging). This also evaluates ruleset 89, if set - (with the null input), and logs the result. This - should be used sparingly, since the rewrite process - is not reentrant. - Change -qI, -qR, and -qS flags to be case-insensitive as - documented in the Bat Book. - If the mailer returned EX_IOERR or EX_OSERR, sendmail did not - return an error message and did not requeue the message. - Fix based on code from Roland Dirlewanger of - Reseau Regional Aquarel, Bordeaux, France. - Fix a problem that caused a seg fault if you got a 421 error - code during some parts of connection initialization. - I've only seen this when talking to buggy mailers on - the other end, but it shouldn't give a seg fault in - any case. From Amir Plivatsky. - Fix core dump caused by a ruleset call that returns null. - Fix from Bryan Costales of ICSI. - Full-Name: field was being ignored. Fix from Motonori Nakamura - of Kyoto University. - Fix a possible problem with very long input lines in setproctitle. - From P{r Emanuelsson. - Avoid putting "This is a warning message" out on return receipts. - Suggested by Douglas Anderson. - Detect loops caused by recursive ruleset calls. Suggested by - Bryan Costales. - Initialize non-alias maps during alias rebuilds -- they may be - needed for parsing. Problem noted by Douglas Anderson. - Log sender address even if no message was collected in SMTP - (e.g., if all RCPTs failed). Suggested by Motonori - Nakamura. - Don't reflect the owner-list contents into the envelope sender - address if the value contains ", :, /, or | (to avoid - illegal addresses appearing there). - Efficiency hack for toktype macro -- from Craig Partridge of - BB&N. - Clean up DNS error printing so that a host name is always - included. - Remember to set $i during queue runs. Reported by Stephen - Campbell of Dartmouth University. - If the environment variable HOSTALIASES is set, use it during - canonification as the name of a file with per-user host - translations so that headers are properly mapped. Reported - by Anne Bennett of Concordia University. - Avoid printing misleading error message if SMTP mailer (not - using [IPC]) should die on a core dump. - Avoid incorrect diagnosis of "file 1 closed" when it is caused - by the other end closing the connection. From - Dave Morrison of Oracle. - Improve several of the error messages printed by "mailq" - to include a host name or other useful information. - Add NetInfo preliminary support for NeXT systems. From Vince - DeMarco. - Fix a glitch that sometimes caused :include:s that pointed to - NFS filesystems that were down to give an "aliasing/ - forwarding loop broken" message instead of queueing - the message for retry. Noted by William C Fenner of - the NRL Connection Machine Facility. - Fix a problem that could cause a core dump if the input sequence - had (or somehow acquired) a \231 character. - Make sure that route-addrs always have <angle brackets> around - them in non-SMTP envelopes (SMTP envelopes already do - this properly). - Avoid weird headers on unbalanced punctuation of the form: - ``Joe User <user)'' -- this caused reference to the - null macro. Fix from Rick McCarty of IO.COM. - Fix a problem that caused an alias "user: user@local.host" to - not have the QNOTREMOTE bit set; this caused configs - to act as if FEATURE(notsticky) was defined even when - it was not. The effect of the problem was to make it - very hard to to set up satellite sites that had a few - local accounts, with everything else forwarded to a - corporate hub. Reported by Detlef Drewanz of the - University of Rostock and Mark Frost of NCD. - Change queuing to not call rulesets 3, {1 or 2}, 4 on header - addresses. This is more efficient (fewer name server - calls) and fixes certain unusual configurations, such - as those that have ruleset 4 do something that is - non-idempotent unless a mailer-specific ruleset did - something else. Problem reported by Brian J. Coan - of the Institute for Global Communications. - Fix the "obsolete argument" routine in main to better understand - new arguments. For example, if you used ``sendmail - -C config -v -q'' it would choke on the -q because - the -C would stop looking for old-format arguments. - Fix the code that was intended to allow two users to forward their - mail to the same program and have them appear unique. - Portability fixes for: - SCO UNIX from Murray Kucherawy. - SCO Open Server 3.2v4 from Philippe Brand. - System V Release 4 from Rick Ellis and others. - OSF/1 from Steve Campbell. - DG/UX from Ben Mesander of the USGS and Bryan Curnutt - of Stoner Associates. - Motorola SysV88 from Kevin Johnson of Motorola. - Solaris 2.3 from Casper H.S. Dik of the University - of Amsterdam and John Caruso of University - of Maryland. - FreeBSD from Ollivier Robert. - NetBSD from Adam Glass. - TitanOS from Kate Hedstrom of Rutgers University. - Irix from Bryan Curnutt. - Dynix from Jim Davis of the University of Arizona. - RISC/os. - Linux from John Kennedy of California State University - at Chico. - Solaris 2.x from Tony Boner of the U.S. Air Force. - NEXTSTEP 3.x from Vince DeMarco. - HP-UX from various people. NOTA BENE: the location - of the config file has moved to /usr/lib - to match the HP-UX version of sendmail. - CONFIG: Don't do any recipient rewriting on relay mailer; - since this is intended only for internal use, the - usual RFC 821/822/1123 rules can be relaxed. The - main point of this is to avoid munging (ugh) UUCP - addresses when relaying internally. - CONFIG: fix typo in mailer/uucp.m4 that mutilates list:; - syntax addresses delivered via UUCP. Solution - provided by Peter Wemm. - CONFIG: fix thumb-fumble in default UUCP relaying in ruleset - zero; it caused double @ signs in addresses. From - Irving Reid of the University of Toronto. - CONFIG: Portability fixes for SCO Unix 3.2 with TCP/IP 1.2.1 - from Markku Toijala of ICL Personal Systems Oy. - CONFIG: Add trailing "." on pseudo-domains for consistency; - this fixes a problem (noted by Al Whaley of Sunnyside) - that made it hard to recognize your own pseudodomain - names. - CONFIG: catch "@host" syntax errors (i.e., null local-parts) - rather than letting them get "local configuration - error"s. Problem noted by John Gardiner Myers. - CONFIG: add uucp-uudom mailer variant, based on code posted - by Spider Boardman <spider@Orb.Nashua.NH.US>; this - has uucp-dom semantics but old UUCP syntax. This - also permits "uucp-old" as an alias for "uucp" and - "uucp-new" as a synonym for "suucp" for consistency. - CONFIG: add POP mailer support (from Kimmo Suominen - <kim@grendel.lut.fi>). - CONFIG: drop CSNET_RELAY support -- CSNET is long gone. - CONFIG: fix bug caused with domain literal addresses (e.g., - ``[128.32.131.12]'') when FEATURE(allmasquerade) - was set; it would get an additional @masquerade.host - added to the address. Problem noted by Peter Wan - of Georgia Tech. - CONFIG: make sure that the local UUCP name is in $=w. From - Jim Murray of Stratus. - CONFIG: changes to UUCP rewriting to simulate IDA-style "V" - mailer flag. Briefly, if you are sending to host - "foo", then it rewrites "foo!...!baz" to "...!baz", - "foo!baz" remains "foo!baz", and anything else has - the local name prepended. - CONFIG: portability fixes for HP-UX. - DOC: several minor problems fixed in the Install & Op Guide. - MAKEMAP: fix core dump problem on lines that are too long or - which lack newline. From Mark Delany. - MAILSTATS: print sums of columns (total messages & kbytes - in and out of the system). From Tom Ferrin of UC - San Francisco Computer Graphics Lab. - SIGNIFICANT USER- OR SYSAD-VISIBLE CHANGES: - On HP-UX, /etc/sendmail.cf has been moved to - /usr/lib/sendmail.cf to match HP sendmail. - Permissions have been tightened up on world-writable - :include: files and accounts that have shells - that are not listed in /etc/shells. This may - cause some .forward files that have worked - before to start failing. - SIGUSR1 dumps some state to the log. - NEW FILES: - src/Makefile.DGUX - src/Makefile.Dynix - src/Makefile.FreeBSD - src/Makefile.Mach386 - src/Makefile.NetBSD - src/Makefile.RISCos - src/Makefile.SCO - src/Makefile.SVR4 - src/Makefile.Titan - cf/mailer/pop.m4 - cf/ostype/bsdi1.0.m4 - cf/ostype/dgux.m4 - cf/ostype/dynix3.2.m4 - cf/ostype/sco3.2.m4 - makemap/Makefile.dist - praliases/Makefile.dist - -8.6.4/8.6.4 1993/10/31 - Repair core-dump problem (write to read-only memory segment) - if you fall back to the return-to-Postmaster case in - savemail. Problem reported by Richard Liu. - Immediately diagnose bogus sender addresses in SMTP. This - makes quite certain that crackers can't use this - class of attack. - Reliability Fix: check return value from fclose() and fsync() - in a few critical places. - Minor problem in initsys() that reversed a condition for - redirecting the output channel on queue runs. It's - not clear this code even does anything. From Eric - Wassenaar of the Dutch National Institute for Nuclear - and High-Energy Physics. - Fix some problems that caused queue runs to do "too much work", - such as double-reading the Errors-To: header. From - Eric Wassenaar. - Error messages on writing the temporary file (including the - data file) were getting suppressed in SMTP -- this - fix causes them to be properly reported. From Eric - Wassenaar. - Some changes to support AF_UNIX sockets -- this will only - really become relevant in the next release, but some - people need it for local patches. From Michael - Corrigan of UC San Diego. - Use dynamically allocated memory (instead of static buffers) - for macros defined in initsys() and settime(); since - these can have different values depending on which - envelope they are in. From Eric Wassenaar. - Improve logging to show ctladdr on to= logging; this tells you - what uid/gid processes ran as. - Fix a problem that caused error messages to be discarded if - the sender address was unparseable for some reason; - this was supposed to fall back to the "return to - postmaster" case. - Improve aliaswait backoff algorithm. - Portability patches for Linux (8.6.3 required another header - file) (from Karl London) and SCO UNIX. - CONFIG: patch prog mailer to not strip host name off of envelope - addresses (so that it matches local again). From - Christopher Davis. - CONFIG: change uucp-dom mailer so that "<>" translates to $n; - this prevents uux from seeing lines with null names like - ``From Sat Oct 30 14:55:31 1993''. From Motonori - Nakamura of Kyoto University. - CONFIG: handle <list:;> syntax correctly. This isn't legal, but - it shouldn't fail miserably. From Motonori Nakamura. - -8.6.2/8.6.2 1993/10/15 - Put a "successful delivery" message in the transcript for - addresses that get return-receipts. - Put a prominent "this is only a warning" message in warning - messages -- some people don't read carefully enough - and end up sending the message several times. - Include reason for temporary failure in the "warning" return - message. Currently, it just says "cannot send for - four hours". - Fix the "Original message received" time generated for - returntosender messages. It was previously listed as - the current time. Bug reported by Eric Hagberg of - Cornell University Medical College. - If there is an error when writing the body of a message, - don't send the trailing dot and wait for a response - in sender SMTP, as this could cause the connection to - hang up under some bizarre circumstances. From Eric - Wassenaar. - Fix some server SMTP synchronization problems caused when - connections fail during message collection. From - Eric Wassenaar. - Fix a problem that can cause srvrsmtp to reject mail if the - name server is down -- it accepts the RCPT but rejects - the DATA command. Problem reported by Jim Murray of - Stratus. - Fix a problem that can cause core dumps if the config file - incorrectly resolves to a null hostname. Reported by - Allan Johannesen of WPI. - Non-root use of -C flag, dangerous -f flags, and use of -oQ - by non-root users were not put into - X-Authentication-Warning:s as intended because the - config file hadn't set the PrivacyOptions yet. Fix - from Sven-Ove Westberg of the University of Lulea. - Under very odd circumstances, the alias file rebuild code - could get confused as to whether a database was - open or not. - Check "vendor code" on the end of V lines -- this is - intended to provide a hook for vendor-specific - configuration syntax. (This is a "new feature", - but I've made an exception to my rule in a belief - that this is a highly exceptional case.) - Portability fixes for DG/UX (from Douglas Anderson of NCSC), - SCO Unix (from Murray Kucherawy), A/UX, and OSF/1 - (from Jon Forrest of UC Berkeley) - CONFIG: fix ``mailer:host'' form of UUCP relay naming. - -8.6.1/8.6 1993/10/08 - Portability fixes for A/UX and Encore UMAX V. - Fix error message handling -- if you had a name server down - causing an error during parsing, that message was never - propagated to the queue file. - -8.6/8.6 1993/10/05 - Configuration cleanup: make it easier to undo IDENTPROTO in - conf.h (other systems have the same bug). - If HASGETDTABLESIZE and _SC_OPEN_MAX are both defined, assume - getdtablesize() instead of sysconf(); a disturbingly - large number of systems defined _SC_OPEN_MAX in the - header files but don't have the syscall. - Another patch to really truly ignore MX records in getcanonname - if trymx == FALSE. - Fix problem that caused the "250 IAA25499 Message accepted for - delivery" message to be omitted if there was an error - in the header of the message (e.g., a bad Errors-To: - line). Pointed out by Michael Corrigan of UCSD. - Announce name of host we are chatting when we get errors; this - is an IDA-ism suggested by Christophe Wolfhugel. - Portability fixes for Alpha OSF/1 (from Anthony Baxter of the - Australian Artificial Intelligence Institute), SCO Unix - (from Murray Kucherawy of Hookup Communication Corp.), - NeXT (from Vince DeMarco and myself), Linux (from - Karl London <karl@borg.demon.co.uk>), BSDI (from - Christophe Wolfhugel, and SVR4 on Dell (from Kimmo - Suominen), AUX 3.0 on Macintosh, and ANSI C compilers. - Some changes to get around gcc optimizer bugs. From Takahiro - Kanbe. - Fix error recovery in queueup if another tf file of the same - name already exists. Problem stumbled over by Bill - Wisner of The Well. - Output YP_MASTER_NAME and YP_LAST_MODIFIED without null bytes. - Problem noted by Keith McMillan of Ameritech Services. - Deal with group permissions properly when opening .forward and - :include: files. This relaxes the 8.1C restrictions - slightly more. This includes proper setting of groups - when reading :include: files, allowing you to read some - files that you should be able to read but have previously - been denied unless you owned them or they had "other" - read permission. - Make certain that $j is in $=w (after the .cf is read) so that - if the user is forced to override some silly system, - MX suppression will still work. - Fix a couple of efficiency problems where newstr was double- - calling expensive routines. In at least one case, it - wasn't guaranteed that they would always return the - same result. Problem noted by Christophe Wolfhugel. - Fix null pointer dereference in putoutmsg -- only on an error - condition from a non-SMTP mailer. From Motonori - Nakamura. - Macro expand "C" line class definitions before scanning so that - "CX $Z" works. - Fix problem that caused error message to be sent while still - trying to send the original message if the connection - is closed during a DATA command after getting an error - on an RCPT command (pretty obscure). Problem reported - by John Myers of CMU. - Fix reply to NOOP to be 250 instead of 200 -- this is a long - term bug. - Fix a nasty bug causing core dumps when returning the "warning: - cannot deliver for N hours -- will keep trying" message; - it only occurred if you had PostmasterCopy set and - only on some architectures. Although sendmail would - keep trying, it would send error messages on each - queue interval. This is an important fix. - Allow u and g options to take user and group names respectively. - Don't do a chdir into the queue directory in -bt mode to make - ruleset testing a bit easier. - Don't allow users to turn off logging (using -oL) on the command - line -- command line can only raise, not lower, logging - level. - Set $u to the original recipient on the SMTP transaction or on - the command line. This is only done if there is exactly - one recipient. Technically, this does not meet the - specs, because it does not guarantee a domain on the - address. - Fix a problem that dumped error messages on bad addresses if - you used the -t flag. Problem noted by Josh Smith of - Harvey Mudd College. - Given an address such as ``<foo> <bar>'', auto-quote the first - ``<foo>'' part, giving ``"<foo>" <bar>''. This is to - avoid the problem of people who use angle brackets in - their full name information. - Fix a null pointer dereference if you set option "l", have - an Errors-To: header in the message, and have Errors-To: - defined in the config file H lines. From J.R. Oldroyd. - Put YPCOMPAT on #ifdef NIS instead -- it's one less thing to get - wrong when compiling. Suggested by Rick McCarty of TI. - Fix a problem that could pass negative SIZE parameter if the - df file got lost; this would cause servers to always - give a temporary failure, making the problem even worse. - Problem noted by Allan Johannesen of WPI. - Add "ident" timeout (one of the "r" option selectors) for IDENT - protocol timeouts (30s default). Requested by Murray - Kucherawy of HookUp Communication Corp. to handle bogus - PC TCP/IP implementations. - Change $w default definition to be just the first component of - the domain name on config level 5. The $j macro defaults - to the FQDN; $m remains as before. This lets well-behaved - config files use any of the short, long, or subdomain - names. - Add makesendmail script in src to try to automate multi-architecture - builds. I know, this is sub-optimal, but it is still - helpful. - Fix very obscure race condition that can cause a queue run to - get a queue file for an already completed job. This - problem has existed for years. Problem noted by the - long suffering Allan Johannesen of WPI. - Fix a problem that caused the raw sender name to be passed to - udbsender instead of the canonified name -- this caused - it to sometimes miss records that it should have found. - Relax check of name on HELO packet so that a program using -bs - that claims to be itself works properly. - Restore rewriting of $: part of address through 2, R, 4 in - buildaddr -- this requires passing a lot of flags to get - it right. Unlike old versions, this ONLY rewrites - recipient addresses, not sender addresses. - Fix a bug that caused core dumps in config files that cannot - resolve /file/name style addresses. Fix from Jonathan - Kamens of OpenVision Technologies. - Fix problem with fcntl locking that can cause error returns to - be lost if the lock is lost; this required fully - queueing everything, dropping the envelope (so errors - would get returned), and then re-reading the queue from - scratch. - Fix a problem that caused aliases that redefine an otherwise - true address to still send to the original address - if and only if the alias failed in certain bizarre - ways (e.g, if they pointed at a list:; syntax address). - Problem pointed out by Jonathan Kamens. - Remove support for frozen configuration files. They caused - more trouble than it was worth. - Fix problem that can cause error messages to get ignored when - using both -odb and -t flags. Problem noted by Rob - McNicholas at U.C. Berkeley. - Include all "normal" variations on hostname in $=w. For example, - if the host name is vangogh.cs.berkeley.edu, $=w will - contain vangogh, vangogh.cs, and vangogh.cs.berkeley.edu. - Add "restrictqrun" privacy flag -- without this, anyone can run - the queue. - Reset SmtpPhase global on initial connection creation so that - messages don't come out with stale information. - Pass an "ext" argument to lockfile so that error/log messages - will properly reflect the true filename being locked. - Put all [...] address forms into $=w -- this eliminates the need - for MAXIPADDR in conf.h. Suggested by John Gardiner - Myers of CMU. - Fix a bug that can cause qf files to be left around even after - an SMTP RSET command. Problem and fix from Michael - Corrigan. - Don't send a PostmasterCopy to errors when the Precedence: is - negative. Error reports still go to the envelope - sender address. - Add LA_SHORT for load averages. - Lock sendmail.st file when posting statistics. - Add "SendBufSize" and "RcvBufSize" suboptions to "O" option to - set the size of the TCP send and receive buffers; if you - run over a slow slip line you may need to set these down - (although it would be better to fix the SLIP implementation - so that it's not necessary to recompile every program - that does bulk data transfer). - Allow null defaults on $( ... $) lookups. Problem reported by - Amir Plivatsky. - Diagnose crufty S and V config lines. This resulted from an - observation that some people were using the SITE macro - without the SITECONFIG macro first, which was causing - bogus config files that were not caught. - Fix makemap -f flag to turn off case folding (it was turning it - on instead). THIS IS A USER VISIBLE CHANGE!!! - Fix a problem that caused multiple error messages to be sent if - you used "sendmail -t -oem -odb", your system uses fcntl - locking, and one of the recipient addresses is unknown. - Reset uid earlier in include() so that recursive .forwards or - :include:s don't use the wrong uid. - If file descriptor 0, 1, or 2 was closed when sendmail was - called, the code to recover the descriptor was broken. - This sometimes (only sometimes) caused problems with the - alias file. Fix from Motonori Nakamura. - Fix a problem that caused aliaswait to go into infinite recursion - if the @:@ metasymbol wasn't found in the alias file. - Improve error message on newaliases if database files cannot be - opened or if running with no database format defined. - Do a better estimation of the size of error messages when NoReturn - is set. Problem noted by P{r (Pell) Emanuelsson. - Fix a problem causing the "c" option (don't connect to expensive - mailers) to be ignored in SMTP. Problem noted and the - solution suggested by Robert Elz of The University of - Melbourne. - Improve connection caching algorithm by passing "[host]" to - hostsignature, which strips the square brackets and - returns the real name. This allows mailertable entries - to match regular entries. - Re-enable Return-Receipt-To: -- people seem to want this stupid - feature, even if it doesn't work right. - Catch and log attempts to try the "wiz" command in server SMTP. - This also ups the log level from LOG_NOTICE to LOG_CRIT. - Be more generous at assigning $z to the home directory -- do this - for programs that are specified through a .forward file. - Fix from Andrew Chang of Sun Microsystems. - Always save a fatal error message in preference to a non-fatal - error message so that the "subject" line of return - messages is the best possible. - CONFIG: reduce the number of quotes needed to quote configuration - parameters with commas: two quotes should work now, e.g., - define(ALIAS_FILE, ``/etc/aliases,/etc/aliases.local''). - CONFIG: class $=Z is a set of UUCP hosts that use uucp-dom - connections (domain-ized UUCP). - CONFIG: fix bug in default maps (-o must be before database file - name). Pointed out by Christophe Wolfhugel. - CONFIG: add FEATURE(nodns) to state that we are not relying on - DNS. This would presumably be used in UUCP islands. - CONFIG: add OSTYPE(nextstep) and OSTYPE(linux). - CONFIG: log $u in Received: line. This is in technical violation - of the standards, since it doesn't guarantee a domain - on the address. - CONFIG: don't assume "m" in local mailer flags -- this means that - if you redefine LOCAL_MAILER_FLAGS you will have to include - the "m" flag should you want it. Apparently some Solaris 2.2 - installations can't handle multiple local recipients. - Problem noted by Josh Smith. - CONFIG: add confDOMAIN_NAME to set $j (if undefined, $j defaults). - CONFIG: change default version level from 4 to 5. - CONFIG: add FEATURE(nullclient) to create a config file that - forwards all mail to a hub without ever looking at the - addresses in any detail. - CONFIG: properly strip mailer: information off of relays when - used to change .BITNET form into %-hack form. - CONFIG: fix a problem that caused infinite loops if presented - with an address such as "!foo". - CONFIG: check for self literal (e.g., [128.32.131.12]) even if - the reverse "PTR" mapping is broken. There's a better - way to do this, but the change is fairly major and I - want to hold it for another release. Problem noted by - Bret Marquis. - -8.5/8.5 1993/07/23 - Serious bug: if you used a command line recipient that was unknown - sendmail would not send a return message (it was treating - everything as though it had an SMTP-style client that - would do the return itself). Problem noted by Josh Smith. - Change "trymx" option in getcanonname() to ignore all MX data, - even during a T_ANY query. This actually didn't break - anything, because the only time you called getcanonname - with !trymx was if you already knew there were no MX - records, but it is somewhat cleaner. From Motonori - Nakamura. - Don't call getcanonname from getmxrr if you already know there - are no DNS records matching the name. - Fix a problem causing error messages to always include "The - original message was received ... from localhost". - The correct original host information is now included. - Previous change to cf/sh/makeinfo.sh doesn't port to Ultrix (their - version of "test" doesn't have the -x flag). Change it - to use -f instead. From John Myers. - CONFIG: 8.4 mistakenly set the default SMTP-style mailer to - esmtp -- it should be smtp. - CONFIG: send all relayed mail using confRELAY_MAILER (defaults - to "relay" (a variant of "smtp") if MAILER(smtp) is used, - else "suucp" if MAILER(uucp) is used, else "unknown"); - this cleans up the configs somewhat. This fixes a serious - problem that caused route-addrs to get mistaken as relays, - pointed out by John Myers. WARNING: this also causes - the default on SMART_HOST to change from "suucp" to - "relay" if you have MAILER(smtp) specified. - -8.4/8.4 1993/07/22 - Add option `w'. If you receive a message that comes to you because - you are the best (lowest preference) target of an MX, and - you haven't explicitly recognized the source MX host in - your .cf file, this option will cause you to try the target - host directly (as if there were no MX for it at all). If - `w' is not set, this case is a configuration error. - Beware: if `w' is set, senders may get bogus errors like - "message timed out" or "host unknown" for problems that - are really configuration errors. This option is - disrecommended, provided only for compatibility with - UIUC sendmail. - Fix a problem that caused the incoming socket to be left open - when sendmail forks after the DATA command. This caused - calling systems to wait in FIN_WAIT_2 state until the - entire list was processed and the child closed -- a - potentially prodigious amount of time. Problem noted - by Neil Rickert. - Fix problem (created in 6.64) that caused mail sent to multiple - addresses, one of which was a bad address, to completely - suppress the sending of the message. This changes - handling of EF_FATALERRS somewhat, and adds an - EF_GLOBALERRS flag. This also fixes a potential problem - with duplicate error messages if there is a syntax error - in the header of a message that isn't noticed until late - in processing. Original problem pointed out by Josh Smith - of Harvey Mudd College. This release includes quite a bit - of dickering with error handling (see below). - Back out SMTP transaction if MAIL gets nested 501 error. This - will only hurt already-broken software and should help - humans. - Fix a problem that broke aliases when neither NDBM nor NEWDB were - compiled in. It would never read the alias file. - Repair unbalanced `)' and `>' (the "open" versions are already - repaired). - Logging of "done" in dropenvelope() was incorrect: it would - log this even when the queue file still existed. Change - this to only log "done" (at log level 11) when the - queue file is actually removed. From John Myers. - Log "lost connection" in server SMTP at log level 20 if there - is no pending transaction. Some senders just close the - connection rather than sending QUIT. - Fix a bug causing getmxrr to add a dot to the end of unqualified - domains that do not have MX records -- this would cause - the subsequent host name lookup to fail. The problem - only occurred if you had FEATURE(nocanonify) set. - Problem noted by Rick McCarty of Texas Instruments. - Fix invocation of setvbuf when passed a -X flag -- I had - unwittingly used an ANSI C extension, and this caused - core dumps on some machines. - Diagnose self-destructive alias loops on RCPT as well as EXPN. - Previously it just gave an empty send queue, which - then gave either "Need RCPT (recipient)" at the DATA - (confusing, since you had given an RCPT command which - returned 250) or just dropped the email, depending on - whether you were running VERBose mode. Now it usually - diagnoses this case as "aliasing/forwarding loop broken". - Unfortunately, it still doesn't adequately diagnose - some true error conditions. - Add internal concept of "warning messages" using 6xx codes. - These are not reported only to Postmaster. Unbalanced - parens, brackets, and quotes are printed as 653 codes. - They are always mapped to 5xx codes before use in SMTP. - Clean up error messages to tell both the actual address that - failed and the alias they arose from. This makes it - somewhat easier to diagnose problems. Difficulty noted - by Motonori Nakamura. - Fix a problem that inappropriately added a ctladdr to addresses - that shouldn't have had one during a queue run. This - caused error messages to be handled differently during - a queue run than a direct run. - Don't print the qf name and line number if you get errors during - the direct run of the queue from srvrsmtp -- this was - just extra stuff for users to crawl through. - Put command line flags on second line of pid file so you can - auto-restart the daemon with all appropriate arguments. - Use "kill `head -1 /etc/sendmail.pid`" to stop the - daemon, and "eval `tail -1 /etc/sendmail.pid`" to - restart it. - Remove the ``setuid(getuid())'' in main -- this caused the - IDENT daemon to screw up. This required that I change - HASSETEUID to HASSETREUID and complicate the mode - changing somewhat because both Ultrix and SunOS seem - to have a bug causing seteuid() to set the saved uid - as well as the effective. The program test/t_setreuid.c - will test to see if your implementation of setreuid(2) - is appropriately functional. - The FallBackMX (option V) handling failed to properly identify - fallback to yourself -- most of the code was there, - but it wasn't being enabled. Problem noted by Murray - Kucherawy of the University of Waterloo. - Change :include: open timeout from ETIMEDOUT to an internal - code EOPENTIMEOUT; this avoids adding "during SmtpPhase - with CurHostName" in error messages, which can be - confusing. Reported by Jonathan Kamens of OpenVision - Technologies. - Back out setpgrp (setpgid on POSIX systems) call to reset the - process group id. The original fix was to get around - some problems with recalcitrant MUAs, but it breaks - any call from a shell that creates a process group id - different from the process id. I could try to fix - this by diddling the tty owner (using tcsetpgrp or - equivalent) but this is too likely to break other - things. - Portability changes: - Support -M as equivalent to -oM on Ultrix -- apparently - DECnet calls sendmail with -MrDECnet -Ms<HOST> -bs - instead of using standard flags. Oh joy. This - behavior reported by Jon Giltner of University - of Colorado. - SGI IRIX -- this includes several changes that should - help other strict ANSI compilers. - SCO Unix -- from Murray Kucherawy of HookUp Communication - Corporation. - Solaris running the Sun C compiler (which despite the - documentation apparently doesn't define - __STDC__ by default). - ConvexOS from Eric Schnoebelen of Convex. - Sony NEWS workstations and Omron LUNA workstations from - Motonori Nakamura. - CONFIG: add confTRY_NULL_MX_LIST to set option `w'. - CONFIG: delete `C' and `e' from default SMTP mailers flags; - several people have made a good argument that this - creates more problems than it solves (although this - may prove painful in the short run). - CONFIG: generalize all the relays to accept a "mailer:host" - format. - CONFIG: move local processing in ruleset 0 into a new ruleset - 98 (8 on old sendmail). Domain literal [a.b.c.d] - addresses are also passed through this ruleset. - CONFIG: if neither SMART_HOST nor MAILER(smtp) were defined, - internet-style addresses would "fall off the end" of - ruleset zero and be interpreted as local -- however, - the angle brackets confused the recursive call. - These are now diagnosed as "Unrecognized host name". - CONFIG: USENET rules weren't included in S0 because of a mistaken - ifdef(`_MAILER_USENET_') instead of - ifdef(`_MAILER_usenet_'). Problem found by Rein Tollevik - of SINTEF RUNIT, Oslo. - CONFIG: move up LOCAL_RULE_0 processing so that it happens very - early in ruleset 0; this allows .mc authors to bypass - things like the "short circuit" code for local addresses. - Prompted by a comment by Bill Wisner of The Well. - CONFIG: add confSMTP_MAILER to define the mailer used (smtp or - esmtp) to send SMTP mail. This allows you to default - to esmtp but use a mailertable or other override to - deal with broken servers. This logic was pointed out - to me by Bill Wisner. Ditto for confLOCAL_MAILER. - Changes to cf/sh/makeinfo.sh to make it portable to SVR4 - environments. Ugly as sin. - -8.3/8.3 1993/07/13 - Fix setuid problems introduced in 8.2 that caused messages - like "Cannot create qfXXXXXX: Invalid argument" - or "Cannot reopen dfXXXXXX: Permission denied". This - involved a new compile flag "HASSETEUID" that takes - the place of the old _POSIX_SAVED_IDS -- it turns out - that the POSIX interface is broken enough to break - some systems badly. This includes some fixes for - HP-UX. Also fixes problems where the real uid is - not reset properly on startup (from Neil Rickert). - Fix a problem that caused timed out messages to not report the - addresses that timed out. Error messages are also more - "user friendly". - Drop required bandwidth on connections from 64 bytes/sec to - 16 bytes/sec. - Further Solaris portability changes -- doesn't require the BSD - compatibility library. This also adds a new - "HASGETDTABLESIZE" compile flag which can be used if - you want to use getdtablesize(2) instead of sysconf(2). - These are loosely based on changes from David Meyer at - University of Oregon. This now seems to work, at least - for quick test cases. - Fix a problem that can cause duplicate error messages to be - sent if you are in SMTP, you send to multiple addresses, - and at least one of those addresses is good and points - to an account that has a .forward file (whew!). - Fix a problem causing messages to be discarded if checkcompat() - returned EX_TEMPFAIL (because it didn't properly mark - the "to" address). Problem noted by John Myers. - Fix dfopen to return NULL if the open failed; I was depending - on fdopen(-1) returning NULL, which isn't the case. This - isn't serious, but does result in weird error diagnoses. - From Michael Corrigan. - CONFIG: add UUCP_MAX_SIZE M4 macro to set the maximum size of - messages sent through UUCP-family mailers. Suggested - by Bill Wisner of The Well. - CONFIG: if both MAILER(uucp) and MAILER(smtp) are specified, - include a "uucp-dom" mailer that uses domain-style - addressing. Suggested by Bill Wisner. - CONFIG: Add LOCAL_SHELL_FLAGS and LOCAL_SHELL_ARGS to match - LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS. Suggested by - Christophe Wolfhugel. - CONFIG: Add OSTYPE(aix3). From Christophe Wolfhugel. - -8.2/8.2 1993/07/11 - Don't drop out on config file parse errors in -bt mode. - On older configuration files, assume option "l" (use Errors-To - header) for back compatibility. NOTE: this DOES NOT - imply an endorsement of the Errors-To: header in any way. - Accept -x flag on AIX-3 as well as OSF/1. Why, why, why??? - Don't log errors on EHLO -- it isn't a "real" error for an old - SMTP server to give an error on this command, and - logging it in the transcript can be confusing. Fix - from Bill Wisner. - IRIX compatibility changes provided by Dan Rich - <drich@sandman.lerc.nasa.gov>. - Solaris 2 compatibility changes. Provided by Bob Cunningham - <bob@kahala.soest.hawaii.edu>, John Oleynick - <juo@klinzhai.rutgers.edu> - Debugging: -d17 was overloaded (hostsignature and usersmtp.c); - move usersmtp (smtpinit and smtpmailfrom) to -d18 to - match the other flags in that file. - Flush transcript before fork in mailfile(). From Eric Wassenaar. - Save h_errno in mci struct and improve error message display. - Changes from Eric Wassenaar. - Open /dev/null for the transcript if the create of the xf file - failed; this avoids at least one possible null pointer - reference in very weird cases. From Eric Wassenaar. - Clean up statistics gathering; it was over-reporting because of - forks. From Eric Wassenaar. - Fix problem that causes old Return-Path: line to override new - Return-Path: line (conf.c needs H_FORCE to avoid - re-using old value). From Motonori Nakamura. - Fix broken -m flag in K definition -- even if -m (match only) - was specified, it would still replace the key with the - value. Noted by Rick McCarty of Texas Instruments. - If the name server timed out over several days, no "timed out" - message would ever be sent back. The timeout code - has been moved from markfailure() to dropenvelope() - so that all such failures should be diagnosed. Pointed - out by Christophe Wolfhugel and others. - Relax safefile() constraints: directories in an include or - forward path must be readable by self if the controlling - user owns the entry, readable by all otherwise (e.g., - when reading your .forward file, you have to own and - have X permission in it; everyone needs X permission in - the root and directories leading up to your home); - include files must be readable by anyone, but need not - be owned by you. - If _POSIX_SAVED_IDS is defined, setuid to the owner before - reading a .forward file; this gets around some problems - on NFS mounts if root permission is not exported and - the user's home directory isn't x'able. - Additional NeXT portability enhancements from Axel Zinser. - Additional HP-UX portability enhancements from Brian Bullen. - Add a timeout around SMTP message writes; this assumes you can - get throughput of at least 64 bytes/second. Note that - this does not impact the "datafinal" default, which - is separate; this is just intended to work around - network clogs that will occur before the final dot - is sent. From Eric Wassenaar. - Change map code to set the "include null" flag adaptively -- - it initially tries both, but if it finds anything - matching without a null it never tries again with a - null and vice versa. If -N is specified, it never - tries without the null and creates new maps with a - null byte. If -O is specified, it never tries with - the null (for efficiency). If -N and -O are specified, - you get -NO (get it?) lookup at all, so this would - be a bad idea. If you don't specify either -N or -O, - it adapts. - Fix recognition of "same from address" so that MH submissions - will insert the appropriate full name information; - this used to work and got broken somewhere along the - way. - Some changes to eliminate some unnecessary SYSERRs in the - log. For example, if you lost a connection, don't - bother reporting that fact on the connection you lost. - Add some "extended debugging" flags to try to track down - why we get occasional problems with file descriptor - one being closed when execing a mailer; it seems to - only happen when there has been another error in the - same transaction. This requires XDEBUG, defined - by default in conf.h. - Add "-X filename" command line flag, which logs both sides of - all SMTP transactions. This is intended ONLY for - debugging bad implementations of other mailers; start - it up, send a message from a mailer that is failing, - and then kill it off and examine the indicated log. - This output is not intended to be particularly human - readable. This also adds the HASSETVBUF compile - flag, defaulted on if your compiler defines __STDC__. - CONFIG: change SMART_HOST to override an SMTP mailer. If you - have a local net that should get direct connects, you - will need to use LOCAL_NET_CONFIG to catch these hosts. - See cf/README for an example. - CONFIG: add LOCAL_MAILER_ARGS (default: `mail -d $u') to handle - sites that don't use the -d flag. - CONFIG: hide recipient addresses as well as sender addresses - behind $M if FEATURE(allmasquerade) is specified; this - has been requested by several people, but can break - local aliases. For example, if you mail to "localalias" - this will be rewritten as "localalias@masqueradehost"; - although initial delivery will work, replies will be - broken. Use it sparingly. - CONFIG: add FEATURE(domaintable). This maps unqualified domains - to qualified domains in headers. I believe this is - largely equivalent to the IDA feature of the same name. - CONFIG: use $U as UUCP name instead of $k. This permits you - to override the "system name" as your UUCP name -- - in particular, to use domain-ized UUCP names. From - Bill Wisner of The Well. - CONFIG: create new mailer "esmtp" that always tries EHLO - first. This is currently unused in the config files, - but could be used in a mailertable entry. - -8.1C/8.1B 1993/06/27 - Serious security bug fix: it was possible to read any file on - the system, regardless of ownership and permissions. - If a subroutine returns a fully qualified address, return it - immediately instead of feeding it back into rewriting. - This fixes a problem with mailertable lookups. - CONFIG: fix some M4 frotz (concat => CONCAT) - -8.1B/8.1A 1993/06/12 - Serious bug fix: pattern matching backup algorithm stepped by - two tokens in classes instead of one. Found by Claus - Assmann at University of Kiel, Germany. - -8.1A/8.1A 1993/06/08 - Another mailertable fix.... - -8.1/8.1 1993/06/07 - 4.4BSD freeze. No semantic changes. |