4 This listing shows the version of the sendmail binary, the version
5 of the sendmail configuration files, the date of release, and a
6 summary of the changes in that release.
9 8.18.1/8.18.1 2024/01/31
10 sendmail is now stricter in following the RFCs and rejects
11 some invalid input with respect to line endings
13 - Prevent transaction stuffing by ensuring SMTP clients
14 wait for the HELO/EHLO and DATA response before sending
15 further SMTP commands. This can be disabled using
16 the new srv_features option 'F'. Issue reported by
17 Yepeng Pan and Christian Rossow from CISPA Helmholtz
18 Center for Information Security.
19 - Accept only CRLF . CRLF as end of an SMTP message
20 as required by the RFCs, which can disabled by the
21 new srv_features option 'O'.
22 - Do not accept a CR or LF except in the combination
23 CRLF (as required by the RFCs). These checks can
24 be disabled by the new srv_features options
25 'U' and 'G', respectively. In this case it is
26 suggested to use 'u2' and 'g2' instead so the server
27 replaces offending bare CR or bare LF with a space.
28 It is recommended to only turn these protections off
29 for trusted networks due to the potential for abuse.
30 Full DANE support is available if OpenSSL versions 1.1.1 or 3.x
31 are used, i.e., TLSA RR 2-x-y and 3-x-y are supported
32 as required by RFC 7672.
33 OpenSSL version 3.0.x is supported. Note: OpenSSL 3 loads by
34 default an openssl.cnf file from a location specified
35 in the library which may cause unwanted behaviour
36 in sendmail. Hence sendmail sets the environment
37 variable OPENSSL_CONF to /etc/mail/sendmail.ossl
38 to override the default. The file name can be
39 changed by defining confOPENSSL_CNF in the mc file;
40 using an empty value prevents setting OPENSSL_CONF.
41 Note: referring to a file which does not exist does
42 not cause an an error.
43 Two new values have been added for {verify}:
44 "DANE_TEMP": DANE verification failed temporarily.
45 "DANE_NOTLS": DANE was required but STARTTLS was not
46 offered by the server.
47 The default rules return a temporary error for these
48 cases, so delivery is not attempted.
49 If the TLS setup code in the client fails and DANE requirements
50 exist then {verify} will be set to "DANE_TEMP" thus
51 preventing delivery by default.
52 DANE related logging has been slightly changed for clarification:
53 "DANE configured in DNS but no STARTTLS available"
55 "DANE configured in DNS but STARTTLS not offered"
56 When the compile time option USE_EAI is enabled, vacation could
57 fail to respond when it should (the code change in
58 8.17.2 was incomplete). Problem reported by Alex
60 If SMTPUTF8 BODY=7BIT are used as parameters for the MAIL command
61 the parsing of UTF8 addresses could fail (USE_EAI).
62 If a reply to a previous RCPT was received while sending
63 another RCPT in pipelining mode then parts of the
64 reply could have been assigned to the wrong RCPT.
65 New DontBlameSendmail option CertOwner to relax requirement
66 for certificate public and private key ownership.
67 Based on suggestion from Marius Strobl of the
69 clt_features was not checked for connections via Unix domain
71 CONFIG: FEATURE(`enhdnsbl') did not handle multiple replies
72 from DNS lookups thus potentially causing random
74 Note: the fix creates an incompatibility:
75 the arguments must not have a trailing dot anymore
76 because the -a. option has been removed (as it only
77 applies to the entire result, not individual values).
78 CONFIG: New FEATURE(`fips3') for basic FIPS support in OpenSSL 3.
79 VACATION: Add support for Return-Path header to set sender
80 to match OpenBSD and NetBSD functionality.
81 VACATION: Honor RFC3834 and avoid an auto-reply if
82 'Auto-Submitted: no' is found in the headers to
83 match OpenBSD and NetBSD functionality.
84 VACATION: Avoid an auto-reply if a 'List-Id:' is found in
85 the headers to match OpenBSD functionality.
86 VACATION: Add support for $SUBJECT in .vacation.msg which
87 is replaced with the first line of the subject of the
88 original message to match OpenBSD and NetBSD
91 Add support for Darwin 23.
94 devtools/OS/Darwin.23.x
96 8.17.2/8.17.2 2023/06/03
97 Make sure DANE checks (if enabled) are performed even if
98 CACertPath or CACertFile are not set or unusable.
99 Note: if the code to set up TLS in the client fails, then
100 {verify} will be set to TEMP but DANE requirements
101 will be ignored, i.e., by default mail will be sent
102 without STARTTLS. This can be changed via a
103 LOCAL_TLS_SERVER ruleset.
104 Pass server name to clt_features ruleset instead of client
105 name to account for limitations in macro availability
106 described below in CONFIG section. This may break
107 custom clt_features rulesets which expect to receive
108 the client name as input.
109 Fix a regression introduced in 8.17.1: aliases file which
110 contain continuation lines caused parsing errors.
111 Add an FFR (for future release) compile time option _FFR_LOG_STAGE
112 to log the protocol stage as stage= for some errors during
113 delivery attempts to make troubleshooting simpler. This
114 new logging may be enabled in a future release.
115 When EAI is enabled, milters also got the arguments of MAIL/RCPT
116 commands in argv[0] for xxfi_envfrom()/xxfi_envrcpt()
117 callbacks instead of just the mail address.
118 Problem reported by Dilyan Palauzo.
119 When EAI is enabled, mailq prints UTF-8 addresses as such
120 if SMTPUTF8 was used.
121 When EAI is enabled, the $h macro is now in the correct format.
122 Previously this could cause wrong values for relay=
123 in log entries and the mailer argument vector.
124 When the compile time option USE_EAI is enabled, vacation could
125 fail to respond when it should. Problem reported by
127 When EAI was enabled, header truncation might not have been
128 logged even when it happened. Problem reported by
130 Handle a possible change in an upcoming release of Cyrus-SASL
131 (2.1.28) by changing the definition of an internal flag.
132 Patch from Dilyan Palauzo.
133 Avoid an assertion failure when an smtps connection is made
134 to the server and a milter is unavailable.
135 Problem reported by Dilyan Palauzo.
136 Fixed some spelling errors in documentation and comments,
137 based on a codespell report by Jens Schleusener
139 The result of try_tls is now logged using status= instead
141 If tls_rcpt rejected the delivery of a recipient then a bogus
142 dsn= entry might have been logged under some circumstances.
143 If a server replied with 421 to a RCPT command then a bogus reply=
144 might have been logged.
145 When quoting the value for ${currHeader} avoid causing a syntax
146 error (Unbalanced '"') when truncating a header value
147 which is too long. Problem reported by Werner Wiethege.
148 Reduce the performance impact of a change introduced in
149 8.12.9: the default for MaxMimeHeaderLength was
150 set to 2048/1024. Problem reported by Tabata
151 Shintaro of Internet Initiative Japan Inc.
152 CONFIG: The default clt_features ruleset tried to access
153 ${server_name} and ${server_addr} which are not set
154 when the ruleset is invoked. Only the server name
155 is available which is passed as an argument.
156 CONFIG: Properly quote host variable to prevent cf build
157 breakage when a hostname contains 'dnl'. Problem
158 reported by Maxim Shalomikhin of Kaspersky.
159 DEVTOOLS: Add configure.sh support for BSD's mandoc as an
160 alternative man page formatting tool.
161 DOC: Document that USAGE is a possible value for {verify}.
162 LIBMILTER: The macros for the EOH and EOM callbacks are
163 sent in reverse order which means accessing macros
164 in the EOM callback got the macro for the EOH
165 callback. Store those macros in the expected order
166 in libmilter. Note: this does not affect sendmail
167 because the macros for both callbacks are the same
168 because the message is sent to libmilter after it
169 is completely read by sendmail. Fix and problem
170 report from David Buergin.
172 Make use of IN_LOOPBACK, if defined, to determine if
173 using a loopback address. Patch from Mike Karels of
175 On Linux use gethostbyname2(3) if glibc 2.19 or newer
176 is used to avoid potential problems with IPv6 lookups.
177 Patch from Werner Wiethege.
178 Add support for Darwin 21 and Darwin 22.
179 Solaris 12 has been renamed to Solaris 11.4, hence
180 adapt a condition for sigwait(2) taking one argument.
181 Patch from John Beck.
183 devtools/M4/UNIX/sharedlib.m4
184 devtools/OS/Darwin.21.x
185 devtools/OS/Darwin.22.x
189 8.17.1/8.17.1 2021/08/17
190 Deprecation notice: due to compatibility problems with some
191 third party code, we plan to finally switch from K&R
192 to ANSI C. If you are using sendmail on a system
193 which does not have a compiler for ANSI C contact us
194 with details as soon as possible so we can determine
196 Experimental support for SMTPUTF8 (EAI, see RFC 6530-6533)
197 is available when using the compile time option USE_EAI
198 (see also devtools/Site/site.config.m4.sample for other
199 required settings) and the cf option SMTPUTF8.
200 If a mail submission via the command line requires
201 the use of SMTPUTF8, e.g., because a header uses UTF-8
202 encoding, but the addresses on the command line are all
203 ASCII, then the new option -U must be used, and
204 the cf option SMTPUTF8 must be set in submit.cf.
205 Please test and provide feedback.
206 Experimental support for SMTP MTA Strict Transport Security
207 (MTA-STS, see RFC 8461) is available when using
208 - the compile time option _FFR_MTA_STS (which requires
209 STARTTLS, MAP_REGEX, SOCKETMAP, and _FFR_TLS_ALTNAMES),
210 - FEATURE(sts), which implicitly sets the cf option
211 StrictTransportSecurity,
212 - postfix-mta-sts-resolver, see
213 https://github.com/Snawoot/postfix-mta-sts-resolver.git
214 New ruleset check_other which is called for all unknown SMTP
215 commands in the server and for commands which do not
216 have specific rulesets, e.g., NOOP and VERB.
217 New ruleset clt_features which can be used to select features
218 in the SMTP client per server. Currently only two
219 flags are available: D/M to disable DANE/MTA-STS,
221 New compile time option NO_EOH_FIELDS to disable the special
222 meaning of the headers Message: and Text: to denote the
223 end of the message header.
224 Avoid leaking session macros for an envelope between
225 delivery attempts to different servers. This problem
226 could have affected check_compat.
227 Avoid leaking actual SMTP replies between delivery attempts
228 to different servers which could cause bogus logging
230 Change default SMTP reply code for STARTTLS related problems
231 from 403 to 454 to better match the RFCs.
232 Fix a theoretical buffer overflow when encountering an
233 unknown/unsupported socket address family on an
234 operating system where sa_data is larger than 30
235 (the standard is 14). Based on patch by Toomas Soome.
236 Several potential memory leaks and other similar problems
237 (mostly in error handling code) have been fixed.
238 Problems reported by Tomas Korbar of RedHat.
239 Previously the commands GET, POST, CONNECT, or USER terminate
240 a connection immediately only if sent as first command.
241 Now this is also done if any of these is sent directly
242 after STARTTLS or if the 'h' option is set via
244 CDB map locking has been changed so a sendmail process which
245 does have a CDB map open does not block an in-place
246 update of the map by makemap. The simple workaround
247 for that problem in earlier versions is to create
248 the map under a different name and then move it
250 On some systems the rejection of a RCPT by a milter could
252 CONFIG: New FEATURE(`check_other') to provide a default
254 CONFIG: FEATURE(`tls_failures') is deprecated and will be
255 removed in future versions because it has a fundamental
256 problem: it is message oriented but STARTTLS is
257 session oriented. For example, having multiple
258 RCPTs in one envelope for different destinations,
259 with different temporary errors, does not work
260 properly, as the persistent macro applies to all
261 RCPTs and hence implicitly to all destinations (servers).
262 The option TLSFallbacktoClear should be used if needed.
263 CONTRIB: AuthRealm.p0 has been modified for 8.16.1 by Anne Bennett.
264 CONTRIB: Added cidrexpand -O option for suppressing duplicates from
265 a CIDR expansion that overlaps a later entry and -S option
266 for skipping comments exactly like makemap does.
267 MAIL.LOCAL: Enhance some error messages to simplify
270 Add support for Darwin 19 & 20.
271 Use proper FreeBSD version define to allow for cross
272 compiling. Fix from Brooks Davis of the FreeBSD
274 NOTE: File locking using fcntl() does not interoperate
275 with Berkeley DB 5.x (and probably later). Use
276 CDB, flock() (-DHASFLOCK), or an earlier Berkeley
277 DB version. Problem noted by Harald Hannelius.
279 cf/feature/check_other.m4
281 devtools/OS/Darwin.19.x
282 devtools/OS/Darwin.20.x
292 libsm/uxtext_unquote.c
294 libsmutil/t-lockfile.c
295 libsmutil/t-lockfile-0.sh
296 libsmutil/t-maplock-0.sh
298 8.16.1/8.16.1 2020/07/05
299 SECURITY: If sendmail tried to reuse an SMTP session which had
300 already been closed by the server, then the connection
301 cache could have invalid information about the session.
302 One possible consequence was that STARTTLS was not
303 used even if offered. This problem has been fixed
304 by clearing out all relevant status information
305 when a closed session is encountered.
306 OpenSSL versions before 0.9.8 are no longer supported.
307 OpenSSL version 1.1.0 and 1.1.1 are supported.
308 Initial support for DANE (see RFC 7672 et.al.) is available if
309 the compile time option DANE is set. Only TLSA RR 3-1-x
310 is currently implemented.
311 New options SSLEngine and SSLEnginePath to support OpenSSL engines.
312 Note: this feature has so far only been tested with the
313 "chil" engine; please report problems with other engines
314 if you encounter any.
315 New option CRLPath to specify a directory which contains
316 hashes pointing to certificate revocations files.
317 Based on patch from Al Smith.
318 New rulesets tls_srv_features and tls_clt_features which
319 can return a (semicolon separated) list of TLS related
320 options, e.g., CipherList, CertFile, KeyFile,
321 see doc/op/op.me for details.
322 To automatically handle TLS interoperability problems for outgoing
323 mail, sendmail can now immediately try a connection again
324 without STARTTLS after a TLS handshake failure.
325 This can be configured globally via the option
326 TLSFallbacktoClear or per session via the 'C' flag
328 This also adds the new value "CLEAR" for the macro
329 {verify}: STARTTLS has been disabled internally for
330 a clear text delivery attempt.
331 Apply Timeout.starttls also to the server waiting for the TLS
332 handshake to begin. Based on patch from Simon Hradecky.
333 New compile time option TLS_EC to enable the use of elliptic
334 curve cryptography in STARTTLS (previously available as
336 Handle MIME boundaries specified in headers which contain CRLF.
337 Fix detection of loopback net (it was broken when compiled
338 with NETINET6) and only set the macros {if_addr_out}
339 and {if_family_out} if the interface of the outgoing
340 connection does not belong to the loopback net.
341 Fix logic to enable a milter to delete a recipient in
342 DeliveryMode=interactive even if it might be subject
344 Log name of a milter making changes (this was missing for
346 Log the actual reply of a server when an SMTP delivery problem
347 occurs in a "reply=" field if possible.
348 Log user= for failed AUTH attempts if possible. Based on
349 patch from Packet Hack, Jim Hranicky, Kevin A. McGrail,
351 Add CDB as map type. Note: CDB is a "Constant DataBase", i.e.,
352 no changes can be made after it is created, hence it
353 does not work with vacation(1) nor editmap(8) (except
355 Fix some memory leaks (mostly in error cases) and properly handle
356 copied varargs in sm_io_vfprintf(). The issues were found
357 using Coverity Scan and reported (including patches) by
358 Ondřej Lysoněk of Red Hat.
359 Do not override ServerSSLOptions and ClientSSLOptions when they
360 are specified on the command line. Based on patch from
362 Add RFC7505 Null MX support for domains that declare they do not
364 New compile time option LDAP_NETWORK_TIMEOUT which is set
365 automatically when LDAPMAP is used and
366 LDAP_OPT_NETWORK_TIMEOUT is available to enable the
367 new -c option for LDAP maps to specify the network timeout.
368 CONFIG: New FEATURE(`tls_session_features') to enable standard
369 rules for tls_srv_features and tls_clt_features; for
370 details see cf/README.
371 CONFIG: New options confSSL_ENGINE and confSSL_ENGINE_PATH
372 for SSLEngine and SSLEnginePath, respectively.
373 CONFIG: New options confDANE to enable DANE support.
374 CONFIG: New option confTLS_FALLBACK_TO_CLEAR for TLSFallbacktoClear.
375 CONFIG: New extension CITag: for TLS restrictions, see cf/README
377 CONFIG: FEATURE(`blacklist_recipients') renamed to
378 FEATURE(`blocklist_recipients').
379 CONTRIB: cidrexpand updated to support IPv6 CIDR ranges and to
380 canonicalize IPv6 addresses; if cidrexpand is used with IPv6
381 addresses then UseCompressedIPv6Addresses must be disabled.
382 DOC: The dns map can return multiple values in a single result
383 if the -z option is used.
384 DOC: Note to set MustQuoteChars=. due to DKIM signatures.
385 LIBMILTER: Fix typo in a macro. Patch from Ignacio Goyret
387 LIBMILTER: Fix reference in xxfi_negotiate documentation.
388 Patch from Sven Neuhaus.
389 LIBMILTER: Fix function name in smfi_addrcpt_par documentation.
390 Patch from G.W. Haywood.
391 LIBMILTER: Fix a potential memory leak in smfi_setsymlist().
392 Patch from Martin Svec.
393 MAKEMAP: New map type "implicit" refers to the first available type,
394 i.e., it depends on the compile time options NEWDB, DBM,
395 and CDB. This can be used in conjunction with the
396 "implicit" map type in sendmail.cf.
397 Note: makemap, libsmdb, and sendmail must be compiled
398 with the same options (and library versions of course).
400 Add support for Darwin 14-18 (Mac OS X 10.x).
401 New option HAS_GETHOSTBYNAME2: set if your system
402 supports gethostbyname2(2).
403 Set SM_CONF_SEM=2 for FreeBSD 12 and later due to
405 On Linux set MAXHOSTNAMELEN (the maximum length
406 of a FQHN) to 256 if it is less than that value.
408 cf/feature/blocklist_recipients.m4
409 cf/feature/check_cert_altnames.m4
410 cf/feature/tls_failures.m4
411 devtools/OS/Darwin.14.x
412 devtools/OS/Darwin.15.x
413 devtools/OS/Darwin.16.x
414 devtools/OS/Darwin.17.x
415 devtools/OS/Darwin.18.x
424 8.15.2/8.15.2 2015/07/03
425 If FEATURE(`nopercenthack') is used then some bogus input triggered
426 a recursion which was caught and logged as
427 SYSERR: rewrite: excessive recursion (max 50) ...
428 Fix based on patch from Ondrej Holas.
429 DHParameters now by default uses an included 2048 bit prime.
430 The value 'none' previously caused a log entry claiming
431 there was an error "cannot read or set DH parameters".
432 Also note that this option applies to the server side only.
433 The U= mailer field didn't accept group names containing hyphens,
434 underbars, or periods. Based on patch from David Gwynne
435 of the University of Queensland.
436 CONFIG: Allow connections from IPv6:0:0:0:0:0:0:0:1 to relay again.
437 Patch from Lars-Johan Liman of Netnod Internet Exchange.
438 CONFIG: New option UseCompressedIPv6Addresses to select between
439 compressed and uncompressed IPv6 addresses. The default
440 value depends on the compile-time option IPV6_FULL:
441 For 1 the default is False, for 0 it is True, thus
442 preserving the current behaviour. Based on patch from
444 CONFIG: Account for IPv6 localhost addresses in
445 FEATURE(`block_bad_helo'). Suggested by Andrey Chernov
446 from FreeBSD and Robert Scheck from the Fedora Project.
447 CONFIG: Account for IPv6 localhost addresses in check_mail ruleset.
448 LIBMILTER: Deal with more invalid protocol data to avoid potential
449 crashes. Problem noted by Dimitri Kirchner.
450 LIBMILTER: Allow a milter to specify an empty macro list ("", not
451 NULL) in smfi_setsymlist() so no macro is sent for the
453 MAKEMAP: A change to check TrustedUser in fewer cases which was
454 made in 2013 caused a potential regression when makemap
455 was run as root (which should not be done anyway).
456 Note: sendmail often contains options "For Future Releases"
457 (prefix _FFR_) which might be enabled in a subsequent
458 version or might simply be removed as they turned out not
459 to be really useful. These features are usually not
460 documented but if they are, then the required (FFR)
461 options are listed in
462 - doc/op/op.* for rulesets and macros,
463 - cf/README for mc/cf options.
465 8.15.1/8.15.1 2014/12/06
466 SECURITY: Properly set the close-on-exec flag for file descriptors
467 (except stdin, stdout, and stderr) before executing mailers.
468 If header rewriting fails due to a temporary map lookup failure,
469 queue the mail for later retry instead of sending it
470 without rewriting the header. Note: this is done
471 while the mail is being sent and hence the transaction
472 is aborted, which only works for SMTP/LMTP mailers
473 hence the handling of temporary map failures is
474 suppressed for other mailers. SMTP/LMTP servers may
475 complain about aborted transactions when this problem
477 See also "DNS Lookups" in sendmail/TUNING.
478 Incompatible Change: Use uncompressed IPv6 addresses by default,
479 i.e., they will not contain "::". For example,
480 instead of ::1 it will be 0:0:0:0:0:0:0:1. This
481 permits a zero subnet to have a more specific match,
482 such as different map entries for IPv6:0:0 vs IPv6:0.
483 This change requires that configuration data
484 (including maps, files, classes, custom ruleset,
485 etc) must use the same format, so make certain such
486 configuration data is updated before using 8.15.
487 As a very simple check search for patterns like
488 'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. If necessary,
489 the prior format can be retained by compiling with:
490 APPENDDEF(`conf_sendmail_ENVDEF', `-DIPV6_FULL=0')
491 in your devtools/Site/site.config.m4 file.
492 If debugging is turned on (-d0.14) also print the OpenSSL
493 versions, both build time and run time
494 (provided STARTTLS is compiled in).
495 If a connection to the MTA is dropped by the client before its
496 hostname can be validated, treat it as "may be forged",
497 so that the unvalidated hostname is not passed to a
498 milter in xxfi_connect().
499 Add a timeout for communication with socket map servers
500 which can be specified using the -d option.
501 Add a compile time option HESIOD_ALLOW_NUMERIC_LOGIN to allow
502 numeric logins even if HESIOD is enabled.
503 The new option CertFingerprintAlgorithm specifies the finger-
504 print algorithm (digest) to use for the presented cert.
505 If the option is not set, md5 is used and the macro
506 {cert_md5} contains the cert fingerprint.
507 However, if the option is set, the specified algorithm
508 (e.g., sha1) is used and the macro {cert_fp} contains
509 the cert fingerprint.
510 That is, as long as the option is not set, the behaviour
511 does not change, but otherwise, {cert_md5} is superseded
512 by {cert_fp} even if you set CertFingerprintAlgorithm
514 The options ServerSSLOptions and ClientSSLOptions can be used
515 to set SSL options for the server and client side
516 respectively. See SSL_CTX_set_options(3) for a list.
517 Note: this change turns on SSL_OP_NO_SSLv2 and
518 SSL_OP_NO_TICKET for the client. See doc/op/op.me
520 The option CipherList sets the list of ciphers for STARTTLS.
521 See ciphers(1) for possible values.
522 Do not log "STARTTLS: internal error: tls_verify_cb: ssl == NULL"
523 if a CRLFile is in use (and LogLevel is 14 or higher.)
524 Store a more specific TLS protocol version in ${tls_version}
525 instead of a generic one, e.g., TLSv1 instead of
527 Properly set {client_port} value on little endian machines.
528 Patch from Kelsey Cummings of Sonic.net.
529 Per RFC 3848, indicate in the Received: header whether SSL or
530 SMTP AUTH was negotiated by setting the protocol clause
531 to ESMTPS, ESMTPA, or ESMTPSA instead of ESMTP.
532 If the 'C' flag is listed as TLSSrvOptions the requirement for the
533 TLS server to have a cert is removed. This only works
534 under very specific circumstances and should only be used
535 if the consequences are understood, e.g., clients
536 may not work with a server using this.
537 The options ClientCertFile, ClientKeyFile, ServerCertFile, and
538 ServerKeyFile can take a second file name, which must be
539 separated from the first with a comma (note: do not use
540 any spaces) to set up a second cert/key pair. This can
541 be used to have certs of different types, e.g., RSA
543 A new map type "arpa" is available to reverse an IP (IPv4 or IPv6)
544 address. It returns the string for the PTR lookup, but
545 without trailing {ip6,in-addr}.arpa.
546 New operation mode 'C' just checks the configuration file, e.g.,
547 sendmail -C new.cf -bC
548 will perform a basic syntax/consistency check of new.cf.
549 The mailer flag 'I' is deprecated and will be removed in a
551 Allow local (not just TCP) socket connections to the server, e.g.,
552 O DaemonPortOptions=Family=local, Addr=/var/mta/server.sock
554 If the new option MaxQueueAge is set to a value greater than zero,
555 entries in the queue will be retried during a queue run
556 only if the individual retry time has been reached which
557 is doubled for each attempt. The maximum retry time is
558 limited by the specified value.
559 New DontBlameSendmail option GroupReadableDefaultAuthInfoFile
560 to relax requirement for DefaultAuthInfo file.
561 Reset timeout after receiving a message to appropriate value if
562 STARTTLS is in use. Based on patch by Kelsey Cummings
564 Report correct error messages from the LDAP library for a range of
565 small negative return values covering those used by OpenLDAP.
566 Fix compilation with Berkeley DB 5.0 and 6.0. Patch from
567 Allan E Johannesen of Worcester Polytechnic Institute.
568 CONFIG: FEATURE(`nopercenthack') takes one parameter: reject or
569 nospecial which describes whether to disallow "%" in the
570 local part of an address.
571 DEVTOOLS: Fix regression in auto-detection of libraries when only
572 shared libraries are available. Problem reported by
574 LIBMILTER: Mark communication socket as close-on-exec in case
575 a user's filter starts other applications.
576 Based on patch from Paul Howarth.
578 SunOS 5.12 has changed the API for sigwait(2) to conform
579 with XPG7. Based on patch from Roger Faulkner of Oracle.
583 8.14.9/8.14.9 2014/05/21
584 SECURITY: Properly set the close-on-exec flag for file descriptors
585 (except stdin, stdout, and stderr) before executing mailers.
586 Fix a misformed comment in conf.c: "/*" within comment
587 which may cause a compilation error on some systems.
588 Problem reported by John Beck of Oracle.
589 DEVTOOLS: Fix regression in auto-detection of libraries when only
590 shared libraries are available. Problem reported by
593 8.14.8/8.14.8 2014/01/26
594 Properly initialize all OpenSSL algorithms for versions before
595 OpenSSL 0.9.8o. Without this SHA2 algorithms may not
596 work properly, causing for example failures for certs
597 that use sha256WithRSAEncryption as signature algorithm.
598 When looking up hostnames, ensure only to return those records
599 for the requested family (AF_INET or AF_INET6).
600 On system that have NEEDSGETIPNODE and NETINET6
601 this may have failed and cause delivery problems.
602 Problem noted by Kees Cook.
603 A new mailer flag '!' is available to suppress an MH hack
604 that drops an explicit From: header if it is the
605 same as what sendmail would generate.
606 Add an FFR (for future release) to use uncompressed IPv6 addresses,
607 i.e., they will not contain "::". For example, instead
608 of ::1 it will be 0:0:0:0:0:0:0:1. This means that
609 configuration data (including maps, files, classes,
610 custom ruleset, etc) have to use the same format.
611 This will be turned on in 8.15. It can be enabled in 8.14
613 APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_IPV6_FULL')
614 in your devtools/Site/site.config.m4 file.
615 Add an additional case for the WorkAroundBrokenAAAA check when
616 dealing with broken nameservers by ignoring SERVFAIL
617 errors returned on T_AAAA (IPv6) lookups at delivery time.
618 Problem noted by Pavel Timofeev of OCS.
619 If available, pass LOGIN_SETCPUMASK and LOGIN_SETLOGINCLASS to
620 setusercontext() on deliveries as a different user.
621 Patch from Edward Tomasz Napierala from FreeBSD.
622 Avoid compiler warnings from a change in Cyrus-SASL 2.1.25.
623 Patch from Hajimu UMEMOTO from FreeBSD.
624 Add support for DHParameters 2048-bit primes.
625 CONFIG: Accept IPv6 literals when evaluating the HELO/EHLO argument
626 in FEATURE(`block_bad_helo'). Suggested by Andrey Chernov.
627 LIBSMDB: Add a missing check for malloc() in libsmdb/smndbm.c.
628 Patch from Bill Parker.
629 LIBSMDB: Fix minor memory leaks in libsmdb/ if allocations
630 fail. Patch from John Beck of Oracle.
632 Add support for Darwin 12.x and 13.x (Mac OS X 10.8 and 10.9).
633 On Linux use socklen_t as the type for the 3rd argument
634 for getsockname/getpeername if the glibc version is at
637 devtools/OS/Darwin.12.x
638 devtools/OS/Darwin.13.x
640 8.14.7/8.14.7 2013/04/21
641 Drop support for IPv4-mapped IPv6 addresses to prevent the MTA
642 from using a mapped address over a legitimate IPv6 address
643 and to enforce the proper semantics over the IPv6
644 connection. Problem noted by Ulrich Sporlein.
645 Fix a regression introduced in 8.14.6: the wrong list of
646 macros was sent to a milter in the EHLO stage.
647 Problem found by Fabrice Bellet, reported via RedHat
649 Fix handling of ORCPT parameter for DSNs: xtext decoding
650 was not performed and a wrong syntax check was applied
651 to the "addr-type" field. Problem noted by Dan Lukes
653 Fix handling of NUL characters in the MIME conversion functions
654 so that message bodies containing them will be sent
655 on properly. Note: this usually also affects mails
656 that are not converted as those functions are used
657 for other purposes too. Problem noted by Elchonon
658 Edelson of Lockheed Martin.
659 Do not perform "duplicate" elimination of recipients if they
660 resolve to the error mailer using a temporary failure
661 (4xy) via ruleset 0. Problem noted by Akira Takahashi
663 CONTRIB: Updated version of etrn.pl script from John Beck
666 Unlike gcc, clang doesn't apply full prototypes to K&R
669 8.14.6/8.14.6 2012/12/23
670 Fix a regression introduced in 8.14.5: if a server offers
671 two AUTH lines, the MTA would not read them after
672 STARTTLS has been used and hence SMTP AUTH for
673 the client side would fail. Problem noted by Lena.
674 Do not cache hostnames internally in a non case sensitive way
675 as that may cause addresses to change from lower case
676 to upper case or vice versa. These header modifications
677 can cause problems with milters that rely on receiving
678 headers in the same way as they are being sent out such
679 as a DKIM signing milter.
680 If MaxQueueChildren is set then it was possible that new queue
681 runners could not be started anymore because an
682 internal counter was subject to a race condition.
683 If a milter decreases the timeout it waits for a communication
684 with the MTA, the MTA might experience a write() timeout.
685 In some situations, the resulting error might have been
686 ignored. Problem noted by Werner Wiethege.
687 Note: decreasing the communication timeout in a milter
688 should not be done without considering the potential
690 smfi_setsymlist() now properly sets the list of macros for
691 the milter which invoked it, instead of a global
692 list for all milters. Problem reported by
693 David Shrimpton of the University of Queensland.
694 If Timeout.resolver.retrans is set to a value larger than 20,
695 then resolver.retry was temporarily set to 0 for
696 gethostbyaddr() lookups. Now it is set to 1 instead.
698 If sendmail could not lock the statistics file due to a system
699 error, and sendmail later sends a DSN for a mail that
700 triggered such an error, then sendmail tried to access
701 memory that was freed before (causing a crash on some
702 systems). Problem reported by Ryan Stone.
703 Do not log negative values for size= nor pri= to avoid confusing
704 log parsers, instead limit the values to LONG_MAX.
705 Account for an API change in newer versions of Cyrus-SASL.
706 Patch from Hajimu UMEMOTO from FreeBSD.
707 Do not try to resolve link-local addresses for IPv4 (just as it
708 is done for IPv6). Patch from John Beck of Oracle.
709 Improve logging of client and server STARTTLS connection failures
710 that may be due to incompatible cipher lists by including
711 the reason for the failure in a single log line. Suggested
712 by James Carey of Boeing.
714 Add support for Darwin 11.x (Mac OS X 10.7).
715 Add support for SunOS 5.12 (aka Solaris 12). Patch from
718 devtools/OS/Darwin.11.x
719 devtools/OS/SunOS.5.12
721 8.14.5/8.14.5 2011/05/17
722 Do not cache SMTP extensions across connections as the cache
723 is based on hostname which may not be a unique identifier
724 for a server, i.e., different machines may have the
725 same hostname but provide different SMTP extensions.
726 Problem noted by Jim Hermann.
727 Avoid an out-of-bounds access in case a resolver reply for a DNS
728 map lookup returns a size larger than 1K. Based on a
729 patch from Dr. Werner Fink of SuSE.
730 If a job is aborted using the interrupt signal (e.g., control-C from
731 the keyboard), perform minimal cleanup to avoid invoking
732 functions that are not signal-safe. Note: in previous
733 versions the mail might have been queued up already
734 and would be delivered subsequently, now an interrupt
735 will always remove the queue files and thus prevent
737 Per RFC 6176, when operating as a TLS client, do not offer SSLv2.
738 Since TLS session resumption is never used as a client, disable
739 use of RFC 4507-style session tickets.
740 Work around gcc4 versions which reverse 25 years of history and
741 no longer align char buffers on the stack, breaking calls
742 to resolver functions on strict alignment platforms.
743 Found by Stuart Henderson of OpenBSD.
744 Read at most two AUTH lines from a server greeting (up to two
745 lines are read because servers may use "AUTH mechs" and
746 "AUTH=mechs"). Otherwise a malicious server may exhaust
747 the memory of the client. Bug report by Nils of MWR
749 Avoid triggering an assertion in the OpenLDAP code when the
750 connection to an LDAP server is lost while making a query.
751 Problem noted and patch provided by Andy Fiddaman.
752 If ConnectOnlyTo is set and sendmail is compiled with NETINET6
753 it would try to use an IPv6 address if an IPv4 (or
754 unparseable) address is specified.
755 If SASLv2 is used, make sure that the macro {auth_authen} is
756 stored in xtext format to avoid problems with parsing
757 it. Problem noted by Christophe Wolfhugel.
758 CONFIG: FEATURE(`ldap_routing') in 8.14.4 tried to add a missing
759 -T<TMPF> that is required, but failed for some cases
760 that did not use LDAP. This change has been undone
761 until a better solution can be implemented. Problem
762 found by Andy Fiddaman.
763 CONFIG: Add cf/ostype/solaris11.m4 for Solaris11 support.
764 Contributed by Casper Dik of Oracle.
765 CONTRIB: qtool.pl: Deal with H entries that do not have a
766 letter between the question marks. Patch from
768 DOC: Use a better description for the -i option in sendmail.
769 Patch from Mitchell Berger.
771 Add support for Darwin 10.x (Mac OS X 10.6).
772 Enable HAVE_NANOSLEEP for FreeBSD 3 and later. Patch
774 Enable HAVE_NANOSLEEP for OpenBSD 4.3 and later.
775 Use new directory "/system/volatile" for PidFile on
776 Solaris 11. Patch from Casper Dik of Oracle.
777 Fix compilation on Solaris 11 (and maybe some other
778 OSs) when using OpenSSL 1.0. Based on patch from
779 Jan Pechanec of Oracle.
780 Set SOCKADDR_LEN_T and SOCKOPT_LEN_T to socklen_t
781 for Solaris 11. Patch from Roger Faulkner of Oracle.
783 cf/ostype/solaris11.m4
785 8.14.4/8.14.4 2009/12/30
786 SECURITY: Handle bogus certificates containing NUL characters
787 in CNs by placing a string indicating a bad certificate
788 in the {cn_subject} or {cn_issuer} macro. Patch inspired
789 by Matthias Andree's changes for fetchmail.
790 During the generation of a queue identifier an integer overflow
791 could occur which might result in bogus characters
792 being used. Based on patch from John Vannoy of
793 Pepperdine University.
794 The value of headers, e.g., Precedence, Content-Type, et.al.,
795 was not processed correctly. Patch from Per Hedeland.
796 Between 8.11.7 and 8.12.0 the length limitation on a return
797 path was erroneously reduced from MAXNAME (256) to
798 MAXSHORTSTR (203). Patch from John Gardiner Myers
799 of Proofpoint; the problem was also noted by Steve
800 Hubert of University of Washington.
801 Prevent a crash when a hostname lookup returns a seemingly
802 valid result which contains a NULL pointer (this seems
803 to be happening on some Linux versions).
804 The process title was missing the current load average when
805 the MTA was delaying connections due to DelayLA.
806 Patch from Dick St.Peters of NetHeaven.
807 Do not reset the number of queue entries in shared memory if
808 only some of them are processed.
809 Fix overflow of an internal array when parsing some replies
810 from a milter. Problem found by Scott Rotondo
812 If STARTTLS is turned off in the server (via M=S) then it
813 would not be initialized for use in the client either.
814 Patch from Kazuteru Okahashi of IIJ.
815 If a Diffie-Hellman cipher is selected for STARTTLS, the
816 handshake could fail with some TLS implementations
817 because the prime used by the server is not long enough.
818 Note: the initialization of the DSA/DH parameters for
819 the server can take a significant amount of time on slow
820 machines. This can be turned off by setting DHParameters
821 to none or a file (see doc/op/op.me). Patch from
822 Petr Lampa of the Brno University of Technology.
823 Fix handling of `b' modifier for DaemonPortOptions on little
824 endian machines for loopback address. Patch from
825 John Beck of Sun Microsystems.
826 Fix a potential memory leak in libsmdb/smdb1.c found by parfait.
827 Based on patch from Jonathan Gray of OpenBSD.
828 If a milter sets the reply code to "421" during the transfer
829 of the body, the SMTP server will terminate the SMTP session
830 with that error to match the behavior of the other callbacks.
831 Return EX_IOERR (instead of 0) if a mail submission fails due to
832 missing disk space in the mail queue. Based on patch
833 from Martin Poole of RedHat.
834 CONFIG: Using FEATURE(`ldap_routing')'s `nodomain' argument would
835 cause addresses not found in LDAP to be misparsed.
836 CONFIG: Using a CN restriction did not work for TLS_Clt as it
837 referred to a wrong macro. Patch from John Gardiner
839 CONFIG: The option relaytofulladdress of FEATURE(`access_db')
840 did not work if FEATURE(`relay_hosts_only') is used too.
841 Problem noted by Kristian Shaw.
842 CONFIG: The internal function lower() was broken and hence
843 strcasecmp() did not work either, which could cause
844 problems for some FEATURE()s if upper case arguments
845 were used. Patch from Vesa-Matti J Kari of the
846 University of Helsinki.
847 LIBMILTER: Fix internal check whether a milter application
848 is compiled against the same version of libmilter as
849 it is linked against (especially useful for dynamic
851 LIBMILTER: Fix memory leak that occurred when smfi_setsymlist()
852 was used. Based on patch by Dan Lukes.
853 LIBMILTER: Document the effect of SMFIP_HDR_LEADSPC for filters
854 which add, insert, or replace headers. From Benjamin
856 LIBMILTER: Fix error messages which refer to "select()" to be
857 correct if SM_CONF_POLL is used. Based on patch from
859 LIBSM: Fix handling of LDAP search failures where the error is
860 carried in the search result itself, such as seen with
861 OpenLDAP proxy servers.
862 VACATION: Do not refer to a local variable outside its scope.
863 Based on patch from Mark Costlow of Southwest Cyberport.
865 Enable HAVE_NANOSLEEP for SunOS 5.11. Patch from
866 John Beck of Sun Microsystems.
867 Drop NISPLUS from default SunOS 5.11 map definitions.
868 Patch from John Beck of Sun Microsystems.
870 8.14.3/8.14.3 2008/05/03
871 During ruleset processing the generation of a key for a map
872 lookup and the parsing of the default value was broken
873 for some macros, e.g., $|, which caused the BlankSub
874 character to be inserted into the workspace and thus
875 failures, e.g., rules that should have matched did not.
876 8.14.2 caused a regression: it accessed (macro) storage which was
877 freed before. First instance of the problem reported by
878 Matthew Dillon of DragonFlyBSD; variations of the same
879 bug reported by Todd C. Miller of OpenBSD, Moritz
880 Jodeit, and Dave Hayes.
881 Improve pathname length checks for persistent host status. Patch
882 from Joerg Sonnenberger of DragonFlyBSD.
883 Reword misleading SMTP reply text for FEATURE(`badmx'). Problem
884 noted by Beth Halsema.
885 The read timeout was fixed to be Timeout.datablock if STARTTLS
886 was activated. This may cause problems if that value
887 is lowered from its default. Problem noted by Jens Elkner.
888 CONFIG: Using LOCAL_TLS_CLIENT caused the tls_client ruleset
889 to operate incorrectly. Problem found by Werner Wiethege.
890 LIBMILTER: Omitting some protocol steps via the xxfi_negotiate()
891 callback did not work properly. The patchlevel of
892 libmilter has been set to 1 so a milter can determine
893 whether libmilter contains this fix.
894 MAKEMAP: If a delimiter is specified (-t) use that also when
895 dumping a map. Patch from Todd C. Miller of OpenBSD.
897 Add support for Darwin 9.x (Mac OS X 10.5).
898 Support shared libraries in Darwin 8 and 9. Patch from
899 Chris Behrens of Concentric.
900 Add support for SCO OpenServer 6, patch from Boyd Gerber.
901 DEVTOOLS: Clarify that confSHAREDLIBDIR requires a trailing slash.
903 devtools/OS/Darwin.9.x
906 8.14.2/8.14.2 2007/11/01
907 If a message was queued and it contained 8 bit characters in
908 a From: or To: header, then those characters could be
909 "mistaken" for internal control characters during a queue
910 run and trigger various consistency checks. Problem
911 noted by Neil Rickert of Northern Illinois University.
912 If MaxMimeHeaderLength is set to a value greater than 0 (which
913 it is by default) then even if the Linelimit parameter
914 is 0, sendmail corrupted in the non-transfer-encoding
915 case every MAXLINE-1 characters. Patch from John Gardiner
917 Setting the suboption DeliveryMode for DaemonPortOptions did not
918 work in earlier 8.14 versions.
919 Note: DeliveryMode=interactive is silently converted to
920 background if a milter can reject or delete a recipient.
921 Prior to 8.14 this happened only if milter could delete
923 ClientRate should trigger when the limit was exceeded (as
924 documented), not when it was reached. Patch from
925 John Beck of Sun Microsystems.
926 Force a queue run for -qGqueuegroup even if no runners are
927 specified (R=0) and forking (F=f) is requested.
928 When multiple results are requested for a DNS map lookup
929 (-z and -Z), return only those that are relevant for
930 the query (not also those in the "additional section".)
931 If the message transfer time to sendmail (when acting as server)
932 exceeds Timeout.queuewarn or Timeout.queuereturn and
933 the message is refused (by a milter), sendmail previously
934 created a delivery status notification (DSN). Patch
935 from Doug Heath of The Hertz Corporation.
936 A code change in Cyrus-SASL 2.1.22 for sasl_decode64() requires
937 the MTA to deal with some input (i.e., "=") itself.
938 Problem noted by Eliot Lear.
939 sendmail counted a delivery as successful if PIPELINING is
940 compiled in but not offered by the server and the
941 delivery failed temporarily. Patch from Werner Wiethege.
942 If getting the result of an LDAP query times out then close the
943 map so it will be reopened on the next lookup. This
944 should help "failover" configurations that specify more
945 than one LDAP server.
946 If check_compat returns $#discard then a "savemail panic" could
947 be triggered under some circumstances (e.g., requiring
948 a system which does not have the compile time flag
949 HASFLOCK set). Based on patch by Motonori Nakamura
950 of National Institute of Informatics, Japan.
951 If a milter rejected a recipient, the count for nrcpts= in the
952 logfile entry might have been wrong. Problem found by
953 Petra Humann of TU Dresden.
954 If a milter invoked smfi_chgfrom() where ESMTP arguments are not
955 NULL, the message body was lost. Patch from Motonori
956 Nakamura of National Institute of Informatics, Japan.
957 sendmail(8) had a bogus space in -qGname. Patch from Peng Haitao.
958 CONTRIB: buildvirtuser: Preserve ownership and permissions when
960 CONTRIB: buildvirtuser: Skip dot-files (e.g., .cvsignore) when
961 reading the /etc/mail/virtusers/ directory.
962 CONTRIB: buildvirtuser: Emit warnings instead of exiting where
964 LIBMILTER: Fix ABI backwards compatibility so milters compiled
965 against an older libmilter.so shared library can use an
966 8.14 libmilter.so shared library.
967 LIBMILTER: smfi_version() did not properly extract the patchlevel
968 from the version number, however, the returned value was
969 correct for the current libmilter version.
971 8.14.1/8.14.1 2007/04/03
972 Even though a milter rejects a recipient the MTA will still keep
973 it in its list of recipients and deliver to it if the
974 transaction is accepted. This is a regression introduced
975 in 8.14.0 due to the change for SMFIP_RCPT_REJ. Bug
976 found by Andy Fiddaman.
977 The new DaemonPortOptions which begin with a lower case character
978 could not be set in 8.14.0.
979 If a server shut down the connection in response to a STARTTLS
980 command, sendmail would log a misleading error message
981 due to an internal inconsistency. Problem found by
983 Document how some sendmail.cf options change the behavior of mailq.
984 Noted by Paul Menchini of the North Carolina School of
985 Science and Mathematics.
986 CONFIG: Add confSOFT_BOUNCE m4 option for setting SoftBounce.
987 CONFIG: 8.14.0's RELEASE_NOTES failed to mention the addition
988 of the confMAX_NOOP_COMMANDS and confSHARED_MEMORY_KEY_FILE
989 m4 options for setting MaxNOOPCommands and
991 CONFIG: Add confMILTER_MACROS_EOH and confMILTER_MACROS_DATA m4
992 options for setting Milter.macros.eoh and Milter.macros.data.
993 CONTRIB: Use flock() and fcntl() in qtool.pl if necessary.
994 Patch from Daniel Carroll of Mesa State College.
995 LIBMILTER: Make sure an unknown command does not affect the
996 currently available macros. Problem found by Andy Fiddaman.
997 LIBMILTER: The MTA did not offer SMFIF_SETSYMLIST during option
998 negotiation. Problem reported by Bryan Costales.
999 LIBMILTER: Fix several minor errors in the documentation.
1000 Patches from Bryan Costales.
1002 AIX 5.{1,2}: libsm/util.c failed to compile due to
1003 redefinition of several macros, e.g., SIG_ERR.
1004 Patch from Jim Pirzyk with assistance by Bob
1005 Booth, University of Illinois at Urbana-Champaign.
1006 Add support for QNX.6. Patch from Sean Boudreau of QNX
1009 devtools/M4/depend/QNX6.m4
1011 include/sm/os/sm_os_qnx.h
1013 New Files added in 8.14.0, but not shown in the release notes entry:
1014 libmilter/docs/smfi_chgfrom.html
1015 libmilter/docs/smfi_version.html
1017 8.14.0/8.14.0 2007/01/31
1018 Header field values are now 8 bit clean. Notes:
1019 - header field names are still restricted to 7 bit.
1020 - RFC 2822 allows only 7 bit (US-ASCII) characters in
1022 Preserve spaces after the colon in a header. Previously, any
1023 number of spaces after the colon would be changed to
1025 In some cases of deeply nested aliases/forwarding, mail can
1026 be silently lost. Moreover, the MaxAliasRecursion
1027 limit may be reached too early, e.g., the counter
1028 may be off by a factor of 4 in case of a sequence of
1029 .forward files that refer to others. Patch from
1030 Motonori Nakamura of Kyoto University.
1031 Fix a regression in 8.13.8: if InputMailFilters is set then
1032 "sendmail -bs" can trigger an assertion because the
1033 hostname of the client is undefined. It is now set
1034 to "localhost" for the xxfi_connect() callback.
1035 Avoid referencing a freed variable during cleanup when terminating.
1036 Problem reported and diagnosed by Joe Maimon.
1037 New option HeloName to set the name for the HELO/EHLO command.
1038 Patch from Nik Clayton.
1039 New option SoftBounce to issue temporary errors (4xy) instead of
1040 permanent errors (5xy). This can be useful for testing.
1041 New suboptions for DaemonPortOptions to set them individually
1043 DeliveryMode DeliveryMode
1047 children MaxDaemonChildren
1048 New option -K for LDAP maps to replace %1 through %9 in the
1049 lookup key with the LDAP escaped contents of the
1050 arguments specified in the map lookup. Loosely based
1051 on patch from Wolfgang Hottgenroth.
1052 Log the time after which a greet_pause delay triggered. Patch
1054 If a client is rejected via TCP wrapper or some other check
1055 performed by validate_connection() (in conf.c) then do
1056 not also invoke greet_pause. Problem noted by Jim Pirzyk
1057 of the University of Illinois at Urbana-Champaign.
1058 If a client terminates the SMTP connection during a pause
1059 introduced by greet_pause, then a misleading message
1060 was logged previously. Problem noted by Vernon Schryver
1061 et.al., patch from Matej Vela.
1062 New command "mstat" for control socket to provide "machine
1064 New named config file rule check_eom which is called at the end
1065 of a message, its parameter is the size of the message.
1066 If the macro {addr_type} indicates that the current address
1067 is a header address it also distinguishes between
1068 recipient and sender addresses (as it is done for
1069 envelope addresses).
1070 When a macro is set in check_relay, then its value is accessible
1071 by all transactions in the same SMTP session.
1072 Increase size of key for ldap lookups to 1024 (MAXKEY).
1073 New option MaxNOOPCommands to override default of 20 for the
1074 number of "useless" commands before the SMTP server will
1075 slow down responding.
1076 New option SharedMemoryKeyFile: if shared memory support is
1077 enabled, the MTA can be asked to select a shared memory
1078 key itself by setting SharedMemoryKey to -1 and specifying
1079 a file where to store the selected key.
1080 Try to deal with open HTTP proxies that are used to send spam
1081 by recognizing some commands from them. If the first command
1082 from the client is GET, POST, CONNECT, or USER, then the
1083 connection is terminated immediately.
1084 New PrivacyOptions noactualrecipient to avoid putting
1085 X-Actual-Recipient lines in DSNs revealing the actual
1086 account that addresses map to. Patch from Dan Harkless.
1087 New options B, z, and Z for DNS maps:
1088 -B: specify a domain that is always appended to queries.
1089 -z: specify the delimiter at which to cut off the result of
1090 a query if it is too long.
1091 -Z: specify the maximum number of entries to be concatenated
1092 to form the result of a lookup.
1093 New target "check" in the Makefile of libsm: instead of running tests
1094 implicitly while building libsm, they must be explicitly
1095 started by using "make check".
1096 Fixed some inconsistent checks for NULL pointers that have been
1097 reported by the SATURN tool which has been developed by
1098 Isil Dillig and Thomas Dillig of Stanford University.
1099 Fix a potential race condition caused by a signal handler for
1100 terminated child processes. Problem noted by David F. Skoll.
1101 When a milter deleted a recipient, that recipient could cause a
1102 queue group selection. This has been disabled as it was not
1104 New operator 'r' for the arith map to return a random number.
1105 Patch from Motonori Nakamura of Kyoto University.
1106 New compile time option MILTER_NO_NAGLE to turn off the Nagle
1107 algorithm for communication with libmilter ("cork" on Linux),
1108 which may improve the communication performance on some
1109 operating systems. Patch from John Gardiner Myers of
1111 If sendmail received input that contained a CR without subsequent LF
1112 (thus violating RFC 2821 (2.3.7)), it could previously
1113 generate an additional blank line in the output as the last
1115 Restarting persistent queue runners by sending a HUP signal to
1116 the "queue control process" (QCP) works now.
1117 Increase the length of an input line to 12288 to deal with
1118 really long lines during SMTP AUTH negotiations.
1119 Problem noted by Werner Wiethege.
1120 If ARPANET mode (-ba) was selected STARTTLS would fail (due to
1121 a missing initialization call for that case). Problem
1122 noted by Neil Rickert of Northern Illinois University.
1123 If sendmail is linked against a library that initializes Cyrus-SASL
1124 before sendmail did it (such as libnss-ldap), then SMTP AUTH
1125 could fail for the sendmail client. A patch by Moritz Both
1126 works around the API design flaw of Cyrus-SASLv2.
1127 CONFIG: Make it possible to unset the StatusFile option by
1128 undefining STATUS_FILE. By not setting StatusFile,
1129 the MTA will not attempt to open a statistics file on
1131 CONFIG: New FEATURE(`require_rdns') to reject messages from SMTP
1132 clients whose IP address does not have proper reverse DNS.
1133 Contributed by Neil Rickert of Northern Illinois University
1134 and John Beck of Sun Microsystems.
1135 CONFIG: New FEATURE(`block_bad_helo') to reject messages from SMTP
1136 clients which provide a HELO/EHLO argument which is either
1137 unqualified, or is one of our own names (i.e., the server
1138 name instead of the client name). Contributed by Neil
1139 Rickert of Northern Illinois University and John Beck of
1141 CONFIG: New FEATURE(`badmx') to reject envelope sender addresses
1142 (MAIL) whose domain part resolves to a "bad" MX record.
1143 Based on contribution from William Dell Wisner.
1144 CONFIG: New macros SMTP_MAILER_LL and RELAY_MAILER_LL to override
1145 the maximum line length of the smtp mailers.
1146 CONFIG: New option `relaytofulladdress' for FEATURE(`access_db')
1147 to allow entries in the access map to be of the form
1148 To:user@example.com RELAY
1149 CONFIG: New subsuboptions eoh and data to specify the list of
1150 macros a milter should receive at those stages in the
1152 CONFIG: New option confHELO_NAME for HeloName to set the name
1153 for the HELO/EHLO command.
1154 CONFIG: dnsbl and enhdnsbl can now also discard or quarantine
1155 messages by using those values as second argument.
1156 Patches from Nelson Fung.
1157 CONTRIB: cidrexpand uses a hash symbol as comment character and
1158 ignores everything after it unless it is in quotes or
1159 preceded by a backslash.
1160 DEVTOOLS: New macro confMKDIR: if set to a program that creates
1161 directories, then it used for "make install" to create
1162 the required installation directories.
1163 DEVTOOLS: New macro confCCLINK to specify the linker to use for
1164 executables (defaults to confCC).
1165 LIBMILTER: A new version of the milter API has been created that
1166 has several changes which are listed below and documented
1167 in the webpages reachable via libmilter/docs/index.html.
1168 LIBMILTER: The meaning of the version macro SMFI_VERSION has been
1169 changed. It now refers only to the version of libmilter,
1170 not to the protocol version (which is used only internally,
1171 it is not user/milter-programmer visible). Additionally,
1172 a version function smfi_version() has been introduced such
1173 that a milter program can check the libmilter version also
1174 at runtime which is useful if a shared library is used.
1175 LIBMILTER: A new callback xxfi_negotiate() can be used to
1176 dynamically (i.e., at runtime) determine the available
1177 protocol actions and features of the MTA and also to
1178 specify which of these a milter wants to use. This allows
1179 for more flexibility than hardcoding these flags in the
1180 xxfi_flags field of the smfiDesc structure.
1181 LIBMILTER: A new callback xxfi_data() is available so milters
1182 can act on the DATA command.
1183 LIBMILTER: A new callback xxfi_unknown() is available so milters
1184 can receive also unknown SMTP commands.
1185 LIBMILTER: A new return code SMFIS_NOREPLY has been added which
1186 can be used by the xxfi_header() callback provided the
1187 milter requested the SMFIP_NOHREPL protocol action.
1188 LIBMILTER: The new return code SMFIS_SKIP can be used in the
1189 xxfi_body() callback to skip over further body chunks
1190 and directly advance to the xxfi_eom() callback. This
1191 is useful if a milter can make a decision based on the
1192 body chunks it already received without reading the entire
1193 rest of the body and the milter wants to invoke functions
1194 that are only available from the xxfi_eom() callback.
1195 LIBMILTER: A new function smfi_addrcpt_par() can be used to add
1196 new recipients including ESMTP parameters.
1197 LIBMILTER: A new function smfi_chgfrom() can be used to change the
1198 envelope sender including ESMTP parameters.
1199 LIBMILTER: A milter can now request to be informed about rejected
1200 recipients (RCPT) too. This requires to set the protocol
1201 flag SMFIP_RCPT_REJ during option negotiation. Whether
1202 a RCPT has been rejected can be checked by comparing the
1203 value of the macro {rcpt_mailer} with "error".
1204 LIBMILTER: A milter can now override the list of macros that it
1205 wants to receive from the MTA for each protocol step
1206 by invoking the function smfi_setsymlist() during option
1208 LIBMILTER: A milter can receive header field values with all
1209 leading spaces by requesting the SMFIP_HDR_LEADSPC
1210 protocol action. Also, if the flag is set then the MTA
1211 does not add a leading space to headers that are added,
1212 inserted, or replaced.
1213 LIBMILTER: If a milter sets the reply code to "421" for the HELO
1214 callback, the SMTP server will terminate the SMTP session
1215 with that error to match the behavior of all other callbacks.
1218 cf/feature/block_bad_helo.m4
1219 cf/feature/require_rdns.m4
1220 devtools/M4/UNIX/check.m4
1222 include/sm/sendmail.h
1224 libmilter/docs/smfi_addrcpt_par.html
1225 libmilter/docs/smfi_setsymlist.html
1226 libmilter/docs/xxfi_data.html
1227 libmilter/docs/xxfi_negotiate.html
1228 libmilter/docs/xxfi_unknown.html
1239 8.13.8/8.13.8 2006/08/09
1240 Fix a regression in 8.13.7: if shared memory is activated, then
1241 the server can erroneously report that there is
1242 insufficient disk space. Additionally make sure that
1243 an internal variable is set properly to avoid those
1244 misleading errors. Based on patch from Steve Hubert
1245 of University of Washington.
1246 Fix a regression in 8.13.7: the PidFile could be removed after
1247 the process that forks the daemon exited, i.e., if
1248 sendmail -bd is invoked. Problem reported by Kan Sasaki
1249 of Fusion Communications Corp. and Werner Wiethege.
1250 Avoid opening qf files if QueueSortOrder is "none". Patch from
1252 Avoid a crash when finishing due to referencing a freed variable.
1253 Problem reported and diagnosed by Moritz Jodeit.
1254 CONTRIB: cidrexpand now deals with /0 by issuing the entire IPv4
1256 LIBMILTER: The "hostname" argument of the xxfi_connect() callback
1257 previously was the equivalent of {client_ptr}. However,
1258 this did not match the documentation of the function, hence
1259 it has been changed to {client_name}. See doc/op/op.me
1262 8.13.7/8.13.7 2006/06/14
1263 A malformed MIME structure with many parts can cause sendmail to
1264 crash while trying to send a mail due to a stack overflow,
1265 e.g., if the stack size is limited (ulimit -s). This
1266 happens because the recursion of the function mime8to7()
1267 was not restricted. The function is called for MIME 8 to
1268 7 bit conversion and also to enforce MaxMimeHeaderLength.
1269 To work around this problem, recursive calls are limited to
1270 a depth of MAXMIMENESTING (20); message content after this
1271 limit is treated as opaque and is not checked further.
1272 Problem noted by Frank Sheiness.
1273 The changes to the I/O layer in 8.13.6 caused a regression for
1274 SASL mechanisms that use the security layer, e.g.,
1275 DIGEST-MD5. Problem noted by Robert Stampfli.
1276 If a timeout occurs while reading a message (during the DATA phase)
1277 a df file might have been left behind in the queue.
1278 This was another side effect of the changes to the I/O
1279 layer made in 8.13.6.
1280 Several minor problems have been fixed that were found by a
1281 Coverity scan of sendmail 8 as part of the NetBSD
1282 distribution. See http://scan.coverity.com/
1283 Note: the scan generated also a lot of "false positives",
1284 e.g., "error" reports about situations that cannot happen.
1285 Most of those code places are marked with lint(1) comments
1286 like NOTREACHED, but Coverity does not understand those.
1287 Hence an explicit assertion has been added in some cases
1288 to avoid those false positives.
1289 If the start of the sendmail daemon fails due to a configuration
1290 error then in some cases shared memory segments or pid
1291 files were not removed.
1292 If DSN support is disabled via access_db, then related ESMTP
1293 parameters for MAIL and RCPT should be rejected. Problem
1294 reported by Akihiro Sagawa.
1295 Enabling zlib compression in OpenSSL 0.9.8[ab] breaks the padding
1296 bug work-around. Hence if sendmail is linked against
1297 either of these versions and compression is available,
1298 the padding bug work-around is turned off. Based on
1299 patch from Victor Duchovni of Morgan Stanley.
1300 CONFIG: FEATURE(`dnsbl') and FEATURE(`enhdnsbl') used
1301 blackholes.mail-abuse.org as default domain for lookups,
1302 however, that list is no longer available. To avoid
1303 further problems, no default value is available anymore,
1304 but an argument must be specified.
1306 Fix compilation on OSF/1 for sfsasl.c. Patch from
1307 Pieter Bowman of the University of Utah.
1309 8.13.6/8.13.6 2006/03/22
1310 SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
1311 and client side of sendmail with timeouts in the libsm I/O
1312 layer and fix problems in that code. Also fix handling of
1313 a buffer in sm_syslog() which could have been used as an
1314 attack vector to exploit the unsafe handling of
1315 setjmp(3)/longjmp(3) in combination with signals.
1316 Problem detected by Mark Dowd of ISS X-Force.
1317 Handle theoretical integer overflows that could triggered if
1318 the server accepted headers larger than the maximum
1319 (signed) integer value. This is prevented in the default
1320 configuration by restricting the size of a header, and on
1321 most machines memory allocations would fail before reaching
1322 those values. Problems found by Phil Brass of ISS.
1323 If a server returns 421 for an RSET command when trying to start
1324 another transaction in a session while sending mail, do
1325 not trigger an internal consistency check. Problem found
1326 by Allan E Johannesen of Worcester Polytechnic Institute.
1327 If a server returns a 5xy error code (other than 501) in response
1328 to a STARTTLS command despite the fact that it advertised
1329 STARTTLS and that the code is not valid according to RFC
1330 2487 treat it nevertheless as a permanent failure instead
1331 of a protocol error (which has been changed to a
1332 temporary error in 8.13.5). Problem reported by Jeff
1333 A. Earickson of Colby College.
1334 Clear SMTP state after a HELO/EHLO command. Patch from John
1335 Myers of Proofpoint.
1336 Observe MinQueueAge option when gathering entries from the queue
1337 for sorting etc instead of waiting until the entries are
1338 processed. Patch from Brian Fundakowski Feldman.
1339 Set up TLS session cache to properly handle clients that try to
1340 resume a stored TLS session.
1341 Properly count the number of (direct) child processes such that
1342 a configured value (MaxDaemonChildren) is not exceeded.
1343 Based on patch from Attila Bruncsak.
1344 LIBMILTER: Remove superfluous backslash in macro definition
1345 (libmilter.h). Based on patch from Mike Kupfer of
1347 LIBMILTER: Don't try to set SO_REUSEADDR on UNIX domain sockets.
1348 This generates an error message from libmilter on
1349 Solaris, though other systems appear to just discard the
1351 LIBMILTER: Deal with sigwait(2) implementations that return
1352 -1 and set errno instead of returning an error code
1353 directly. Patch from Chris Adams of HiWAAY Informations
1356 Fix compilation checks for closefrom(3) and statvfs(2)
1357 in NetBSD. Problem noted by S. Moonesamy, patch from
1360 8.13.5/8.13.5 2005/09/16
1361 Store the filesystem identifier of the df/ subdirectory (if it
1362 exists) in an internal structure instead of the base
1363 directory. This structure is used decide whether there
1364 is enough free disk space when selecting a queue, hence
1365 without this change queue selection could fail if a df/
1366 subdirectory exists and is on a different filesystem
1367 than the base directory.
1368 Use the queue index of the df file (instead of the qf file) for
1369 checking whether a link(2) operation can be used to split
1370 an envelope across queue groups. Problem found by
1372 If the list of items in the queue is larger than the maximum
1373 number of items to process, sort the queue first and
1374 then cut the list off instead of the other way around.
1375 Patch from Matej Vela of Rudjer Boskovic Institute.
1376 Fix helpfile to show full entry for ETRN. Problem noted by
1377 Penelope Fudd, patch from Neil Rickert of Northern Illinois
1379 FallbackSmartHost should also be tried on temporary errors.
1380 From John Beck of Sun Microsystems.
1381 When a server responds with 421 to the STARTTLS command then treat
1382 it as a temporary error, not as protocol error. Problem
1383 noted by Andrey J. Melnikoff.
1384 Properly define two functions in libsm as static because their
1385 prototype used static too. Patch from Peter Klein.
1386 Fix syntax errors in helpfile for MAIL and RCPT commands.
1387 LIBMILTER: When smfi_replacebody() is called with bodylen equals
1388 zero then do not silently ignore that call. Patch from
1389 Gurusamy Sarathy of Active State.
1390 LIBMILTER: Recognize "421" also in a multi-line reply to terminate
1391 the SMTP session with that error. Fix from Brian Kantor.
1392 Portability: New option HASSNPRINTF which can be set if the OS
1393 has a properly working snprintf(3) to get rid
1394 of the last two (safe) sprintf(3) calls in the
1396 Add support for AIX 5.3.
1397 Add support for SunOS 5.11 (aka Solaris 11).
1398 Add support for Darwin 8.x. Patch from Lyndon Nerenberg.
1399 OpenBSD 3.7 has removed support for NETISO.
1400 CONFIG: Add OSTYPE(freebsd6) for FreeBSD 6.X.
1401 Set DontBlameSendmail to AssumeSafeChown and
1402 GroupWritableDirPathSafe for OSTYPE(darwin).
1403 Patch from Lyndon Nerenberg.
1404 Some features still used 4.7.1 as enhanced status code which
1405 was supposed to be eliminated in 8.13.0 because some
1406 broken systems misinterpret it as a permanent error.
1407 Patch from Matej Vela of Rudjer Boskovic Institute.
1408 Some default values in a generated cf file did not match
1409 the defaults in the sendmail binary. Problem noted
1412 cf/ostype/freebsd6.m4
1414 devtools/OS/Darwin.8.x
1415 devtools/OS/SunOS.5.11
1418 8.13.4/8.13.4 2005/03/27
1419 The bug fixes in 8.13.3 for connection handling uncovered a
1420 different error which could result in connections that
1421 stay in CLOSE_WAIT state due to a variable that was not
1422 properly initialized. Problem noted by Michael Sims.
1423 Deal with empty hostnames in hostsignature(). This bug could lead
1424 to an endless loop when doing LMTP deliveries to another
1425 host. Problem first reported by Martin Lathoud and
1426 tracked down by Gael Roualland.
1427 Make sure return parameters are initialized in getmxrr(). Problem
1428 found by Gael Roualland using valgrind.
1429 If shared memory is used and the RunAsUser option is set, then the
1430 owner and group of the shared memory segment is set to
1431 the ids specified RunAsUser and the access mode is set
1432 to 0660 to allow for updates by sendmail processes.
1433 The number of queue entries that is (optionally) kept in shared
1434 memory was wrong in some cases, e.g., envelope splitting
1435 and bounce generation.
1436 Undo a change made in 8.13.0 to silently truncate long strings
1437 in address rewriting because the message can be triggered
1438 for header checks where long strings are legitimate.
1439 Problem reported by Mary Verge DeSisto, and tracked
1440 down with the help of John Beck of Sun Microsystems.
1441 The internal stab map did not obey the -m flag. Patch from
1442 Rob McMahon of Warwick University, England.
1443 The socket map did not obey the -f flag. Problem noted by
1444 Dan Ringdahl, forwarded by Andrzej Filip.
1445 The addition of LDAP recursion in 8.13.0 broke enforcement of
1446 the LDAP map -1 argument which tells the MTA to only
1447 return success if and only if a single LDAP match is found.
1448 Add additional error checks in the MTA for milter communication
1449 to avoid a possible segmentation fault. Based on patch
1451 Do not trigger an assertion if X509_digest() returns success but
1452 does not assign a value to its output parameter. Based
1453 on patch by Brian Kantor.
1454 Add more checks when resetting internal AUTH data (applies only
1455 to Cyrus SASL version 2). Otherwise an SMTP session might
1456 be dropped after an AUTH failure.
1458 Add LA_LONGLONG as valid LA_TYPE type for systems that use
1459 "long long" to read load average data, e.g.,
1460 AIX 5.1 in 32 bit mode. Note: this has to be set
1461 "by hand", it is not (yet) automatically detected.
1462 Problem noted by Burak Bilen.
1463 Use socklen_t for accept(), etc. on AIX 5.x. This should
1464 fix problems when compiling in 64 bit mode.
1465 Problem first reported by Harry Meiert of
1466 University of Bremen.
1472 8.13.3/8.13.3 2005/01/11
1473 Enhance handling of I/O errors, especially EOF, when STARTTLS
1475 Make sure a connection is not reused after it has been closed
1476 due to a 421 error. Problem found by Allan E Johannesen
1477 of Worcester Polytechnic Institute.
1478 Avoid triggering an assertion when sendmail is interrupted while
1479 closing a connection. Problem found by Allan E Johannesen
1480 of Worcester Polytechnic Institute.
1481 Regression: a change in 8.13.2 caused sendmail not to try the
1482 next MX host (or FallbackMXhost if configured) when, at
1483 connection open, the current server returns a 4xy or 5xy
1484 SMTP reply code. Problem noted by Mark Tranchant.
1486 8.13.2/8.13.2 2004/12/15
1487 Do not split the first header even if it exceeds the internal
1488 buffer size. Previously a part of such a header would
1489 end up in the body of the message. Problem noted by
1490 Simple Nomad of BindView.
1491 Do not complain about "cataddr: string too long" when checking
1492 headers that do not contain RFC 2822 addresses.
1493 Problem noted by Rich Graves of Brandeis University.
1494 If a server returns a 421 reply to the RSET command between
1495 message deliveries, do not attempt to deliver any more
1496 messages on that connection. This prevents bogus "Bad
1497 file number" recipient status. Problem noted by
1498 Allan E Johannesen of Worcester Polytechnic Institute.
1499 Allow trailing white space in EHLO command as recommended by RFC
1500 2821. Problem noted by Ralph Santagato of SBC Services.
1501 Deal with clients which use AUTH but negotiate a smaller buffer size
1502 for data exchanges than the value used by sendmail, e.g.,
1503 Cyrus IMAP lmtp server. Based on patch by Jamie Clark.
1504 When passing ESMTP arguments for RCPT to a milter, do not cut
1505 them off at a comma. Problem noted by Krzysztof Oledzki.
1506 Add more logging to milter change header functions to
1507 complement existing logging. Based on patch from
1508 Gurusamy Sarathy of Active State.
1509 Include <lber.h> in include/sm/config.h when LDAPMAP is defined.
1510 Patch from Edgar Hoch of the University of Stuttgart.
1511 Fix DNS lookup if IPv6 is enabled when converting an IP address
1512 to a hostname for use with SASL. Problem noted by Ken Jones;
1513 patch from Hajimu UMEMOTO.
1514 CONFIG: For consistency enable MODIFY_MAILER_FLAGS for the prog
1515 mailer. Patch from John Beck of Sun Microsystems.
1516 LIBMILTER: It was possible that xxfi_abort() was called after
1517 xxfi_eom() for a message if some timeouts were triggered.
1518 Patch from Alexey Kravchuk.
1519 LIBMILTER: Slightly rearrange mutex use in listener.c to allow
1520 different threads to call smfi_opensocket() and smfi_main().
1521 Patch from Jordan Ritter of Cloudmark.
1522 MAIL.LOCAL: Properly terminate MBDB before exiting. Problem
1523 noted by Nelson Fung.
1524 MAIL.LOCAL: make strip-mail.local used a wrong path to access
1525 mail.local. Problem noted by William Park.
1526 VACATION: Properly terminate MBDB before exiting. Problem noted
1529 Add support for DragonFly BSD.
1531 cf/ostype/dragonfly.m4
1532 devtools/OS/DragonFly
1533 include/sm/os/sm_os_dragonfly.h
1537 8.13.1/8.13.1 2004/07/30
1538 Using the default AliasFile ldap: specification would cause the
1539 objectClasses of the LDAP response to be included in the
1540 alias expansion. Problem noted by Brenden Conte of
1541 Rensselaer Polytechnic Institute.
1542 Fix support for a fallback smart host for system where DNS is
1543 (partially) available. From John Beck of Sun Microsystems.
1544 Fix SuperSafe=PostMilter behavior when a milter replaces a body
1545 but the data file is not yet stored on disk because it is
1546 smaller than the size of the memory buffer. Problem noted
1548 Fix certificate revocation list support; if a CRL was specified
1549 but the other side presented a cert that was signed by
1550 a different (trusted) CA than the one which issued the CRL,
1551 verification would always fail. Problem noted by Al Smith.
1552 Run mailer programs as the RunAsUser when RunAsUser is set and
1553 the F=S mailer flag is set without a U= mailer equate.
1554 Problem noted by John Gardiner Myers of Proofpoint.
1555 ${nbadrcpts} was off by one if BadRcptThrottle is zero.
1556 Patch from Sung-hoon Choi of DreamWiz Inc.
1557 CONFIG: Emit a warning if FEATURE(`access_db') is used after
1558 FEATURE(`greet_pause') because then the latter will not
1559 use the access map. Note: if no default value is given
1560 for FEATURE(`greet_pause') then it issues an error if
1561 FEATURE(`access_db') is not specified before it.
1562 Problem noted by Alexander Dalloz of University of
1564 CONFIG: Invoke ruleset Local_greet_pause if FEATURE(`greet_pause')
1565 is used to give more flexibility for local changes.
1567 Fix a 64 bit problem in the socket map code. Problem
1568 noted by Geoff Adams.
1569 NetBSD 2.0F has closefrom(3). Patch from Andrew Brown.
1570 NetBSD can use sysctl(3) to get the number of CPUs in
1571 a system. Patch from Andrew Brown.
1572 Add a README file in doc/op/ to explain potential
1573 incompatibilities with various *roff related
1574 tools. Problem tracked down by Per Hedeland.
1578 8.13.0/8.13.0 2004/06/20
1579 Do not include AUTH data in a bounce to avoid leaking confidential
1580 information. See also cf/README about MSP and the section
1581 "Providing SMTP AUTH Data when sendmail acts as Client".
1582 Problem noted by Neil Rickert of Northern Illinois
1584 Fix compilation error in libsm/clock.c for -D_FFR_SLEEP_USE_SELECT=n
1585 and -DSM_CONF_SETITIMER=0. Problem noted by Juergen Georgi
1586 of RUS University of Stuttgart.
1587 Fix bug in conversion from 8bit to quoted-printable. Problem found
1588 by Christof Haerens, patch from Per Hedeland.
1589 Add support for LDAP recursion based on types given to attribute
1590 specifications in an LDAP map definition. This allows
1591 LDAP queries to return a new query, a DN, or an LDAP
1592 URL which will in turn be queried. See the ``LDAP
1593 Recursion'' section of doc/op/op.me for more information.
1594 Based on patch from Andrew Baucom.
1595 Extend the default LDAP specifications for AliasFile
1596 (O AliasFile=ldap:) and file classes (F{X}@LDAP) to
1597 include support for LDAP recursion via new attributes.
1598 See ``USING LDAP FOR ALIASES, MAPS, and CLASSES'' section
1599 of cf/README for more information.
1600 New option for LDAP maps: the -w option allows you to specify the
1601 LDAP API/protocol version to use. The default depends on
1603 New option for LDAP maps: the -H option allows you to specify an
1604 LDAP URI instead of specifying the LDAP server via -h host
1605 and -p port. This also allows for the use of LDAP over
1606 SSL and connections via named sockets if your LDAP
1607 library supports it.
1608 New compile time flag SM_CONF_LDAP_INITIALIZE: set this if
1609 ldap_initialize(3) is available (and LDAPMAP is set).
1610 If MaxDaemonChildren is set and a command is repeated too often
1611 during a SMTP session then terminate it just like it is
1612 done for too many bad SMTP commands.
1613 Basic connection rate control support has been added: the daemon
1614 maintains the number of incoming connections per client
1615 IP address and total in the macros {client_rate} and
1616 {total_rate}, respectively. These macros can be used
1617 in the cf file to impose connection rate limits.
1618 A new option ConnectionRateWindowSize (default: 60s)
1619 determines the length of the interval for which the
1620 number of connections is stored. Based on patch from
1621 Jose Marcio Martins da Cruz, Ecole des Mines de Paris.
1622 Add optional protection from open proxies and SMTP slammers which
1623 send SMTP traffic without waiting for the SMTP greeting.
1624 If enabled by the new ruleset greet_pause (see
1625 FEATURE(`greet_pause')), sendmail will wait the specified
1626 amount of time before sending the initial 220 SMTP
1627 greeting. If any traffic is received before then, a 554
1628 SMTP response is sent and all SMTP commands are rejected
1629 during that connection.
1630 If 32 NOOP (or unknown/bad) commands are issued by a client the SMTP
1631 server could sleep for a very long time. Fix based on
1632 patch from Tadashi Kobayashi of IIJ.
1633 Fix a potential memory leak in persistent queue runners if the
1634 number of entries in the queue exceeds the limit of jobs.
1635 Problem noted by Steve Hubert of University of Washington.
1636 Do not use 4.7.1 as enhanced status code because some broken systems
1637 misinterpret it as a permanent error.
1638 New value for SuperSafe: PostMilter which will delay fsync() until
1639 all milters accepted the mail. This can increase
1640 performance if many mails are rejected by milters due to
1641 body scans. Based on patch from David F. Skoll.
1642 New macro {msg_id} which contains the value of the Message-Id:
1643 header, whether provided by the client or generated by
1645 New macro {client_connections} which contains the number of open
1646 connections in the SMTP server for the client IP address.
1647 Based on patch from Jose Marcio Martins da Cruz, Ecole des
1649 sendmail will now remove its pidfile when it exits. This was done
1650 to prevent confusion caused by running sendmail stop
1651 scripts two or more times, where the second and subsequent
1652 runs would report misleading error messages about sendmail's
1653 pid no longer existing. See section 1.3.15 of doc/op/op.me
1654 for a discussion of the implications of this, including
1655 how to correct broken scripts which may have depended on
1656 the old behavior. From John Beck of Sun Microsystems.
1657 Support per-daemon input filter lists which override the default
1658 filter list specified in InputMailFilters. The filters
1659 can be listed in the I= equate of DaemonPortOptions.
1660 Do not add all domain prefixes of the hostname to class 'w'. If
1661 your configuration relies on this behavior, you have to
1662 add those names to class 'w' yourself. Problem noted
1664 Support message quarantining in the mail queue. Quarantined
1665 messages are not run on normal queue displays or runs
1666 unless specifically requested with -qQ. Quarantined queue
1667 files are named with an hf prefix instead of a qf prefix.
1668 The -q command line option now can specify which queue to display
1669 or run. -qQ operates on quarantined queue items. -qL
1670 operates on lost queue items.
1671 Restricted mail queue runs and displays can be done based on the
1672 quarantined reason using -qQtext to run or display
1673 quarantined items if the quarantine reason contains the
1674 given text. Similarly, -q!Qtext will run or display
1675 quarantined items which do not have the given text in the
1677 Items in the queue can be quarantined or unquarantined using the
1678 new -Q option. See doc/op/op.me for more information.
1679 When displaying the quarantine mailq with 'mailq -qQ', the
1680 quarantine reason is shown in a new line prefixed by
1682 A new error code for the $#error mailer, $@ quarantine, can be used
1683 to quarantine messages in check_* (except check_compat) and
1684 header check rulesets. The $: of the mailer triplet will
1685 be used for the quarantine reason.
1686 Add a new quarantine count to the mailstats collected.
1687 Add a new macro ${quarantine} which is the quarantine reason for a
1688 message if it is quarantined.
1689 New map type "socket" for a trivial query protocol over UNIX domain
1690 or TCP sockets (requires compile time option SOCKETMAP).
1691 See sendmail/README and doc/op/op.me for details as well as
1692 socketmapServer.pl and socketmapClient.pl in contrib.
1693 Code donated by Bastiaan Bakker of LifeLine Networks.
1694 Define new macro ${client_ptr} which holds the result of the PTR
1695 lookup for the client IP address. Note: this is the same
1696 as ${client_name} if and only if ${client_resolve} is OK.
1697 Add a new macro ${nbadrcpts} which contains the number of bad
1698 recipients received so far in a transaction.
1699 Call check_relay with the value of ${client_name} to deal with bogus
1700 DNS entries. See also FEATURE(`use_client_ptr'). Problem
1701 noted by Kai Schlichting.
1702 Treat Delivery-Receipt-To: headers the same as Return-Receipt-To:
1703 headers (turn them into DSNs). Delivery-Receipt-To: is
1704 apparently used by SIMS (Sun Internet Mail System).
1705 Enable connection caching for LPC mailers. Patch from Christophe
1706 Wolfhugel of France Telecom Oleane.
1707 Do not silently truncate long strings in address rewriting.
1708 Add support for Cyrus SASL version 2. From Kenneth Murchison of
1710 Add a new AuthOption=m flag to require the use of mechanisms which
1711 support mutual authentication. From Kenneth Murchison of
1713 Fix logging of TLS related problems (introduced in 8.12.11).
1714 The macros {auth_author} and {auth_authen} are stored in xtext
1715 format just like the STARTTLS related macros to avoid
1716 problems with parsing them. Problem noted by Pierangelo
1717 Masarati of SysNet s.n.c.
1718 New option AuthRealm to set the authentication realm that is
1719 passed to the Cyrus SASL library. Patch from Gary Mills
1720 of the University of Manitoba.
1721 Enable AUTH mechanism EXTERNAL if STARTTLS verification was
1722 successful, otherwise relaying would be allowed if
1723 EXTERNAL is listed in TRUST_AUTH_MECH() and STARTTLS
1725 Add basic support for certificate revocation lists. Note: if a
1726 CRLFile is specified but the file is unusable, STARTTLS
1727 is disabled. Based on patch by Ralf Hornik.
1728 Enable workaround for inconsistent Cyrus SASLv1 API for mechanisms
1729 DIGEST-MD5 and LOGIN.
1730 Write pid to file also if sendmail only acts as persistent queue
1731 runner. Proposed by Gary Mills of the University of Manitoba.
1732 Keep daemon pid file(s) locked so other daemons don't try to
1733 overwrite each other's pid files.
1734 Increase maximum length of logfile fields for {cert_subject} and
1735 {cert_issuer} from 128 to 256. Requested by Christophe
1736 Wolfhugel of France Telecom.
1737 Log the TLS verification message on the STARTTLS= log line at
1738 LogLevel 12 or higher.
1739 If the MSP is invoked with the verbose option (-v) then it will
1740 try to use the SMTP command VERB to propagate this option
1741 to the MTA which in turn will show the delivery just like
1742 it was done before the default 8.12 separation of MSP and
1743 MTA. Based on patch by Per Hedeland.
1744 If a daemon is refusing connections for longer than the time specified
1745 by the new option RejectLogInterval (default: 3 hours) due
1746 to high load, log this information. Patch from John Beck
1747 of Sun Microsystems.
1748 Remove the ability for non-trusted users to raise the value of
1749 CheckpointInterval on the command line.
1750 New mailer flag 'B' to strip leading backslashes, which is a
1751 subset of the functionality of the 's' flag.
1752 New mailer flag 'W' to ignore long term host status information.
1753 Patch from Juergen Georgi of RUS University of Stuttgart.
1754 Enable generic mail filter API (milter) by default. To turn
1755 it off, add -DMILTER=0 to the compile time options.
1756 An internal SMTP session discard flag was lost after an RSET/HELO/EHLO
1757 causing subsequent messages to be sent instead of being
1758 discarded. This also caused milter callbacks to be called
1759 out of order after the SMTP session was reset.
1760 New option RequiresDirfsync to turn off the compile time flag
1761 REQUIRES_DIR_FSYNC at runtime. See sendmail/README for
1762 further information.
1763 New command line option -D logfile to send debug output to
1764 the indicated log file instead of stdout.
1765 Add Timeout.queuereturn.dsn and Timeout.queuewarn.dsn to control
1766 queue return and warning times for delivery status
1768 New queue sort order option: 'n'one for not sorting the queue entries
1770 Several more return values for ruleset srv_features have been added
1771 to enable/disable certain features in the server per
1772 connection. See doc/op/op.me for details.
1773 Support for SMTP over SSL (smtps), activated by Modifier=s
1774 for DaemonPortOptions.
1775 Continue with DNS lookups on ECONNREFUSED and TRY_AGAIN when
1776 trying to canonify hostnames. Suggested by Neil Rickert
1777 of Northern Illinois University.
1778 Add support for a fallback smart host (option FallbackSmartHost) to
1779 be tried as a last resort after all other fallbacks. This
1780 is designed for sites with partial DNS (e.g., an accurate
1781 view of inside the company, but an incomplete view of
1782 outside). From John Beck of Sun Microsystems.
1783 Enable timeout for STARTTLS even if client does not start the TLS
1784 handshake. Based on patch by Andrey J. Melnikoff.
1785 Remove deprecated -v option for PH map, use -k instead. Patch from
1786 Mark Roth of the University of Illinois at Urbana-Champaign.
1787 libphclient is version 1.2.x by default, if version 1.1.x is required
1788 then compile with -DNPH_VERSION=10100. Patch from Mark Roth
1789 of the University of Illinois at Urbana-Champaign.
1790 Add Milter.macros.eom, allowing macros to be sent to milter
1791 applications for use in the xxfi_eom() callback.
1792 New macro {time} which contains the output of the time(3) function,
1793 i.e., the number of seconds since 0 hours, 0 minutes,
1794 0 seconds, January 1, 1970, Coordinated Universal Time (UTC).
1795 If check_relay sets the reply code to "421" the SMTP server will
1796 terminate the SMTP session with a 421 error message.
1797 Get rid of dead code that tried to access the environment variable
1799 Deprecate the use of ErrorMode=write. To enable this in 8.13
1800 compile with -DUSE_TTYPATH=1.
1801 Header check rulesets using $>+ (do not strip comments) will get
1802 the header value passed in without balancing quotes,
1803 parentheses, and angle brackets. Based on patch from
1805 Do not complain and fix up unbalanced quotes, parentheses, and
1806 angle brackets when reading in rulesets. This allows
1807 rules to be written for header checks to catch strings
1808 that contain quotes, parentheses, and/or angle brackets.
1809 Based on patch from Oleg Bulyzhin.
1810 Do not close socket when accept(2) in the daemon encounters
1811 some temporary errors like ECONNABORTED.
1812 Added list of CA certificates that are used by members of the
1813 sendmail consortium, see CACerts.
1815 Two new compile options have been added:
1816 HASCLOSEFROM System has closefrom(3).
1817 HASFDWALK System has fdwalk(3).
1818 Based on patch from John Beck of Sun Microsystems.
1819 The Linux kernel version 2.4 series has a broken flock() so
1820 change to using fcntl() locking until they can fix
1821 it. Be sure to update other sendmail related
1822 programs to match locking techniques.
1823 New compile time option NEEDINTERRNO which should be set
1824 if <errno.h> does not declare errno itself.
1825 Support for UNICOS/mk and UNICOS/mp added, some changes for
1826 UNICOS. Patches contributed by Aaron Davis and
1827 Brian Ginsbach, Cray Inc., and Manu Mahonen of
1828 Center for Scientific Computing.
1829 Add support for Darwin 7.0/Mac OS X 10.3 (a.k.a. Panther).
1830 Extend support to Darwin 7.x/Mac OS X 10.3 (a.k.a. Panther).
1831 Remove path from compiler definition for Interix because
1832 Interix 3.0 and 3.5 put gcc in different locations.
1833 Also use <sys/mkdev.h> to get the correct
1834 major()/minor() definitions. Based on feedback
1835 from Mark Funkenhauser.
1836 CONFIG: Add support for LDAP recursion to the default LDAP searches
1837 for maps via new attributes. See the ``USING LDAP FOR
1838 ALIASES, MAPS, and CLASSES'' section of cf/README and
1839 cf/sendmail.schema for more information.
1840 CONFIG: Make sure confTRUSTED_USER is valid even if confRUN_AS_USER
1841 is of the form "user:group" when used for submit.mc.
1842 Problem noted by Carsten P. Gehrke, patch from Neil Rickert
1843 of Northern Illinois University.
1844 CONFIG: Add a new access DB value of QUARANTINE:reason which
1845 instructs the check_* (except check_compat) to quarantine
1846 the message using the given reason.
1847 CONFIG: Use "dns -R A" as map type for dnsbl (just as for enhdnsbl)
1848 instead of "host" to avoid problem with looking up other
1849 DNS records than just A.
1850 CONFIG: New option confCONNECTION_RATE_WINDOW_SIZE to define the
1851 length of the interval for which the number of incoming
1852 connections is maintained.
1853 CONFIG: New FEATURE(`ratecontrol') to set the limits for connection
1854 rate control for individual hosts or nets.
1855 CONFIG: New FEATURE(`conncontrol') to set the limits for the
1856 number of open SMTP connections for individual hosts or nets.
1857 CONFIG: New FEATURE(`greet_pause') enables open proxy and SMTP
1858 slamming protection described above. The feature can
1859 take an argument specifying the milliseconds to wait and/or
1860 use the access database to look the pause time based on
1861 client hostname, domain, IP address, or subnet.
1862 CONFIG: New FEATURE(`use_client_ptr') to have check_relay use
1863 $&{client_ptr} as its first argument. This is useful for
1864 rejections based on the unverified hostname of client,
1865 which turns on the same behavior as in earlier sendmail
1866 versions when delay_checks was not in use. See also entry
1867 above about check_relay being invoked with ${client_name}.
1868 CONFIG: New option confREJECT_LOG_INTERVAL to specify the log
1869 interval when refusing connections for this long.
1870 CONFIG: Remove quotes around usage of confREJECT_MSG; in some cases
1871 this requires a change in a mc file. Requested by
1872 Ted Roberts of Electronic Data Systems.
1873 CONFIG: New option confAUTH_REALM to set the authentication realm
1874 that is passed to the Cyrus SASL library. Patch from
1875 Gary Mills of the University of Manitoba.
1876 CONFIG: Rename the (internal) classes {tls}/{src} to {Tls}/{Src}
1877 to follow the naming conventions.
1878 CONFIG: Add a third optional argument to local_lmtp to specify
1880 CONFIG: Remove the f flag from the default mailer flags of
1882 CONFIG: New option confREQUIRES_DIR_FSYNC to turn off the compile
1883 time flag REQUIRES_DIR_FSYNC at runtime.
1884 CONFIG: New LOCAL_UUCP macro to insert rules into the generated
1885 cf file at the same place where MAILER(`uucp') inserts
1887 CONFIG: New options confTO_QUEUERETURN_DSN and confTO_QUEUEWARN_DSN
1888 to control queue return and warning times for delivery
1889 status notifications.
1890 CONFIG: New option confFALLBACK_SMARTHOST to define FallbackSmartHost.
1891 CONFIG: Add the mc file which has been used to create the cf
1892 file to the end of the cf file when using make in cf/cf/.
1893 Patch from Richard Rognlie.
1894 CONFIG: FEATURE(nodns) has been removed, it was a no-op since 8.9.
1895 Use ServiceSwitchFile to turn off DNS lookups, see
1897 CONFIG: New option confMILTER_MACROS_EOM (sendmail Milter.macros.eom
1898 option) defines macros to be sent to milter applications for
1899 use in the xxfi_eom() callback.
1900 CONFIG: New option confCRL to specify file which contains
1901 certificate revocations lists.
1902 CONFIG: Add a new value (sendertoo) for the third argument to
1903 FEATURE(`ldap_routing') which will reject the SMTP
1904 MAIL From: command if the sender address doesn't exist
1905 in LDAP. See cf/README for more information.
1906 CONFIG: Add a fifth argument to FEATURE(`ldap_routing') which
1907 instructs the rulesets on whether or not to do a domain
1908 lookup if a full address lookup doesn't match. See cf/README
1909 for more information.
1910 CONFIG: Add a sixth argument to FEATURE(`ldap_routing') which
1911 instructs the rulesets on whether or not to queue the mail
1912 or give an SMTP temporary error if the LDAP server can't be
1913 reached. See cf/README for more information. Based on
1914 patch from Billy Ray Miller of Caterpillar.
1915 CONFIG: Experimental support for MTAMark, see cf/README for details.
1916 CONFIG: New option confMESSAGEID_HEADER to define a different
1917 Message-Id: header format. Patch from Bastiaan Bakker
1918 of LifeLine Networks.
1919 CONTRIB: New version of cidrexpand which uses Net::CIDR. From
1921 CONTRIB: oldbind.compat.c has been removed due to security problems.
1922 Found by code inspection done by Reasoning, Inc.
1923 DEVTOOLS: Add an example file for devtools/Site/, contributed
1924 by Neil Rickert of Northern Illinois University.
1925 LIBMILTER: Add new function smfi_quarantine() which allows the
1926 filter's EOM routine to quarantine the current message.
1927 Filters which use this function must include the
1928 SMFIF_QUARANTINE flag in the registered smfiDesc structure.
1929 LIBMILTER: If a milter sets the reply code to "421", the SMTP server
1930 will terminate the SMTP session with that error.
1931 LIBMILTER: Upon filter shutdown, libmilter will not remove a
1932 named socket in the file system if it is running as root.
1933 LIBMILTER: Add new function smfi_progress() which allows the filter
1934 to notify the MTA that an EOM operation is still in progress,
1935 resetting the timeout.
1936 LIBMILTER: Add new function smfi_opensocket() which allows the filter
1937 to attempt to establish the interface socket, and detect
1938 failure to do so before calling smfi_main().
1939 LIBMILTER: Add new function smfi_setmlreply() which allows the
1940 filter to return a multi-line SMTP reply.
1941 LIBMILTER: Deal with more temporary errors in accept() by ignoring
1942 them instead of stopping after too many occurred.
1943 Suggested by James Carlson of Sun Microsystems.
1944 LIBMILTER: Fix a descriptor leak in the sample program found in
1945 docs/sample.html. Reported by Dmitry Adamushko.
1946 LIBMILTER: The sample program also needs to use SMFIF_ADDRCPT.
1947 Reported by Carl Byington of 510 Software Group.
1948 LIBMILTER: Document smfi_stop() and smfi_setdbg(). Patches
1949 from Bryan Costales.
1950 LIBMILTER: New compile time option SM_CONF_POLL; define this if
1951 poll(2) should be used instead of select(2).
1952 LIBMILTER: New function smfi_insheader() and related protocol
1953 amendments to support header insertion operations.
1954 MAIL.LOCAL: Add support for hashed mail directories, see
1955 mail.local/README. Contributed by Chris Adams of HiWAAY
1956 Informations Services.
1957 MAILSTATS: Display quarantine message counts.
1958 MAKEMAP: Add new flag -D to specify the comment character to use
1960 VACATION: Add new flag -j to auto-respond to messages regardless of
1961 whether or not the recipient is listed in the To: or Cc:
1963 VACATION: Add new flag -R to specify the envelope sender address
1964 for the auto-response message.
1967 cf/feature/conncontrol.m4
1968 cf/feature/greet_pause.m4
1969 cf/feature/mtamark.m4
1970 cf/feature/ratecontrol.m4
1971 cf/feature/use_client_ptr.m4
1973 cf/ostype/unicosmk.m4
1974 cf/ostype/unicosmp.m4
1975 contrib/socketmapClient.pl
1976 contrib/socketmapServer.pl
1977 devtools/OS/Darwin.7.0
1978 devtools/OS/UNICOS-mk
1979 devtools/OS/UNICOS-mp
1980 devtools/Site/site.config.m4.sample
1981 include/sm/os/sm_os_unicos.h
1982 include/sm/os/sm_os_unicosmk.h
1983 include/sm/os/sm_os_unicosmp.h
1984 libmilter/docs/smfi_insheader.html
1985 libmilter/docs/smfi_progress.html
1986 libmilter/docs/smfi_quarantine.html
1987 libmilter/docs/smfi_setdbg.html
1988 libmilter/docs/smfi_setmlreply.html
1989 libmilter/docs/smfi_stop.html
1993 contrib/oldbind.compat.c
1994 devtools/OS/CRAYT3E.2.0.x
1995 devtools/OS/CRAYTS.10.0.x
1998 devtools/OS/Darwin.7.0 => devtools/OS/Darwin.7.x
2000 8.12.11/8.12.11 2004/01/18
2001 Use QueueFileMode when opening qf files. This error was a
2002 regression in 8.12.10. Problem detected and diagnosed
2003 Lech Szychowski of the Polish Power Grid Company.
2004 Properly count the number of queue runners in a work group and
2005 make sure the total limit of MaxQueueChildren is not
2006 exceeded. Based on patch from Takayuki Yoshizawa of
2008 Take care of systems that can generate time values where the
2009 seconds can exceed the usual range of 0 to 59.
2010 Problem noted by Randy Diffenderfer of EDS.
2011 Avoid regeneration of identical queue identifiers by processes
2012 whose process id is the same as that of the initial
2013 sendmail process that was used to start the daemon.
2014 Problem noted by Randy Diffenderfer of EDS.
2015 When a milter invokes smfi_delrcpt() compare the supplied
2016 recipient address also against the printable addresses
2017 of the current list to deal with rewritten addresses.
2018 Based on patch from Sean Hanson of The Asylum.
2019 BadRcptThrottle now also works for addresses which return the
2020 error mailer, e.g., virtusertable entries with the
2021 right hand side error:. Patch from Per Hedeland.
2022 Fix printing of 8 bit characters as octals in log messages.
2023 Based on patch by Andrey J. Melnikoff.
2024 Undo change of algorithm for MIME 7-bit base64 encoding to 8-bit
2025 text that has been introduced in 8.12.3. There are some
2026 examples where the new code fails, but the old code works.
2027 To get the 8.12.3-8.12.10 version, compile sendmail with
2028 -DMIME7TO8_OLD=0. If you have an example of improper
2029 7 to 8 bit conversion please send it to us.
2030 Return normal error code for unknown SMTP commands instead of
2031 the one specified by check_relay or a milter for a
2032 connection. Problem noted by Andrzej Filip.
2033 Some ident responses contain data after the terminating CRLF which
2034 causes sendmail to log "POSSIBLE ATTACK...newline in string".
2035 To avoid this everything after LF is ignored.
2036 If the operating system supports O_EXLOCK and HASFLOCK is set
2037 then a possible race condition for creating qf files
2038 can be avoided. Note: the race condition does not
2039 exist within sendmail, but between sendmail and an
2040 external application that accesses qf files.
2041 Log the proper options name for TLS related mising files for
2042 the CACertPath, CACertFile, and DHParameters options.
2043 Do not split an envelope if it will be discarded, otherwise df
2044 files could be left behind. Problem found by Wolfgang
2046 The use of the environment variables HOME and HOSTALIASES has been
2047 deprecated and will be removed in version 8.13. This only
2048 effects configuration which preserve those variable via the
2049 'E' command in the cf file as sendmail clears out its entire
2052 Add support for Darwin 7.0/Mac OS X 10.3 (a.k.a. Panther).
2053 Solaris 10 has unsetenv(), patch from Craig Mohrman of
2055 LIBMILTER: Add extra checks in case a broken MTA sends bogus data
2056 to libmilter. Based on code review by Rob Grzywinski.
2057 SMRSH: Properly assemble commands that contain '&&' or '||'.
2058 Problem noted by Eric Lee of Talking Heads.
2060 devtools/OS/Darwin.7.0
2062 8.12.10/8.12.10 2003/09/24 (Released: 2003/09/17)
2063 SECURITY: Fix a buffer overflow in address parsing. Problem
2064 detected by Michal Zalewski, patch from Todd C. Miller
2065 of Courtesan Consulting.
2066 Fix a potential buffer overflow in ruleset parsing. This problem
2067 is not exploitable in the default sendmail configuration;
2068 only if non-standard rulesets recipient (2), final (4), or
2069 mailer-specific envelope recipients rulesets are used then
2070 a problem may occur. Problem noted by Timo Sirainen.
2071 Accept 0 (and 0/0) as valid input for set MaxMimeHeaderLength.
2072 Problem noted by Thomas Schulz.
2073 Add several checks to avoid (theoretical) buffer over/underflows.
2074 Properly count message size when performing 7->8 or 8->7 bit MIME
2075 conversions. Problem noted by Werner Wiethege.
2076 Properly compute message priority based on size of entire message,
2077 not just header. Problem noted by Axel Holscher.
2078 Reset SevenBitInput to its configured value between SMTP
2079 transactions for broken clients which do not properly
2080 announce 8 bit data. Problem noted by Stefan Roehrich.
2081 Set {addr_type} during queue runs when processing recipients.
2082 Based on patch from Arne Jansen.
2083 Better error handling in case of (very unlikely) queue-id conflicts.
2084 Perform better error recovery for address parsing, e.g., when
2085 encountering a comment that is too long. Problem noted by
2086 Tanel Kokk, Union Bank of Estonia.
2087 Add ':' to the allowed character list for bogus HELO/EHLO
2088 checking. It is used for IPv6 domain literals. Patch from
2089 Iwaizako Takahiro of FreeBit Co., Ltd.
2090 Reset SASL connection context after a failed authentication attempt.
2091 Based on patch from Rob Siemborski of CMU.
2092 Check Berkeley DB compile time version against run time version
2093 to make sure they match.
2094 Do not attempt AAAA (IPv6) DNS lookups if IPv6 is not enabled
2096 When a milter adds recipients and one of them causes an error,
2097 do not ignore the other recipients. Problem noted by
2099 CONFIG: Use specified SMTP error code in mailertable entries which
2100 lack a DSN, i.e., "error:### Text". Problem noted by
2102 CONFIG: Call Local_trust_auth with the correct argument. Patch
2103 from Jerome Borsboom.
2104 CONTRIB: Better handling of temporary filenames for doublebounce.pl
2105 and expn.pl to avoid file overwrites, etc. Patches from
2106 Richard A. Nelson of Debian and Paul Szabo.
2107 MAIL.LOCAL: Fix obscure race condition that could lead to an
2108 improper mailbox truncation if close() fails after the
2109 mailbox is fsync()'ed and a new message is delivered
2110 after the close() and before the truncate().
2111 MAIL.LOCAL: If mail delivery fails, do not leave behind a
2112 stale lockfile (which is ignored after the lock timeout).
2113 Patch from Oleg Bulyzhin of Cronyx Plus LLC.
2115 Port for AIX 5.2. Thanks to Steve Hubert of University
2116 of Washington for providing access to a computer
2118 setreuid(2) works on OpenBSD 3.3. Patch from
2119 Todd C. Miller of Courtesan Consulting.
2120 Allow for custom definition of SMRSH_CMDDIR and SMRSH_PATH
2121 on all operating systems. Patch from Robert Harker
2123 Use strerror(3) on Linux. If this causes a problem on
2124 your Linux distribution, compile with
2125 -DHASSTRERROR=0 and tell sendmail.org about it.
2129 8.12.9/8.12.9 2003/03/29
2130 SECURITY: Fix a buffer overflow in address parsing due to
2131 a char to int conversion problem which is potentially
2132 remotely exploitable. Problem found by Michal Zalewski.
2133 Note: an MTA that is not patched might be vulnerable to
2134 data that it receives from untrusted sources, which
2136 To provide partial protection to internal, unpatched sendmail MTAs,
2137 8.12.9 changes by default (char)0xff to (char)0x7f in
2138 headers etc. To turn off this conversion compile with
2139 -DALLOW_255 or use the command line option -d82.101.
2140 To provide partial protection for internal, unpatched MTAs that may be
2141 performing 7->8 or 8->7 bit MIME conversions, the default
2142 for MaxMimeHeaderLength has been changed to 2048/1024.
2143 Note: this does have a performance impact, and it only
2144 protects against frontal attacks from the outside.
2145 To disable the checks and return to pre-8.12.9 defaults,
2146 set MaxMimeHeaderLength to 0/0.
2147 Do not complain about -ba when submitting mail. Problem noted
2148 by Derek Wueppelmann.
2149 Fix compilation with Berkeley DB 1.85 on systems that do not
2150 have flock(2). Problem noted by Andy Harper of Kings
2152 Properly initialize data structure for dns maps to avoid various
2153 errors, e.g., looping processes. Problem noted by
2154 Maurice Makaay of InterNLnet B.V.
2155 CONFIG: Prevent multiple application of rule to add smart host.
2156 Patch from Andrzej Filip.
2157 CONFIG: Fix queue group declaration in MAILER(`usenet').
2158 CONTRIB: buildvirtuser: New option -t builds the virtusertable
2159 text file instead of the database map.
2161 Revert wrong change made in 8.12.7 and actually use the
2162 builtin getopt() version in sendmail on Linux.
2163 This can be overridden by using -DSM_CONF_GETOPT=0
2164 in which case the OS supplied version will be used.
2166 8.12.8/8.12.8 2003/02/11
2167 SECURITY: Fix a remote buffer overflow in header parsing by
2168 dropping sender and recipient header comments if the
2169 comments are too long. Problem noted by Mark Dowd
2171 Fix a potential non-exploitable buffer overflow in parsing the
2172 .cf queue settings and potential buffer underflow in
2173 parsing ident responses. Problem noted by Yichen Xie of
2174 Stanford University Compilation Group.
2175 Fix ETRN #queuegroup command: actually start a queue run for
2176 the selected queue group. Problem noted by Jos Vos.
2177 If MaxMimeHeaderLength is set and a malformed MIME header is fixed,
2178 log the fixup as "Fixed MIME header" instead of "Truncated
2179 MIME header". Problem noted by Ian J Hart.
2180 CONFIG: Fix regression bug in proto.m4 that caused a bogus
2181 error message: "FEATURE() should be before MAILER()".
2182 MAIL.LOCAL: Be more explicit in some error cases, i.e., whether
2183 a mailbox has more than one link or whether it is not
2184 a regular file. Patch from John Beck of Sun Microsystems.
2186 8.12.7/8.12.7 2002/12/29
2187 Properly clean up macros to avoid persistence of session data
2188 across various connections. This could cause session
2189 oriented restrictions, e.g., STARTTLS requirements,
2190 to erroneously allow a connection. Problem noted
2191 by Tim Maletic of Priority Health.
2192 Do not lookup MX records when sorting the MSP queue. The MSP
2193 only needs to relay all mail to the MTA. Problem found
2194 by Gary Mills of the University of Manitoba.
2195 Do not restrict the length of connection information to 100
2196 characters in some logging statements. Problem noted by
2198 When converting an enhanced status code to an exit status, use
2199 EX_CONFIG if the first digit is not 2, 4, or 5 or if *.1.5
2201 Reset macro $x when receiving another MAIL command. Problem
2202 noted by Vlado Potisk of Wigro s.r.o.
2203 Don't bother setting the permissions on the build area statistics
2204 file, the proper permissions will be put on the file at
2205 install time. This fixes installation over NFS for some
2206 users. Problem noted by Martin J. Dellwo of 3-Dimensional
2207 Pharmaceuticals, Inc.
2208 Fix problem of decoding SASLv2 encrypted data. Problem noted by
2209 Alex Deiter of Mobile TeleSystems, Komi Republic.
2210 Log milter socket open errors at MilterLogLevel 1 or higher instead
2212 Print early system errors to the console instead of silently
2213 exiting. Problem noted by James Jong of IBM.
2214 Do not process a queue group if Runners is set to 0, regardless
2215 of whether F=f or sendmail is run in verbose mode (-v).
2216 The use of -qGname will still force queue group "name"
2217 to be run even if Runners=0.
2218 Change the level for logging the fact that a daemon is refusing
2219 connections due to high load from LOG_INFO to LOG_NOTICE.
2220 Patch from John Beck of Sun Microsystems.
2221 Use location information for submit.cf from NetInfo
2222 (/locations/sendmail/submit.cf) if available.
2223 Re-enable ForkEachJob which was lost in 8.12.0. Problem noted by
2224 Neil Rickert of Northern Illinois University.
2225 Make behavior of /canon in debug mode consistent with usage in
2226 rulesets. Patch from Shigeno Kazutaka of IIJ.
2227 Fix a potential memory leak in envelope splitting. Problem noted
2228 by John Majikes of IBM.
2229 Do not try to share an mailbox database LDAP connection across
2230 different processes. Problem noted by Randy Kunkee.
2231 Fix logging for undelivered recipients when the SMTP connection
2232 times out during message collection. Problem noted by Neil
2233 Rickert of Northern Illinois University.
2234 Avoid problems with QueueSortOrder=random due to problems with
2235 qsort() on Solaris (and maybe some other operating systems).
2236 Problem noted by Stephan Schulz of Gruner+Jahr..
2237 If -f "" is specified, set the sender address to "<>". Problem
2238 noted by Matthias Andree.
2239 Fix formatting problem of footnotes for plain text output on some
2240 versions of tmac. Patch from Per Hedeland.
2242 Berkeley DB 4.1 support (requires at least 4.1.25).
2243 Some getopt(3) implementations in GNU/Linux are broken
2244 and pass a NULL pointer to an option which requires
2245 an argument, hence the builtin version of
2246 sendmail is used instead. This can be overridden
2247 by using -DSM_CONF_GETOPT=0. Problem noted by
2248 Vlado Potisk of Wigro s.r.o.
2249 Support for nph-1.2.0 from Mark D. Roth of the University
2250 of Illinois at Urbana-Champaign.
2251 Support for FreeBSD 5.0's MAC labeling from Robert Watson
2252 of the TrustedBSD Project.
2253 Support for reading the number of processors on an IRIX
2254 system from Michel Bourget of SGI.
2255 Support for UnixWare 7.1 based on input from Larry Rosenman.
2256 Interix support from Nedelcho Stanev of Atlantic Sky
2258 Update Mac OS X/Darwin portability from Wilfredo Sanchez.
2259 CONFIG: Enforce tls_client restrictions even if delay_checks
2260 is used. Problem noted by Malte Starostik.
2261 CONFIG: Deal with an empty hostname created via bogus
2262 DNS entries to get around access restrictions.
2263 Problem noted by Kai Schlichting.
2264 CONFIG: Use FEATURE(`msp', `[127.0.0.1]') in submit.mc by default
2265 to avoid problems with hostname resolution for localhost
2266 which on many systems does not resolve to 127.0.0.1 (or
2267 ::1 for IPv6). If you do not use IPv4 but only IPv6 then
2268 you need to change submit.mc accordingly, see the comment
2270 CONFIG: Set confDONT_INIT_GROUPS to True in submit.mc to avoid
2271 error messages from initgroups(3) on AIX 4.3 when sending
2272 mail to non-existing users. Problem noted by Mark Roth of
2273 the University of Illinois at Urbana-Champaign.
2274 CONFIG: Allow local_procmail to override local_lmtp settings.
2275 CONFIG: Always allow connections from 127.0.0.1 or IPv6:::1 to
2277 CONTRIB: cidrexpand: Deal with the prefix tags that may be included
2279 CONTRIB: New version of doublebounce.pl contributed by Leo Bicknell.
2280 LIBMILTER: On Solaris libmilter may get into an endless loop if
2281 an error in the communication from/to the MTA occurs.
2282 Patch from Gurusamy Sarathy of Active State.
2283 LIBMILTER: Ignore EINTR from sigwait(3) which may happen on Tru64.
2284 Patch from from Jose Marcio Martins da Cruz of Ecole
2285 Nationale Superieure des Mines de Paris.
2286 MAIL.LOCAL: Fix a truncation race condition if the close() on
2287 the mailbox fails. Problem noted by Tomoko Fukuzawa of
2289 MAIL.LOCAL: Fix a potential file descriptor leak if mkstemp(3)
2290 fails. Patch from John Beck of Sun Microsystems.
2291 SMRSH: SECURITY: Only allow regular files or symbolic links to be
2292 used for a command. Problem noted by David Endler of
2298 8.12.6/8.12.6 2002/08/26
2299 Do not add the FallbackMXhost (or its MX records) to the list
2300 returned by the bestmx map when -z is used as option.
2301 Otherwise sendmail may act as an open relay if FallbackMXhost
2302 and FEATURE(`relay_based_on_MX') are used together.
2303 Problem noted by Alexander Ignatyev.
2304 Properly split owner- mailing list messages when SuperSafe is set
2305 to interactive. Problem noted by Todd C. Miller of
2306 Courtesan Consulting.
2307 Make sure that an envelope is queued in the selected queue group
2308 even if some recipients are deleted or invalid. Problem
2309 found by Chris Adams of HiWAAY Informations Services.
2310 Do not send a bounce message if a message is completely collected
2311 from the SMTP client. Problem noted by Kari Hurtta of the
2312 Finnish Meteorological Institute.
2313 Provide an 'install-submit-st' target for sendmail/Makefile to
2314 install the MSP statistics file using the file named in the
2315 confMSP_STFILE devtools variable. Requested by Jeff
2316 Earickson of Colby College.
2317 Queue up mail with a temporary error if setusercontext() fails
2318 during a delivery attempt. Patch from Todd C. Miller of
2319 Courtesan Consulting.
2320 Fix handling of base64 encoded client authentication data for
2321 SMTP AUTH. Patch from Elena Slobodnik of life medien GmbH.
2322 Set the OpenLDAP option LDAP_OPT_RESTART so the client libraries
2323 restart interrupted system calls. Problem noted by Luiz
2324 Henrique Duma of BSIOne.
2325 Prevent a segmentation fault if a program passed a NULL envp using
2327 Document a problem with the counting of queue runners that may
2328 cause delays if MaxQueueChildren is set too low. Problem
2329 noted by Ian Duplisse of Cable Television Laboratories, Inc.
2330 If discarding a message based on a recipient, don't try to look up
2331 the recipient in the mailbox database if F=w is set. This
2332 allows users to discard bogus recipients when dealing with
2333 spammers without tipping them off. Problem noted by Neil
2334 Rickert of Northern Illinois University.
2335 If applying a header check to a header with unstructured data,
2336 e.g., Subject:, then do not run syntax checks that are
2337 supposed for addresses on the header content.
2338 Count messages rejected/discarded via the check_data ruleset.
2340 Fix compilation on systems which do not allow simple
2341 copying of the variable argument va_list. Based on
2342 fix from Scott Walters.
2343 Fix NSD map open bug. From Michel Bourget of SGI.
2344 Add some additional IRIX shells to the default shell
2345 list. From Michel Bourget of SGI.
2346 Fix compilation issues on Mac OS X 10.2 (Darwin 6.0).
2347 NETISO support has been dropped.
2348 CONFIG: There was a seemingly minor change in 8.12.4 with respect
2349 to handling entries of IP nets/addresses with RHS REJECT.
2350 These would be rejected in check_rcpt instead of only
2351 being activated in check_relay. This change has been made to
2352 avoid potential bogus temporary rejection of relay attempts
2353 "450 4.7.1 Relaying temporarily denied. Cannot resolve PTR
2354 record for ..." if delay_checks is enabled. However, this
2355 modification causes a change of behavior if an IP net/address
2356 is listed in the access map with REJECT and a host/domain
2357 name is listed with OK or RELAY, hence it has been reversed
2358 such that the behavior of 8.12.3 is restored. The original
2359 change was made on request of Neil Rickert of Northern
2360 Illinois University, the side effect has been found by
2361 Stefaan Van Hoornick.
2362 CONFIG: Make sure delay_checks works even for sender addresses
2363 using the local hostname ($j) or domains in class {P}.
2364 Based on patch from Neil Rickert of Northern Illinois
2366 CONFIG: Fix temporary error handling for LDAP Routing lookups.
2367 Fix from Andrzej Filip.
2368 CONTRIB: New version of etrn.pl script and external man page
2369 (etrn.0) from John Beck of Sun Microsystems.
2370 LIBMILTER: Protect a free(3) operation from being called with a
2371 NULL pointer. Problem noted by Andrey J. Melnikoff.
2372 LIBMILTER: Protect against more interrupted select() calls. Based
2373 on patch from Jose Marcio Martins da Cruz of Ecole Nationale
2374 Superieure des Mines de Paris.
2378 8.12.5/8.12.5 2002/06/25
2379 SECURITY: The DNS map can cause a buffer overflow if the user
2380 specifies a dns map using TXT records in the configuration
2381 file and a rogue DNS server is queried. None of the
2382 sendmail supplied configuration files use this option hence
2383 they are not vulnerable. Problem noted independently by
2384 Joost Pol of PINE Internet and Anton Rang of Sun Microsystems.
2385 Unprintable characters in responses from DNS servers for the DNS
2386 map type are changed to 'X' to avoid potential problems
2387 with rogue DNS servers.
2388 Require a suboption when setting the Milter option. Problem noted
2390 Do not silently overwrite command line settings for
2391 DirectSubmissionModifiers. Problem noted by Bryan
2393 Prevent a segmentation fault when clearing the event list by
2394 turning off alarms before checking if event list is
2395 empty. Problem noted by Allan E Johannesen of Worcester
2396 Polytechnic Institute.
2397 Close a potential race condition in transitioning a memory buffered
2398 file onto disk. From Janani Devarajan of Sun Microsystems.
2400 Include paths.h on Linux systems running glibc 2.0 or later
2401 to get the definition for _PATH_SENDMAIL, used by
2402 rmail and vacation. Problem noted by Kevin
2403 A. McGrail of Peregrine Hardware.
2404 NOTE: Linux appears to have broken flock() again. Unless
2405 the bug is fixed before sendmail 8.13 is shipped,
2406 8.13 will change the default locking method to
2407 fcntl() for Linux kernel 2.4 and later. You may
2408 want to do this in 8.12 by compiling with
2409 -DHASFLOCK=0. Be sure to update other sendmail
2410 related programs to match locking techniques.
2412 8.12.4/8.12.4 2002/06/03
2413 SECURITY: Inherent limitations in the UNIX file locking model
2414 can leave systems open to a local denial of service
2415 attack. Be sure to read the "FILE AND MAP PERMISSIONS"
2416 section of the top level README for more information.
2417 Problem noted by lumpy.
2418 Use TempFileMode (defaults to 0600) for the permissions of PidFile
2420 Change the default file permissions for new alias database files
2421 from 0644 to 0640. This can be overridden at compile time
2422 by setting the DBMMODE macro.
2423 Fix a potential core dump problem if the environment variable
2424 NAME is set. Problem noted by Beth A. Chaney of
2426 Expand macros before passing them to libmilter. Problem noted
2427 by Jose Marcio Martins da Cruz of Ecole Nationale
2428 Superieure des Mines de Paris.
2429 Rewind the df (message body) before truncating it when libmilter
2430 replaces the body of a message. Problem noted by Gisle Aas
2432 Change SMTP reply code for AUTH failure from 500 to 535 and the
2433 initial zero-length response to "=" per RFC 2554. Patches
2434 from Kenneth Murchison of Oceana Matrix Ltd.
2435 Do not try to fix broken message/rfc822 MIME attachments by
2436 inserting a MIME-Version: header when MaxMimeHeaderLength
2437 is set and no 8 to 7 bit conversion is needed. Based on
2438 patch from Rehor Petr of ICZ (Czech Republic).
2439 Do not log "did not issue MAIL/EXPN/VRFY/ETRN" if the connection
2440 is rejected anyway. Noted by Chris Loelke.
2441 Mention the submission mail queue in the mailq man page. Requested
2442 by Bill Fenner of AT&T.
2443 Set ${msg_size} macro when reading a message from the command line
2445 Detach from shared memory before dropping privileges back to
2446 user who started sendmail.
2447 If AllowBogusHELO is set to false (default) then also complain if
2448 the argument to HELO/EHLO contains white space. Suggested
2449 by Seva Gluschenko of Cronyx Plus.
2450 Allow symbolicly linked forward files in writable directory paths
2451 if both ForwardFileInUnsafeDirPath and
2452 LinkedForwardFileInWritableDir DontBlameSendmail options
2453 are set. Problem noted by Werner Spirk of
2454 Leibniz-Rechenzentrum Munich.
2456 Operating systems that lack the ftruncate() call will not
2457 be able to use Milter's body replacement feature.
2458 This only affects Altos, Maxion, and MPE/iX.
2459 Digital UNIX 5.0 has changed flock() semantics to be
2460 non-compliant. Problem noted by Martin Mokrejs of
2461 Charles University in Prague.
2462 The sparc64 port of FreeBSD 5.0 now supports shared
2464 CONFIG: FEATURE(`preserve_luser_host') needs the macro map.
2465 Problem noted by Andrzej Filip.
2466 CONFIG: Using 'local:' as a mailertable value with
2467 FEATURE(`preserve_luser_host') and LUSER_RELAY caused mail
2468 to be misaddressed. Problem noted by Andrzej Filip.
2469 CONFIG: Provide a workaround for DNS based rejection lists that
2470 fail for AAAA queries. Problem noted by Chris Boyd.
2471 CONFIG: Accept the machine's hostname as resolvable when checking
2472 the sender address. This allows locally submitted mail to
2473 be accepted if the machine isn't connected to a nameserver
2474 and doesn't have an /etc/hosts entry for itself. Problem
2475 noted by Robert Watson of the TrustedBSD Project.
2476 CONFIG: Use deferred expansion for checking the ${deliveryMode}
2477 macro in case the SMTP VERB command is used. Problem
2478 noted by Bryan Costales.
2479 CONFIG: Avoid a duplicate '@domain' virtusertable lookup if no
2480 matches are found. Fix from Andrzej Filip.
2481 CONFIG: Fix wording in default dnsbl rejection message. Suggested
2482 by Lou Katz of Metron Computerware, Ltd.
2483 CONFIG: Add mailer cyrusv2 for Cyrus V2. Contributed by
2484 Kenneth Murchison of Oceana Matrix Ltd.
2485 CONTRIB: Fix wording in default dnsblaccess rejection message to
2487 DEVTOOLS: Add new option for access mode of statistics file,
2488 confSTMODE, which specifies the permissions when initially
2489 installing the sendmail statistics file.
2490 LIBMILTER: Mark the listening socket as close-on-exec in case
2491 a user's filter starts other applications.
2492 LIBSM: Allow the MBDB initialize, lookup, and/or terminate
2493 functions in SmMbdbTypes to be set to NULL.
2494 MAKEMAP: Change the default file permissions for new databases from
2495 0644 to 0640. This can be overridden at compile time
2496 by setting the DBMMODE macro.
2497 SMRSH: Fix man page bug: replace SMRSH_CMDBIN with SMRSH_CMDDIR.
2498 Problem noted by Dave Alden of Ohio State University.
2499 VACATION: When listing the vacation database (-l), don't show
2500 bogus timestamps for excluded (-x) addresses. Problem
2501 noted by Bryan Costales.
2503 cf/mailer/cyrusv2.m4
2505 8.12.3/8.12.3 2002/04/05
2506 NOTICE: In general queue files should not be moved if queue groups
2507 are used. In previous versions this could cause mail
2508 not to be delivered if a queue file is repeatedly moved
2509 by an external process whenever sendmail moved it back
2510 into the right place. Some precautions have been taken
2511 to avoid moving queue files if not really necessary.
2512 sendmail may use links to refer to queue files and it
2513 may store the path of data files in queue files. Hence
2514 queue files should not be moved unless those internals
2515 are understood and the integrity of the files is not
2516 compromised. Problem noted by Anne Bennett of Concordia
2518 If an error mail is created, and the mail is split across different
2519 queue directories, and SuperSafe is off, then write the mail
2520 to disk before splitting it, otherwise an assertion is
2521 triggered. Problem tracked down by Henning Schmiedehausen
2523 Fix possible race condition that could cause sendmail to forget
2524 running queues. Problem noted by Jeff Wasilko of smoe.org.
2525 Handle bogus qf files better without triggering assertions.
2526 Problem noted by Guy Feltin.
2527 Protect against interrupted select() call when enforcing Milter
2528 read and write timeouts. Patch from Gurusamy Sarathy of
2530 Matching queue IDs with -qI should be case sensitive. Problem
2531 noted by Anne Bennett of Concordia University.
2532 If privileges have been dropped, don't try to change group ID to
2533 the RunAsUser group. Problem noted by Neil Rickert of
2534 Northern Illinois University.
2535 Fix SafeFileEnvironment path munging when the specified path
2536 contains a trailing slash. Based on patch from Dirk Meyer
2538 Do not limit sendmail command line length to SM_ARG_MAX (usually
2539 4096). Problem noted by Allan E Johannesen of Worcester
2540 Polytechnic Institute.
2541 Clear full name of sender for each new envelope to avoid bogus data
2542 if several mails are sent in one session and some of them
2543 do not have a From: header. Problem noted by Bas Haakman.
2544 Change timeout check such that cached information about a connection
2545 will be immediately invalid if ConnectionCacheTimeout is zero.
2546 Based on patch from David Burns of Portland State University.
2547 Properly count message size for mailstats during mail collection.
2548 Problem noted by Werner Wiethege.
2549 Log complete response from LMTP delivery agent on failure. Based on
2550 patch from Motonori Nakamura of Kyoto University.
2551 Provide workaround for getopt() implementations that do not catch
2553 Fix the message size calculation if the message body is replaced by
2554 a milter filter and buffered file I/O is being used.
2555 Problem noted by Sergey Akhapkin of Dr.Web.
2556 Do not honor SIGUSR1 requests if running with extra privileges.
2557 Problem noted by Werner Wiethege.
2558 Prevent a file descriptor leak on mail delivery if the initial
2559 connect fails and DialDelay is set. Patch from Servaas
2560 Vandenberghe of Katholieke Universiteit Leuven.
2561 Properly deal with a case where sendmail is called by root running
2562 a set-user-ID (non-root) program. Problem noted by Jon
2563 Lusky of ISS Atlanta.
2564 Avoid leaving behind stray transcript (xf) files if multiple queue
2565 directories are used and mail is sent to a mailing list
2566 which has an owner- alias. Problem noted by Anne Bennett
2567 of Concordia University.
2568 Fix class map parsing code if optional key is specified. Problem
2569 found by Mario Nigrovic.
2570 The SMTP daemon no longer tries to fix up improperly dot-stuffed
2571 incoming messages. A leading dot is always stripped by the
2572 SMTP receiver regardless of whether or not it is followed by
2573 another dot. Problem noted by Jordan Ritter of darkridge.com.
2574 Fix corruption when doing automatic MIME 7-bit quoted-printable or
2575 base64 encoding to 8-bit text. Problem noted by Mark
2577 Correct the statistics gathered for total number of connections.
2578 Instead of being the exact same number as the total number
2579 of messages (T line in mailstats) it now represents the
2580 total number of TCP connections.
2581 Be more explicit about syntax errors in addresses, especially
2582 non-ASCII characters, and properly create DSNs if necessary.
2583 Problem noted by Leena Heino of the University of Tampere.
2584 Prevent small timeouts from being lost on slow machines if itimers
2585 are used. Problem noted by Suresh Ramasubramanian.
2586 Prevent a race condition on child cleanup for delivery to files.
2587 Problem noted by Fletcher Mattox of the University of
2589 Change the SMTP error code for temporary map failures from 421
2591 Do not assume that realloc(NULL, size) works on all OS (this was
2592 only done in one place: queue group creation). Based on
2593 patch by Bryan Costales.
2594 Initialize Timeout.iconnect in the code to prevent randomly short
2595 timeouts. Problem noted by Bradley Watts of AT&T Canada.
2596 Do not try to send a second SMTP QUIT command if the remote
2597 responds to a MAIL command with a 421 reply or on I/O
2598 errors. By doing so, the host was marked as having a
2599 temporary problem and other mail destined for that host was
2600 queued for the next queue run. Problem noted by Fletcher
2601 Mattox of the University of Texas, Allan E Johannesen of
2602 Worcester Polytechnic Institute, Larry Greenfield of CMU,
2603 and Neil Rickert of Northern Illinois University.
2604 Ignore error replies from the SMTP QUIT command (including servers
2605 which drop the connection instead of responding to the
2608 Check LDAP_API_VERSION to determine if ldap_memfree() is
2610 Define HPUX10 when building on HP-UX 10.X. That platform
2611 now gets the proper _PATH_SENDMAIL and SMRSH_CMDDIR
2612 settings. Patch from Elias Halldor Agustsson of
2614 Fix dependency building on Mac OS X and Darwin. Problem
2616 Preliminary support for the sparc64 port of FreeBSD 5.0.
2617 Add /sbin/sh as an acceptable user shell on HP-UX. From
2618 Rajesh Somasund of Hewlett-Packard.
2619 CONFIG: Add FEATURE(`authinfo') to allow a separate database for
2620 SMTP AUTH information. This feature was actually added in
2621 8.12.0 but a release note was not included.
2622 CONFIG: Do not bounce mail if FEATURE(`ldap_routing')'s bounce
2623 parameter is set and the LDAP lookup returns a temporary
2625 CONFIG: Honor FEATURE(`relay_hosts_only') when using
2626 FEATURE(`relay_mail_from', `domain'). Problem noted by
2628 CONFIG: FEATURE(`msp') now disables any type of alias
2629 initialization as aliases are not needed for the MSP.
2630 CONFIG: Allow users to override RELAY_MAILER_ARGS when FEATURE(`msp')
2631 is in use. Patch from Andrzej Filip.
2632 CONFIG: FEATURE(`msp') uses `[localhost]' as default instead of
2633 `localhost' and turns on MX lookups for the SMTP mailers.
2634 This will only have an effect if a parameter is specified,
2635 i.e., an MX lookup will be performed on the hostname unless
2636 it is embedded in square brackets. Problem noted by
2637 Theo Van Dinter of Collective Technologies.
2638 CONFIG: Set confTIME_ZONE to USE_TZ in submit.mc (TimeZoneSpec= in
2639 submit.cf) to use $TZ for time stamps. This is a compromise
2640 to allow for the proper time zone on systems where the
2641 default results in misleading time stamps. That is, syslog
2642 time stamps and Date headers on submitted mail will use the
2643 user's $TZ setting. Problem noted by Mark Roth of the
2644 University of Illinois at Urbana-Champaign, solution proposed
2645 by Neil Rickert of Northern Illinois University.
2646 CONFIG: Mac OS X (Darwin) ships with mail.local as non-set-user-ID
2647 binary. Adjust local mailer flags accordingly. Problem
2649 CONTRIB: Add a warning to qtool.pl to not move queue files around
2650 if queue groups are used.
2651 CONTRIB: buildvirtuser: Add -f option to force rebuild.
2652 CONTRIB: smcontrol.pl: Add -f option to specify control socket.
2653 CONTRIB: smcontrol.pl: Add support for 'memdump' command.
2654 Suggested by Bryan Costales.
2655 DEVTOOLS: Add dependency generation for test programs.
2656 LIBMILTER: Remove conversion of port number for the socket
2657 structure that is passed to xxfi_connect(). Notice:
2658 this fix requires that sendmail and libmilter both have
2659 this change; mixing versions may lead to wrong port
2660 values depending on the endianness of the involved systems.
2661 Problem noted by Gisle Aas of ActiveState.
2662 LIBMILTER: If smfi_setreply() sets a custom reply code of '4XX' but
2663 SMFI_REJECT is returned, ignore the custom reply. Do the
2664 same if '5XX' is used and SMFI_TEMPFAIL is returned.
2665 LIBMILTER: Install include files in ${INCLUDEDIR}/libmilter/ as
2666 required by mfapi.h. Problem noted by Jose Marcio Martins
2667 da Cruz of Ecole Nationale Superieure des Mines de Paris.
2668 LIBSM: Add SM_CONF_LDAP_MEMFREE as a configuration define. Set
2669 this to 1 if your LDAP client libraries include
2671 LIBSMDB: Avoid a file creation race condition for Berkeley DB 1.X
2672 and NDBM on systems with the O_EXLOCK open(2) flag.
2673 SMRSH: Fix compilation problem on some operating systems. Problem
2674 noted by Christian Krackowizer of schuler technodat GmbH.
2675 VACATION: Allow root to operate on user vacation databases. Based
2676 on patch from Greg Couch of the University of California,
2678 VACATION: Don't ignore -C option. Based on patch by Bryan Costales.
2679 VACATION: Clarify option usage in the man page. Problem noted by
2682 libmilter/docs/smfi_setbacklog.html
2684 8.12.2/8.12.2 2002/01/13
2685 Don't complain too much if stdin, stdout, or stderr are missing
2686 at startup, only log an error message.
2687 Fix potential problem if an unknown operation mode (character
2688 following -b) has been specified.
2689 Prevent purgestat from looping even if someone changes the
2690 permissions or owner of hoststatus files. Problem noted
2691 by Kari Hurtta of the Finnish Meteorological Institute.
2692 Properly record dropped connections in persistent host status.
2693 Problem noted by Ulrich Windl of the Universitat
2695 Remove newlines from recipients read via sendmail -t to prevent
2696 SMTP protocol errors when sending the RCPT command.
2697 Problem noted by William D. Colburn of the New Mexico
2698 Institute of Mining and Technology.
2699 Only log milter body replacements once instead of for each body
2700 chunk sent by a filter. Problem noted by Kari Hurtta of
2701 the Finnish Meteorological Institute.
2702 In 8.12.0 and 8.12.1, the headers were mistakenly not included in
2703 the message size calculation. Problem noted by Kari Hurtta
2704 of the Finnish Meteorological Institute.
2705 Since 8.12 no longer forks at the SMTP MAIL command, the daemon
2706 needs to collect children status to avoid zombie processes.
2707 Problem noted by Chris Adams of HiWAAY Informations Services.
2708 Shut down "nullserver" and ETRN-only connections after 25 bad
2709 commands are issued. This makes it consistent with normal
2711 Avoid duplicate logging of milter rejections. Problem noted by
2712 William D. Colburn of the New Mexico Institute of Mining
2714 Error and delay DSNs were being sent to postmaster instead of the
2715 message sender if the sender had used a deprecated RFC822
2716 source route. Problem noted by Kari Hurtta of the Finnish
2717 Meteorological Institute.
2718 Fix FallbackMXhost behavior for temporary errors during address
2719 parsing. Problem noted by Jorg Bielak from Coastal Web
2721 For systems on which stat(2) does not return a value for st_blksize
2722 that is the "optimal blocksize for I/O" three new compile
2723 time flags are available: SM_IO_MAX_BUF_FILE, SM_IO_MIN_BUF,
2724 and SM_IO_MAX_BUF, which define an upper limit for
2725 regular files, and a lower and upper limit for other file
2726 types, respectively.
2727 Fix a potential deadlock if two events are supposed to occur at
2728 exactly the same time. Problem noted by Valdis Kletnieks
2730 Perform envelope splitting for aliases listed directly in the
2731 alias file, not just for include/.forward files.
2732 Problem noted by John Beck of Sun Microsystems.
2733 Allow selection of queue group for mailq using -qGgroup.
2734 Based on patch by John Beck of Sun Microsystems.
2735 Make sure cached LDAP connections used my multiple maps in the same
2736 process are closed. Patch from Taso N. Devetzis.
2737 If running as root, allow reading of class files in protected
2738 directories. Patch from Alexander Talos of the University
2740 Correct a few LDAP related memory leaks. Patch from David Powell
2741 of Sun Microsystems.
2742 Allow specification of an empty realm via the authinfo ruleset.
2743 This is necessary to interoperate as an SMTP AUTH client
2744 with servers that do not support realms when using
2745 CRAM-MD5. Problem noted by Bjoern Voigt of TU Berlin.
2746 Avoid a potential information leak if AUTH PLAIN is used and the
2747 server gets stuck while processing that command. Problem
2748 noted by Chris Adams from HiWAAY Informations Services.
2749 In addition to printing errors when parsing recipients during
2750 command line invocations log them to make it simpler
2751 to understand possible DSNs to postmaster.
2752 Do not use FallbackMXhost on mailers which have the F=0 flag set.
2753 Allow local mailers (F=l) to specify a host for TCP connections
2754 instead of forcing localhost.
2755 Obey ${DESTDIR} for installation of the client mail queue and
2756 submit.cf. Patch from Peter 'Luna' Runestig.
2757 Re-enable support for -M option which was broken in 8.12.1. Problem
2758 noted by Neil Rickert of Northern Illinois University.
2759 If a remote server violates the SMTP standard by unexpectedly
2760 dropping the connection during an SMTP transaction, stop
2761 sending commands. This prevents bogus "Bad file number"
2762 recipient status. Problem noted by Allan E Johannesen of
2763 Worcester Polytechnic Institute.
2764 Do not use a size estimate of 100 for postmaster bounces, it's
2765 almost always too small; do not guess the size at all.
2766 New VENDOR_DEC for Compaq/DEC. Requested by James Seagraves of
2767 Compaq Computer Corp.
2768 Fix DaemonPortOptions IPv6 address parsing such that ::1 works
2769 properly. Problem noted by Valdis Kletnieks of Virginia
2772 Fix IPv6 network interface probing on HP-UX 11.X. Based on
2773 patch provided by HP.
2774 Mac OS X (aka Darwin) has a broken setreuid() call, but a
2775 working seteuid() call. From Daniel J. Luke.
2776 Use proper type for a 32-bit integer on SINIX. From Ganu
2778 Set SM_IO_MIN_BUF (4K) and SM_IO_MAX_BUF (8K) for HP-UX.
2779 Reduce optimization from +O3 to +O2 on HP-UX 11. This
2780 fixes a problem that caused additional bogus
2781 characters to be written to the qf file. Problem
2782 noted by Tapani Tarvainen.
2783 Set LDA_USE_LOCKF by default for UnixWare. Problem noted
2784 by Boyd Lynn Gerber.
2785 Add support for HP MPE/iX. See sendmail/README for port
2786 information. From Mark Bixby of Hewlett-Packard.
2787 New portability defines HASNICE, HASRRESVPORT, USE_ENVIRON,
2788 USE_DOUBLE_FORK, and NEEDLINK. See sendmail/README
2789 for more information. From Mark Bixby of
2791 If an OS doesn't have a method of finding free disk space
2792 (SFS_NONE), lie and say there is plenty of space.
2793 From Mark Bixby of Hewlett-Packard.
2794 Add support for AIX 5.1. From Valdis Kletnieks of
2796 Fix man page location for NeXTSTEP. From Hisanori Gogota
2797 of the NTT/InterCommunication Center.
2798 Do not assume that strerror() always returns a string.
2799 Problem noted by John Beck of Sun Microsystems.
2800 CONFIG: Add OSTYPE(freebsd5) for FreeBSD 5.X, which has removed
2801 UUCP from the base operating system. From Mark Murray of
2802 FreeBSD Services, Ltd.
2803 CONFIG: Add OSTYPE(mpeix) and a generic .mc file for HP MPE/iX
2804 systems. From Mark Bixby of Hewlett-Packard.
2805 CONFIG: Add support for selecting a queue group for all mailers.
2806 Based on proposal by Stephen L. Ulmer of the University of
2808 CONFIG: Fix error reporting for compat_check.m4. Problem noted by
2810 CONFIG: Do not override user selections for confRUN_AS_USER and
2811 confTRUSTED_USER in FEATURE(msp). From Mark Bixby of
2813 LIBMILTER: Fix bug that prevented the removal of a socket after
2814 libmilter terminated. Problem reported by Andrey V. Pevnev
2816 LIBMILTER: Fix configuration error that required libsm for linking.
2817 Problem noted by Kari Hurtta of the Finnish Meteorological
2819 LIBMILTER: Portability fix for OpenUNIX. Patch from Larry Rosenman.
2820 LIBMILTER: Fix a theoretical memory leak and a possible attempt
2821 to free memory twice.
2822 LIBSM: Fix a potential segmentation violation in the I/O library.
2823 Problem found and analyzed by John Beck and Tim Haley
2824 of Sun Microsystems.
2825 LIBSM: Do not clear the LDAP configuration information when
2826 terminating the mailbox database connection in the LDAP
2827 example code. Problem noted by Nikos Voutsinas of the
2828 University of Athens.
2830 cf/cf/generic-mpeix.cf
2831 cf/cf/generic-mpeix.mc
2832 cf/ostype/freebsd5.m4
2836 include/sm/os/sm_os_mpeix.h
2839 8.12.1/8.12.1 2001/10/01
2840 SECURITY: Check whether dropping group privileges actually succeeded
2841 to avoid possible compromises of the mail system by
2842 supplying bogus data. Add configuration options for
2843 different set*gid() calls to reset saved gid. Problem
2844 found by Michal Zalewski.
2845 PRIVACY: Prevent information leakage when sendmail has extra
2846 privileges by disabling debugging (command line -d flag)
2847 during queue runs and disabling ETRN when sendmail -bs is
2848 used. Suggested by Michal Zalewski.
2849 Avoid memory corruption problems resulting from bogus .cf files.
2850 Problem found by Michal Zalewski.
2851 Set the ${server_addr} macro to name of mailer when doing LMTP
2852 delivery. LMTP systems may offer SMTP Authentication or
2853 STARTTLS causing sendmail to use this macro in rulesets.
2854 If debugging is turned on (-d0.10) print not just the default
2855 values for configuration file and pid file but also the
2856 selected values. Problem noted by Brad Chapman.
2857 Continue dealing with broken nameservers by ignoring SERVFAIL
2858 errors returned on T_AAAA (IPv6) lookups at delivery time
2859 if ResolverOptions=WorkAroundBrokenAAAA is set. Previously
2860 this only applied to hostname canonification. Problem
2861 noted by Bill Fenner of AT&T Research.
2862 Ignore comments in NIS host records when trying to find the
2863 canonical name for a host.
2864 When sendmail has extra privileges, limit mail submission command
2865 line flags (i.e., -G, -h, -F, etc.) to mail submission
2866 operating modes (i.e., -bm, -bs, -bv, etc.). Idea based on
2867 suggestion from Michal Zalewski.
2869 AIX: Use `oslevel` if available to determine OS version.
2870 `uname` does not given complete information.
2871 Problem noted by Keith Neufeld of the Cessna
2873 OpenUNIX: Use lockf() for LDA delivery (affects mail.local).
2874 Problem noticed by Boyd Lynn Gerber of ZENEX.
2875 Avoid compiler warnings by not using pointers to pass
2876 integers. Problem noted by Todd C. Miller of
2877 Courtesan Consulting.
2878 CONFIG: Add restrictqrun to PrivacyOptions for the MSP to minimize
2879 problems with potential misconfigurations.
2880 CONFIG: Fix comment showing default value of MaxHopCount. Problem
2881 noted by Greg Robinson of the Defence Science and
2882 Technology Organisation of Australia.
2883 CONFIG: dnsbl: If an argument specifies an error message in case
2884 of temporary lookup failures for DNS based blocklists
2886 LIBMILTER: Install mfdef.h, required by mfapi.h. Problem noted by
2887 Richard A. Nelson of Debian.
2888 LIBMILTER: Add __P definition for OS that lack it. Problem noted
2889 by Chris Adams from HiWAAY Informations Services.
2890 LIBSMDB: Fix a lock race condition that affects makemap, praliases,
2892 MAKEMAP: Avoid going beyond the end of an input line if it does
2893 not contain a value for a key. Based on patch from
2894 Mark Bixby from Hewlett-Packard.
2904 include/sm/sysstat.h
2906 8.12.0/8.12.0 2001/09/08
2907 *NOTICE*: The default installation of sendmail does not use
2908 set-user-ID root anymore. You need to create a new user and
2909 a new group before installing sendmail (both called smmsp by
2910 default). The installation process tries to install
2911 /etc/mail/submit.cf and creates /var/spool/clientmqueue by
2912 default. Please see sendmail/SECURITY for details.
2913 SECURITY: Check for group and world writable forward and :include:
2914 files. These checks can be turned off if absolutely
2915 necessary using the DontBlameSendmail option and the new
2917 GroupWritableForwardFile
2918 WorldWritableForwardFile
2919 GroupWritableIncludeFile
2920 WorldWritableIncludeFile
2921 Problem noted by Slawek Zak of Politechnika Warszawska,
2922 SECURITY: Drop privileges when using address test mode. Suggested
2923 by Michal Zalewski of the "Internet for Schools" project
2925 Fixed problem of a global variable being used for a timeout jump
2926 point where the variable could become overused for more than
2927 one timeout concurrently. This erroneous behavior resulted in
2928 a corrupted stack causing a core dump. The timeout is now
2929 handled via libsm. Problem noted by Michael Shapiro,
2930 John Beck, and Carl Smith of Sun Microsystems.
2931 If sendmail is set-group-ID then that group ID is used for permission
2932 checks (group ID of RunAsUser). This allows use of a
2933 set-group-ID sendmail binary for initial message submission
2934 and no set-user-ID root sendmail is needed. For details
2935 see sendmail/SECURITY.
2936 Log a warning if a non-trusted user changes the syslog label.
2937 Based on notice from Bryan Costales of SL3D, Inc.
2938 If sendmail is called for initial delivery, try to use submit.cf
2939 with a fallback of sendmail.cf as configuration file. See
2941 New configuration file option UseMSP to allow group writable queue
2942 files if the group is the same as that of a set-group-ID
2943 sendmail binary. See sendmail/SECURITY.
2944 The .cf file is chosen based on the operation mode. For -bm (default),
2945 -bs, and -t it is submit.cf if it exists for all others it
2946 is sendmail.cf (to be backward compatible). This selection
2947 can be changed by the new option -Ac or -Am (alternative .cf
2948 file: client or mta). See sendmail/SECURITY.
2949 The SMTP server no longer forks on each MAIL command. The ONEX
2950 command has been removed.
2951 Implement SMTP PIPELINING per RFC 2920. It can be turned off
2952 at compile time or per host (ruleset).
2953 New option MailboxDatabase specifies the type of mailbox database
2954 used to look up local mail recipients; the default value
2955 is "pw", which means to use getpwnam(). New mailbox database
2956 types can be added by adding custom code to libsm/mbdb.c.
2957 Queue file names are now 15 characters long, rather than 14 characters
2958 long, to accommodate envelope splitting. File systems with
2959 a 14 character file name length limit are no longer
2961 Recipient list used for delivery now gets internally ordered by
2962 hostsignature (character string version of MX RR). This orders
2963 recipients for the same MX RR's together meaning smaller
2964 portions of the list need to be scanned (instead of the whole
2965 list) each delivery() pass to determine piggybacking. The
2966 significance of the change is better the larger the recipient
2967 list. Hostsignature is now created during recipient list
2968 creation rather than just before delivery.
2969 Enhancements for more opportunistic piggybacking. Previous
2970 piggybacking (called coincidental) extended to coattail
2971 piggybacking. Rather than complete MX RR matching
2972 (coincidental) piggybacking is done if just the lowest value
2973 preference matches (coattail).
2974 If sendmail receives a temporary error on a RCPT TO: command, it will
2975 try other MX hosts if available.
2976 DefaultAuthInfo can contain a list of mechanisms to be used for
2977 outgoing (client-side) SMTP Authentication.
2978 New modifier 'A' for DaemonPortOptions/ClientPortOptions to disable
2979 AUTH (overrides 'a' modifier in DaemonPortOptions). Based
2980 on patch from Lyndon Nerenberg of Messaging Direct.
2981 Enable AUTH mechanism EXTERNAL if STARTTLS is used.
2982 A new ruleset authinfo can be used to return client side
2983 authentication information for AUTH instead of DefaultAuthInfo.
2984 Therefore the DefaultAuthInfo option is deprecated and will be
2985 removed in future versions.
2986 Accept any SMTP continuation code 3xy for AUTH even though RFC 2554
2987 requires 334. Mercury 1.48 is a known offender.
2988 Add new option AuthMaxBits to limit the overall encryption strength
2989 for the security layer in SMTP AUTH (SASL). See
2990 doc/op/op.me for details.
2991 Introduce new STARTTLS related macros {cn_issuer}, {cn_subject},
2992 {cert_md5} which hold the CN (common name) of the CA that
2993 signed the presented certificate, the CN and the MD5 hash
2994 of the presented certificate, respectively.
2995 New ruleset try_tls to decide whether to try (as client) STARTTLS.
2996 New ruleset srv_features to enable/disable certain features in the
2997 server per connection. See doc/op/op.me for details.
2998 New ruleset tls_rcpt to decide whether to send e-mail to a particular
2999 recipient; useful to decide whether a connection is secure
3000 enough on a per recipient basis.
3001 New option TLSSrvOptions to modify some aspects of the server
3003 If no certificate has been requested, the macro {verify} has the
3005 New M=S modifier for ClientPortOptions/DaemonPortOptions to turn off
3006 using/offering STARTTLS when delivering/receiving e-mail.
3007 Macro expand filenames/directories for certs and keys in the .cf file.
3008 Proposed by Neil Rickert of Northern Illinois University.
3009 Generate an ephemeral RSA key for a STARTTLS connection only if
3010 really required. This change results in a noticeable
3011 performance gains on most machines. Moreover, if shared
3012 memory is in use, reuse the key several times.
3013 Add queue groups which can be used to group queue directories with
3014 the same behavior together. See doc/op/op.me for details.
3015 If the new option FastSplit (defaults to one) has a value greater
3016 than zero, it suppresses the MX lookups on addresses when they
3017 are initially sorted which may result in faster envelope
3018 splitting. If the mail is submitted directly from the
3019 command line, then the value also limits the number of
3020 processes to deliver the envelopes; if more envelopes are
3021 created they are only queued up and must be taken care of
3023 The check for 'enough disk space' now pays attention to which file
3024 system each queue directory resides in.
3025 All queue runners can be cleanly terminated via SIGTERM to parent.
3026 New option QueueFileMode for the default permissions of queue files.
3027 Add parallel queue runner code. Allows multiple queue runners per work
3028 group (one or more queues in a multi-queue environment
3029 collected together) to process the same work list at the
3031 Option MaxQueueChildren added to limit the number of concurrently
3032 active queue runner processes.
3033 New option MaxRunnersPerQueue to specify the maximum number of queue
3034 runners per queue group.
3035 Queue member selection by substring pattern matching now allows
3036 the pattern to be negated. For -qI, -qR and -qS it is
3037 permissible for -q!I, -q!R and -q!S to mean remove members
3038 of the queue that match during processing.
3039 New -qp[time] option is similar to -qtime, except that instead of
3040 periodically forking a child to process the queue, a single
3041 child is forked for each queue that sleeps between queue
3042 runs. A SIGHUP signal can be sent to restart this
3043 persistent queue runner.
3044 The SIGHUP signal now restarts a timed queue run process (i.e., a
3045 sendmail process which only runs the queue at an interval:
3047 New option NiceQueueRun to set the priority of queue runners.
3048 Proposed by Thom O'Connor.
3049 sendmail will run the queue(s) in the background when invoked with -q
3050 unless the new -qf option or -v is used.
3051 QueueSortOrder=Random sorts the queue randomly, which is useful if
3052 several queue runners are started by hand to avoid contention.
3053 QueueSortOrder=Modification sorts the queue by the modification time
3054 of the qf file (older entries first).
3055 Support Deliver By SMTP Service Extension (RFC 2852) which allows
3056 a client to specify an amount of time within which an e-mail
3057 should be delivered. New option DeliverByMin added to set the
3058 minimum amount of time or disable the extension.
3059 Non-printable characters (ASCII: 0-31, 127) in mailbox addresses are
3060 not allowed unless escaped or quoted.
3061 Add support for a generic DNS map. Based on a patch contributed
3062 by Leif Johansson of Stockholm University, which was based on
3063 work by Assar Westerlund of Swedish Institute of Computer
3064 Science, Kista, and Johan Danielsson of Royal Institute of
3065 Technology, Stockholm, Sweden.
3066 MX records will be looked up for FallBackMXhost. To use the old
3067 behavior (no MX lookups), put the name in square brackets.
3068 Proposed by Thom O'Connor.
3069 Use shared memory to store free space of filesystems that are used
3070 for queues, if shared memory is available and if a key is set
3071 via SharedMemoryKey. This minimizes the number of system
3072 calls to check the available space. See doc/op/op.me for
3074 If shared memory is compiled in the option -bP can be used to print
3075 the number of entries in the queue(s).
3076 Enable generic mail filter API (milter). See libmilter/README
3077 and the usual documentation for details.
3078 Remove AutoRebuildAliases option, deprecated since 8.10.
3079 Remove '-U' (initial user submission) command line option as
3081 Remove support for non-standard SMTP command XUSR. Use an MSA instead.
3082 New macro {addr_type} which contains whether the current address is
3083 an envelope sender or recipient address. Suggested by
3084 Neil Rickert of Northern Illinois University.
3085 Two new options for host maps: -d (retransmission timeout),
3086 -r (number of retries).
3087 New option for LDAP maps: the -V<sep> allows you to specify a
3088 separator such that a lookup can return both an attribute
3089 and value separated by the given separator.
3090 Add new operators '%', '|', '&' (modulo, binary or, binary and)
3092 If DoubleBounceAddress expands to an empty string, ``double bounces''
3093 (errors that occur when sending an error message) are dropped.
3094 New DontBlameSendmail options GroupReadableSASLDBFile and
3095 GroupWritableSASLDBFile to relax requirements for sasldb files.
3096 New DontBlameSendmail options GroupReadableKeyFile to relax
3097 requirements for files containing secret keys. This is
3098 necessary for the MSP if client authentification is used.
3099 Properly handle quoted filenames for class files (to allow for
3100 filenames with spaces).
3101 Honor the resolver option RES_NOALIASES when canonifying hostnames.
3102 Add macros to avoid the reuse of {if_addr} etc:
3103 {if_name_out} hostname of interface of outgoing connection.
3104 {if_addr_out} address of interface of outgoing connection.
3105 {if_family_out} family of interface of outgoing connection.
3106 The latter two are only set if the interface does not belong
3107 to the loopback net.
3108 Add macro {nrcpts} which holds the number of (validated) recipients.
3109 DialDelay option applies only to mailers with flag 'Z'. Patch from
3110 Juergen Georgi of RUS University of Stuttgart.
3111 New Timeout.lhlo,auth,starttls options to limit the time waiting for
3112 an answer to the LMTP LHLO, SMTP AUTH or STARTTLS command.
3113 New Timeout.aconnect option to limit the overall waiting time for
3114 all connections for a single delivery attempt to succeed.
3115 Limit the rate recipients in the SMTP envelope are accepted once
3116 a threshold number of recipients has been rejected (option
3117 BadRcptThrottle). From Gregory A Lundberg of the WU-FTPD
3119 New option DelayLA to delay connections if the load averages
3120 exceeds the specified value. The default of 0 does not
3121 change the previous behavior. A value greater than 0
3122 will cause sendmail to sleep for one second on most
3123 SMTP commands and before accepting connections if that
3124 load average is exceeded.
3125 Use a dynamic (instead of fixed-size) buffer for the list of
3126 recipients that are sent during a connection to a mailer.
3127 This also introduces a new mailer field 'r' which defines
3128 the maximum number of recipients (defaults to 100).
3129 Based on patch by Motonori Nakamura of Kyoto University.
3130 Add new F=1 mailer flag to disable sending of null characters ('\0').
3131 Add new F=2 mailer flag to disable use of ESMTP, using SMTP instead.
3132 The deprecated [TCP] builtin mailer pathname (P=) is gone. Use [IPC]
3134 IPC is no longer available as first mailer argument (A=) for [IPC]
3135 builtin mailer pathnames. Use TCP instead.
3136 PH map code updated to use the new libphclient API instead of the
3137 old libqiapi library. Contributed by Mark Roth of the
3138 University of Illinois at Urbana-Champaign.
3139 New option DirectSubmissionModifiers to define {daemon_flags}
3140 for direct (command line) submissions.
3141 New M=O modifier for DaemonPortOptions to ignore the socket in
3142 case of failures. Based on patch by Jun-ichiro itojun
3143 Hagino of the KAME Project.
3144 Add Disposition-Notification-To: (RFC 2298) to the list of headers
3145 whose content is rewritten similar to Reply-To:.
3146 Proposed by Andrzej Filip.
3147 Use STARTTLS/AUTH=server/client for logging incoming/outgoing
3148 STARTTLS/AUTH connections; log incoming connections at level
3149 9 or higher. Use AUTH/STARTTLS instead of SASL/TLS for SMTP
3150 AUTH/STARTTLS related logfile entries.
3151 Convert unprintable characters (and backslash) into octal or C format
3153 Log recipients if no message is transferred but QUIT/RSET is given
3154 (at LogLevel 9/10 or higher).
3155 Log discarded recipients at LogLevel 10 or higher.
3156 Do not log "did not issue MAIL/EXPN/VRFY/ETRN" for connections
3157 in which most commands are rejected due to check_relay or
3158 TCP Wrappers if the host tries one of those commands anyway.
3159 Change logging format for cloned envelopes to be similar to that for
3160 DSNs ("old id: new id: clone"). Suggested by Ulrich Windl
3161 of the Universitat Regensburg.
3162 Added libsm, a C library of general purpose abstractions including
3163 assertions, tracing and debugging with named debug categories,
3164 exception handling, malloc debugging, resource pools,
3165 portability abstractions, and an extensible buffered I/O
3166 package. It will at some point replace libsmutil.
3167 See libsm/index.html for details.
3168 Fixed most memory leaks in sendmail which were previously taken
3169 care of by fork() and exit().
3170 Use new sm_io*() functions in place of stdio calls. Allows for
3171 more consistent portablity amongst different platforms
3172 new and old (from new libsm).
3173 Common I/O pkg means just one buffering method needed instead of two
3174 ('bf_portable' and 'bf_torek' now just 'bf').
3175 Sfio no longer needed as SASL/TLS code uses sm_io*() API's.
3176 New possible value 'interactive' for SuperSafe which can be used
3177 together with DeliveryMode=interactive is to avoid some disk
3178 synchronizations calls.
3179 Add per-recipient status information to mailq -v output.
3180 T_ANY queries are no longer used by sendmail.
3181 When compiling with "gcc -O -Wall" specify "-DSM_OMIT_BOGUS_WARNINGS"
3182 too (see include/sm/cdefs.h for more info).
3183 sendmail -d now has general support for named debug categories.
3184 See libsm/debug.html and section 3.4 of doc/op/op.me
3186 Eliminate the "postmaster warning" DSNs on address parsing errors
3187 such as unbalanced angle brackets or parentheses. The DSNs
3188 generated by this condition were illegal (not RFC conform).
3189 Problem noted by Ulrich Windl of the Universitaet Regensburg.
3190 Do not issue a DSN if the ruleset localaddr resolves to the $#error
3191 mailer and the recipient has hence been rejected during the
3192 SMTP dialogue. Problem reported by Larry Greenfield of CMU.
3193 Deal with a case of multiple deliveries on misconfigured systems
3194 that do not have postmaster defined. If an email was sent
3195 from an address to which a DSN cannot be returned and
3196 in which at least one recipient address is non-deliverable,
3197 then that email had been delivered in each queue run.
3198 Problem reported by Matteo HCE Valsasna of Universita
3199 degli Studi dell'Insubria.
3200 The compilation options SMTP, DAEMON, and QUEUE have been removed,
3201 i.e., the corresponding code is always compiled in now.
3202 Log the command line in daemon/queue-run mode at LogLevel 10 and
3203 higher. Suggested by Robert Harker of Harker Systems.
3204 New ResolverOptions setting: WorkAroundBrokenAAAA. When
3205 attempting to canonify a hostname, some broken nameservers
3206 will return SERVFAIL (a temporary failure) on T_AAAA (IPv6)
3207 lookups. If you want to excuse this behavior, use this new
3208 flag. Suggested by Chris Foote of SE Network Access and
3209 Mark Roth of the University of Illinois at
3211 Free the memory allocated by getipnodeby{addr,name}(). Problem
3212 noted by Joy Latten of IBM.
3213 ConnectionRateThrottle limits the number of connections per second
3214 to each daemon individually, not the overall number of
3216 Specifying only "ldap:" as an AliasFile specification will force
3217 sendmail to use a default alias schema as outlined in the
3218 ``USING LDAP FOR ALIASES, MAPS, and CLASSES'' section of
3220 Add a new syntax for the 'F' (file class) sendmail.cf command. If
3221 the first character after the class name is not a '/' or a
3222 '|' and it contains an '@' (e.g., F{X}key@class:spec), the
3223 rest of the line will be parsed as a map lookup. This
3224 allows classes to be filled via a map lookup. See op.me
3225 for more syntax information. Specifically, this can be
3226 used for commands such as VIRTUSER_DOMAIN_FILE() to read
3227 the list of domains via LDAP (see the ``USING LDAP FOR
3228 ALIASES, MAPS, and CLASSES'' section of cf/README for an
3230 The new macro ${sendmailMTACluster} determines the LDAP cluster for
3231 the default schema used in the above two items.
3232 Unless DontBlameSendmail=RunProgramInUnsafeDirPath is set, log a
3233 warning if a program being run from a mailer or file class
3234 (e.g., F|/path/to/prog) is in an unsafe directory path.
3235 Unless DontBlameSendmail=RunWritableProgram is set, log a warning
3236 if a program being run from a mailer or file class
3237 (e.g., F|/path/to/prog) is group or world writable.
3238 Loopback interfaces (e.g., "lo0") are now probed for class {w}
3239 hostnames. Setting DontProbeInterfaces to "loopback"
3240 (without quotes) will disable this and return to the
3241 pre-8.12 behavior of only probing non-loopback interfaces.
3242 Suggested by Bryan Stansell of GNAC.
3243 In accordance with RFC 2821 section 4.1.4, accept multiple
3245 Multiple ClientPortOptions settings are now allowed, one for each
3246 possible protocol family which may be used for outgoing
3247 connections. Restrictions placed on one family only affect
3248 outgoing connections on that particular family. Because of
3249 this change, the ${client_flags} macro is not set until the
3250 connection is established. Based on patch from Motonori
3251 Nakamura of Kyoto University.
3252 PrivacyOptions=restrictexpand instructs sendmail to drop privileges
3253 when the -bv option is given by users who are neither root
3254 nor the TrustedUser so users can not read private aliases,
3255 forwards, or :include: files. It also will override the -v
3256 (verbose) command line option.
3257 If the M=b modifier is set in DaemonPortOptions and the interface
3258 address can't be used for the outgoing connection, fall
3259 back to the settings in ClientPortOptions (if set).
3260 Problem noted by John Beck of Sun Microsystems.
3261 New named config file rule check_data for DATA command (input:
3262 number of recipients). Based on patch from Mark Roth of
3263 the University of Illinois at Urbana-Champaign.
3264 Add support for ETRN queue selection per RFC 1985. The queue group
3265 can be specified using the '#' option character. For
3266 example, 'ETRN #queuegroup'.
3267 If an LDAP server times out or becomes unavailable, close the
3268 current connection and reopen to get to one of the fallback
3269 servers. Patch from Paul Hilchey of the University of
3271 Make default error number on $#error messages 550 instead of 501
3272 because 501 is not allowed on all commands.
3273 The .cf file option UnsafeGroupWrites is deprecated, it should be
3274 replaced with the settings GroupWritableForwardFileSafe
3275 and GroupWritableIncludeFileSafe in DontBlameSendmail
3277 The deprecated ldapx map class has been removed. Use the ldap map
3279 Any IPv6 addresses used in configuration should be prefixed by the
3280 "IPv6:" tag to identify the address properly. For example,
3281 if you want to add the IPv6 address [2002:c0a8:51d2::23f4] to
3282 class {w}, you would need to add [IPv6:2002:c0a8:51d2::23f4].
3283 Change the $&{opMode} macro if the operation mode changes while the
3284 MTA is running. For example, during a queue run.
3285 Add "use_inet6" as a new ResolverOptions flag to control the
3286 RES_USE_INET6 resolver option. Based on patch from Rick
3288 The maximum number of commands before the MTA slows down when too
3289 many "light weight" commands have been received are now
3290 configurable during compile time. The current values and
3292 MAXBADCOMMANDS 25 unknown commands
3293 MAXNOOPCOMMANDS 20 NOOP, VERB, ONEX, XUSR
3294 MAXHELOCOMMANDS 3 HELO, EHLO
3295 MAXVRFYCOMMANDS 6 VRFY, EXPN
3296 MAXETRNCOMMANDS 8 ETRN
3297 Setting a value to 0 disables the check. Patch from Bryan
3298 Costales of SL3D, Inc.
3299 The header syntax H?${MyMacro}?X-My-Header: now not only checks if
3300 ${MyMacro} is defined but also that it is not empty.
3301 Properly quote usernames with special characters if they are used
3302 in headers. Problem noted by Kari Hurtta of the Finnish
3303 Meteorological Institute.
3304 Be sure to include the proper Final-Recipient: DSN header in bounce
3305 messages for messages for mailing list expanded addresses
3306 which are not delivered on the initial attempt.
3307 Do not treat errors as sticky when doing delivery via LMTP after
3308 the final dot has been sent to avoid affecting future
3309 deliveries. Problem reported by Larry Greenfield of CMU.
3310 New compile time flag REQUIRES_DIR_FSYNC which turns on support for
3311 file systems that require to call fsync() for a directory
3312 if the meta-data in it has been changed. This should be
3313 set at least for ReiserFS; it is enabled by default for Linux.
3314 See sendmail/README for further information.
3315 Avoid file locking deadlock when updating the statistics file if
3316 sendmail is signaled to terminate. Problem noted by
3317 Christophe Wolfhugel of France Telecom.
3318 Set the $c macro (hop count) as it is being set instead of when the
3319 envelope is initialized. Problem noted by Kari Hurtta of
3320 the Finnish Meteorological Institute.
3321 Properly count recipients for DeliveryMode defer and queue. Fix
3322 from Peter A. Friend of EarthLink.
3323 Treat invalid hesiod lookups as permanent errors instead of
3324 temporary errors. Problem noted by Russell McOrmond of
3327 Remove support for AIX 2, which supports only 14 character
3328 filenames and is outdated anyway. Suggested by
3329 Valdis Kletnieks of Virginia Tech.
3330 Change several settings for Irix 6: remove confSBINDIR,
3331 i.e., use default /usr/sbin, change owner/group
3332 of man pages and user-executable to root/sys, set
3333 optimization limit to 0 (unlimited). Based on patch
3334 from Ayamura Kikuchi, M.D, and proposal from Kari
3335 Hurtta of the Finnish Meteorological Institute.
3336 Do not assume LDAP support is installed by default under
3337 Solaris 8 and later.
3338 Add support for OpenUNIX.
3339 CONFIG: Increment version number of config file to 10.
3340 CONFIG: Add an install target and a README file in cf/cf.
3341 CONFIG: Don't accept addresses of the form a@b@, a@b@c, a@[b]c, etc.
3342 CONFIG: Reject empty recipient addresses (in check_rcpt).
3343 CONFIG: The access map uses an option of -T<TMPF> to deal with
3344 temporary lookup failures.
3345 CONFIG: New value for access map: SKIP, which causes the default
3346 action to be taken by aborting the search for domain names
3348 CONFIG: check_rcpt can deal with TEMPFAIL for either recipient or
3349 relay address as long as the other part allows the email
3351 CONFIG: Entries for virtusertable can make use of a third parameter
3352 "%3" which contains "+detail" of a wildcard match, i.e., an
3353 entry like user+*@domain. This allows handling of details by
3354 using %1%3 as the RHS. Additionally, a "+" wildcard has been
3355 introduced to match only non-empty details of addresses.
3356 CONFIG: Numbers for rulesets used by MAILERs have been removed
3357 and hence there is no required order within the MAILER
3358 section anymore except for MAILER(`uucp') which must come
3359 after MAILER(`smtp') if uucp-dom and uucp-uudom are used.
3360 CONFIG: Hosts listed in the generics domain class {G}
3361 (GENERICS_DOMAIN() and GENERICS_DOMAIN_FILE()) are treated
3362 as canonical. Suggested by Per Hedeland of Ericsson.
3363 CONFIG: If FEATURE(`delay_checks') is used, make sure that a lookup
3364 in the access map which returns OK or RELAY actually
3365 terminates check_* ruleset checking.
3366 CONFIG: New tag TLS_Rcpt: for access map to be used by ruleset
3367 tls_rcpt, see cf/README for details.
3368 CONFIG: Change format of Received: header line which reveals whether
3369 STARTTLS has been used to "(version=${tls_version}
3370 cipher=${cipher} bits=${cipher_bits} verify=${verify})".
3371 CONFIG: Use "Spam:" as tag for lookups for FEATURE(`delay_checks')
3372 options friends/haters instead of "To:" and enable
3373 specification of whole domains instead of just users.
3374 Notice: this change is not backward compatible.
3375 Suggested by Chris Adams from HiWAAY Informations Services.
3376 CONFIG: Allow for local extensions for most new rulesets, see
3377 cf/README for details.
3378 CONFIG: New FEATURE(`lookupdotdomain') to lookup also .domain in
3379 the access map. Proposed by Randall Winchester of the
3380 University of Maryland.
3381 CONFIG: New FEATURE(`local_no_masquerade') to avoid masquerading for
3382 the local mailer. Proposed by Ingo Brueckl of Wupper Online.
3383 CONFIG: confRELAY_MSG/confREJECT_MSG can override the default
3384 messages for an unauthorized relaying attempt/for access
3385 map entries with RHS REJECT, respectively.
3386 CONFIG: FEATURE(`always_add_domain') takes an optional argument
3387 to specify another domain to be added instead of the local one.
3388 Suggested by Richard H. Gumpertz of Computer Problem
3390 CONFIG: confAUTH_OPTIONS allows setting of Cyrus-SASL specific
3391 options, see doc/op/op.me for details.
3392 CONFIG: confAUTH_MAX_BITS sets the maximum encryption strength for
3393 the security layer in SMTP AUTH (SASL).
3394 CONFIG: If Local_localaddr resolves to $#ok, localaddr is terminated
3396 CONFIG: FEATURE(`enhdnsbl') is an enhanced version of dnsbl which
3397 allows checking of the return values of the DNS lookups.
3398 See cf/README for details.
3399 CONFIG: FEATURE(`dnsbl') allows now to specify the behavior for
3400 temporary lookup failures.
3401 CONFIG: New option confDELIVER_BY_MIN to specify minimum time for
3402 Deliver By (RFC 2852) or to turn off the extension.
3403 CONFIG: New option confSHARED_MEMORY_KEY to set the key for shared
3405 CONFIG: New FEATURE(`compat_check') to look up a key consisting
3406 of the sender and the recipient address delimited by the
3407 string "<@>", e.g., sender@sdomain<@>recipient@rdomain,
3408 in the access map. Based on code contributed by Mathias
3409 Koerber of Singapore Telecommunications Ltd.
3410 CONFIG: Add EXPOSED_USER_FILE() command to allow an exposed user
3411 file. Suggested by John Beck of Sun Microsystems.
3412 CONFIG: Don't use MAILER-DAEMON for error messages delivered
3413 via LMTP. Problem reported by Larry Greenfield of CMU.
3414 CONFIG: New FEATURE(`preserve_luser_host') to preserve the name of
3415 the recipient host if LUSER_RELAY is used.
3416 CONFIG: New FEATURE(`preserve_local_plus_detail') to preserve the
3417 +detail portion of the address when passing address to
3418 local delivery agent. Disables alias and .forward +detail
3419 stripping. Only use if LDA supports this.
3420 CONFIG: Removed deprecated FEATURE(`rbl').
3421 CONFIG: Add LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE()
3422 which allow you to specify 'equivalent' hosts for LDAP
3423 Routing lookups. Equivalent hostnames are replaced by the
3424 masquerade domain name for lookups. See cf/README for
3426 CONFIG: Add a fourth argument to FEATURE(`ldap_routing') which
3427 instructs the rulesets on what to do if the address being
3428 looked up has +detail information. See cf/README for more
3430 CONFIG: When chosing a new destination via LDAP Routing, also look
3431 up the new routing address/host in the mailertable. Based
3432 on patch from Don Badrak of the United States Census Bureau.
3433 CONFIG: Do not reject the SMTP Mail from: command if LDAP Routing
3434 is in use and the bounce option is enabled. Only reject
3435 recipients as user unknown.
3436 CONFIG: Provide LDAP support for the remaining database map
3437 features. See the ``USING LDAP FOR ALIASES AND MAPS''
3438 section of cf/README for more information.
3439 CONFIG: Add confLDAP_CLUSTER which defines the ${sendmailMTACluster}
3440 macro used for LDAP searches as described above in ``USING
3441 LDAP FOR ALIASES, MAPS, AND CLASSES''.
3442 CONFIG: confCLIENT_OPTIONS has been replaced by CLIENT_OPTIONS(),
3443 which takes the options as argument and can be used
3444 multiple times; see cf/README for details.
3445 CONFIG: Add configuration macros for new options:
3446 confBAD_RCPT_THROTTLE BadRcptThrottle
3447 confDIRECT_SUBMISSION_MODIFIERS DirectSubmissionModifiers
3448 confMAILBOX_DATABASE MailboxDatabase
3449 confMAX_QUEUE_CHILDREN MaxQueueChildren
3450 confMAX_RUNNERS_PER_QUEUE MaxRunnersPerQueue
3451 confNICE_QUEUE_RUN NiceQueueRun
3452 confQUEUE_FILE_MODE QueueFileMode
3453 confFAST_SPLIT FastSplit
3454 confTLS_SRV_OPTIONS TLSSrvOptions
3455 See above (and related documentation) for further information.
3456 CONFIG: Add configuration variables for new timeout options:
3457 confTO_ACONNECT Timeout.aconnect
3458 confTO_AUTH Timeout.auth
3459 confTO_LHLO Timeout.lhlo
3460 confTO_STARTTLS Timeout.starttls
3461 CONFIG: Add configuration macros for mail filter API:
3462 confINPUT_MAIL_FILTERS InputMailFilters
3463 confMILTER_LOG_LEVEL Milter.LogLevel
3464 confMILTER_MACROS_CONNECT Milter.macros.connect
3465 confMILTER_MACROS_HELO Milter.macros.helo
3466 confMILTER_MACROS_ENVFROM Milter.macros.envfrom
3467 confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt
3468 Mail filters can be defined via INPUT_MAIL_FILTER() and
3469 MAIL_FILTER(). See libmilter/README, cf/README, and
3470 doc/op/op.me for details.
3471 CONFIG: Add support for accepting temporarily unresolvable domains.
3472 See cf/README for details. Based on patch by Motonori
3473 Nakamura of Kyoto University.
3474 CONFIG: confDEQUOTE_OPTS can be used to specify options for the
3476 CONFIG: New macro QUEUE_GROUP() to define queue groups.
3477 CONFIG: New FEATURE(`queuegroup') to select a queue group based
3478 on the full e-mail address or the domain of the recipient.
3479 CONFIG: Any IPv6 addresses used in configuration should be prefixed
3480 by the "IPv6:" tag to identify the address properly. For
3481 example, if you want to use the IPv6 address
3482 2002:c0a8:51d2::23f4 in the access database, you would need
3483 to use IPv6:2002:c0a8:51d2::23f4 on the left hand side.
3484 This affects the access database as well as the
3485 relay-domains and local-host-names files.
3486 CONFIG: OSTYPE(aux) has been renamed to OSTYPE(a-ux).
3487 CONFIG: Avoid expansion of m4 keywords in SMART_HOST.
3488 CONFIG: Add MASQUERADE_EXCEPTION_FILE() for reading masquerading
3489 exceptions from a file. Suggested by Trey Breckenridge of
3490 Mississippi State University.
3491 CONFIG: Add LOCAL_USER_FILE() for reading local users
3492 (LOCAL_USER() -- $={L}) entries from a file.
3493 CONTRIB: dnsblaccess.m4 is a further enhanced version of enhdnsbl.m4
3494 which allows to lookup error codes in the access map.
3495 Contributed by Neil Rickert of Northern Illinois University.
3496 DEVTOOLS: Add new options for installation of include and library
3497 files: confINCGRP, confINCMODE, confINCOWN, confLIBGRP,
3498 confLIBMODE, confLIBOWN.
3499 DEVTOOLS: Add new option confDONT_INSTALL_CATMAN to turn off
3500 installation of the the formatted man pages on operating
3501 systems which don't include cat directories.
3502 EDITMAP: New program for editing maps as supplement to makemap.
3503 MAIL.LOCAL: Mail.local now uses the libsm mbdb package to look up
3504 local mail recipients. New option -D mbdb specifies the
3505 mailbox database type.
3506 MAIL.LOCAL: New option "-h filename" which instructs mail.local to
3507 deliver the mail to the named file in the user's home
3508 directory instead of the system mail spool area. Based on
3509 patch from Doug Hardie of the Los Angeles Free-Net.
3510 MAILSTATS: New command line option -P which acts the same as -p but
3511 doesn't truncate the statistics file.
3512 MAKEMAP: Add new option -t to specify a different delimiter
3513 instead of white space.
3514 RMAIL: Invoke sendmail with '-G' to indicate this is a gateway
3515 submission. Problem noted by Kari Hurtta of the Finnish
3516 Meteorological Institute.
3517 SMRSH: Use the vendor supplied directory on FreeBSD 3.3 and later.
3518 VACATION: Change Auto-Submitted: header value from auto-generated to
3519 auto-replied. From Kenneth Murchison of Oceana Matrix Ltd.
3520 VACATION: New option -d to send error/debug messages to stdout
3522 VACATION: New option -U which prevents the attempt to lookup login
3523 in the password file. The -f and -m options must be used
3524 to specify the database and message file since there is no
3525 home directory for the default settings for these options.
3526 VACATION: Vacation now uses the libsm mbdb package to look up
3527 local mail recipients; it reads the MailboxDatabase option
3528 from the sendmail.cf file. New option -C cffile which
3529 specifies the path of the sendmail.cf file.
3536 cf/feature/authinfo.m4
3537 cf/feature/compat_check.m4
3538 cf/feature/enhdnsbl.m4
3540 cf/feature/local_no_masquerade.m4
3541 cf/feature/lookupdotdomain.m4
3542 cf/feature/preserve_luser_host.m4
3543 cf/feature/preserve_local_plus_detail.m4
3544 cf/feature/queuegroup.m4
3546 contrib/dnsblaccess.m4
3547 devtools/M4/UNIX/sm-test.m4
3548 devtools/OS/OpenUNIX.5.i386
3559 sendmail/sm_resolve.c
3560 sendmail/sm_resolve.h
3566 include/sendmail/cdefs.h
3567 include/sendmail/errstring.h
3568 include/sendmail/useful.h
3569 libsmutil/errstring.c
3570 sendmail/bf_portable.c
3571 sendmail/bf_portable.h
3576 cf/cf/generic-solaris2.mc => cf/cf/generic-solaris.mc
3577 cf/cf/generic-solaris2.cf => cf/cf/generic-solaris.cf
3578 cf/ostype/aux.m4 => cf/ostype/a-ux.m4
3580 8.11.7/8.11.7 2003/03/29
3581 SECURITY: Fix a remote buffer overflow in header parsing by
3582 dropping sender and recipient header comments if the
3583 comments are too long. Problem noted by Mark Dowd
3585 SECURITY: Fix a buffer overflow in address parsing due to
3586 a char to int conversion problem which is potentially
3587 remotely exploitable. Problem found by Michal Zalewski.
3588 Note: an MTA that is not patched might be vulnerable to
3589 data that it receives from untrusted sources, which
3591 To provide partial protection to internal, unpatched sendmail MTAs,
3592 8.11.7 changes by default (char)0xff to (char)0x7f in
3593 headers etc. To turn off this conversion compile with
3594 -DALLOW_255 or use the command line option -d82.101.
3595 To provide partial protection for internal, unpatched MTAs that may be
3596 performing 7->8 or 8->7 bit MIME conversions, the default
3597 for MaxMimeHeaderLength has been changed to 2048/1024.
3598 Note: this does have a performance impact, and it only
3599 protects against frontal attacks from the outside.
3600 To disable the checks and return to pre-8.11.7 defaults,
3601 set MaxMimeHeaderLength to 0/0.
3602 Properly clean up macros to avoid persistence of session data
3603 across various connections. This could cause session
3604 oriented restrictions, e.g., STARTTLS requirements,
3605 to erroneously allow a connection. Problem noted
3606 by Tim Maletic of Priority Health.
3607 Ignore comments in NIS host records when trying to find the
3608 canonical name for a host.
3609 Fix a memory leak when closing Hesiod maps.
3610 Set ${msg_size} macro when reading a message from the command line
3612 Prevent a segmentation fault when clearing the event list by
3613 turning off alarms before checking if event list is
3614 empty. Problem noted by Allan E Johannesen of Worcester
3615 Polytechnic Institute.
3616 Fix a potential core dump problem if the environment variable
3617 NAME is set. Problem noted by Beth A. Chaney of
3619 Prevent a race condition on child cleanup for delivery to files.
3620 Problem noted by Fletcher Mattox of the University of
3622 CONFIG: Do not bounce mail if FEATURE(`ldap_routing')'s bounce
3623 parameter is set and the LDAP lookup returns a temporary
3625 CONFIG: Fix a syntax error in the try_tls ruleset if
3626 FEATURE(`access_db') is not enabled.
3627 LIBSMDB: Fix a lock race condition that affects makemap, praliases,
3629 LIBSMDB: Avoid a file creation race condition for Berkeley DB 1.X
3630 and NDBM on systems with the O_EXLOCK open(2) flag.
3631 MAKEMAP: Avoid going beyond the end of an input line if it does
3632 not contain a value for a key. Based on patch from
3633 Mark Bixby from Hewlett-Packard.
3634 MAIL.LOCAL: Fix a truncation race condition if the close() on
3635 the mailbox fails. Problem noted by Tomoko Fukuzawa of
3637 SMRSH: SECURITY: Only allow regular files or symbolic links to be
3638 used for a command. Problem noted by David Endler of
3641 8.11.6/8.11.6 2001/08/20
3642 SECURITY: Fix a possible memory access violation when specifying
3643 out-of-bounds debug parameters. Problem detected by
3644 Cade Cairns of SecurityFocus.
3645 Avoid leaking recipient information in unrelated DSNs. This could
3646 happen if a connection is aborted, several mails had been
3647 scheduled for delivery via that connection, and the timeout
3648 is reached such that several DSNs are sent next. Problem
3649 noted by Dileepan Moorkanat of Hewlett-Packard.
3650 Fix a possible segmentation violation when specifying too many
3651 wildcard operators in a rule. Problem detected by
3653 Avoid a segmentation fault on non-matching Hesiod lookups. Problem
3654 noted by Russell McOrmond of flora.ca
3656 8.11.5/8.11.5 2001/07/31
3657 Fix a possible race condition when sending a HUP signal to restart
3658 the daemon. This could terminate the current process without
3659 starting a new daemon. Problem reported by Wolfgang Breyha
3660 of SE Netway Communications.
3661 Only apply MaxHeadersLength when receiving a message via SMTP or
3662 the command line. Problem noted by Andrey J. Melnikoff.
3663 When finding the system's local hostname on an IPv6-enabled system
3664 which doesn't have any IPv6 interface addresses, fall back
3665 to looking up only IPv4 addresses. Problem noted by Tim
3666 Bosserman of EarthLink.
3667 When commands were being rejected due to check_relay or TCP
3668 Wrappers, the ETRN command was not giving a response.
3669 Incoming IPv4 connections on a Family=inet6 daemon (using
3670 IPv4-mapped addresses) were incorrectly labeled as "may be
3671 forged". Problem noted by Per Steinar Iversen of Oslo
3673 Shutdown address test mode cleanly on SIGTERM. Problem noted by
3674 Greg King of the OAO Corporation.
3675 Restore the original real uid (changed in main() to prevent
3676 out of band signals) before invoking a delivery agent.
3677 Some delivery agents use this for the "From " envelope
3678 "header". Problem noted by Leslie Carroll of the
3679 University at Albany.
3680 Mark closed file descriptors properly to avoid reuse. Problem
3681 noted by Jeff Bronson of J.D. Bronson, Inc.
3682 Setting Timeout options on the command line will also override
3683 their sub-suboptions in the .cf file, e.g., -O
3684 Timeout.queuereturn=2d will set all queuereturn timeouts
3685 to 2 days. Problem noted by Roger B.A. Klorese.
3687 BSD/OS has a broken setreuid() implementation. Problem
3688 noted by Vernon Schryver of Rhyolite Software.
3689 BSD/OS has /dev/urandom(4) (as of version 4.1/199910 ?).
3690 Noted by Vernon Schryver of Rhyolite Software.
3691 BSD/OS has fchown(2). Noted by Dave Yadallee of Netline
3692 2000 Internet Solutions Inc.
3693 Solaris 2.X and later have strerror(3). From Sebastian
3694 Hagedorn of Cologne University.
3695 CONFIG: Fix parsing for IPv6 domain literals in addresses
3696 (user@[IPv6:address]). Problem noted by Liyuan Zhou.
3698 8.11.4/8.11.4 2001/05/28
3699 Clean up signal handling routines to reduce the chances of heap
3700 corruption and other potential race conditions.
3701 Terminating and restarting the daemon may not be
3702 instantaneous due to this change. Also, non-root users can
3703 no longer send out-of-band signals. Problem reported by
3704 Michal Zalewski of BindView.
3705 If LogLevel is greater than 9 and SASL fails to negotiate an
3706 encryption layer, avoid core dump logging the encryption
3707 strength. Problem noted by Miroslav Zubcic of Crol.
3708 If a server offers "AUTH=" and "AUTH " and the list of mechanisms is
3709 different in those two lines, sendmail might not have
3710 recognized (and used) all of the offered mechanisms.
3711 Fix an IP address lookup problem on Solaris 2.0 - 2.3. Patch
3713 This time, really don't use the .. directory when expanding
3714 QueueDirectory wildcards.
3715 If a process is interrupted while closing a map, don't try to close
3716 the same map again while exiting.
3717 Allow local mailers (F=l) to contact remote hosts (e.g., via
3718 LMTP). Problem noted by Norbert Klasen of the University
3720 If Timeout.QueueReturn was set to a value less the time it took
3721 to write a new queue file (e.g., 0 seconds), the bounce
3722 message would be lost. Problem noted by Lorraine L Goff of
3723 Oklahoma State University.
3724 Pass map argument vector into map rewriting engine for the regex
3725 and prog map types. Problem noted by Stephen Gildea of
3726 InTouch Systems, Inc.
3727 When closing an LDAP map due to a temporary error, close all of the
3728 other LDAP maps which share the original map's connection
3729 to the LDAP server. Patch from Victor Duchovni of
3731 To detect changes of NDBM aliases files check the timestamp of the
3732 .pag file instead of the .dir file. Problem noted by Neil
3733 Rickert of Northern Illinois University.
3734 Don't treat temporary hesiod lookup failures as permanent. Patch
3735 from Werner Wiethege.
3736 If ClientPortOptions is set, make sure to create the outgoing socket
3737 with the family set in that option. Patch from Sean Farley.
3738 Avoid a segmentation fault trying to dereference a NULL pointer
3739 when logging a MaxHopCount exceeded error with an empty
3740 recipient list. Problem noted by Chris Adams of HiWAAY
3742 Fix DSN for "Too many hops" bounces. Problem noticed by Ulrich
3743 Windl of the Universitaet Regensburg.
3744 Fix DSN for "mail loops back to me" bounces. Problem noticed by
3745 Kari Hurtta of the Finnish Meteorological Institute.
3747 OpenBSD has a broken setreuid() implementation.
3748 CONFIG: Undo change from 8.11.1: change 501 SMTP reply code back
3749 to 553 since it is allowed by DRUMS.
3750 CONFIG: Add OSTYPE(freebsd4) for FreeBSD 4.X.
3751 DEVTOOLS: install.sh did not properly handle paths in the source
3752 file name argument. Noted by Kari Hurtta of the Finnish
3753 Meteorological Institute.
3754 DEVTOOLS: Add FAST_PID_RECYCLE to compile time options for OpenBSD
3755 since it generates random process ids.
3756 PRALIASES: Add back adaptive algorithm to deal with different endings
3757 of entries in the database (with/without trailing '\0').
3758 Patch from John Beck of Sun Microsystems.
3760 cf/ostype/freebsd4.m4
3762 8.11.3/8.11.3 2001/02/27
3763 Prevent a segmentation fault when a bogus value was used in the
3764 LDAPDefaultSpec option's -r, -s, or -M flags and if a bogus
3765 option was used. Problem noted by Allan E Johannesen of
3766 Worcester Polytechnic Institute.
3767 Prevent "token too long" message by shortening {currHeader} which
3768 could be too long if the last copied character was a quote.
3769 Problem detected by Jan Krueger of digitalanswers
3770 communications consulting gmbh.
3771 Additional IPv6 check for unspecified addresses. Patch from
3772 Jun-ichiro itojun Hagino of the KAME Project.
3773 Do not ignore the ClientPortOptions setting if DaemonPortOptions
3774 Modifier=b (bind to same interface) is set and the
3775 connection came in from the command line.
3776 Do not bind to the loopback address if DaemonPortOptions
3777 Modifier=b (bind to same interface) is set. Patch from
3778 John Beck of Sun Microsystems.
3779 Properly deal with open failures on non-optional maps used in
3780 check_* rulesets by returning a temporary failure.
3781 Buffered file I/O files were not being properly fsync'ed to disk
3782 when they were committed.
3783 Properly encode '=' for the AUTH= parameter of the MAIL command.
3784 Problem noted by Hadmut Danisch.
3785 Under certain circumstances the macro {server_name} could be set
3786 to the wrong hostname (of a previous connection), which may
3787 cause some rulesets to return wrong results. This would
3788 usually cause mail to be queued up and delivered later on.
3789 Ignore F=z (LMTP) mailer flag if $u is given in the mailer A=
3790 equate. Problem noted by Motonori Nakamura of Kyoto
3792 Work around broken accept() implementations which only partially
3793 fill in the peer address if the socket is closed before
3795 Return an SMTP "421" temporary failure if the data file can't be
3796 opened where the "354" reply would normally be given.
3797 Prevent a CPU loop in trying to expand a macro which doesn't exist
3798 in a queue run. Problem noted by Gordon Lack of Glaxo
3800 If delivering via a program and that program exits with EX_TEMPFAIL,
3801 note that fact for the mailq display instead of just showing
3802 "Deferred". Problem noted by Motonori Nakamura of Kyoto
3804 If doing canonification via /etc/hosts, try both the fully
3805 qualified hostname as well as the first portion of the
3806 hostname. Problem noted by David Bremner of the
3807 University of New Brunswick.
3809 Fix a compilation problem for mail.local and rmail if SFIO
3810 is in use. Problem noted by Auteria Wally
3811 Winzer Jr. of Champion Nutrition.
3812 IPv6 changes for platforms using KAME. Patch from
3813 Jun-ichiro itojun Hagino of the KAME Project.
3814 OpenBSD 2.7 and higher has srandomdev(3). OpenBSD 2.8 and
3815 higher has BSDI-style login classes. Patch from
3816 Todd C. Miller of Courtesan Consulting.
3817 Unixware 7.1.1 doesn't allow h_errno to be set directly if
3818 sendmail is being compiled with -kthread. Problem
3819 noted by Orion Poplawski of CQG, Inc.
3820 CONTRIB: buildvirtuser: Substitute current domain for $DOMAIN and
3821 current left hand side for $LHS in virtuser files.
3822 DEVTOOLS: Do not pass make targets to recursive Build invocations.
3823 Problem noted by Jeff Bronson of J.D. Bronson, Inc.
3824 MAIL.LOCAL: In LMTP mode, do not return errors regarding problems
3825 storing the temporary message file until after the remote
3826 side has sent the final DATA termination dot. Problem
3827 noted by Allan E Johannesen of Worcester Polytechnic
3829 MAIL.LOCAL: If LMTP mode is set, give a temporary error if users
3830 are also specified on the command line. Patch from
3831 Motonori Nakamura of Kyoto University.
3832 PRALIASES: Skip over AliasFile specifications which aren't based on
3833 database files (i.e., only show dbm, hash, and btree).
3835 devtools/OS/OSF1.V5.0 => devtools/OS/OSF1.V5.x
3837 8.11.2/8.11.2 2000/12/29
3838 Prevent a segmentation fault when trying to set a class in
3839 address test mode due to a negative array index. Audit
3840 other array indexing. This bug is not believed to be
3841 exploitable. Noted by Michal Zalewski of the "Internet for
3842 Schools" project (IdS).
3843 Add an FFR (for future release) to drop privileges when using
3844 address test mode. This will be turned on in 8.12. It can
3845 be enabled by compiling with:
3846 APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_TESTMODE_DROP_PRIVS')
3847 in your devtools/Site/site.config.m4 file. Suggested by
3848 Michal Zalewski of the "Internet for Schools" project (IdS).
3849 Fix potential problem with Cyrus-SASL security layer which may have
3850 caused I/O errors, especially for mechanism DIGEST-MD5.
3851 When QueueSortOrder was set to host, sendmail might not read
3852 enough of the queue file to determine the host, making the
3853 sort sub-optimal. Problem noted by Jeff Earickson of
3855 Don't issue DSNs for addresses which use the NOTIFY parameter (per
3856 RFC 1891) but don't have FAILURE as value.
3857 Initialize Cyrus-SASL library before the SMTP daemon is started.
3858 This implies that every change to SASL related files requires
3859 a restart of the daemon, e.g., Sendmail.conf, new SASL
3860 mechanisms (in form of shared libraries).
3861 Properly set the STARTTLS related macros during a queue run for
3862 a cached connection. Bug reported by Michael Kellen of
3864 Log the server name in relay= for ruleset tls_server instead of the
3866 Include original length of bad field/header when reporting
3867 MaxMimeHeaderLength problems. Requested by Ulrich Windl of
3868 the Universitat Regensburg.
3869 Fix delivery to set-user-ID files that are expanded from aliases in
3870 DeliveryMode queue. Problem noted by Ric Anderson of the
3871 University of Arizona.
3872 Fix LDAP map -m (match only) flag. Problem noted by Jeff Giuliano
3873 of Collective Technologies.
3874 Avoid using a negative argument for sleep() calls when delaying answers
3875 to EXPN/VRFY commands on systems which respond very slowly.
3876 Problem noted by Mikolaj J. Habryn of Optus Internet
3878 Make sure the F=u flag is set in the default prog mailer
3879 definition. Problem noted by Kari Hurtta of the Finnish
3880 Meteorological Institute.
3881 Fix IPv6 check for unspecified addresses. Patch from
3882 Jun-ichiro itojun Hagino of the KAME Project.
3883 Fix return values for IRIX nsd map. From Kari Hurtta of the Finnish
3884 Meteorological Institute.
3885 Fix parsing of DaemonPortOptions and ClientPortOptions. Read all
3886 of the parameters to find Family= setting before trying to
3887 interpret Addr= and Port=. Problem noted by Valdis
3888 Kletnieks of Virginia Tech.
3889 When delivering to a file directly from an alias, do not call
3890 initgroups(); instead use the DefaultUser group information.
3891 Problem noted by Marc Schaefer of ALPHANET NF.
3892 RunAsUser now overrides the ownership of the control socket, if
3893 created. Otherwise, sendmail can not remove it upon
3894 close. Problem noted by Werner Wiethege.
3895 Fix ConnectionRateThrottle counting as the option is the number of
3896 overall connections, not the number of connections per
3897 socket. A future version may change this to per socket
3900 Clean up libsmdb so it functions properly on platforms
3901 where sizeof(u_int32_t) != sizeof(size_t). Problem
3902 noted by Rein Tollevik of Basefarm AS.
3903 Fix man page formatting for compatibility with Solaris'
3904 whatis. From Stephen Gildea of InTouch Systems, Inc.
3905 UnixWare 7 includes snprintf() support. From Larry
3907 IPv6 changes for platforms using KAME. Patch from
3908 Jun-ichiro itojun Hagino of the KAME Project.
3909 Avoid a typedef compile conflict with Berkeley DB 3.X and
3910 Solaris 2.5 or earlier. Problem noted by Bob Hughes
3912 Add preliminary support for AIX 5. Contributed by
3913 Valdis Kletnieks of Virginia Tech.
3914 Solaris 9 load average support from Andrew Tucker of Sun
3916 CONFIG: Reject addresses of the form a!b if FEATURE(`nouucp', `r')
3917 is used. Problem noted by Phil Homewood of Asia Online,
3918 patch from Neil Rickert of Northern Illinois University.
3919 CONFIG: Change the default DNS based blocklist server for
3920 FEATURE(`dnsbl') to blackholes.mail-abuse.org.
3921 CONFIG: Deal correctly with the 'C' flag in {daemon_flags}, i.e.,
3922 implicitly assume canonical host names.
3923 CONFIG: Deal with "::" in IPv6 addresses for access_db. Based on
3924 patch by Motonori Nakamura of Kyoto University.
3925 CONFIG: New OSTYPE(`aix5') contributed by Valdis Kletnieks of
3927 CONFIG: Pass the illegal header form <list:;> through untouched
3928 instead of making it worse. Problem noted by Motonori
3929 Nakamura of Kyoto University.
3930 CONTRIB: Added buildvirtuser (see `perldoc contrib/buildvirtuser`).
3931 CONTRIB: qtool.pl: An empty queue is not an error. Problem noted
3932 by Jan Krueger of digitalanswers communications consulting
3934 CONTRIB: domainmap.m4: Handle domains with '-' in them. From Mark
3935 Roth of the University of Illinois at Urbana-Champaign.
3936 DEVTOOLS: Change the internal devtools OS, REL, and ARCH m4
3937 variables into bldOS, bldREL, and bldARCH to prevent
3938 namespace collisions. Problem noted by Motonori Nakamura
3939 of Kyoto University.
3940 RMAIL: Undo the 8.11.1 change to use -G when calling sendmail. It
3941 causes some changes in behavior and may break rmail for
3942 installations where sendmail is actually a wrapper to
3943 another MTA. The change will re-appear in a future
3945 SMRSH: Use the vendor supplied directory on HPUX 10.X, HPUX 11.X,
3946 and SunOS 5.8. Requested by Jeff A. Earickson of Colby
3947 College and John Beck of Sun Microsystems.
3948 VACATION: Fix pattern matching for addresses to ignore.
3949 VACATION: Don't reply to addresses of the form owner-*
3953 contrib/buildvirtuser
3956 8.11.1/8.11.1 2000/09/27
3957 Fix SMTP EXPN command output if the address expands to a single
3958 name. Fix from John Beck of Sun Microsystems.
3959 Don't try STARTTLS in the client if the PRNG has not been properly
3960 seeded. This problem only occurs on systems without
3961 /dev/urandom. Problem detected by Jan Krueger of
3962 digitalanswers communications consulting gmbh and
3963 Neil Rickert of Northern Illinois University.
3964 Don't use the . and .. directories when expanding QueueDirectory
3966 Do not try to cache LDAP connections across processes as a parent
3967 process may close the connection before the child process
3968 has completed. Problem noted by Lai Yiu Fai of the Hong
3969 Kong University of Science and Technology and Wolfgang
3970 Hottgenroth of UUNET.
3971 Use Timeout.fileopen to limit the amount of time spent trying to
3972 read the LDAP secret from a file.
3973 Prevent SIGTERM from removing a command line submitted item after
3974 the user submits the message and before the first delivery
3975 attempt completes. Problem noted by Max France of AlphaNet.
3976 Fix from Neil Rickert of Northern Illinois University.
3977 Deal correctly with MaxMessageSize restriction if message size is
3978 greater than 2^31. Problem noted by Tim "Darth Dice" Bosserman
3980 Turn off queue checkpointing if CheckpointInterval is set to zero.
3981 Treat an empty home directory (from getpw*() or $HOME) as
3982 non-existent instead of treating it as /. Problem noted by
3983 Todd C. Miller of Courtesan Consulting.
3984 Don't drop duplicate headers when reading a queued item. Problem
3985 noted by Motonori Nakamura of Kyoto University.
3986 Avoid bogus error text when logging the savemail panic "cannot
3987 save rejected email anywhere". Problem noted by Marc G.
3988 Fournier of Acadia University.
3989 If an LDAP search fails because the LDAP server went down, close
3990 the map so subsequent searches reopen the map. If there are
3991 multiple LDAP servers, the down server will be skipped and
3992 one of the others may be able to take over.
3993 Set the ${load_avg} macro to the current load average, not the
3994 previous load average query result.
3995 If a non-optional map used in a check_* ruleset can't be opened,
3996 return a temporary failure to the remote SMTP client
3997 instead of ignoring the map. Problem noted by Allan E
3998 Johannesen of Worcester Polytechnic Institute.
3999 Avoid a race condition when queuing up split envelopes by saving
4000 the split envelopes before the original envelope.
4001 Fix a bug in the PH_MAP code which caused mail to bounce instead of
4002 defer if the PH server could not be contacted. From Mark
4003 Roth of the University of Illinois at Urbana-Champaign.
4004 Prevent QueueSortOrder=Filename from interfering with -qR, -qS, and
4005 ETRN. Problem noted by Erik R. Leo of SoVerNet.
4006 Change error code for unrecognized parameters to the SMTP MAIL and
4007 RCPT commands from 501 to 555 per RFC 1869. Problem
4008 reported to Postfix by Robert Norris of Monash University.
4009 Prevent overwriting the argument of -B on certain OS. Problem
4010 noted by Matteo Gelosa of I.NET S.p.A.
4011 Use the proper routine for freeing memory with Netscape's LDAP
4012 client libraries. Patch from Paul Hilchey of the
4013 University of British Columbia.
4015 Move the NETINET6 define to devtools/OS/SunOS.5.{8,9}
4016 instead of defining it in conf.h so users can
4017 override the setting. Suggested by
4018 Henrik Nordstrom of Ericsson.
4019 On HP-UX 10.X and 11.X, use /usr/sbin/sendmail instead of
4020 /usr/lib/sendmail for rmail and vacation. From
4021 Jeff A. Earickson of Colby College.
4022 On HP-UX 11.X, use /usr/sbin instead of /usr/libexec (which
4023 does not exist). From Jeff A. Earickson of Colby
4025 Avoid using the UCB subsystem on NCR MP-RAS 3.x. From
4027 NeXT 3.X and 4.X installs man pages in /usr/man. From
4028 Hisanori Gogota of NTT/InterCommunicationCenter.
4029 Solaris 8 and later include /var/run. The default PID file
4030 location is now /var/run/sendmail.pid. From John
4031 Beck of Sun Microsystems.
4032 SFIO includes snprintf() for those operating systems
4033 which do not. From Todd C. Miller of Courtesan
4035 CONFIG: Use the result of _CERT_REGEX_SUBJECT_ not {cert_subject}.
4036 Problem noted by Kaspar Brand of futureLab AG.
4037 CONFIG: Change 553 SMTP reply code to 501 to avoid problems with
4038 errors in the MAIL address.
4039 CONFIG: Fix FEATURE(nouucp) usage in example .mc files. Problem
4040 noted by Ron Jarrell of Virginia Tech.
4041 CONFIG: Add support for Solaris 8 (and later) as OSTYPE(solaris8).
4042 Contributed by John Beck of Sun Microsystems.
4043 CONFIG: Set confFROM_HEADER such that the mail hub can possibly add
4044 GECOS information for an address. This more closely
4045 matches pre-8.10 nullclient behavior. From Per Hedeland of
4047 CONFIG: Fix MODIFY_MAILER_FLAGS(): apply the flag modifications for
4048 SMTP to all *smtp* mailers and those for RELAY to the relay
4049 mailer as described in cf/README.
4050 MAIL.LOCAL: Open the mailbox as the recipient not root so quotas
4051 are obeyed. Problem noted by Damian Kuczynski of NIK.
4052 MAKEMAP: Do not change a map's owner to the TrustedUser if using
4053 makemap to 'unmake' the map.
4054 RMAIL: Avoid overflowing the list of recipients being passed to
4056 RMAIL: Invoke sendmail with '-G' to indicate this is a gateway
4057 submission. Problem noted by Kari Hurtta of the Finnish
4058 Meteorological Institute.
4059 VACATION: Read the complete message to avoid "broken pipe" signals.
4060 VACATION: Do not cut off vacation.msg files which have a single
4061 dot as the only character on the line.
4063 cf/ostype/solaris8.m4
4065 8.11.0/8.11.0 2000/07/19
4066 SECURITY: If sendmail is installed as a non-root set-user-ID binary
4067 (not the normal case), some operating systems will still
4068 keep a saved-uid of the effective-uid when sendmail tries
4069 to drop all of its privileges. If sendmail needs to drop
4070 these privileges and the operating system doesn't set the
4071 saved-uid as well, exit with an error. Problem noted by
4072 Kari Hurtta of the Finnish Meteorological Institute.
4073 SECURITY: sendmail depends on snprintf() NUL terminating the string
4074 it populates. It is possible that some broken
4075 implementations of snprintf() exist that do not do this.
4076 Systems in this category should compile with
4077 -DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
4078 system and report broken implementations to
4079 sendmail-bugs@sendmail.org and your OS vendor. Problem
4080 noted by Slawomir Piotrowski of TELSAT GP.
4081 Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
4082 Implementation influenced by the example programs of
4083 OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
4084 Add new STARTTLS related options CACERTPath, CACERTFile,
4085 ClientCertFile, ClientKeyFile, DHParameters, RandFile,
4086 ServerCertFile, and ServerKeyFile. These are documented in
4087 cf/README and doc/op/op.me.
4088 New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
4089 ${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
4090 ${server_name}, and ${server_addr}. These are documented
4091 in cf/README and doc/op/op.me.
4092 Add support for the Entropy Gathering Daemon (EGD) for better
4094 New DontBlameSendmail option InsufficientEntropy for systems which
4095 don't properly seed the PRNG for OpenSSL but want to
4096 try to use STARTTLS despite the security problems.
4097 Support the security layer in SMTP AUTH for mechanisms which
4098 support encryption. Based on code contributed by Tim
4100 Add new macro ${auth_ssf} to reflect the SMTP AUTH security
4102 LDAP's -1 (single match only) flag was not honored if the -z
4103 (delimiter) flag was not given. Problem noted by ST Wong of
4104 the Chinese University of Hong Kong. Fix from Mark Adamson
4106 Add more protection from accidentally tripping OpenLDAP 1.X's
4107 ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
4108 Suggested by Kurt Zeilenga of OpenLDAP.
4109 Fix the default family selection for DaemonPortOptions. As
4110 documented, unless a family is specified in a
4111 DaemonPortOptions option, "inet" is the default. It is
4112 also the default if no DaemonPortOptions value is set.
4113 Therefore, IPv6 users should configure additional sockets
4114 by adding DaemonPortOptions settings with Family=inet6 if
4115 they wish to also listen on IPv6 interfaces. Problem noted
4116 by Jun-ichiro itojun Hagino of the KAME Project.
4117 Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
4118 the interface information for an outgoing connection.
4119 Not doing so was creating a mismatch between the socket
4120 family and address used in subsequent connections if the
4121 M=b modifier was set in DaemonPortOptions. Problem noted
4122 by John Beck of Sun Microsystems.
4123 If DaemonPortOptions modifier M=b is used, determine the socket
4124 family based on the IP address. ${if_family} is no longer
4125 persistent (i.e., saved in qf files). Patch from John Beck
4126 of Sun Microsystems.
4127 sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
4128 macros for both the incoming interface address/family and
4129 the outgoing interface address/family. In order for M=b
4130 modifier in DaemonPortOptions to work properly, preserve
4131 the incoming information in the queue file for later
4133 Use SMTP error code and enhanced status code from check_relay in
4134 responses to commands. Problem noted by Jeff Wasilko of
4136 Add more vigilance in checking for putc() errors on output streams
4137 to protect from a bug in Solaris 2.6's putc(). Problem
4138 noted by Graeme Hewson of Oracle.
4139 The LDAP map -n option (return attribute names only) wasn't working.
4140 Problem noted by Ajay Matia.
4141 Under certain circumstances, an address could be listed as deferred
4142 but would be bounced back to the sender as failed to be
4143 delivered when it really should have been queued. Problem
4144 noted by Allan E Johannesen of Worcester Polytechnic Institute.
4145 Prevent a segmentation fault in a child SMTP process from getting
4146 the SMTP transaction out of sync. Problem noted by Per
4147 Hedeland of Ericsson.
4148 Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
4149 is defined to avoid a core dump due to incompatibilities
4150 between sfio and stdio. Problem noted by Neil Rickert
4151 of Northern Illinois University.
4152 Don't log useless envelope ID on initial connection log. Problem
4153 noted by Kari Hurtta of the Finnish Meteorological Institute.
4154 Convert the free disk space shown in a control socket status query
4156 If TryNullMXList is True and there is a temporary DNS failure
4157 looking up the hostname, requeue the message for a later
4158 attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
4160 Under the proper circumstances, failed connections would be recorded
4161 as "Bad file number" instead of "Connection failed" in the
4162 queue file and persistent host status. Problem noted by
4163 Graeme Hewson of Oracle.
4164 Avoid getting into an endless loop if a non-hoststat directory exists
4165 within the hoststatus directory (e.g., lost+found).
4166 Patch from Valdis Kletnieks of Virginia Tech.
4167 Make sure Timeout.queuereturn=now returns a bounce message to the
4168 sender. Problem noted by Per Hedeland of Ericsson.
4169 If a message data file can't be opened at delivery time, panic and
4170 abort the attempt instead of delivering a message that
4171 states "<<< No Message Collected >>>".
4172 Fixup the GID checking code from 8.10.2 as it was overly
4173 restrictive. Problem noted by Mark G. Thomas of Mark
4174 G. Thomas Consulting.
4175 Preserve source port number instead of replacing it with the ident
4177 Document the queue status characters in the mailq man page.
4178 Suggested by Ulrich Windl of the Universitat Regensburg.
4179 Process queued items in which none of the recipient addresses have
4180 host portions (or there are no recipients). Problem noted
4181 by Valdis Kletnieks of Virginia Tech.
4182 If a cached LDAP connection is used for multiple maps, make sure
4183 only the first to open the connection is allowed to close
4184 it so a later map close doesn't break the connection for
4185 other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
4186 Netscape's LDAP libraries do not support Kerberos V4
4187 authentication. Patch from Rainer Schoepf of the
4188 University of Mainz.
4189 Provide workaround for inconsistent handling of data passed
4190 via callbacks to Cyrus SASL prior to version 1.5.23.
4191 Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
4192 noted by Ulrich Windl of the Universitat Regensburg.
4194 Add the ability to read IPv6 interface addresses into class
4195 'w' under FreeBSD (and possibly others). From Jun
4196 Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
4197 Replace code for finding the number of CPUs on HPUX.
4198 NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
4199 work properly causing problems if the accept()
4200 fails and the socket needs to be reopened. Patch
4201 from Tom Moore of NCR.
4202 NetBSD uses a .0 extension of formatted man pages. From
4203 Andrew Brown of Crossbar Security.
4204 Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
4205 for calls to getipnodebyname(). The Linux
4206 implementation is broken so AI_ADDRCONFIG is stripped
4207 under Linux. From John Beck of Sun Microsystems and
4208 John Kennedy of Cal State University, Chico.
4209 CONFIG: Catch invalid addresses containing a ',' at the wrong place.
4210 Patch from Neil Rickert of Northern Illinois University.
4211 CONFIG: New variables for the new sendmail options:
4212 confCACERT_PATH CACERTPath
4213 confCACERT CACERTFile
4214 confCLIENT_CERT ClientCertFile
4215 confCLIENT_KEY ClientKeyFile
4216 confDH_PARAMETERS DHParameters
4217 confRAND_FILE RandFile
4218 confSERVER_CERT ServerCertFile
4219 confSERVER_KEY ServerKeyFile
4220 CONFIG: Provide basic rulesets for TLS policy control and add new
4221 tags to the access database to support these policies. See
4222 cf/README for more information.
4223 CONFIG: Add TLS information to the Received: header.
4224 CONFIG: Call tls_client ruleset from check_mail in case it wasn't
4225 called due to a STARTTLS command.
4226 CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
4227 instead of temporary.
4228 CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
4229 the access map and relaying to a domain without using a To:
4230 tag. Problem noted by Mark G. Thomas of Mark G. Thomas
4232 CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
4233 OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
4235 CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
4236 forwarding to make it as close to the old behavior as
4237 possible. Problem noted by George W. Baltz of the
4238 University of Maryland.
4239 CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
4240 Wilfredo Sanchez of Apple Computer, Inc.
4241 CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
4242 ldap_mailhost and ldap_mailroutingaddress to ldapmh and
4243 ldapmra as underscores in map names cause problems if
4244 underscore is in OperatorChars. Problem noted by Bob Zeitz
4245 of the University of Alberta.
4246 CONFIG: Apply blacklist_recipients also to hosts in class {w}.
4247 Patch from Michael Tratz of Esosoft Corporation.
4248 CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
4249 CONTRIB: Add link_hash.sh to create symbolic links to the hash
4250 of X.509 certificates.
4251 CONTRIB: passwd-to-alias.pl: More protection from special characters;
4252 treat special shells as root aliases; skip entries where the
4253 GECOS full name and username match. From Ulrich Windl of the
4254 Universitat Regensburg.
4255 CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
4256 typo. Patch from Graeme Hewson of Oracle.
4257 CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
4258 and sendmail. Patch from Graeme Hewson of Oracle.
4259 CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
4260 subroutine Patch from Graeme Hewson of Oracle.
4261 CONTRIB: Add movemail.pl (move old mail messages between queues by
4262 calling re-mqueue.pl) and movemail.conf (configuration
4263 script for movemail.pl). From Graeme Hewson of Oracle.
4264 CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
4265 makemap). From Derek J. Balling of Yahoo,Inc.
4266 DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
4267 extension modifications (e.g., MAN8EXT) to the installation
4268 target. Patch from James Ralston of Carnegie Mellon
4270 DEVTOOLS: Add support for SunOS 5.9.
4271 DEVTOOLS: New option confLN contains the command used to create
4273 LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
4275 MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
4276 Denman Tire Corporation.
4277 MAIL.LOCAL: Prevent a possible DoS attack when compiled with
4278 -DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
4279 MAILSTATS: Fix usage statement (-p and -o are optional).
4280 MAKEMAP: Change man page layout as workaround for problem with nroff
4281 and -man on Solaris 7. Patch from Larry Williamson.
4282 RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
4283 Black Diamond Equipment, Limited.
4284 RMAIL: Prevent a segmentation fault if the incoming message does not
4286 VACATION: Read all of the headers before deciding whether or not
4287 to respond instead of stopping after finding recipient.
4291 contrib/link_hash.sh
4292 contrib/movemail.conf
4294 devtools/OS/SunOS.5.9
4297 8.10.2/8.10.2 2000/06/07
4298 SECURITY: Work around broken Linux setuid() implementation.
4299 On Linux, a normal user process has the ability to subvert
4300 the setuid() call such that it is impossible for a root
4301 process to drop its privileges. Problem noted by Wojciech
4302 Purczynski of elzabsoft.pl.
4303 SECURITY: Add more vigilance around set*uid(), setgid(), setgroups(),
4304 initgroups(), and chroot() calls.
4308 8.10.1/8.10.1 2000/04/06
4309 SECURITY: Limit the choice of outgoing (client-side) SMTP
4310 Authentication mechanisms to those specified in
4311 AuthMechanisms to prevent information leakage. We do not
4312 recommend use of PLAIN for outgoing mail as it sends the
4313 password in clear text to possibly untrusted servers. See
4314 cf/README's DefaultAuthInfo section for additional information.
4315 Copy the ident argument for openlog() to avoid problems on some
4316 OSs. Based on patch from Rob Bajorek from Webhelp.com.
4317 Avoid bogus error message when reporting an alias line as too long.
4318 Avoid bogus socket error message if sendmail.cf version level is
4319 greater than sendmail binary supported version. Patch
4320 from John Beck of Sun Microsystems.
4321 Prevent a malformed ruleset (missing right hand side) from causing
4322 a segmentation fault when using address test mode. Based on
4323 patch from John Beck of Sun Microsystems.
4324 Prevent memory leak from use of NIS maps and yp_match(3). Problem
4325 noted by Gil Kloepfer of the University of Texas at Austin.
4326 Fix queue file permission checks to allow for TrustedUser ownership.
4327 Change logging of errors from the trust_auth ruleset to LogLevel 10
4329 Avoid simple password cracking attacks against SMTP AUTH by using
4330 exponential delay after too many tries within one connection.
4331 Encode an initial empty AUTH challenge as '=', not as empty string.
4332 Avoid segmentation fault on EX_SOFTWARE internal error logs.
4333 Problem noted by Allan E Johannesen of Worcester
4334 Polytechnic Institute.
4335 Ensure that a header check which resolves to $#discard actually
4336 discards the message.
4337 Emit missing value warnings for aliases with no right hand side
4338 when newaliases is run instead of only when delivery is
4339 attempted to the alias.
4340 Remove AuthOptions missing value warning for consistency with other
4343 SECURITY: Specify a run-time shared library search path for
4344 AIX 4.X instead of using the dangerous AIX 4.X
4345 linker semantics. AIX 4.X users should consult
4346 sendmail/README for further information. Problem
4347 noted by Valdis Kletnieks of Virginia Tech.
4348 Avoid use of strerror(3) call. Problem noted by Charles
4349 Levert of Ecole Polytechnique de Montreal.
4350 DGUX requires -lsocket -lnsl and has a non-standard install
4351 program. From Tim Boyer of Denman Tire Corporation.
4352 HPUX 11.0 has a broken res_search() function.
4353 Updates to devtools/OS/NeXT.3.X, NeXT.4.X, and NEXTSTEP.4.X
4354 from J. P. McCann of E I A.
4355 Digital UNIX/Compaq Tru64 5.0 now includes snprintf(3).
4356 Problem noted by Michael Long of Info Avenue Internet
4358 Modern (post-199912) OpenBSD versions include working
4359 strlc{at,py}(3) functions. From Todd C. Miller of
4360 Courtesan Consulting.
4361 SINIX doesn't have random(3). From Gerald Rinske of
4362 Siemens Business Services.
4363 CONFIG: Change error message about unresolvable sender domain to
4364 include the sender address. Proposed by Wolfgang Rupprecht
4366 CONFIG: Fix usenet mailer calls.
4367 CONFIG: If RELAY_MAILER_FLAGS is not defined, use SMTP_MAILER_FLAGS
4368 to be backward compatible with 8.9.
4369 CONFIG: Change handling of default case @domain for virtusertable
4370 to allow for +*@domain to deal with +detail.
4371 CONTRIB: Remove converting.sun.configs -- it is obsolete.
4372 DEVTOOLS: confUBINMODE was being ignored. Fix from KITAZIMA, Tuneki
4374 DEVTOOLS: Add to NCR platform list and include the architecture
4375 (i486). From Tom J. Moore of NCR.
4376 DEVTOOLS: SECURITY: Change method of linking with sendmail utility
4377 libraries to work around the AIX 4.X and SunOS 4.X linker's
4378 overloaded -L option. Problem noted by Valdis Kletnieks of
4380 DEVTOOLS: configure.sh was overriding the user's choice for
4381 confNROFF. Problem noted by Glenn A. Malling of Syracuse
4383 DEVTOOLS: New variables conf_prog_LIB_POST and confBLDVARIANT added
4384 for other internal projects but included in the open source
4386 LIBSMDB: Check for ".db" instead of simply "db" at the end of the
4387 map name to determine whether or not to add the extension.
4388 This fixes makemap when building the userdb file. Problem
4389 noted by Andrew J Cole of the University of Leeds.
4390 LIBSMDB: Allow a database to be opened for updating and created if
4391 it doesn't already exist. Problem noted by Rand Wacker of
4393 LIBSMDB: If type is SMDB_TYPE_DEFAULT and both NEWDB and NDBM are
4394 available, fall back to NDBM if NEWDB open fails. This
4395 fixes praliases. Patch from John Beck of Sun Microsystems.
4396 LIBSMUTIL: safefile()'s SFF_NOTEXCL check was being misinterpreted
4398 OP.ME: Clarify some issues regarding mailer flags. Suggested by
4399 Martin Mokrejs of The Charles University and Neil Rickert of
4400 Northern Illinois University.
4401 PRALIASES: Restore 8.9.X functionality of being able to search for
4402 particular keys in a database by specifying the keys on the
4403 command line. Man page updated accordingly. Patch from
4404 John Beck of Sun Microsystems.
4405 VACATION: SunOS 4.X portability from Charles Levert of Ecole
4406 Polytechnique de Montreal.
4407 VACATION: Fix -t option which is ignored but available for
4408 compatibility with Sun's version, based on patch from
4409 Volker Dobler of Infratest Burke.
4411 devtools/M4/UNIX/smlib.m4
4412 devtools/OS/OSF1.V5.0
4414 contrib/converting.sun.configs
4415 Deleted Directories (already done in 8.10.0 but not listed):
4420 8.10.0/8.10.0 2000/03/01
4421 *************************************************************
4422 * The engineering department at Sendmail, Inc. has suffered *
4423 * the tragic loss of a key member of our engineering team. *
4424 * Julie Van Bourg was the Vice President of Engineering *
4425 * at Sendmail, Inc. during the development and deployment *
4426 * of this release. It was her vision, dedication, and *
4427 * support that has made this release a success. Julie died *
4428 * on October 26, 1999 of cancer. We have lost a leader, a *
4429 * coach, and a friend. *
4431 * This release is dedicated to her memory and to the joy, *
4432 * strength, ideals, and hope that she brought to all of us. *
4433 * Julie, we miss you! *
4434 *************************************************************
4435 SECURITY: The safe file checks now back track through symbolic
4436 links to make sure the files can't be compromised due
4437 to poor permissions on the parent directories of the
4438 symbolic link target.
4439 SECURITY: Only root, TrustedUser, and users in class t can rebuild
4440 the alias map. Problem noted by Michal Zalewski of the
4441 "Internet for Schools" project (IdS).
4442 SECURITY: There is a potential for a denial of service attack if
4443 the AutoRebuildAliases option is set as a user can kill the
4444 sendmail process while it is rebuilding the aliases file
4445 (leaving it in an inconsistent state). This option and
4446 its use is deprecated and will be removed from a future
4447 version of sendmail.
4448 SECURITY: Make sure all file descriptors (besides stdin, stdout, and
4449 stderr) are closed before restarting sendmail. Problem noted
4450 by Michal Zalewski of the "Internet for Schools" project
4452 Begin using /etc/mail/ for sendmail related files. This affects
4453 a large number of files. See cf/README for more details.
4454 The directory structure of the distribution has changed slightly
4455 for easier code sharing among the programs.
4456 Support SMTP AUTH (see RFC 2554). New macros for this purpose
4457 are ${auth_authen}, ${auth_type}, and ${auth_author}
4458 which hold the client's authentication credentials,
4459 the mechanism used for authentication, and the
4460 authorization identity (i.e., the AUTH= parameter if
4461 supplied). Based on code contributed by Tim Martin of CMU.
4462 On systems which use the Torek stdio library (all of the BSD
4463 distributions), use memory-buffered files to reduce
4464 file system overhead by not creating temporary files on
4465 disk. Contributed by Exactis.com, Inc.
4466 New option DataFileBufferSize to control the maximum size of a
4467 memory-buffered data (df) file before a disk-based file is
4468 used. Contributed by Exactis.com, Inc.
4469 New option XscriptFileBufferSize to control the maximum size of a
4470 memory-buffered transcript (xf) file before a disk-based
4471 file is used. Contributed by Exactis.com, Inc.
4472 sendmail implements RFC 2476 (Message Submission), e.g., it can
4473 now listen on several different ports. Use:
4474 O DaemonPortOptions=Name=MSA, Port=587, M=E
4475 to run a Message Submission Agent (MSA); this is turned
4476 on by default in m4-generated .cf files; it can be turned
4477 off with FEATURE(`no_default_msa').
4478 The 'XUSR' SMTP command is deprecated. Mail user agents should
4479 begin using RFC 2476 Message Submission for initial user
4480 message submission. XUSR may disappear from a future release.
4481 The new '-G' (relay (gateway) submission) command line option
4482 indicates that the message being submitted from the command
4483 line is for relaying, not initial submission. This means
4484 the message will be rejected if the addresses are not fully
4485 qualified and no canonicalization will be done. Future
4486 releases may even reject improperly formed messages.
4487 The '-U' (initial user submission) command line option is
4488 deprecated and may be removed from a future release.
4489 Mail user agents should begin using '-G' to indicate that
4490 this is a relay submission (the inverse of -U).
4491 The next release of sendmail will assume that any message submitted
4492 from the command line is an initial user submission and act
4494 If sendmail doesn't have enough privileges to run a .forward
4495 program or deliver to file as the owner of that file, the
4496 address is marked as unsafe. This means if RunAsUser is
4497 set, users won't be able to use programs or delivery to
4498 files in their .forward files. Administrators can override
4499 this by setting the DontBlameSendmail option to the new
4500 setting NonRootSafeAddr.
4501 Allow group or world writable directories if the sticky bit is set
4502 on the directory and DontBlameSendmail is set to
4503 TrustStickyBit. Based on patch from Chris Metcalf of
4505 Prevent logging of unsafe directory paths for non-existent forward
4506 files if the new DontWarnForwardFileInUnsafeDirPath bit is
4507 set in the DontBlameSendmail option. Requested by many.
4508 New Timeout.control option to limit the total time spent satisfying
4509 a control socket request.
4510 New Timeout.resolver options for controlling BIND resolver
4512 Timeout.resolver.retrans
4513 Sets the resolver's retransmission time interval (in
4514 seconds). Sets both Timeout.resolver.retrans.first
4515 and Timeout.resolver.retrans.normal.
4516 Timeout.resolver.retrans.first
4517 Sets the resolver's retransmission time interval (in
4518 seconds) for the first attempt to deliver a message.
4519 Timeout.resolver.retrans.normal
4520 Sets the resolver's retransmission time interval (in
4521 seconds) for all resolver lookups except the first
4523 Timeout.resolver.retry
4524 Sets the number of times to retransmit a resolver
4525 query. Sets both Timeout.resolver.retry.first
4526 and Timeout.resolver.retry.normal.
4527 Timeout.resolver.retry.first
4528 Sets the number of times to retransmit a resolver
4529 query for the first attempt to deliver a message.
4530 Timeout.resolver.retry.normal
4531 Sets the number of times to retransmit a resolver
4532 query for all resolver lookups except the first
4534 Contributed by Exactis.com, Inc.
4535 Support multiple queue directories. To use multiple queues, supply
4536 a QueueDirectory option value ending with an asterisk. For
4537 example, /var/spool/mqueue/q* will use all of the
4538 directories or symbolic links to directories beginning with
4539 'q' in /var/spool/mqueue as queue directories. Keep in
4540 mind, the queue directory structure should not be changed
4541 while sendmail is running. Queue runs create a separate
4542 process for running each queue unless the verbose flag is
4543 given on a non-daemon queue run. New items are randomly
4544 assigned to a queue. Contributed by Exactis.com, Inc.
4545 Support different directories for qf, df, and xf queue files; if
4546 subdirectories or symbolic links to directories of those names
4547 exist in the queue directories, they are used for the
4548 corresponding queue files. Keep in mind, the queue
4549 directory structure should not be changed while sendmail is
4550 running. Proposed by Mathias Koerber of Singapore
4551 Telecommunications Ltd.
4552 New queue file naming system which uses a filename guaranteed to be
4553 unique for 60 years. This allows queue IDs to be assigned
4554 without fancy file system locking. Queued items can be
4555 moved between queues easily. Contributed by Exactis.com,
4557 Messages which are undeliverable due to temporary address failures
4558 (e.g., DNS failure) will now go to the FallBackMX host, if
4559 set. Contributed by Exactis.com, Inc.
4560 New command line option '-L tag' which sets the identifier used for
4561 syslog. Contributed by Exactis.com, Inc.
4562 QueueSortOrder=Filename will sort the queue by filename. This
4563 avoids opening and reading each queue file when preparing
4564 to run the queue. Contributed by Exactis.com, Inc.
4565 Shared memory counters and microtimers functionality has been
4566 donated by Exactis.com, Inc.
4567 The SCCS ID tags have been replaced with RCS ID tags.
4568 Allow trusted users (those on a T line or in $=t) to set the
4569 QueueDirectory (Q) option without an X-Authentication-Warning:
4570 being added. Suggested by Michael K. Sanders.
4571 IPv6 support based on patches from John Kennedy of Cal State
4572 University, Chico, Motonori Nakamura of Kyoto University,
4573 and John Beck of Sun Microsystems.
4574 In low-disk space situations, where sendmail would previously refuse
4575 connections, still accept them, but only allow ETRN commands.
4576 Suggested by Mathias Koerber of Singapore Telecommunications
4578 The [IPC] builtin mailer now allows delivery to a UNIX domain socket
4579 on systems which support them. This can be used with LMTP
4580 local delivery agents which listen on a named socket. An
4581 example mailer might be:
4582 Mexecmail, P=[IPC], F=lsDFMmnqSXzA5@/:|, E=\r\n,
4583 S=10, R=20/40, T=DNS/RFC822/X-Unix,
4584 A=FILE /var/run/lmtpd
4585 Code contributed by Lyndon Nerenberg of Messaging Direct.
4586 The [TCP] builtin mailer name is now deprecated. Use [IPC]
4588 The first mailer argument in the [IPC] mailer is now checked for a
4589 legitimate value. Possible values are TCP (for TCP/IP
4590 connections), IPC (which will be deprecated in a future
4591 version), and FILE (for UNIX domain socket delivery).
4592 PrivacyOptions=goaway no longer includes the noetrn and the noreceipts
4594 PrivacyOptions=nobodyreturn instructs sendmail not to include the
4595 body of the original message on delivery status
4597 Don't announce DSN if PrivacyOptions=noreceipts is set. Problem noted
4598 by Dan Bernstein, fix from Robert Harker of Harker Systems.
4599 Accept the SMTP RSET command even when rejecting commands due to TCP
4600 Wrappers or the check_relay ruleset. Problem noted by
4601 Steve Schweinhart of America Online.
4602 Warn if OperatorChars is set multiple times. OperatorChars should
4603 not be set after rulesets are defined. Suggested by
4604 Mitchell Blank Jr of Exec-PC.
4605 Do not report temporary failure on delivery to files. In
4606 interactive delivery mode, this would result in two SMTP
4607 responses after the DATA command. Problem noted by
4608 Nik Conwell of Boston University.
4609 Check file close when mailing to files. Problem noted by Nik
4610 Conwell of Boston University.
4611 Avoid a segmentation fault when using the LDAP map. Patch from
4612 Curtis W. Hillegas of Princeton University.
4613 Always bind to the LDAP server regardless of whether you are using
4614 ldap_open() or ldap_init(). Fix from Raj Kunjithapadam of
4616 New ruleset trust_auth to determine whether a given AUTH=
4617 parameter of the MAIL command should be trusted. See SMTP
4618 AUTH, cf/README, and doc/op/op.ps.
4619 Allow new named config file rules check_vrfy, check_expn, and
4620 check_etrn for VRFY, EXPN, and ETRN commands, respectively,
4621 similar to check_rcpt etc.
4622 Introduce new macros ${rcpt_mailer}, ${rcpt_host}, ${rcpt_addr},
4623 ${mail_mailer}, ${mail_host}, ${mail_addr} that hold
4624 the results of parsing the RCPT and MAIL arguments, i.e.
4625 the resolved triplet from $#mailer $@host $:addr.
4626 From Kari Hurtta of the Finnish Meteorological Institute.
4627 New macro ${client_resolve} which holds the result of the resolve
4628 call for ${client_name}: OK, FAIL, FORGED, TEMP. Proposed
4629 by Kari Hurtta of the Finnish Meteorological Institute.
4630 New macros ${dsn_notify}, ${dsn_envid}, and ${dsn_ret} that hold
4631 the corresponding DSN parameter values. Proposed by
4633 New macro ${msg_size} which holds the value of the SIZE= parameter,
4634 i.e., usually the size of the message (in an ESMTP dialogue),
4635 before the message has been collected, thereafter it holds
4636 the message size as computed by sendmail (and can be used
4638 The macro ${deliveryMode} now specifies the current delivery mode
4639 sendmail is using instead of the value of the DeliveryMode
4641 New macro ${ntries} holds the number of delivery attempts.
4642 Drop explicit From: if same as what would be generated only if it is
4643 a local address. From Motonori Nakamura of Kyoto University.
4644 Write pid to file also if sendmail only processes the queue.
4645 Proposed by Roy J. Mongiovi of Georgia Tech.
4646 Log "low on disk space" only when necessary.
4647 New macro ${load_avg} can be used to check the current load average.
4648 Suggested by Scott Gifford of The Internet Ramp.
4649 Return-Receipt-To: header implies DSN request if option RrtImpliesDsn
4651 Flag -S for maps to specify the character which is substituted
4652 for spaces (instead of the default given by O BlankSub).
4653 Flag -D for maps: perform no lookup in deferred delivery mode.
4654 This flag is set by default for the host map. Based on a
4655 proposal from Ian MacPhedran of the University of Saskatchewan.
4656 Open maps only on demand, not at startup.
4657 Log warning about unsupported IP address families.
4658 New option MaxHeadersLength allows to specify a maximum length
4659 of the sum of all headers. This can be used to prevent
4660 a denial-of-service attack.
4661 New option MaxMimeHeaderLength which limits the size of MIME
4662 headers and parameters within those headers. This option
4663 is intended to protect mail user agents from buffer
4665 Added option MaxAliasRecursion to specify the maximum depth of
4667 New flag F=6 for mailers to strip headers to seven bit.
4668 Map type syslog to log the key via syslogd.
4669 Entries in the alias file can be continued by putting a backslash
4670 directly before the newline.
4671 New option DeadLetterDrop to define the location of the system-wide
4672 dead.letter file, formerly hardcoded to
4673 /usr/tmp/dead.letter. If this option is not set (the
4674 default), sendmail will not attempt to save to a
4675 system-wide dead.letter file if it can not bounce the mail
4676 to the user nor postmaster. Instead, it will rename the qf
4677 file as it has in the past when the dead.letter file
4678 could not be opened.
4679 New option PidFile to define the location of the pid file. The
4680 value of this option is macro expanded.
4681 New option ProcessTitlePrefix specifies a prefix string for the
4682 process title shown in 'ps' listings.
4683 New macros for use with the PidFile and ProcessTitlePrefix options
4684 (along with the already existing macros):
4685 ${daemon_info} Daemon information, e.g.
4686 SMTP+queueing@00:30:00
4687 ${daemon_addr} Daemon address, e.g., 0.0.0.0
4688 ${daemon_family} Daemon family, e.g., inet, inet6, etc.
4689 ${daemon_name} Daemon name, e.g., MSA.
4690 ${daemon_port} Daemon port, e.g., 25
4691 ${queue_interval} Queue run interval, e.g., 00:30:00
4692 New macros especially for virtual hosting:
4693 ${if_name} hostname of interface of incoming connection.
4694 ${if_addr} address of interface of incoming connection.
4695 The latter is only set if the interface does not belong to the
4697 If a message being accepted via a method other than SMTP and
4698 would be rejected by a header check, do not send the message.
4699 Suggested by Phil Homewood of Mincom Pty Ltd.
4700 Don't strip comments for header checks if $>+ is used instead of $>.
4701 Provide header value as quoted string in the macro
4702 ${currHeader} (possibly truncated to MAXNAME). Suggested by
4703 Jan Krueger of Unix-AG of University of Hannover.
4704 The length of the header value is stored in ${hdrlen}.
4705 H*: allows to specify a default ruleset for header checks. This
4706 ruleset will only be called if the individual header does
4707 not have its own ruleset assigned. Suggested by Jan
4708 Krueger of Unix-AG of University of Hannover.
4709 The name of the header field stored in ${hdr_name}.
4710 Comments (i.e., text within parentheses) in rulesets are not
4711 removed if the config file version is greater than or equal
4712 to 9. For example, "R$+ ( 1 ) $@ 1" matches the
4713 input "token (1)" but does not match "token".
4714 Avoid removing the Content-Transfer-Encoding MIME header on
4715 MIME messages. Problem noted by Sigurbjorn B. Larusson of
4716 Multimedia Consumer Services. Fix from Per Hedeland of
4718 Avoid duplicate Content-Transfer-Encoding MIME header on
4719 messages with 8-bit text in headers. Problem noted by
4720 Per Steinar Iversen of Oslo College. Fix from Per Hedeland
4722 Avoid keeping maps locked longer than necessary when re-opening a
4723 modified database map file. Problem noted by Chris Adams
4724 of Renaissance Internet Services.
4725 Resolving to the $#error mailer with a temporary failure code (e.g.,
4726 $#error $@ tempfail $: "400 Temporary failure") will now
4727 queue up the message instead of bouncing it.
4728 Be more liberal in acceptable responses to an SMTP RSET command as
4729 standard does not provide any indication of what to do when
4730 something other than 250 is received. Based on a patch
4731 from Steve Schweinhart of America Online.
4732 New option TrustedUser allows to specify a user who can own
4733 important files instead of root. This requires HASFCHOWN.
4734 Fix USERDB conditional so compiling with NEWDB or HESIOD and
4735 setting USERDB=0 works. Fix from Jorg Zanger of Schock.
4736 Fix another instance (similar to one in 8.9.3) of a network failure
4737 being mis-logged as "Illegal Seek" instead of whatever
4738 really went wrong. From John Beck of Sun Microsystems.
4739 $? tests also whether the macro is non-null.
4740 Print an error message if a mailer definition contains an invalid
4742 New mailer equate /= to specify a directory to chroot() into before
4743 executing the mailer program. Suggested by Igor Vinokurov.
4744 New mailer equate W= to specify the maximum time to wait for the
4745 mailer to return after sending all data to it.
4746 Only free memory from the process list when adding a new process
4747 into a previously filled slot. Previously, the memory was
4748 freed at removal time. Since removal can happen in a
4749 signal handler, this may leave the memory map in an
4750 inconsistent state. Problem noted by Jeff A. Earickson and
4751 David Cooley of Colby College.
4752 When using the UserDB @hostname catch-all, do not try to lookup
4753 local users in the passwd file. The UserDB code has
4754 already decided the message will be passed to another host
4755 for processing. Fix from Tony Landells of Burdett
4756 Buckeridge Young Limited.
4757 Support LDAP authorization via either a file containing the
4758 password or Kerberos V4 using the new map options
4759 '-ddistinguished_name', '-Mmethod', and '-Pfilename'. The
4760 distinguished_name is who to login as. The method can be
4761 one of LDAP_AUTH_NONE, LDAP_AUTH_SIMPLE, or
4762 LDAP_AUTH_KRBV4. The filename is the file containing the
4763 secret key for LDAP_AUTH_SIMPLE or the name of the Kerberos
4764 ticket file for LDAP_AUTH_KRBV4. Patch from Booker Bense
4765 of Stanford University.
4766 The ldapx map has been renamed to ldap. The use of ldapx is
4767 deprecated and will be removed in a future version.
4768 If the result of an LDAP search returns a multi-valued attribute
4769 and the map has the column delimiter set, it turns that
4770 response into a delimiter separated string. The LDAP map
4771 will traverse multiple entries as well. LDAP alias maps
4772 automatically set the column delimiter to the comma.
4773 Based on patch from Booker Bense of Stanford University and
4774 idea from Philip A. Prindeville of Mirapoint, Inc.
4775 Support return of multiple values for a single LDAP lookup. The
4776 values to be returned should be in a comma separated string.
4777 For example, `-v "email,emailother"'. Patch from
4778 Curtis W. Hillegas of Princeton University.
4779 Allow the use of LDAP for alias maps.
4780 If no LDAP attributes are specified in an LDAP map declaration, all
4781 attributes found in the match will be returned.
4782 Prevent commas in quoted strings in the AliasFile value from
4783 breaking up a single entry into multiple entries. This is
4784 needed for LDAP alias file specifications to allow for
4785 comma separated key and value strings.
4786 Keep connections to LDAP server open instead of opening and closing
4787 for each lookup. To reduce overhead, sendmail will cache
4788 connections such that multiple maps which use the same
4789 host, port, bind DN, and authentication will only result in
4790 a single connection to that host.
4791 Put timeout in the proper place for USE_LDAP_INIT.
4792 Be more careful about checking for errors and freeing memory on
4794 Use asynchronous LDAP searches to save memory and network
4796 Do not copy LDAP query results if the map's match only flag is set.
4797 Increase portability to the Netscape LDAP libraries.
4798 Change the parsing of the LDAP filter specification. '%s' is still
4799 replaced with the literal contents of the map lookup key --
4800 note that this means a lookup can be done using the LDAP
4801 special characters. The new '%0' token can be used instead
4802 of '%s' to encode the key buffer according to RFC 2254.
4803 For example, if the LDAP map specification contains '-k
4804 "(user=%s)"' and a lookup is done on "*", this would be
4805 equivalent to '-k "(user=*)"' -- matching ANY record with a
4806 user attribute. Instead, if the LDAP map specification
4807 contains '-k "(user=%0)"' and a lookup is done on "*", this
4808 would be equivalent to '-k "(user=\2A)"' -- matching a user
4810 New LDAP map flags: "-1" requires a single match to be returned, if
4811 more than one is returned, it is equivalent to no records
4812 being found; "-r never|always|search|find" sets the LDAP
4813 alias dereference option; "-Z size" limits the number of
4815 New option LDAPDefaultSpec allows a default map specification for
4816 LDAP maps. The value should only contain LDAP specific
4817 settings such as "-h host -p port -d bindDN", etc. The
4818 settings will be used for all LDAP maps unless they are
4819 specified in the individual map specification ('K'
4820 command). This option should be set before any LDAP maps
4822 Prevent an NDBM alias file opening loop when the NDBM open
4823 continually fails. Fix from Roy J. Mongiovi of Georgia
4825 Reduce memory utilization for smaller symbol table entries. In
4826 particular, class entries get much smaller, which can be
4827 important if you have large classes.
4828 On network-related temporary failures, record the hostname which
4829 gave error in the queued status message. Requested by
4830 Ulrich Windl of the Universitat Regensburg.
4831 Add new F=% mailer flag to allow for a store and forward
4832 configuration. Mailers which have this flag will not attempt
4833 delivery on initial receipt of a message or on queue runs
4834 unless the queued message is selected using one of the
4835 -qI/-qR/-qS queue run modifiers or an ETRN request. Code
4836 provided by Philip Guenther of Gustavus Adolphus College.
4837 New option ControlSocketName which, when set, creates a daemon
4838 control socket. This socket allows an external program to
4839 control and query status from the running sendmail daemon
4840 via a named socket, similar to the ctlinnd interface to the
4841 INN news server. Access to this interface is controlled by
4842 the UNIX file permissions on the named socket on most UNIX
4843 systems (see sendmail/README for more information). An
4844 example control program is provided as contrib/smcontrol.pl.
4845 Change the default values of QueueLA from 8 to (8 * numproc) and
4846 RefuseLA from 12 to (12 * numproc) where numproc is the
4847 number of processors online on the system (if that can be
4848 determined). For single processor machines, this change
4850 Don't return body of message to postmaster on "Too many hops" bounces.
4851 Based on fix from Motonori Nakamura of Kyoto University.
4852 Give more detailed DSN descriptions for some cases. Patch from
4853 Motonori Nakamura of Kyoto University.
4854 Logging of alias, forward file, and UserDB expansion now happens
4855 at LogLevel 11 or higher instead of 10 or higher.
4856 Logging of an envelope's complete delivery (the "done" message) now
4857 happens at LogLevel 10 or higher instead of 11 or higher.
4858 Logging of TCP/IP or UNIX standard input connections now happens at
4859 LogLevel 10 or higher. Previously, only TCP/IP connections
4860 were logged, and on at LogLevel 12 or higher. Setting
4861 LogLevel to 10 will now assist users in tracking frequent
4862 connection-based denial of service attacks.
4863 Log basic information about authenticated connections at LogLevel
4865 Log SMTP Authentication mechanism and author when logging the sender
4866 information (from= syslog line).
4867 Log the DSN code for each recipient if one is available as a new
4869 Macro expand PostmasterCopy and DoubleBounceAddress options.
4870 New "ph" map for performing ph queries in rulesets, see
4871 sendmail/README for details. Contributed by Mark Roth
4872 of the University of Illinois at Urbana-Champaign.
4873 Detect temporary lookup failures in the host map if looking up a
4874 bracketed IP address. Problem noted by Kari Hurtta of the
4875 Finnish Meteorological Institute.
4876 Do not report a Remote-MTA on local deliveries. Problem noted by
4877 Kari Hurtta of the Finnish Meteorological Institute.
4878 When a forward file points to an alias which runs a program, run
4879 the program as the default user and the default group, not
4880 the forward file user. This change also assures the
4881 :include: directives in aliases are also processed using
4882 the default user and group. Problem noted by Sergiu
4883 Popovici of DNT Romania.
4884 Prevent attempts to save a dead.letter file for a user with
4885 no home directory (/no/such/directory). Problem noted by
4886 Michael Brown of Finnigan FT/MS.
4887 Include message delay and number of tries when logging that a
4888 message has been completely delivered (LogLevel of 10 or
4889 above). Suggested by Nick Hilliard of Ireland Online.
4890 Log the sender of a message even if none of the recipients were
4891 accepted. If some of the recipients were rejected, it is
4892 helpful to know the sender of the message.
4893 Check the root directory (/) when checking a path for safety.
4894 Problem noted by John Beck of Sun Microsystems.
4895 Prevent multiple responses to the DATA command if DeliveryMode is
4896 interactive and delivering to an alias which resolves to
4898 Macros in the helpfile are expanded if the helpfile version is 2 or
4899 greater (see below); the help function doesn't print the
4900 version of sendmail any longer, instead it is placed in
4901 the helpfile ($v). Suggested by Chuck Foster of UUNET
4902 PIPEX. Additionally, comment lines (starting with #) are
4903 skipped and a version line (#vers) is introduced. The
4904 helpfile version for 8.10.0 is 2, if no version or an older
4905 version is found, a warning is logged. The '#vers'
4906 directive should be placed at the top of the help file.
4907 Use fsync() when delivering to a file to guarantee the delivery to
4908 disk succeeded. Suggested by Nick Christenson.
4909 If delivery to a file is unsuccessful, truncate the file back to its
4910 length before the attempt.
4911 If a forward points to a filename for delivery, change to the
4912 user's uid before checking permissions on the file. This
4913 allows delivery to files on NFS mounted directories where
4914 root is remapped to nobody. Problem noted by Harald
4915 Daeubler of Universitaet Ulm.
4916 purgestat and sendmail -bH purge only expired (Timeout.hoststatus)
4917 host status files, not all files.
4918 Any macros stored in the class $={persistentMacros} will be saved
4919 in the queue file for the message and set when delivery
4920 is attempted on the queued item. Suggested by Kyle Jones of
4922 Add support for storing information between rulesets using the new
4923 macro map class. This can be used to store information
4924 between queue runs as well using $={persistentMacros}.
4925 Based on an idea from Jan Krueger of Unix-AG of University
4927 New map class arith to allow for computations in rules. The
4928 operation (+, -, *, /, l (for less than), and =) is given
4929 as key. The two operands are specified as arguments; the
4930 lookup returns the result of the computation. For example,
4931 "$(arith l $@ 4 $@ 2 $)" will return "FALSE" and
4932 "$(arith + $@ 4 $@ 2 $)" will return "6".
4933 Add new syntax for header declarations which decide whether to
4934 include the header based on a macro rather than a mailer
4936 H?${MyMacro}?X-My-Header: ${MyMacro}
4937 This should be used along with $={persistentMacros}.
4938 It can be used for adding headers to a message based on
4939 the results of check_* and header check rulesets.
4940 Allow new named config file rule check_eoh which is called after
4941 all of the headers have been collected. The input to the
4942 ruleset the number of headers and the size of all of the
4943 headers in bytes separated by $|. This ruleset along with
4944 the macro storage map can be used to correlate information
4945 gathered between headers and to check for missing headers.
4946 See cf/README or doc/op/op.ps for an example.
4947 Change the default for the MeToo option to True to correspond
4948 to the clarification in the DRUMS SMTP Update spec. This
4949 option is deprecated and will be removed from a future
4951 Change the sendmail binary default for SendMimeErrors to True.
4952 Change the sendmail binary default for SuperSafe to True.
4953 Display ruleset names in debug and address test mode output
4954 if referencing a named ruleset.
4955 New mailer equate m= which will limit the number of messages
4956 delivered per connection on an SMTP or LMTP mailer.
4957 Improve QueueSortOrder=Host by reversing the hostname before
4958 using it to sort. Now all the same domains are really run
4959 through the queue together. If they have the same MX host,
4960 then they will have a much better opportunity to use the
4961 connection cache if available. This should be a reasonable
4962 performance improvement. Patch from Randall Winchester of
4963 the University of Maryland.
4964 If a message is rejected by a header check ruleset, log who would
4965 have received the message if it had not been rejected.
4966 New "now" value for Timeout.queuereturn to bounce entries from the
4967 queue immediately. No delivery attempt is made.
4968 Increase sleeping time exponentially after too many "bad" commands
4969 up to 4 minutes delay (compare MAX{BAD,NOOP,HELO,VRFY,ETRN}-
4971 New option ClientPortOptions similar to DaemonPortOptions
4972 but for outgoing connections.
4973 New suboptions for DaemonPortOptions: Name (a name used for
4974 error messages and logging) and Modifiers, i.e.
4975 a require authentication
4976 b bind to interface through which mail has
4978 c perform hostname canonification
4979 f require fully qualified hostname
4980 h use name of interface for outgoing HELO
4982 C don't perform hostname canonification
4983 E disallow ETRN (see RFC 2476)
4984 New suboption for ClientPortOptions: Modifiers, i.e.
4985 h use name of interface for HELO command
4986 The version number for queue files (qf) has been incremented to 4.
4987 Log unacceptable HELO/EHLO domain name attempts if LogLevel is set
4988 to 10 or higher. Suggested by Rick Troxel of the National
4989 Institutes of Health.
4990 If a mailer dies, print the status in decimal instead of octal
4991 format. Suggested by Michael Shapiro of Sun Microsystems.
4992 Limit the length of all MX records considered for delivery to 8k.
4993 Move message priority from sender to recipient logging. Suggested by
4994 Ulrich Windl of the Universitat Regensburg.
4995 Add support for Berkeley DB 3.X.
4996 Add fix for Berkeley DB 2.X fcntl() locking race condition.
4997 Requires a post-2.7.5 version of Berkeley DB.
4998 Support writing traffic log (sendmail -X option) to a FIFO.
4999 Patch submitted by Rick Heaton of Network Associates, Inc.
5000 Do not ignore Timeout settings in the .cf file when a Timeout
5001 sub-options is set on the command line. Problem noted by
5002 Graeme Hewson of Oracle.
5003 Randomize equal preference MX records each time delivery is
5004 attempted via a new connection to a host instead of once per
5005 session. Suggested by Scott Salvidio of Compaq.
5006 Implement enhanced status codes as defined by RFC 2034.
5007 Add [hostname] to class w for the names of all interfaces unless
5008 DontProbeInterfaces is set. This is useful for sending mails
5009 to hosts which have dynamically assigned names.
5010 If a message is bounced due to bad MIME conformance, avoid bouncing
5011 the bounce for the same reason. If the body is not 8-bit
5012 clean, and EightBitMode isn't set to pass8, the body will
5013 not be included in the bounce. Problem noted by Valdis
5014 Kletnieks of Virginia Tech.
5015 The timeout for sending a message via SMTP has been changed from
5016 '${msgsize} / 16 + (${nrcpts} * 300)' to a timeout which
5017 simply checks for progress on sending data every 5 minutes.
5018 This will detect the inability to send information quicker
5019 and reduce the number of processes simply waiting to
5021 Prevent a segmentation fault on systems which give a partial filled
5022 interface address structure when loading the system network
5023 interface addresses. Fix from Reinier Bezuidenhout of
5025 Add a compile-time configuration macro, MAXINTERFACES, which
5026 indicates the number of interfaces to read when probing
5027 for hostnames and IP addresses for class w ($=w). The
5028 default value is 512. Based on idea from Reinier
5029 Bezuidenhout of Nanoteq.
5030 If the RefuseLA option is set to 0, do not reject connections based
5032 Allow ruleset 0 to have a name. Problem noted by Neil Rickert of
5033 Northern Illinois University.
5034 Expand the Return-Path: header at delivery time, after "owner-"
5035 envelope splitting has occurred.
5036 Don't try to sort the queue if there are no entries. Patch from
5037 Luke Mewburn from RMIT University.
5038 Add a "/quit" command to address test mode.
5039 Include the proper sender in the UNIX "From " line and Return-Path:
5040 header when undeliverable mail is saved to ~/dead.letter.
5041 Problem noted by Kari Hurtta of the Finnish Meteorological
5043 The contents of a class can now be copied to another class using
5044 the syntax: "C{Dest} $={Source}". This would copy all of
5045 the items in class $={Source} into the class $={Dest}.
5046 Include original envelope's error transcript in bounces created for
5047 split (owner-) envelopes to see the original errors when
5048 the recipients were added. Based on fix from Motonori
5049 Nakamura of Kyoto University.
5050 Show reason for permanent delivery errors directly after the
5051 addresses. From Motonori Nakamura of Kyoto University.
5052 Prevent a segmentation fault when bouncing a split-envelope
5053 message. Patch from Motonori Nakamura of Kyoto University.
5054 If the specification for the queue run interval (-q###) has a
5055 syntax error, consider the error fatal and exit.
5056 Pay attention to CheckpointInterval during LMTP delivery. Problem
5057 noted by Motonori Nakamura of Kyoto University.
5058 On operating systems which have setlogin(2), use it to set the
5059 login name to the RunAsUserName when starting as a daemon.
5060 This is for delivery to programs which use getlogin().
5061 Based on fix from Motonori Nakamura of Kyoto University.
5062 Differentiate between "command not implemented" and "command
5063 unrecognized" in the SMTP dialogue.
5064 Strip returns from forward and include files. Problem noted by
5065 Allan E Johannesen of Worcester Polytechnic Institute.
5066 Prevent a core dump when using 'sendmail -bv' on an address which
5067 resolves to the $#error mailer with a temporary failure.
5068 Based on fix from Neil Rickert of Northern Illinois
5070 Prevent multiple deliveries of a message with a "non-local alias"
5071 pointing to a local user, if canonicalization fails
5072 the message was requeued *and* delivered to the alias.
5073 If an invalid ruleset is declared, the ruleset name could be
5074 ignored and its rules added to S0. Instead, ignore the
5075 ruleset lines as well.
5076 Avoid incorrect Final-Recipient, Action, and X-Actual-Recipient
5077 success DSN fields as well as duplicate entries for a
5078 single address due to S5 and UserDB processing. Problems
5079 noted by Kari Hurtta of the Finnish Meteorological
5081 Turn off timeouts when exiting sendmail due to an interrupt signal
5082 to prevent the timeout from firing during the exit process.
5083 Problem noted by Michael Shapiro of Sun Microsystems.
5084 Do not append @MyHostName to non-RFC822 addresses output by the EXPN
5085 command or on Final-Recipient: and X-Actual-Recipient: DSN
5086 headers. Non-RFC822 addresses include deliveries to
5087 programs, file, DECnet, etc.
5088 Fix logic for determining if a local user is using -f or -bs to
5089 spoof their return address. Based on idea from Neil Rickert
5090 of Northern Illinois University and patch from Per Hedeland
5092 Report the proper UID in the bounce message if an :include: file is
5093 owned by a uid that doesn't map to a username and the
5094 :include: file contains delivery to a file or program.
5095 Problem noted by John Beck of Sun Microsystems.
5096 Avoid the attempt of trying to send a second SMTP QUIT command if
5097 the remote server responds to the first QUIT with a 4xx
5098 response code and drops the connection. This behavior was
5099 noted by Ulrich Windl of the Universitat Regensburg when
5100 sendmail was talking to the Mercury 1.43 MTA.
5101 If a hostname lookup times out and ServiceSwitchFile is set but the
5102 file is not present, the lookup failure would be marked as
5103 a permanent failure instead of a temporary failure. Fix
5104 from Russell King of the ARM Linux Project.
5105 Handle aliases or forwards which deliver to programs using tabs
5106 instead of spaces between arguments. Problem noted by Randy
5107 Wormser. Fix from Neil Rickert of Northern Illinois
5109 Allow MaxRecipientsPerMessage option to be set on the command line
5110 by normal users (e.g., sendmail won't drop its root
5111 privileges) to allow overrides for message submission via
5113 Set the names for help file and statistics file to "helpfile" and
5114 "statistics", respectively, if no parameters are given for
5115 them in the .cf file.
5116 Avoid bogus 'errbody: I/O Error -7' log messages when sending
5117 success DSN messages for messages relayed to non-DSN aware
5118 systems. Problem noted by Juergen Georgi of RUS University
5119 of Stuttgart and Kyle Tucker of Parexel International.
5120 Prevent +detail information from interfering with local delivery to
5121 multiple users in the same transaction (F=m).
5122 Add H_FORCE flag for the X-Authentication-Warning: header, so it
5123 will be added even if one already exists. Problem noted
5124 by Michal Zalewski of Marchew Industries.
5125 Stop processing SMTP commands if the SMTP connection is dropped.
5126 This prevents a remote system from flooding the connection
5127 with commands and then disconnecting. Previously, the
5128 server would process all of the buffered commands. Problem
5129 noted by Michal Zalewski of Marchew Industries.
5130 Properly process user-supplied headers beginning with '?'. Problem
5131 noted by Michal Zalewski of Marchew Industries.
5132 If multiple header checks resolve to the $#error mailer, use the
5133 last permanent (5XX) failure if any exist. Otherwise, use
5134 the last temporary (4XX) failure.
5135 RFC 1891 requires "hexchar" in a "xtext" to be upper case. Patch
5136 from Ronald F. Guilmette of Infinite Monkeys & Co.
5137 Timeout.ident now defaults to 5 seconds instead of 30 seconds to
5138 prevent the now common delays associated with mailing to a
5139 site which drops IDENT packets. Suggested by many.
5140 Persistent host status data is not reloaded disk when current data
5141 is available in the in-memory cache. Problem noted by Per
5142 Hedeland of Ericsson.
5143 mailq displays unprintable characters in addresses as their octal
5144 representation and a leading backslash. This avoids problems
5145 with "unprintable" characters. Problem noted by Michal
5146 Zalewski of the "Internet for Schools" project (IdS).
5147 The mail line length limit (L= equate) was adding the '!' indicator
5148 one character past the limit. This would cause subsequent
5149 hops to break the line again. The '!' is now placed in
5150 the last column of the limit if the line needs to be broken.
5151 Problem noted by Joe Pruett of Q7 Enterprises. Based on fix
5152 from Per Hedeland of Ericsson.
5153 If a resolver ANY query is larger than the UDP packet size, the
5154 resolver will fall back to TCP. However, some
5155 misconfigured firewalls block 53/TCP so the ANY lookup
5156 fails whereas an MX or A record might succeed. Therefore,
5157 don't fail on ANY queries.
5158 If an SMTP recipient is rejected due to syntax errors in the
5159 address, do not send an empty postmaster notification DSN
5160 to the postmaster. Problem noted by Neil Rickert of
5161 Northern Illinois University.
5162 Allow '_' and '.' in map names when parsing a sequence map
5163 specification. Patch from William Setzer of North Carolina
5165 Fix hostname in logging of read timeouts for the QUIT command on
5166 cached connections. Problem noted by Neil Rickert of
5167 Northern Illinois University.
5168 Use a more descriptive entry to log "null" connections, i.e.,
5169 "host did not issue MAIL/EXPN/VRFY/ETRN during connection".
5170 Fix a file descriptor leak in ONEX mode.
5172 Reverse signal handling logic such that sigaction(2) with
5173 the SA_RESTART flag is the preferred method and the
5174 other signal methods are only tried if SA_RESTART
5175 is not available. Problem noted by Allan E
5176 Johannesen of Worcester Polytechnic Institute.
5177 AIX 4.x supports the sa_len member of struct sockaddr.
5178 This allows network interface probing to work
5179 properly. Fix from David Bronder of the
5181 AIX 4.3 has snprintf() support.
5182 Use "PPC" as the architecture name when building under
5183 AIX. This will be reflected in the obj.* directory
5185 Apple Darwin support based on Apple Rhapsody port.
5186 Fixed AIX 'make depend' method from Valdis Kletnieks of
5188 Digital UNIX has uname(2).
5189 GNU Hurd updates from Mark Kettenis of the University of
5191 Improved HPUX 11.0 portability.
5192 Properly determine the number of CPUs on FreeBSD 2.X,
5193 FreeBSD 3.X, HP/UX 10.X and HP/UX 11.X.
5194 Remove special IRIX ABI cases from Build script and the OS
5195 files. Use the standard 'cc' options used by SGI
5196 in building the operating system. Users can
5197 override the defaults by setting confCC and
5198 confLIBSEARCHPATH appropriately.
5199 IRIX nsd map support from Bob Mende of SGI.
5200 Minor devtools fixes for IRIX from Bob Mende of SGI.
5201 Linux patch for IP_SRCROUTE support from Joerg Dorchain
5202 of MW EDV & ELECTRONIC.
5203 Linux now uses /usr/sbin for confEBINDIR in the build
5204 system. From MATSUURA Takanori of Osaka University.
5205 Remove special treatment for Linux PPC in the build
5206 system. From MATSUURA Takanori of Osaka University.
5207 Motorolla UNIX SYSTEM V/88 Release 4.0 support from
5208 Sergey Rusanov of the Republic of Udmurtia.
5209 NCR MP-RAS 3.x includes regular expression support. From
5210 Tom J. Moore of NCR.
5211 NEC EWS-UX/V series settings for _PATH_VENDOR_CF and
5212 _PATH_SENDMAILPID from Oota Toshiya of
5213 NEC Computers Group Planning Division.
5214 Minor NetBSD owner/group tweaks from Ayamura Kikuchi, M.D.
5215 NEWS-OS 6.X listed SYSLOG_BUFSIZE as 256 in confENVDEF and
5216 1024 in conf.h. Since confENVDEF would be used,
5217 use that value in conf.h.
5218 Use NeXT's NETINFO to get domain name. From Gerd Knops of
5220 Use NeXT's NETINFO for alias and hostname resolution if
5221 AUTO_NETINFO_ALIASES and AUTO_NETINFO_HOSTS are
5222 defined. Patch from Wilfredo Sanchez of Apple
5224 NeXT portability tweaks. Problems reported by Dragan
5225 Milicic of the University of Utah and J. P. McCann
5227 New compile flag FAST_PID_RECYCLE: set this if your system
5228 can reuse the same PID in the same second.
5229 New compile flag HASFCHOWN: set this if your OS has
5231 New compile flag HASRANDOM: set this to 0 if your OS does
5232 not have random(3). rand() will be used instead.
5233 New compile flag HASSRANDOMDEV: set this if your OS has
5235 New compile flag HASSETLOGIN: set this if your OS has
5237 Replace SINIX and ReliantUNIX support with version
5238 specific SINIX files. From Gerald Rinske of
5239 Siemens Business Services.
5240 Use the 60-second load average instead of the 5 second load
5241 average on Compaq Tru64 UNIX (formerly Digital
5242 UNIX). From Chris Teakle of the University of Qld.
5243 Use ANSI C by default for Compaq Tru64 UNIX. Suggested by
5244 Randall Winchester of Swales Aerospace.
5245 Correct setgroups() prototype for Compaq Tru64 UNIX.
5246 Problem noted by Randall Winchester of Swales
5248 Hitachi 3050R/3050RX and 3500 Workstations running
5249 HI-UX/WE2 4.02, 6.10 and 7.10 from Motonori
5250 NAKAMURA of Kyoto University.
5251 New compile flag NO_GETSERVBYNAME: set this to disable
5252 use of getservbyname() on systems which can
5253 not lookup a service by name over NIS, such as
5254 HI-UX. Patch from Motonori NAKAMURA of Kyoto
5256 Use devtools/bin/install.sh on SCO 5.x. Problem noted
5257 by Sun Wenbing of the China Engineering and
5258 Technology Information Network.
5259 make depend didn't work properly on UNIXWARE 4.2. Problem
5260 noted by Ariel Malik of Netology, Ltd.
5261 Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX).
5262 Set confSTDIO_TYPE to torek for BSD-OS, FreeBSD, NetBSD,
5264 A recent Compaq Ultrix 4.5 Y2K patch has broken detection
5265 of local_hostname_length(). See sendmail/README
5266 for more details. Problem noted by Allan E
5267 Johannesen of Worcester Polytechnic Institute.
5268 CONFIG: Begin using /etc/mail/ for sendmail related files. This
5269 affects a large number of files. See cf/README for more
5271 CONFIG: New macro MAIL_SETTINGS_DIR contains the path (including
5272 trailing slash) for the mail settings directory.
5273 CONFIG: Increment version number of config file to 9.
5274 CONFIG: OSTYPE(`bsdi1.0') and OSTYPE(`bsdi2.0') have been
5275 deprecated and may be removed from a future release.
5276 BSD/OS users should begin using OSTYPE(`bsdi').
5277 CONFIG: OpenBSD 2.4 installs mail.local non-set-user-ID root. This
5278 requires a new OSTYPE(`openbsd'). From Todd C. Miller of
5279 Courtesan Consulting.
5280 CONFIG: New OSTYPE(`hpux11') for HP/UX 11.X.
5281 CONFIG: A syntax error in check_mail would cause fake top-level
5282 domains (.BITNET, .DECNET, .FAX, .USENET, and .UUCP) to
5283 be improperly rejected as unresolvable.
5284 CONFIG: New FEATURE(`dnsbl') takes up to two arguments (name of
5285 DNS server, rejection message) and can be included
5287 CONFIG: New FEATURE(`relay_mail_from') allows relaying if the
5288 mail sender is listed as RELAY in the access map (and tagged
5290 CONFIG: Optional tagging of LHS in the access map (Connect:,
5291 From:, To:) to enable finer control.
5292 CONFIG: New FEATURE(`ldap_routing') implements LDAP address
5293 routing. See cf/README for a complete description of the
5295 CONFIG: New variables for the new sendmail options:
5296 confAUTH_MECHANISMS AuthMechanisms
5297 confAUTH_OPTIONS AuthOptions
5298 confCLIENT_OPTIONS ClientPortOptions
5299 confCONTROL_SOCKET_NAME ControlSocketName
5300 confDEAD_LETTER_DROP DeadLetterDrop
5301 confDEF_AUTH_INFO DefaultAuthInfo
5302 confDF_BUFFER_SIZE DataFileBufferSize
5303 confLDAP_DEFAULT_SPEC LDAPDefaultSpec
5304 confMAX_ALIAS_RECURSION MaxAliasRecursion
5305 confMAX_HEADERS_LENGTH MaxHeadersLength
5306 confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength
5307 confPID_FILE PidFile
5308 confPROCESS_TITLE_PREFIX ProcessTitlePrefix
5309 confRRT_IMPLIES_DSN RrtImpliesDsn
5310 confTO_CONTROL Timeout.control
5311 confTO_RESOLVER_RETRANS Timeout.resolver.retrans
5312 confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first
5313 confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal
5314 confTO_RESOLVER_RETRY Timeout.resolver.retry
5315 confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first
5316 confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal
5317 confTRUSTED_USER TrustedUser
5318 confXF_BUFFER_SIZE XscriptFileBufferSize
5319 CONFIG: confDAEMON_OPTIONS has been replaced by DAEMON_OPTIONS(),
5320 which takes the options as argument and can be used
5321 multiple times; see cf/README for details.
5322 CONFIG: Add a fifth mailer definition to MAILER(`smtp') called
5323 "dsmtp". This mail provides on-demand delivery using the
5324 F=% mailer flag described above. The "dsmtp" mailer
5325 definition uses the new DSMTP_MAILER_ARGS which defaults
5327 CONFIG: New variables LOCAL_MAILER_MAXMSGS, SMTP_MAILER_MAXMSGS,
5328 and RELAY_MAILER_MAXMSGS for setting the m= equate for the
5329 local, smtp, and relay mailers respectively.
5330 CONFIG: New variable LOCAL_MAILER_DSN_DIAGNOSTIC_CODE for setting
5331 the DSN Diagnostic-Code type for the local mailer. The
5332 value should be changed with care.
5333 CONFIG: FEATURE(`local_lmtp') now sets the DSN Diagnostic-Code type
5334 for the local mailer to the proper value of "SMTP".
5335 CONFIG: All included maps are no longer optional by default; if
5336 there there is a problem with a map, sendmail will
5338 CONFIG: Removed root from class E; use EXPOSED_USER(`root')
5339 to get the old behavior. Suggested by Joe Pruett
5341 CONFIG: MASQUERADE_EXCEPTION() defines hosts/subdomains which
5342 will not be masqueraded. Proposed by Arne Wichmann
5343 of MPI Saarbruecken, Griff Miller of PGS Tensor,
5344 Jayme Cox of Broderbund Software Inc.
5345 CONFIG: A list of exceptions for FEATURE(`nocanonify') can be
5346 specified by CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE,
5347 i.e., a list of domains which are passed to $[ ... $]
5348 for canonification. Based on an idea from Neil Rickert
5349 of Northern Illinois University.
5350 CONFIG: If `canonify_hosts' is specified as parameter for
5351 FEATURE(`nocanonify') then addresses which have only
5352 a hostname, e.g., <user@host>, will be canonified.
5353 CONFIG: If FEATURE(`nocanonify') is turned on, a trailing dot is
5354 nevertheless added to addresses with more than one component
5356 CONFIG: Canonification is no longer attempted for any host or domain
5358 CONFIG: New class for matching virtusertable entries $={VirtHost} that
5359 can be populated by VIRTUSER_DOMAIN or VIRTUSER_DOMAIN_FILE.
5360 FEATURE(`virtuser_entire_domain') can be used to apply this
5361 class also to entire subdomains. Hosts in this class are
5362 treated as canonical in SCanonify2, i.e., a trailing dot
5364 CONFIG: If VIRTUSER_DOMAIN() or VIRTUSER_DOMAIN_FILE() are used,
5365 include $={VirtHost} in $=R (hosts allowed to relay).
5366 CONFIG: FEATURE(`generics_entire_domain') can be used to apply the
5367 genericstable also to subdomains of $=G.
5368 CONFIG: Pass "+detail" as %2 for virtusertable lookups.
5369 Patch from Noam Freedman from University of Chicago.
5370 CONFIG: Pass "+detail" as %1 for genericstable lookups. Suggested
5371 by Raymond S Brand of rsbx.net.
5372 CONFIG: Allow @domain in genericstable to override masquerading.
5373 Suggested by Owen Duffy from Owen Duffy & Associates.
5374 CONFIG: LOCAL_DOMAIN() adds entries to class w. Suggested by Steve
5375 Hubert of University of Washington.
5376 CONFIG: OSTYPE(`gnuhurd') has been replaced by OSTYPE(`gnu') as
5377 GNU is now the canonical system name. From Mark
5378 Kettenis of the University of Amsterdam.
5379 CONFIG: OSTYPE(`unixware7') updates from Larry Rosenman.
5380 CONFIG: Do not include '=' in option expansion if there is no value
5381 associated with the option. From Andrew Brown of
5382 Graffiti World Wide, Inc.
5383 CONFIG: Add MAILER(`qpage') to define a new pager mailer. Contributed
5384 by Philip A. Prindeville of Enteka Enterprise Technology
5386 CONFIG: MAILER(`cyrus') was not preserving case for mail folder
5387 names. Problem noted by Randall Winchester of Swales
5389 CONFIG: RELAY_MAILER_FLAGS can be used to define additional flags
5390 for the relay mailer. Suggested by Doug Hughes of Auburn
5391 University and Brian Candler.
5392 CONFIG: LOCAL_MAILER_FLAGS now includes 'P' (Add Return-Path:
5393 header) by default. Suggested by Per Hedeland of Ericsson.
5394 CONFIG: Use SMART_HOST for bracketed addresses, e.g., user@[host].
5395 Suggested by Kari Hurtta of the Finnish Meteorological
5397 CONFIG: New macro MODIFY_MAILER_FLAGS to tweak *_MAILER_FLAGS;
5398 i.e., to set, add, or delete flags.
5399 CONFIG: If SMTP AUTH is used then relaying is allowed for any user
5400 who authenticated via a "trusted" mechanism, i.e., one that
5401 is defined via TRUST_AUTH_MECH(`list of mechanisms').
5402 CONFIG: FEATURE(`delay_checks') delays check_mail and check_relay
5403 after check_rcpt and allows for exceptions from the checks.
5404 CONFIG: Map declarations have been moved into their associated
5405 feature files to allow greater flexibility in use of
5406 sequence maps. Suggested by Per Hedeland of Ericsson.
5407 CONFIG: New macro LOCAL_MAILER_EOL to override the default end of
5408 line string for the local mailer. Requested by Il Oh of
5409 Willamette Industries, Inc.
5410 CONFIG: Route addresses are stripped, i.e., <@a,@b,@c:user@d> is
5411 converted to <user@d>
5412 CONFIG: Reject bogus return address of <@@hostname>, generated by
5413 Sun's older, broken configuration files.
5414 CONFIG: FEATURE(`nullclient') now provides the full rulesets of a
5415 normal configuration, allowing anti-spam checks to be
5417 CONFIG: Don't return a permanent error (Relaying denied) if
5418 ${client_name} can't be resolved just temporarily.
5419 Suggested by Kari Hurtta of the Finnish Meteorological
5421 CONFIG: Change numbered rulesets into named (which still can
5422 be accessed by their numbers).
5423 CONFIG: FEATURE(`nouucp') takes one parameter: reject or nospecial
5424 which describes whether to disallow "!" in the local part
5426 CONFIG: Call Local_localaddr from localaddr (S5) which can be used
5427 to rewrite an address from a mailer which has the F=5 flag
5428 set. If the ruleset returns a mailer, the appropriate
5429 action is taken, otherwise the returned tokens are ignored.
5430 CONFIG: cf/ostype/solaris.m4 has been renamed to solaris2.pre5.m4
5431 and cf/ostype/solaris2.m4 is now a copy of solaris2.ml.m4.
5432 The latter is kept around for backward compatibility.
5433 CONFIG: Allow ":D.S.N:" for mailer/virtusertable "error:" entries,
5434 where "D.S.N" is an RFC 1893 compliant error code.
5435 CONFIG: Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX).
5436 CONFIG: Remove second space between username and date in UNIX From_
5437 line. Noted by Allan E Johannesen of Worcester Polytechnic
5439 CONFIG: Make sure all of the mailers have complete T= equates.
5440 CONFIG: Extend FEATURE(`local_procmail') so it can now take
5441 arguments overriding the mailer program, arguments, and
5442 mailer definition flags. This makes it possible to use
5443 other programs such as maildrop for local delivery.
5444 CONFIG: Emit warning if FEATURE(`local_lmtp') or
5445 FEATURE(`local_procmail') is given after MAILER(`local').
5446 Patch from Richard A. Nelson of IBM.
5447 CONFIG: Add SMTP Authentication information to Received: header
5448 default value (confRECEIVED_HEADER).
5449 CONFIG: Remove `l' flag from USENET_MAILER_FLAGS as it is not a
5450 local mailer. Problem noted by Per Hedeland of Ericsson.
5451 CONTRIB: Added bounce-resender.pl from Brian R. Gaeke of the
5452 University of California at Berkeley.
5453 CONTRIB: Added domainmap.m4 from Mark D. Roth of the University of
5454 Illinois at Urbana-Champaign.
5455 CONTRIB: etrn.pl now recognizes bogus host names. Patch from
5456 Bruce Barnett of GE's R&D Lab.
5457 CONTRIB: Patches for re-mqueue.pl by Graeme Hewson of Oracle
5459 CONTRIB: Added qtool.pl to assist in managing the queues.
5460 DEVTOOLS: Prevent user environment variables from interfering with
5461 the Build scripts. Problem noted by Ezequiel H. Panepucci of
5463 DEVTOOLS: 'Build -M' will display the obj.* directory which will
5464 be used for building.
5465 DEVTOOLS: 'Build -A' will display the architecture that would be
5466 used for a fresh build.
5467 DEVTOOLS: New variable confRANLIB, set automatically by configure.sh.
5468 DEVTOOLS: New variable confRANLIBOPTS for the options to send to
5470 DEVTOOLS: 'Build -O <path>' will have the object files build in
5471 <path>/obj.*. Suggested by Bryan Costales of Exactis.
5472 DEVTOOLS: New variable confNO_MAN_BUILD which will prevent the
5473 building of the man pages when defined. Suggested by Bryan
5475 DEVTOOLS: New variables confNO_HELPFILE_INSTALL and
5476 confNO_STATISTICS_INSTALL which will prevent the
5477 installation of the sendmail helpfile and statistics file
5478 respectively. Suggested by Bryan Costales.
5479 DEVTOOLS: Recognize ReliantUNIX as SINIX. Patch from Gerald Rinske
5480 of Siemens Business Services.
5481 DEVTOOLS: New variable confSTDIO_TYPE which defines the type of
5482 stdio library. The new buffered file I/O depends on the
5483 Torek stdio library. This option can be either portable or
5485 DEVTOOLS: New variables confSRCADD and confSMSRCADD which
5486 correspond to confOBJADD and confSMOBJADD respectively.
5487 They should contain the C source files for the object files
5488 listed in confOBJADD and confSMOBJADD. These file names
5489 will be passed to the 'make depend' stage of compilation.
5490 DEVTOOLS: New program specific variables for each of the programs
5491 in the sendmail distribution. Each has the form
5492 `conf_prog_ENVDEF', for example, `conf_sendmail_ENVDEF'.
5493 The new variables are conf_prog_ENVDEF, conf_prog_LIBS,
5494 conf_prog_SRCADD, and conf_prog_OBJADD.
5495 DEVTOOLS: Build system redesign. This should have little affect on
5496 building the distribution, but documentation on the changes
5497 are in devtools/README.
5498 DEVTOOLS: Don't allow 'Build -f file' if an object directory already
5499 exists. Suggested by Valdis Kletnieks of Virginia Tech.
5500 DEVTOOLS: Rename confSRCDIR to confSMSRCDIR since it only identifies
5501 the path to the sendmail source directory. confSRCDIR is a
5502 new variable which identifies the root of the source
5503 directories for all of the programs in the distribution.
5504 DEVTOOLS: confSRCDIR and confSMSRCDIR are now determined at Build
5505 time. They can both still be overridden by setting the m4
5507 DEVTOOLS: confSBINGRP now defaults to bin instead of kmem.
5508 DEVTOOLS: 'Build -Q prefix' uses devtools/Site/prefix.*.m4 for
5509 build configurations, and places objects in obj.prefix.*/.
5510 Complains as 'Build -f file' does for existing object
5511 directories. Suggested by Tom Smith of Digital Equipment
5513 DEVTOOLS: Setting confINSTALL_RAWMAN will install unformatted
5514 manual pages in the directory tree specified by
5516 DEVTOOLS: If formatting the manual pages fails, copy in the
5517 preformatted pages from the distribution. The new variable
5518 confCOPY specifies the copying program.
5519 DEVTOOLS: Defining confFORCE_RMAIL will install rmail without
5520 question. Suggested by Terry Lambert of Whistle
5522 DEVTOOLS: confSTFILE and confHFFILE can be used to change the names
5523 of the installed statistics and help files, respectively.
5524 DEVTOOLS: Remove spaces in `uname -r` output when determining
5525 operating system identity. Problem noted by Erik
5526 Wachtenheim of Dartmouth College.
5527 DEVTOOLS: New variable confLIBSEARCHPATH to specify the paths that
5528 will be search for the libraries specified in confLIBSEARCH.
5529 Defaults to "/lib /usr/lib /usr/shlib".
5530 DEVTOOLS: New variables confSTRIP and confSTRIPOPTS for specifying
5531 how to strip binaries. These are used by the new
5532 install-strip target.
5533 DEVTOOLS: New config file site.post.m4 which is included after
5534 the others (if it exists).
5535 DEVTOOLS: Change order of LIBS: first product specific libraries
5536 then the default ones.
5537 MAIL.LOCAL: Will not be installed set-user-ID root. To use mail.local
5538 as local delivery agent without LMTP mode, use
5539 MODIFY_MAILER_FLAGS(`LOCAL', `+S')
5541 MAIL.LOCAL: Do not reject addresses which would otherwise be
5542 accepted by sendmail. Suggested by Neil Rickert of
5543 Northern Illinois University.
5544 MAIL.LOCAL: New -7 option which causes LMTP mode not to advertise
5545 8BITMIME in the LHLO response. Suggested by Kari Hurtta of
5546 the Finnish Meteorological Institute.
5547 MAIL.LOCAL: Add support for the maillock() routines by defining
5548 MAILLOCK when compiling. Also requires linking with
5549 -lmail. Patch from Neil Rickert of Northern Illinois
5551 MAIL.LOCAL: Create a Content-Length: header if CONTENTLENGTH is
5552 defined when compiling. Automatically set for Solaris 2.3
5553 and later. Patch from Neil Rickert of Northern Illinois
5555 MAIL.LOCAL: Move the initialization of the 'notifybiff' address
5556 structure to the beginning of the program. This ensures that
5557 the getservbyname() is done before any seteuid to a possibly
5558 unauthenticated user. If you are using NIS+ and secure RPC
5559 on a Solaris system, this avoids syslog messages such as,
5560 "authdes_refresh: keyserv(1m) is unable to encrypt session
5561 key." Patch from Neil Rickert of Northern Illinois
5563 MAIL.LOCAL: Support group writable mail spool files when MAILGID is
5564 set to the gid to use (-DMAILGID=6) when compiling.
5565 Patch from Neil Rickert of Northern Illinois University.
5566 MAIL.LOCAL: When a mail message included lines longer than 2046
5567 characters (in LMTP mode), mail.local split the incoming
5568 line up into 2046-character output lines (excluding the
5569 newline). If an input line was 2047 characters long
5570 (excluding CRLF) and the last character was a '.',
5571 mail.local saw it as the end of input, transferred it to the
5572 user mailbox and tried to write an `ok' back to sendmail.
5573 If the message was much longer, both sendmail and
5574 mail.local would deadlock waiting for each other to read
5575 what they have written. Problem noted by Peter Jeremy of
5576 Alcatel Australia Limited.
5577 MAIL.LOCAL: New option -b to return a permanent error instead of a
5578 temporary error if a mailbox exceeds quota. Suggested by
5579 Neil Rickert of Northern Illinois University.
5580 MAIL.LOCAL: The creation of a lockfile is subject to a global
5581 timeout to avoid starvation.
5582 MAIL.LOCAL: Properly parse addresses with multiple quoted
5583 local-parts. Problem noted by Ronald F. Guilmette of
5584 Infinite Monkeys & Co.
5585 MAIL.LOCAL: NCR MP/RAS 3.X portability from Tom J. Moore of NCR.
5586 MAILSTATS: New -p option to invoke program mode in which stats are
5587 printed in a machine readable fashion and the stats file
5588 is reset. Patch from Kevin Hildebrand of the University
5590 MAKEMAP: If running as root, automatically change the ownership of
5591 generated maps to the TrustedUser as specified in the
5592 sendmail configuration file.
5593 MAKEMAP: New -C option to accept an alternate sendmail
5594 configuration file to use for finding the TrustedUser
5596 MAKEMAP: New -u option to dump (unmap) a database. Based on
5597 code contributed by Roy Mongiovi of Georgia Tech.
5598 MAKEMAP: New -e option to allow empty values. Suggested by Philip
5599 A. Prindeville of Enteka Enterprise Technology Services.
5600 MAKEMAP: Compile cleanly on 64-bit operating systems. Problem
5601 noted by Gerald Rinske of Siemens Business Services.
5602 OP.ME: Correctly document interaction between F=S and U= mailer
5603 equates. Problem noted by Bob Halley of Internet Engines.
5604 OP.ME: Fixup Timeout documentation. From Graeme Hewson of Oracle
5606 OP.ME: The Timeout [r] option was incorrectly listed as "safe"
5607 (e.g., sendmail would not drop root privileges if the
5608 option was specified on the command line). Problem noted
5609 by Todd C. Miller of Courtesan Consulting.
5610 PRALIASES: Handle the hash and btree map specifications for
5611 Berkeley DB. Patch from Brian J. Coan of the
5612 Institute for Global Communications.
5613 PRALIASES: Read the sendmail.cf file for the location(s) of the
5614 alias file(s) if the -f option is not used. Patch from
5615 John Beck of Sun Microsystems.
5616 PRALIASES: New -C option to specify an alternate sendmail
5617 configuration file to use for finding alias file(s). Patch
5618 from John Beck of Sun Microsystems.
5619 SMRSH: allow shell commands echo, exec, and exit. Allow command
5620 lists using || and &&. Based on patch from Brian J. Coan
5621 of the Institute for Global Communications.
5622 SMRSH: Update README for the new Build system. From Tim Pierce
5623 of RootsWeb Genealogical Data Cooperative.
5624 VACATION: Added vacation auto-responder to sendmail distribution.
5625 LIBSMDB: Added abstracted database library. Works with Berkeley
5626 DB 1.85, Berkeley DB 2.X, Berkeley DB 3.X, and NDBM.
5628 The Build script in the various program subdirectories are
5629 no longer symbolic links. They are now scripts
5630 which execute the actual Build script in
5632 All the manual pages are now written against -man and not
5633 -mandoc as they were previously.
5634 Add a simple Makefile to every directory so make instead
5635 of Build will work (unless parameters are
5636 required for Build).
5644 Renamed Directories:
5645 BuildTools => devtools
5649 devtools/OS/Linux.ppc
5650 devtools/OS/ReliantUNIX
5656 cf/cf/generic-linux.cf
5657 cf/cf/generic-linux.mc
5658 cf/feature/delay_checks.m4
5660 cf/feature/generics_entire_domain.m4
5661 cf/feature/no_default_msa.m4
5662 cf/feature/relay_mail_from.m4
5663 cf/feature/virtuser_entire_domain.m4
5667 cf/ostype/openbsd.m4
5668 contrib/bounce-resender.pl
5669 contrib/domainmap.m4
5672 devtools/M4/depend/AIX.m4
5674 devtools/M4/string.m4
5675 devtools/M4/subst_ext.m4
5676 devtools/M4/switch.m4
5679 devtools/OS/SINIX.5.43
5680 devtools/OS/SINIX.5.44
5682 devtools/bin/find_in_path.sh
5690 sendmail/bf_portable.c
5691 sendmail/bf_portable.h
5694 sendmail/shmticklib.c
5695 sendmail/statusd_shm.h
5701 cf/ostype/gnuhurd.m4 => cf/ostype/gnu.m4
5702 sendmail/cdefs.h => include/sendmail/cdefs.h
5703 sendmail/sendmail.hf => sendmail/helpfile
5704 sendmail/mailstats.h => include/sendmail/mailstats.h
5705 sendmail/pathnames.h => include/sendmail/pathnames.h
5706 sendmail/safefile.c => libsmutil/safefile.c
5707 sendmail/snprintf.c => libsmutil/snprintf.c
5708 sendmail/useful.h => include/sendmail/useful.h
5709 cf/ostype/solaris2.m4 => cf/ostype/solaris2.pre5.m4
5711 cf/ostype/solaris2.ml.m4 => cf/ostype/solaris2.m4
5713 8.9.3/8.9.3 1999/02/04
5714 SECURITY: Limit message headers to a maximum of 32K bytes (total
5715 of all headers in a single message) to prevent a denial of
5716 service attack. This limit will be configurable in 8.10.
5717 Problem noted by Michal Zalewski of the "Internet for
5718 Schools" project (IdS).
5719 Prevent segmentation fault on an LDAP lookup if the LDAP map
5720 was closed due to an earlier failure. Problem noted by
5721 Jeff Wasilko of smoe.org. Fix from Booker Bense of
5722 Stanford University and Per Hedeland of Ericsson.
5723 Preserve the order of the MIME headers in multipart messages
5724 when performing the MIME header length check. This
5725 will allow PGP signatures to function properly. Problem
5726 noted by Lars Hecking of University College, Cork, Ireland.
5727 If ruleset 5 rewrote the local address to an :include: directive,
5728 the delivery would fail with an "aliasing/forwarding loop
5729 broken" error. Problem noted by Eric C Hagberg of Morgan
5730 Stanley. Fix from Per Hedeland of Ericsson.
5731 Allow -T to work for bestmx maps. Fix from Aaron Schrab of
5732 ExecPC Internet Systems.
5733 During the transfer of a message in an SMTP transaction, if a
5734 TCP timeout occurs, the message would be properly queued
5735 for later retry but the failure would be logged as
5736 "Illegal Seek" instead of a timeout. Problem noted by
5737 Piotr Kucharski of the Warsaw School of Economics (SGH)
5738 and Carles Xavier Munyoz Baldo of CTV Internet.
5739 Prevent multiple deliveries on a self-referencing alias if the
5740 F=w mailer flag is not set. Problem noted by Murray S.
5741 Kucherawy of Concentric Network Corporation and Per
5742 Hedeland of Ericsson.
5743 Do not strip empty headers but if there is no value and a
5744 default is defined in sendmail.cf, use the default.
5745 Problem noted by Philip Guenther of Gustavus Adolphus
5746 College and Christopher McCrory of Netus, Inc.
5747 Don't inherit information about the sender (notably the full name)
5748 in SMTP (-bs) mode, since this might be called from inetd.
5749 Accept any 3xx reply code in response to DATA command instead of
5750 requiring 354. This change will match the wording to be
5751 published in the updated SMTP specification from the DRUMS
5754 AIX 4.2.0 or 4.2.1 may become updated by the fileset
5755 bos.rte.net level 4.2.0.2. This introduces the
5756 softlink /usr/lib/libbind.a which should
5757 not be used. It conflicts with the resolver
5758 built into libc.a. "bind" has been removed
5759 from the confLIBSEARCH BuildTools variable.
5760 Users who have installed BIND 8.X will have
5761 to add it back in their site.config.m4 file.
5762 Problem noted by Ole Holm Nielsen of the
5763 Technical University of Denmark.
5764 CRAY TS 10.0.x from Sven Nielsen of San Diego
5765 Supercomputer Center.
5766 Improved LDAP version 3 integration based on input
5767 from Kurt D. Zeilenga of the OpenLDAP Foundation,
5768 John Beck of Sun Microsystems, and Booker Bense
5769 of Stanford University.
5770 Linux doesn't have a standard way to get the timezone
5771 between different releases. Back out the
5772 change in 8.9.2 and don't attempt to derive
5773 a timezone. Problem reported by Igor S. Livshits
5774 of the University of Illinois at Urbana-Champaign
5775 and Michael Dickens of Tetranet Communications.
5776 Reliant UNIX, the new name for SINIX, from Gert-Jan Looy
5778 SunOS 5.8 from John Beck of Sun Microsystems.
5779 CONFIG: SCO UnixWare 2.1 and 7.0 need TZ to get the proper
5780 timezone. Problem noted by Petr Lampa of Technical
5782 CONFIG: Handle <@bestmx-host:user@otherhost> addressing properly
5783 when using FEATURE(bestmx_is_local). Patch from Neil W.
5784 Rickert of Northern Illinois University.
5785 CONFIG: Properly handle source routed and %-hack addresses on
5786 hosts which the mailertable remaps to local:. Patch from
5787 Neil W. Rickert of Northern Illinois University.
5788 CONFIG: Internal fixup of mailertable local: map value. Patch from
5789 Larry Parmelee of Cornell University.
5790 CONFIG: Only add back +detail from host portion of mailer triplet
5791 on local mailer triplets if it was originally +detail.
5792 Patch from Neil W. Rickert of Northern Illinois University.
5793 CONFIG: The bestmx_is_local checking done in check_rcpt would
5794 cause later checks to fail. Patch from Paul J Murphy of
5797 BuildTools/OS/CRAYTS.10.0.x
5798 BuildTools/OS/ReliantUNIX
5799 BuildTools/OS/SunOS.5.8
5801 8.9.2/8.9.2 1998/12/30
5802 SECURITY: Remove five second sleep on accepting daemon connections
5803 due to an accept() failure. This sleep could be used
5804 for a denial of service attack.
5805 Do not silently ignore queue files with names which are too long.
5806 Patch from Bryan Costales of InfoBeat, Inc.
5807 Do not store failures closing an SMTP session in persistent
5808 host status. Reported by Graeme Hewson of Oracle
5810 Allow symbolic link forward files if they are in safe directories.
5811 Problem noted by Andreas Schott of the Max Planck Society.
5812 Missing columns in a text map could cause a segmentation fault.
5813 Fix from David Lee of the University of Durham.
5814 Note that for 8.9.X, PrivacyOptions=goaway also includes the
5815 noetrn flag. This is scheduled to change in a future
5816 version of sendmail. Problem noted by Theo Van Dinter of
5817 Chrysalis Symbolic Designa and Alan Brown of Manawatu
5819 When trying to do host canonification in a Wildcard MX
5820 environment, try an MX lookup of the hostname without the
5821 default domain appended. Problem noted by Olaf Seibert of
5822 Polderland Language & Speech Technology.
5823 Reject SMTP RCPT To: commands with only comments (i.e.
5824 'RCPT TO: (comment)'. Problem noted by Earle Ake of
5825 Hassler Communication Systems Technology, Inc.
5826 Handle any number of %s in the LDAP filter spec. Patch from
5827 Per Hedeland of Ericsson.
5828 Clear ldapx open timeouts even if the map open failed to prevent
5829 a segmentation fault. Patch from Wayne Knowles of the
5830 National Institute of Water & Atmospheric Research Ltd.
5831 Do not syslog envelope clone messages when using address
5832 verification (-bv). Problem noted by Kari Hurtta of the
5833 Finnish Meteorological Institute.
5834 Continue to perform queue runs while in daemon mode even if the
5835 daemon is rejecting connections due to a disk full
5836 condition. Problem noted by JR Oldroyd of TerraNet
5838 Include full filename on installation of the sendmail.hf file
5839 in case the $HFDIR directory does not exist. Problem
5840 noted by Josef Svitak of Montana State University.
5841 Close all maps when exiting the process with one exception.
5842 Berkeley DB can use internal shared memory locking for
5843 its memory pool. Closing a map opened by another process
5844 will interfere with the shared memory and locks of the
5845 parent process leaving things in a bad state. For
5846 Berkeley DB, only close the map if the current process
5847 is also the one that opened the map, otherwise only close
5848 the map file descriptor. Thanks to Yoseff Francus of
5849 Collective Technologies for volunteering his system for
5851 Avoid null pointer dereference on XDEBUG output for SMTP reply
5852 failures. Problem noted by Carlos Canau of EUnet Portugal.
5853 On mailq and hoststat listings being piped to another program, such
5854 as more, if the pipe closes (i.e., the user quits more),
5855 stop sending output and exit. Patch from Allan E Johannesen
5856 of Worcester Polytechnic Institute.
5857 In accordance with the documentation, LDAP map lookup failures
5858 are now considered temporary failures instead of permanent
5859 failures unless the -t flag is used in the map definition.
5860 Problem noted by Booker Bense of Stanford University and
5861 Eric C. Hagberg of Morgan Stanley.
5862 Fix by one error reporting on long alias names. Problem noted by
5863 H. Paul Hammann of the Missouri Research and Education
5865 Fix DontBlameSendmail=IncludeFileInUnsafeDirPath behavior. Problem
5866 noted by Barry S. Finkel of Argonne National Laboratory.
5867 When automatically converting from 8 bit to quoted printable MIME,
5868 be careful not to miss a multi-part boundary if that
5869 boundary is preceded by a boundary-like line. Problem
5870 noted by Andreas Raschle of Ansid Inc. Fix from
5871 Kari Hurtta of the Finnish Meteorological Institute.
5872 Avoid bogus reporting of "LMTP tobuf overflow" when the buffer
5873 has enough space for the additional address. Problem
5874 noted by Steve Cliffe of the University of Wollongong.
5875 Fix DontBlameSendmail=FileDeliveryToSymlink behavior. Problem
5876 noted by Alex Vorobiev of Swarthmore College.
5877 If the check_compat ruleset resolves to the $#discard mailer,
5878 discard the current recipient. Unlike check_relay,
5879 check_mail, and check_rcpt, the entire envelope is not
5880 discarded. Problem noted by RZ D. Rahlfs. Fix from
5881 Claus Assmann of Christian-Albrechts-University of Kiel.
5882 Avoid segmentation fault when reading ServiceSwitchFile files with
5883 bogus formatting. Patch from Kari Hurtta of the Finnish
5884 Meteorological Institute.
5885 Support Berkeley DB 2.6.4 API change.
5886 OP.ME: Pages weren't properly output on duplexed printers. Fix
5887 from Matthew Black of CSU Long Beach.
5889 Apple Rhapsody from Wilfredo Sanchez of Apple Computer, Inc.
5890 Avoid a clash with IRIX 6.2 getopt.h and the UserDatabase
5891 option structure. Problem noted by Ashley M.
5892 Kirchner of Photo Craft Laboratories, Inc.
5893 Break out IP address to hostname translation for
5894 reading network interface addresses into
5895 class 'w'. Patch from John Kennedy of
5896 Cal State University, Chico.
5897 AIX 4.x use -qstrict with -O3 to prevent the optimized
5898 from changing the semantics of the compiled
5899 program. From Simon Travaglia of the
5900 University of Waikato, New Zealand.
5901 FreeBSD 2.2.2 and later support setusercontext(). From
5902 Peter Wemm of DIALix.
5903 FreeBSD 3.x fix from Peter Wemm of DIALix.
5904 IRIX 5.x has a syslog buffer size of 512 bytes. From
5905 Nao NINOMIYA of Utsunomiya University.
5906 IRIX 6.5 64-bit Build support.
5907 LDAP Version 3 support from John Beck and Ravi Iyer
5908 of Sun Microsystems.
5909 Linux does not implement seteuid() properly. From
5910 John Kennedy of Cal State University, Chico.
5911 Linux timezone type was set improperly. From Takeshi Itoh
5913 NCR MP-RAS 3.x needs -lresolv for confLIBS. From
5914 Tom J. Moore of NCR.
5915 NeXT 4.x correction to man page path. From J. P. McCann
5917 System V Rel 5.x (a.k.a UnixWare7 w/o BSD-Compatibility Libs)
5918 from Paul Gampe of the Asia Pacific Network
5920 ULTRIX now requires an optimization limit of 970 from
5921 Allan E Johannesen of Worcester Polytechnic
5923 Fix extern declaration for sm_dopr(). Fix from Henk
5924 van Oers of Algemeen Nederlands Persbureau.
5925 CONFIG: Catch @hostname,user@anotherhost.domain as relaying.
5926 Problem noted by Mark Rogov of AirMedia, Inc. Fix from
5927 Claus Assmann of Christian-Albrechts-University of Kiel.
5928 CONFIG: Do not refer to http://maps.vix.com/ on RBL rejections as
5929 there are multiple RBL's available and the MAPS RBL may
5930 not be the one in use. Suggested by Alan Brown of
5931 Manawatu Internet Services.
5932 CONFIG: Properly strip route addresses (i.e., @host1:user@host2)
5933 when stripping down a recipient address to check for
5934 relaying. Patch from Claus Assmann of
5935 Christian-Albrechts-University of Kiel and Neil W Rickert
5936 of Northern Illinois University.
5937 CONFIG: Allow the access database to override RBL lookups. Patch
5938 from Claus Assmann of Christian-Albrechts-University of
5940 CONFIG: UnixWare 7 support from Phillip P. Porch of The Porch
5942 CONFIG: Fixed check for deferred delivery mode warning. Patch
5943 from Claus Assmann of Christian-Albrechts-University of
5944 Kiel and Per Hedeland of Ericsson.
5945 CONFIG: If a recipient using % addressing is used, e.g.
5946 user%site@othersite, and othersite's MX records are now
5947 checked for local hosts if FEATURE(relay_based_on_MX) is
5948 used. Problem noted by Alexander Litvin of Lucky Net Ltd.
5949 Patch from Alexander Litvin of Lucky Net Ltd and
5950 Claus Assmann of Christian-Albrechts-University of Kiel.
5951 MAIL.LOCAL: Prevent warning messages from appearing in the LMTP
5952 stream. Do not allow more than one response per recipient.
5953 MAIL.LOCAL: Handle routed addresses properly when using LMTP. Fix
5954 from John Beck of Sun Microsystems.
5955 MAIL.LOCAL: Properly check for CRLF when using LMTP. Fix from
5956 John Beck of Sun Microsystems.
5957 MAIL.LOCAL: Substitute MAILER-DAEMON for the LMTP empty sender in
5958 the envelope From header.
5959 MAIL.LOCAL: Accept underscores in hostnames in LMTP mode.
5960 Problem noted by Glenn A. Malling of Syracuse University.
5961 MAILSTATS: Document msgsrej and msgsdis fields in the man page.
5962 Problem noted by Richard Wong of Princeton University.
5963 MAKEMAP: Build group list so group writable files are allowed with
5964 the -s flag. Problem noted by Curt Sampson of Internet
5965 Portal Services, Inc.
5966 PRALIASES: Automatically handle alias files created without the
5967 NULL byte at the end of the key. Patch from John Beck of
5969 PRALIASES: Support Berkeley DB 2.6.4 API change.
5971 BuildTools/OS/IRIX64.6.5
5972 BuildTools/OS/UnixWare.5.i386
5973 cf/ostype/unixware7.m4
5974 contrib/smcontrol.pl
5977 8.9.1/8.9.1 1998/07/02
5978 If both an OS specific site configuration file and a generic
5979 site.config.m4 file existed, only the latter was used
5980 instead of both. Problem noted by Geir Johannessen of
5981 the Norwegian University of Science and Technology.
5982 Fix segmentation fault while converting 8 bit to 7 bit MIME
5983 multipart messages by trying to write to an unopened
5984 file descriptor. Fix from Kari Hurtta of the Finnish
5985 Meteorological Institute.
5986 Do not assume Message: and Text: headers indicate the end of
5987 the header area when parsing MIME headers. Problem noted
5988 by Kari Hurtta of the Finnish Meteorological Institute.
5989 Setting the confMAN#SRC Build variable would only effect the
5990 installation commands. The man pages would still be
5991 built with .0 extensions. Problem noted by Bryan
5992 Costales of InfoBeat, Inc.
5993 Installation of manual pages didn't honor the DESTDIR environment
5994 variable. Problem noted by Bryan Costales of InfoBeat, Inc.
5995 If the check_relay ruleset resolved to the discard mailer, messages
5996 were still delivered. Problem noted by Mirek Luc of NASK.
5997 Mail delivery to files would fail with an Operating System Error
5998 if sendmail was not running as root, i.e., RunAsUser was set.
5999 Problem noted by Leonard N. Zubkoff of Dandelion Digital.
6000 Prevent MinQueueAge from interfering from queued items created
6001 in the future, i.e., if the system clock was set ahead
6002 and then back. Problem noted by Michael Miller of the
6003 University of Natal, Pietermaritzburg.
6004 Do not advertise ETRN support in ESTMP EHLO reply if noetrn is
6005 set in the PrivacyOptions option. Fix from Ted Rule of
6007 Log invalid persistent host status file lines instead of
6008 bouncing the message. Problem noted by David Lindes of
6009 DaveLtd Enterprises.
6010 Move creation of empty sendmail.st file from installation to
6011 compilation. Installation may be done from a read-only
6012 mount. Fix from Bryan Costales of InfoBeat, Inc. and Ric
6013 Anderson of the Oasis Research Center, Inc.
6014 Enforce the maximum number of User Database entries limit. Problem
6015 noted by Gary Buchanan of Credence Systems Inc.
6016 Allow dead.letter files in root's home directory. Problem noted
6017 by Anna Ullman of Sun Microsystems.
6018 Program deliveries in forward files could be marked unsafe if
6019 any directory listed in the ForwardPath option did not
6020 exist. Problem noted by Jorg Bielak of Coastal Web Online.
6021 Do not trust the length of the address structure returned by
6022 gethostbyname(). Problem noted by Chris Evans of Oxford
6024 If the SIZE= MAIL From: ESMTP parameter is too large, use the
6025 5.3.4 DSN status code instead of 5.2.2. Similarly, for
6026 non-local deliveries, if the message is larger than the
6027 mailer maximum message size, use 5.3.4 instead of 5.2.3.
6028 Suggested by Antony Bowesman of
6029 Fujitsu/TeaWARE Mail/MIME System.
6031 Fix the check for an IP address reverse lookup for
6032 use in $&{client_name} on 64 bit platforms.
6033 From Gilles Gallot of Institut for Development
6034 and Resources in Intensive Scientific computing.
6035 BSD-OS uses .0 for man page extensions. From Jeff Polk
6037 DomainOS detection for Build. Also, version 10.4 and later
6038 ship a unistd.h. Fixes from Takanobu Ishimura of
6040 NeXT 4.x uses /usr/lib/man/cat for its man pages. From
6041 J. P. McCann of E I A.
6042 SCO 4.X and 5.X include NDBM support. From Vlado Potisk
6044 CONFIG: Do not pass spoofed PTR results through resolver for
6045 qualification. Problem noted by Michiel Boland of
6046 Digital Valley Internet Professionals; fix from
6047 Kari Hurtta of the Finnish Meteorological Institute.
6048 CONFIG: Do not try to resolve non-DNS hostnames such as UUCP,
6049 BITNET, and DECNET addresses for resolvable senders.
6050 Problem noted by Alexander Litvin of Lucky Net Ltd.
6051 CONFIG: Work around Sun's broken configuration which sends bounce
6052 messages as coming from @@hostname instead of <>. LMTP
6053 would not accept @@hostname.
6054 OP.ME: Corrections to complex sendmail startup script from Rick
6055 Troxel of the National Institutes of Health.
6056 RMAIL: Do not install rmail by default, require 'make force-install'
6057 as this rmail isn't the same as others. Suggested by
6058 Kari Hurtta of the Finnish Meteorological Institute.
6060 BuildTools/OS/DomainOS.10.4
6062 8.9.0/8.9.0 1998/05/19
6063 SECURITY: To prevent users from reading files not normally
6064 readable, sendmail will no longer open forward, :include:,
6065 class, ErrorHeader, or HelpFile files located in unsafe
6066 (i.e., group or world writable) directory paths. Sites
6067 which need the ability to override security can use the
6068 DontBlameSendmail option. See the README file for more
6070 SECURITY: Problems can occur on poorly managed systems, specifically,
6071 if maps or alias files are in world writable directories.
6072 This fixes the change added to 8.8.6 to prevent links in these
6073 world writable directories.
6074 SECURITY: Make sure ServiceSwitchFile option file is not a link if
6075 it is in a world writable directory.
6076 SECURITY: Never pass a tty to a mailer -- if a mailer can get at the
6077 tty it may be able to push bytes back to the senders input.
6078 Unfortunately this breaks -v mode. Problem noted by
6079 Wietse Venema of the Global Security Analysis Lab at
6080 IBM T.J. Watson Research.
6081 SECURITY: Empty group list if DontInitGroups is set to true to
6082 prevent program deliveries from picking up extra group
6083 privileges. Problem reported by Wolfgang Ley of DFN-CERT.
6084 SECURITY: The default value for DefaultUser is now set to the uid and
6085 gid of the first existing user mailnull, sendmail, or daemon
6086 that has a non-zero uid. If none of these exist, sendmail
6087 reverts back to the old behavior of using uid 1 and gid 1.
6088 This is a security problem for Linux which has chosen that
6089 uid and gid for user bin instead of daemon. If DefaultUser
6090 is set in the configuration file, that value overrides this
6092 SECURITY: Since 8.8.7, the check for non-set-user-ID binaries
6093 interfered with setting an alternate group id for the
6094 RunAsUser option. Problem noted by Randall Winchester of
6095 the University of Maryland.
6096 Add support for Berkeley DB 2.X. Based on patch from John Kennedy
6097 of Cal State University, Chico.
6098 Remove support for OLD_NEWDB (pre-1.5 version of Berkeley DB). Users
6099 which previously defined OLD_NEWDB=1 must now upgrade to the
6100 current version of Berkeley DB.
6101 Added support for regular expressions using the new map class regex.
6102 From Jan Krueger of Unix-AG of University of Hannover.
6103 Support for BIND 8.1.1's hesiod for hesiod maps and hesiod
6104 UserDatabases from Randall Winchester of the University
6106 Allow any shell for user shell on program deliveries on V1
6107 configurations for backwards compatibility on machines which
6108 do not have getusershell(). Fix from John Beck of Sun
6110 On operating systems which change the process title by reusing the
6111 argument vector memory, sendmail could corrupt memory if the
6112 last argument was either "-q" or "-d". Problem noted by
6113 Frank Langbein of the University of Stuttgart.
6114 Support Local Mail Transfer Protocol (LMTP) between sendmail and
6115 mail.local on the F=z flag.
6116 Macro-expand the contents of the ErrMsgFile. Previously this was
6117 only done if you had magic characters (0x81) to indicate
6118 macro expansion. Now $x will be expanded. This means that
6119 real dollar signs have to be backslash escaped.
6120 TCP Wrappers expects "unknown" in the hostname argument if the
6121 reverse DNS lookup for the incoming connection fails.
6122 Problem noted by Randy Grimshaw of Syracuse University and
6123 Wietse Venema of the Global Security Analysis Lab at
6124 IBM T.J. Watson Research.
6125 DSN success bounces generated from an invocation of sendmail -t
6126 would be sent to both the sender and MAILER-DAEMON.
6127 Problem noted by Claus Assmann of
6128 Christian-Albrechts-University of Kiel.
6129 Avoid "Error 0" messages on delivery mailers which exit with a
6130 valid exit value such as EX_NOPERM. Fix from Andreas Luik
6131 of ISA Informationssysteme GmbH.
6132 Tokenize $&x expansions on right hand side of rules. This eliminates
6133 the need to use tricks like $(dequote "" $&{client_name} $)
6134 to cause the ${client_name} macro to be properly tokenized.
6135 Add the MaxRecipientsPerMessage option: this limits the number of
6136 recipients that will be accepted in a single SMTP
6137 transaction. After this number is reached, sendmail
6138 starts returning "452 Too many recipients" to all RCPT
6139 commands. This can be used to limit the number of recipients
6140 per envelope (in particular, to discourage use of the server
6141 for spamming). Note: a better approach is to restrict
6143 Fixed pointer initialization for LDAP lmap struct, fixed -s option
6144 to ldapx map and added timeout for ldap_open call to
6145 avoid hanging sendmail in the event of hung LDAP servers.
6146 Patch from Booker Bense of Stanford University.
6147 Allow multiple -qI, -qR, or -qS queue run limiters. For example,
6148 '-qRfoo -qRbar' would deliver mail to recipients with foo or
6149 bar in their address. Patch from Allan E Johannesen of
6150 Worcester Polytechnic Institute.
6151 The bestmx map will now return a list of the MX servers for a host if
6152 passed a column delimiter via the -z map flag. This can be
6153 used to check if the server is an MX server for the recipient
6154 of a message. This can be used to help prevent relaying.
6155 Patch from Mitchell Blank Jr of Exec-PC.
6156 Mark failures for the *file* mailer and return bounce messages to the
6157 sender for those failures.
6158 Prevent bogus syslog timestamps on errors in sendmail.cf by
6159 preserving the TZ environment variable until TimeZoneSpec
6160 has been determined. Problem noted by Ralf Hildebrandt of
6161 Technical University of Braunschweig. Patch from Per Hedeland
6163 Print test input in address test mode when input is not from the tty
6164 when the -v flag is given (i.e., sendmail -bt -v) to make
6165 output easier to decipher. Problem noted by Aidan Nichol
6166 of Procter & Gamble.
6167 The LDAP map -s flag was not properly parsed and the error message
6168 given included the remainder of the arguments instead of
6169 solely the argument in error. Problem noted by Aidan Nichol
6170 of Procter & Gamble.
6171 New DontBlameSendmail option. This option allows administrators to
6172 bypass some of sendmail's file security checks at the expense
6173 of system security. This should only be used if you are
6174 absolutely sure you know the consequences. The available
6175 DontBlameSendmail options are:
6178 ClassFileInUnsafeDirPath
6179 ErrorHeaderInUnsafeDirPath
6180 GroupWritableDirPathSafe
6181 GroupWritableForwardFileSafe
6182 GroupWritableIncludeFileSafe
6183 GroupWritableAliasFile
6184 HelpFileinUnsafeDirPath
6185 WorldWritableAliasFile
6186 ForwardFileInGroupWritableDirPath
6187 IncludeFileInGroupWritableDirPath
6188 ForwardFileInUnsafeDirPath
6189 IncludeFileInUnsafeDirPath
6190 ForwardFileInUnsafeDirPathSafe
6191 IncludeFileInUnsafeDirPathSafe
6193 LinkedAliasFileInWritableDir
6194 LinkedClassFileInWritableDir
6195 LinkedForwardFileInWritableDir
6196 LinkedIncludeFileInWritableDir
6197 LinkedMapInWritableDir
6198 LinkedServiceSwitchFileInWritableDir
6199 FileDeliveryToHardLink
6200 FileDeliveryToSymLink
6203 WriteStatsToHardLink
6205 RunProgramInUnsafeDirPath
6207 New DontProbeInterfaces option to turn off the inclusion of all the
6208 interface names in $=w on startup. In particular, if you
6209 have lots of virtual interfaces, this option will speed up
6210 startup. However, unless you make other arrangements, mail
6211 sent to those addresses will be bounced.
6212 Automatically create alias databases if they don't exist and
6213 AutoRebuildAliases is set.
6214 Add PrivacyOptions=noetrn flag to disable the SMTP ETRN command.
6215 Suggested by Christophe Wolfhugel of the Institut Pasteur.
6216 Add PrivacyOptions=noverb flag to disable the SMTP VERB command.
6217 When determining the client host name ($&{client_name} macro), do
6218 a forward (A) DNS lookup on the result of the PTR lookup
6219 and compare results. If they differ or if the PTR lookup
6220 fails, &{client_name} will contain the IP address
6221 surrounded by square brackets (e.g., [127.0.0.1]).
6222 New map flag: -Tx appends "x" to lookups that return temporary failure
6223 (i.e, it is like -ax for the temporary failure case, in
6224 contrast to the success case).
6225 New syntax to do limited checking of header syntax. A config line
6228 causes the indicated Ruleset to be invoked on the Header
6229 when read. This ruleset works like the check_* rulesets --
6230 that is, it can reject mail on the basis of the contents.
6231 Limit the size of the HELO/EHLO parameter to prevent spammers
6232 from hiding their connection information in Received:
6234 When SingleThreadDelivery is active, deliveries to locked hosts
6235 are skipped. This will cause the delivering process to
6236 try the next MX host or queue the message if no other MX
6237 hosts are available. Suggested by Alexander Litvin.
6238 The [FILE] mailer type now delivers to the file specified in the
6239 A= equate of the mailer definition instead of $u. It also
6240 obeys all of the F= mailer flags such as the MIME
6241 7/8 bit conversion flags. This is useful for defining
6242 a mailer which delivers to the same file regardless of the
6243 recipient (e.g., 'A=FILE /dev/null' to discard unwanted mail).
6244 Do not assume the identity of a remote connection is root@localhost
6245 if the remote connection closes the socket before the
6246 remote identity can be queried.
6247 Change semantics of the F=S mailer flag back to 8.7.5 behavior.
6248 Some mailers, including procmail, require that the real
6249 uid is left unchanged by sendmail. Problem noted by Per
6250 Hedeland of Ericsson.
6251 No longer is the src/obj*/Makefile selected from a large list -- it
6252 is now generated using the information in BuildTools/OS/ --
6253 some of the details are determined dynamically via
6254 BuildTools/bin/configure.sh.
6255 The other programs in the sendmail distribution -- mail.local,
6256 mailstats, makemap, praliases, rmail, and smrsh -- now use
6257 the new Build method which creates an operating system
6258 specific Makefile using the information in BuildTools.
6259 Make 4xx reply codes to the SMTP MAIL command be non-sticky (i.e.,
6260 a failure on one message won't affect future messages to the
6261 same host). This is necessary if the remote host sends
6262 a 451 error if the domain of the sender does not resolve
6263 as is common in anti-spam configurations. Problem noted
6264 by Mitchell Blank Jr of Exec-PC.
6265 New "discard" mailer for check_* rulesets and header checking
6266 rulesets. If one of the above rulesets resolves to the
6267 $#discard mailer, the commands will be accepted but the
6268 message will be completely discarded after it is accepting.
6269 This means that even if only one of the recipients
6270 resolves to the $#discard mailer, none of the recipients
6271 will receive the mail. Suggested by Brian Kantor.
6272 All but the last cloned envelope of a split envelope were queued
6273 instead of being delivered. Problem noted by John Caruso
6274 of CNET: The Computer Network.
6275 Fix deadlock situation in persistent host status file locking.
6276 Syslog an error if a user forward file could not be read due to
6277 an error. Patch from John Beck of Sun Microsystems.
6278 Use the first name returned on machine lookups when canonifying a
6279 hostname via NetInfo. Patch from Timm Wetzel of GWDG.
6280 Clear the $&{client_addr}, $&{client_name}, and $&{client_port}
6281 macros when delivering a bounce message to prevent
6282 rejection by a check_compat ruleset which uses these macros.
6283 Problem noted by Jens Hamisch of AgiX Internetservices GmbH.
6284 If the check_relay ruleset resolves to the the error mailer, the
6285 error in the $: portion of the resolved triplet is used
6286 in the rejection message given to the remote machine.
6287 Suggested by Scott Gifford of The Internet Ramp.
6288 Set the $&{client_addr}, $&{client_name}, and $&{client_port} macros
6289 before calling the check_relay ruleset. Suggested by Scott
6290 Gifford of The Internet Ramp.
6291 Sendmail would get a segmentation fault if a mailer exited with an
6292 exit code of 79. Problem noted by Aaron Schrab of ExecPC
6293 Internet. Fix from Christophe Wolfhugel of the Pasteur
6295 Separate snprintf/vsnprintf routines into separate file for use by
6297 Allow multiple map lookups on right hand side, e.g.,
6298 R$* $( host $1 $) $| $( passwd $1 $). Patch from
6299 Christophe Wolfhugel of the Pasteur Institute.
6300 Properly generate success DSN messages if requested for aliases
6301 which have owner- aliases. Problem noted by Kari Hurtta
6302 of the Finnish Meteorological Institute.
6303 Properly display delayed-expansion macros ($&{macroname}) in
6304 address test mode (-bt). Problem noted by Bryan Costales
6306 -qR could sometimes match names incorrectly. Problem noted by
6307 Lutz Euler of Lavielle EDV Systemberatung GmbH & Co.
6308 Include a magic number and version in the StatusFile for the
6310 Record the number of rejected and discarded messages in the
6311 StatusFile for display by the mailstats command. Patch
6312 from Randall Winchester of the University of Maryland.
6313 IDENT returns where the OSTYPE field equals "OTHER" now list the
6314 user portion as IDENT:username@site instead of
6315 username@site to differentiate the two. Suggested by
6316 Kari Hurtta of the Finnish Meteorological Institute.
6317 Enforce timeout for LDAP queries. Patch from Per Hedeland of
6319 Change persistent host status filename substitution so '/' is
6320 replaced by ':' instead of '|' to avoid clashes. Also
6321 avoid clashes with hostnames with leading dots. Fix from
6322 Mitchell Blank Jr. of Exec-PC.
6323 If the system lock table is full, only attempt to create a new
6324 queue entry five times before giving up. Previously, it
6325 was attempted indefinitely which could cause the partition
6326 to run out of inodes. Problem noted by Suzie Weigand of
6327 Stratus Computer, Inc.
6328 In verbose mode, warn if the sendmail.cf version is less than the
6329 currently supported version.
6330 Sorting for QueueSortOrder=host is now case insensitive. Patch
6331 from Randall S. Winchester of the University of Maryland.
6332 Properly quote a full name passed via the -F command line option,
6333 the Full-Name: header, or the NAME environment variable if
6334 it contains characters which must be quoted. Problem noted
6335 by Kari Hurtta of the Finnish Meteorological Institute.
6336 Avoid possible race condition that unlocked a mail job before
6337 releasing the transcript file on systems that use flock(2).
6338 In some cases, this might result in a "Transcript Unavailable"
6339 message in error bounces.
6340 Accept SMTP replies which contain only a reply code and no
6341 accompanying text. Problem noted by Fernando Fraticelli of
6342 Digital Equipment Corporation.
6344 AIX 4.1 uses int for SOCKADDR_LEN_T from Motonori Nakamura
6345 of Kyoto University.
6346 AIX 4.2 requires <userpw.h> before <usersec.h>. Patch from
6347 Randall S. Winchester of the University of
6349 AIX 4.3 from Valdis Kletnieks of Virginia Tech CNS.
6350 CRAY T3E from Manu Mahonen of Center for Scientific Computing
6352 Digital UNIX now uses statvfs for determining free
6353 disk space. Patch from Randall S. Winchester of
6354 the University of Maryland.
6355 HP-UX 11.x from Richard Allen of Opin Kerfi HF and
6356 Regis McEwen of Progress Software Corporation.
6357 IRIX 64 bit fixes from Kari Hurtta of the Finnish
6358 Meteorological Institute.
6359 IRIX 6.2 configuration fix for mail.local from Michael Kyle
6360 of CIC/Advanced Computing Laboratory.
6361 IRIX 6.5 from Thomas H Jones II of SGI.
6362 IRIX 6.X load average code from Bob Mende of SGI.
6363 QNX from Glen McCready <glen@qnx.com>.
6364 SCO 4.2 and 5.x use /usr/bin instead of /usr/ucb for links
6365 to sendmail. Install with group bin instead of kmem
6366 as kmem does not exist. From Guillermo Freige of
6367 Gobernacion de la Pcia de Buenos Aires and Paul
6368 Fischer of BTG, Inc.
6369 SunOS 4.X does not include memmove(). Patch from
6370 Per Hedeland of Ericsson.
6371 SunOS 5.7 includes getloadavg() function for determining
6372 load average. Patch from John Beck of Sun
6374 CONFIG: Increment version number of config file.
6375 CONFIG: add DATABASE_MAP_TYPE to set the default type of database
6376 map for the various maps. The default is hash. Patch from
6377 Robert Harker of Harker Systems.
6378 CONFIG: new confEBINDIR m4 variable for defining the executable
6379 directory for certain programs.
6380 CONFIG: new FEATURE(local_lmtp) to use the new LMTP support for
6381 local mail delivery. By the default, /usr/libexec/mail.local
6382 is used. This is expected to be the mail.local shipped
6383 with 8.9 which is LMTP capable. The path is based on the
6384 new confEBINDIR m4 variable.
6385 CONFIG: Use confEBINDIR in determining path to smrsh for
6386 FEATURE(smrsh). Note that this changes the default from
6387 /usr/local/etc/smrsh to /usr/libexec/smrsh. To obtain the
6388 old path for smrsh, use FEATURE(smrsh, /usr/local/etc/smrsh).
6389 CONFIG: DOMAIN(generic) changes the default confFORWARD_PATH to
6390 include $z/.forward.$w+$h and $z/.forward+$h which allow
6391 the user to setup different .forward files for
6392 user+detail addressing.
6393 CONFIG: add confMAX_RCPTS_PER_MESSAGE, confDONT_PROBE_INTERFACES,
6394 and confDONT_BLAME_SENDMAIL to set MaxRecipientsPerMessage,
6395 DontProbeInterfaces, and DontBlameSendmail options.
6396 CONFIG: by default do not allow relaying (that is, accepting mail
6397 from outside your domain and sending it to another host
6398 outside your domain).
6399 CONFIG: new FEATURE(promiscuous_relay) to allow mail relaying from
6400 any site to any site.
6401 CONFIG: new FEATURE(relay_entire_domain) allows any host in your
6402 domain as defined by the 'm' class ($=m) to relay.
6403 CONFIG: new FEATURE(relay_based_on_MX) to allow relaying based on
6404 the MX records of the host portion of an incoming recipient.
6405 CONFIG: new FEATURE(access_db) which turns on the access database
6406 feature. This database gives you the ability to allow
6407 or refuse to accept mail from specified domains for
6408 administrative reasons. By default, names that are listed
6409 as "OK" in the access db are domain names, not host names.
6410 CONFIG: new confCR_FILE m4 variable for defining the name of the file
6411 used for class 'R'. Defaults to /etc/mail/relay-domains.
6412 CONFIG: new command RELAY_DOMAIN(domain) and RELAY_DOMAIN_FILE(file)
6413 to add items to class 'R' ($=R) for hosts allowed to relay.
6414 CONFIG: new FEATURE(relay_hosts_only) to change the behavior
6415 of FEATURE(access_db) and class 'R' to lookup individual
6417 CONFIG: new FEATURE(loose_relay_check). Normally, if a recipient
6418 using % addressing is used, e.g. user%site@othersite,
6419 and othersite is in class 'R', the check_rcpt ruleset
6420 will strip @othersite and recheck user@site for relaying.
6421 This feature changes that behavior. It should not be
6422 needed for most installations.
6423 CONFIG: new FEATURE(relay_local_from) to allow relaying if the
6424 domain portion of the mail sender is a local host. This
6425 should only be used if absolutely necessary as it opens
6426 a window for spammers. Patch from Randall S. Winchester of
6427 the University of Maryland.
6428 CONFIG: new FEATURE(blacklist_recipients) turns on the ability to
6429 block incoming mail destined for certain recipient
6430 usernames, hostnames, or addresses.
6431 CONFIG: By default, MAIL FROM: commands in the SMTP session will be
6432 refused if the host part of the argument to MAIL FROM: cannot
6433 be located in the host name service (e.g., DNS).
6434 CONFIG: new FEATURE(accept_unresolvable_domains) accepts
6435 unresolvable hostnames in MAIL FROM: SMTP commands.
6436 CONFIG: new FEATURE(accept_unqualified_senders) accepts
6437 MAIL FROM: senders which do not include a domain.
6438 CONFIG: new FEATURE(rbl) Turns on rejection of hosts found in the
6439 Realtime Blackhole List. You can specify the RBL name
6440 server to contact by specifying it as an optional argument.
6441 The default is rbl.maps.vix.com. For details, see
6442 http://maps.vix.com/rbl/.
6443 CONFIG: Call Local_check_relay, Local_check_mail, and
6444 Local_check_rcpt from check_relay, check_mail, and
6445 check_rcpt. Users with local rulesets should place the
6446 rules using LOCAL_RULESETS. If a Local_check_* ruleset
6447 returns $#OK, the message is accepted. If the ruleset
6448 returns a mailer, the appropriate action is taken, else
6449 the return of the ruleset is ignored.
6450 CONFIG: CYRUS_MAILER_FLAGS now includes the /:| mailer flags by
6451 default to support file, :include:, and program deliveries.
6452 CONFIG: Remove the default for confDEF_USER_ID so the binary can
6453 pick the proper default value. See the SECURITY note
6454 above for more information.
6455 CONFIG: FEATURE(nodns) now warns the user that the feature is a
6456 no-op. Patch from Kari Hurtta of the Finnish
6457 Meteorological Institute.
6458 CONFIG: OSTYPE(osf1) now sets DefaultUser (confDEF_USER_ID) to
6459 daemon since DEC's /bin/mail will drop the envelope
6460 sender if run as mailnull. See the Digital UNIX section
6461 of src/README for more information. Problem noted by
6462 Kari Hurtta of the Finnish Meteorological Institute.
6463 CONFIG: .cf files are now stored in the same directory with the
6464 .mc files instead of in the obj directory.
6465 CONFIG: New options confSINGLE_LINE_FROM_HEADER,
6466 confALLOW_BOGUS_HELO, and confMUST_QUOTE_CHARS for
6467 setting SingleLineFromHeader, AllowBogusHELO, and
6468 MustQuoteChars respectively.
6469 MAIL.LOCAL: support -l flag to run LMTP on stdin/stdout. This
6470 SMTP-like protocol allows detailed reporting of delivery
6471 status on a per-user basis. Code donated by John Myers of
6472 CMU (now of Netscape).
6473 MAIL.LOCAL: HP-UX support from Randall S. Winchester of the
6474 University of Maryland. NOTE: mail.local is not
6475 compatible with the stock HP-UX mail format. Be sure to
6476 read mail.local/README.
6477 MAIL.LOCAL: Prevent other mail delivery agents from stealing a
6478 mailbox lock. Patch from Randall S. Winchester of the
6479 University of Maryland.
6480 MAIL.LOCAL: glibc portability from John Kennedy of Cal State
6482 MAIL.LOCAL: IRIX portability from Kari Hurtta of the Finnish
6483 Meteorological Institute.
6484 MAILSTATS: Display the number of rejected and discarded messages
6485 in the StatusFile. Patch from Randall Winchester of the
6486 University of Maryland.
6487 MAKEMAP: New -s flag to ignore safety checks on database map files
6488 such as linked files in world writable directories.
6489 MAKEMAP: Add support for Berkeley DB 2.X. Remove OLD_NEWDB support.
6490 PRALIASES: Add support for Berkeley DB 2.X.
6491 PRALIASES: Do not automatically include NDBM support. Problem
6492 noted by Ralf Hildebrandt of the Technical University of
6494 RMAIL: Improve portability for other platforms. Patches from
6495 Randall S. Winchester of the University of Maryland and
6496 Kari Hurtta of the Finnish Meteorological Institute.
6498 src/Makefiles/Makefile.* files have been modified to use
6499 the new build mechanism and are now BuildTools/OS/*.
6500 src/makesendmail changed to symbolic link to src/Build.
6502 BuildTools/M4/header.m4
6503 BuildTools/M4/depend/BSD.m4
6504 BuildTools/M4/depend/CC-M.m4
6505 BuildTools/M4/depend/NCR.m4
6506 BuildTools/M4/depend/Solaris.m4
6507 BuildTools/M4/depend/X11.m4
6508 BuildTools/M4/depend/generic.m4
6509 BuildTools/OS/AIX.4.2
6510 BuildTools/OS/AIX.4.x
6511 BuildTools/OS/CRAYT3E.2.0.x
6512 BuildTools/OS/HP-UX.11.x
6513 BuildTools/OS/IRIX.6.5
6514 BuildTools/OS/NEXTSTEP.4.x
6515 BuildTools/OS/NeXT.4.x
6516 BuildTools/OS/NetBSD.8.3
6518 BuildTools/OS/SunOS.5.7
6519 BuildTools/OS/dcosx.1.x.NILE
6521 BuildTools/Site/README
6522 BuildTools/bin/Build
6523 BuildTools/bin/configure.sh
6524 BuildTools/bin/find_m4.sh
6525 BuildTools/bin/install.sh
6528 cf/cf/generic-hpux10.cf
6529 cf/feature/accept_unqualified_senders.m4
6530 cf/feature/accept_unresolvable_domains.m4
6531 cf/feature/access_db.m4
6532 cf/feature/blacklist_recipients.m4
6533 cf/feature/loose_relay_check.m4
6534 cf/feature/local_lmtp.m4
6535 cf/feature/promiscuous_relay.m4
6537 cf/feature/relay_based_on_MX.m4
6538 cf/feature/relay_entire_domain.m4
6539 cf/feature/relay_hosts_only.m4
6540 cf/feature/relay_local_from.m4
6542 contrib/doublebounce.pl
6544 mail.local/Makefile.m4
6547 mailstats/Makefile.m4
6551 praliases/Makefile.m4
6561 cf/cf/Makefile (replaced by Makefile.dist)
6563 mail.local/Makefile.dist
6565 mailstats/Makefile.dist
6567 makemap/Makefile.dist
6569 praliases/Makefile.dist
6574 src/Makefiles/Makefile.AIX.4 (split into AIX.4.x and AIX.4.2)
6575 src/Makefiles/Makefile.SMP_DC.OSx.NILE
6576 (renamed BuildTools/OS/dcosx.1.x.NILE)
6577 src/Makefiles/Makefile.Utah (obsolete platform)
6580 cf/cf/Makefile.dist => Makefile
6581 cf/cf/obj/* => cf/cf/*
6582 src/READ_ME => src/README
6584 8.8.8/8.8.8 1997/10/24
6585 If the check_relay ruleset failed, the relay= field was logged
6586 incorrectly. Problem noted by Kari Hurtta of the Finnish
6587 Meteorological Institute.
6588 If /usr/tmp/dead.letter already existed, sendmail could not
6589 add additional bounces to it. Problem noted by Thomas J.
6590 Arseneault of SRI International.
6591 If an SMTP mailer used a non-standard port number for the outgoing
6592 connection, it would be displayed incorrectly in verbose mode.
6593 Problem noted by John Kennedy of Cal State University, Chico.
6594 Log the ETRN parameter specified by the client before altering them
6595 to internal form. Suggested by Bob Kupiec of GES-Verio.
6596 EXPN and VRFY SMTP commands on malformed addresses were logging as
6597 User unknown with bogus delay= values. Change them to log
6598 the same as compliant addresses. Problem noted by Kari E.
6599 Hurtta of the Finnish Meteorological Institute.
6600 Ignore the debug resolver option unless using sendmail debug trace
6601 option for resolver. Problem noted by Greg Nichols of Wind
6603 If SingleThreadDelivery was enabled and the remote server returned a
6604 protocol error on the DATA command, the connection would be
6605 closed but the persistent host status file would not be
6606 unlocked so other sendmail processes could not deliver to
6607 that host. Problem noted by Peter Wemm of DIALix.
6608 If queueing up a message due to an expensive mailer, don't increment
6609 the number of delivery attempts or set the last delivery
6610 attempt time so the message will be delivered on the next
6611 queue run regardless of MinQueueAge. Problem noted by
6612 Brian J. Coan of the Institute for Global Communications.
6613 Authentication warnings of "Processed from queue _directory_" and
6614 "Processed by _username_ with -C _filename_" would be logged
6615 with the incorrect timestamp. Problem noted by Kari E. Hurtta
6616 of the Finnish Meteorological Institute.
6617 Use a better heuristic for detecting GDBM.
6618 Log null connections on dropped connections. Problem noted by
6619 Jon Lewis of Florida Digital Turnpike.
6620 If class dbm maps are rebuilt, sendmail will now detect this and
6621 reopen the map. Previously, they could give stale
6622 results during a single message processing (but would
6623 recover when the next message was received). Fix from
6624 Joe Pruett of Q7 Enterprises.
6625 Do not log failures such as "User unknown" on -bv or SMTP VRFY
6626 requests. Problem noted by Kari E. Hurtta of the
6627 Finnish Meteorological Institute.
6628 Do not send a bounce message back to the sender regarding bad
6629 recipients if the SMTP connection is dropped before the
6630 message is accepted. Problem noted by Kari E. Hurtta of the
6631 Finnish Meteorological Institute.
6632 Use "localhost" instead of "[UNIX: localhost]" when connecting to
6633 sendmail via a UNIX pipe. This will allow rulesets using
6634 $&{client_name} to process without sending the string through
6635 dequote. Problem noted by Alan Barrett of Internet Africa.
6636 A combination of deferred delivery mode, a double bounce situation,
6637 and the inability to save a bounce message to
6638 /var/tmp/dead.letter would cause sendmail to send a bounce
6639 to postmaster but not remove the offending envelope from the
6640 queue causing it to create a new bounce message each time the
6641 queue was run. Problem noted by Brad Doctor of Net Daemons
6643 Remove newlines from hostname information returned via DNS. There are
6644 no known security implications of newlines in hostnames as
6645 sendmail filters newlines in all vital areas; however, this
6646 could cause confusing error messages.
6647 Starting with sendmail 8.8.6, mail sent with the '-t' option would be
6648 rejected if any of the specified addresses were bad. This
6649 behavior was modified to only reject the bad addresses and not
6650 the entire message. Problem noted by Jozsef Hollosi of
6652 Use Timeout.fileopen when delivering mail to a file. Suggested by
6653 Bryan Costales of InfoBeat, Inc.
6654 Display the proper Final-Recipient on DSN messages for non-SMTP
6655 mailers. Problem noted by Kari E. Hurtta of the
6656 Finnish Meteorological Institute.
6657 An error in calculating the available space in the list of addresses
6658 for logging deliveries could cause an address to be silently
6660 Include the initial user environment if sendmail is restarted via
6661 a HUP signal. This will give room for the process title.
6662 Problem noted by Jon Lewis of Florida Digital Turnpike.
6663 Mail could be delivered without a body if the machine does not
6664 support flock locking and runs out of processes during
6665 delivery. Fix from Chuck Lever of the University of Michigan.
6666 Drop recipient address from 251 and 551 SMTP responses per RFC 821.
6667 Problem noted by Kari E. Hurtta of the Finnish Meteorological
6669 Make sure non-rebuildable database maps are opened before the
6670 rebuildable maps (i.e., alias files) in case the database maps
6671 are needed for verifying the left hand side of the aliases.
6672 Problem noted by Lloyd Parkes of Victoria University.
6673 Make sure sender RFC822 source route addresses are alias expanded for
6674 bounce messages. Problem noted by Juergen Georgi of
6675 RUS University of Stuttgart.
6677 Return a temporary error instead of a permanent error if an LDAP map
6678 search returns an error. This will allow sequenced maps which
6679 use other LDAP servers to be checked. Fix from Booker Bense
6680 of Stanford University.
6681 When automatically converting from quoted printable to 8bit text do
6682 not pad bare linefeeds with a space. Problem noted by Theo
6683 Nolte of the University of Technology Aachen, Germany.
6685 Non-standard C compilers may have had a problem compiling
6686 conf.c due to a standard C external declaration of
6687 setproctitle(). Problem noted by Ted Roberts of
6688 Electronic Data Systems.
6689 AUX: has a broken O_EXCL implementation. Reported by Jim
6690 Jagielski of jaguNET Access Services.
6691 BSD/OS: didn't compile if HASSETUSERCONTEXT was defined.
6692 Digital UNIX: Digital UNIX (and possibly others) moves
6693 loader environment variables into the loader memory
6694 area. If one of these environment variables (such as
6695 LD_LIBRARY_PATH) was the last environment variable,
6696 an invalid memory address would be used by the process
6697 title routine causing memory corruption. Problem
6698 noted by Sam Hartman of Mesa Internet Systems.
6699 GNU libc: uses an enum for _PC_CHOWN_RESTRICTED which caused
6700 chownsafe() to always return 0 even if the OS does
6701 not permit file giveaways. Problem noted by
6702 Yasutaka Sumi of The University of Tokyo.
6703 IRIX6: Syslog buffer size set to 512 bytes. Reported by
6704 Gerald Rinske of Siemens Business Services VAS.
6705 Linux: Pad process title with NULLs. Problem noted by
6706 Jon Lewis of Florida Digital Turnpike.
6707 SCO OpenServer 5.0: SIOCGIFCONF ioctl call returns an
6708 incorrect value for the number of interfaces.
6709 Problem noted by Chris Loelke of JetStream Internet
6711 SINIX: Update for Makefile and syslog buffer size from Gerald
6712 Rinske of Siemens Business Services VAS.
6713 Solaris: Make sure HASGETUSERSHELL setting for SunOS is not
6714 used on a Solaris machine. Problem noted by
6715 Stephen Ma of Jtec Pty Limited.
6716 CONFIG: SINIX: Update from Gerald Rinske of Siemens Business
6718 MAKEMAP: Use a better heuristic for detecting GDBM.
6719 CONTRIB: expn.pl: Updated version from the author, David Muir Sharnoff.
6720 OP.ME: Document the F=i mailer flag. Problem noted by Per Hedeland of
6723 8.8.7/8.8.7 1997/08/03
6724 If using Berkeley DB on systems without O_EXLOCK (open a file with
6725 an exclusive lock already set -- i.e., almost all systems
6726 except 4.4-BSD derived systems), the initial attempt at
6727 rebuilding aliases file if the database didn't already
6728 exist would fail. Patch from Raymund Will of LST Software
6730 Bogus incoming SMTP commands would reset the SMTP conversation.
6731 Problem noted by Fredrik Jönsson of the Royal Institute
6732 of Technology, Stockholm.
6733 Since TCP Wrappers includes setenv(), unsetenv(), and putenv(),
6734 some environments could give "multiple definitions" for these
6735 routines during compilation. If using TCP Wrappers, assume
6736 that these routines are included as though they were in the
6737 C library. Patch from Robert La Ferla.
6738 When a NEWDB database map was rebuilt at the same time it was being
6739 used by a queue run, the maps could be left locked for the
6740 duration of the queue run, causing other processes to hang.
6741 Problem noted by Kendall Libby of Shore.NET.
6742 In some cases, NoRecipientAction=add-bcc was being ignored, so the
6743 mail was passed on without any recipient header. This could
6744 cause problems downstream. Problem noted by Xander Jansen
6745 of SURFnet ExpertiseCentrum.
6746 Give error when GDBM is used with sendmail. GDBM's locking and
6747 linking of the .dir and .pag files interferes with sendmail's
6748 locking and security checks. Problems noted by Fyodor
6749 Yarochkin of the Kyrgyz Republic FreeNet.
6750 Don't fsync qf files if SuperSafe option is not set.
6751 Avoid extra calls to gethostbyname for addresses for which a
6752 gethostbyaddr found no value. Also, ignore any returns
6753 from gethostbyaddr that look like a dotted quad.
6754 If PTR lookup fails when looking up an SMTP peer, don't tag it as
6755 "may be forged", since at the network level we pretty much
6756 have to assume that the information is good.
6757 In some cases, errors during an SMTP session could leave files
6759 Better handling of missing file descriptors (0, 1, 2) on startup.
6760 Better handling of non-set-user-ID binaries -- avoids certain obnoxious
6761 errors during testing.
6762 Errors in file locking of NEWDB maps had the incorrect file name
6763 printed in the error message.
6764 If the AllowBogusHELO option were set and an EHLO with a bad or
6765 missing parameter were issued, the EHLO behaved like a HELO.
6766 Load limiting never kicked in for incoming SMTP transactions if the
6767 DeliveryMode=background and any recipient was an alias or
6768 had a .forward file. From Nik Conwell of Boston University.
6769 On some non-Posix systems, the decision of whether chown(2) permits
6770 file giveaway was undefined. From Tetsu Ushijima of the
6771 Tokyo Institute of Technology.
6772 Fix race condition that could cause the body of a message to be
6773 lost (so only the header was delivered). This only occurs
6774 on systems that do not use flock(2), and only when a queue
6775 runner runs during a critical section in another message
6776 delivery. Based on a patch from Steve Schweinhart of
6778 If a qf file was found in a mail queue directory that had a problem
6779 (wrong ownership, bad format, etc.) and the file name was
6780 exactly MAXQFNAME bytes long, then instead of being tried
6781 once, it would be tried on every queue run. Problem noted
6782 by Bryan Costales of Mercury Mail.
6783 If the system supports an st_gen field in the status structure,
6784 include it when reporting that a file has changed after open.
6785 This adds a new compile flag, HAS_ST_GEN (0/1 option).
6786 This out to be checked as well as reported, since it is
6787 theoretically possible for an attacker to remove a file after
6788 it is opened and replace it with another file that has the
6789 same i-number, but some filesystems (notably AFS) return
6790 garbage in this field, and hence always look like the file
6791 has changed. As a practical matter this is not a security
6792 problem, since the files can be neither hard nor soft links,
6793 and on no filesystem (that I am aware of) is it possible to
6794 have two files on the same filesystem with the same i-number
6796 Delete the root Makefile from the distribution -- it is only for
6797 use internally, and does not work at customer sites.
6798 Fix botch that caused the second MAIL FROM: command in a single
6799 transaction to clear the entire transaction. Problem
6800 noted by John Kennedy of Cal State University, Chico.
6801 Work properly on machines that have _PATH_VARTMP defined without
6802 a trailing slash. (And a pox on vendors that decide to
6803 ignore the established conventions!) Problem noted by
6804 Gregory Neil Shapiro of WPI.
6805 Internal changes to make it easier to add another protocol family
6806 (intended for IPv6). Patches are from John Kennedy of
6808 In certain cases, 7->8 bit MIME decoding of Base64 text could leave
6809 an extra space at the beginning of some lines. Problem
6810 noted by Charles Karney of Princeton University; fix based
6811 on a patch from Christophe Wolfhugel.
6813 Allow _PATH_VENDOR_CF to be set in Makefile for consistency
6814 with the _Sendmail_ book, 2nd edition. Note that
6815 the book is actually wrong: _PATH_SENDMAILCF should
6817 AIX 3.x: Include <sys/select.h>. Patch from Gene Rackow
6818 of Argonne National Laboratory.
6819 OpenBSD from from Paul DuBois of the University of Wisconsin.
6820 RISC/os 4.0 from Paul DuBois of the University of Wisconsin.
6821 SunOS: Include <memory.h> to fix warning from util.c. From
6822 James Aldridge of EUnet Ltd.
6823 Solaris: Change STDIR (location of status file) to /etc/mail
6825 Linux, Dynix, UNICOS: Remove -DNDBM and -lgdbm from
6826 Makefiles. Use NEWDB on Linux instead.
6827 NCR MP-RAS 3.x with STREAMware TCP/IP: SIOCGIFNUM ioctl
6828 exists but behaves differently than other OSes.
6829 Add SIOCGIFNUM_IS_BROKEN compile flag to get
6830 around the problem. Problem noted by Tom Moore of
6832 HP-UX 9.x: fix compile warnings for old select API. Problem
6833 noted by Tom Smith of Digital Equipment Corp.
6834 UnixWare 2.x: compile warnings on offsetof macro. Problem
6835 noted by Tom Good of the Community Access Information
6837 SCO 4.2: compile problems caused by a change in the type of
6838 the "length" parameters passed to accept, getpeername,
6839 getsockname, and getsockopt. Adds new compile flags
6840 SOCKADDR_SIZE_T and SOCKOPT_SIZE_T. Problem reported
6841 by Tom Good of St. Vincent's North Richmond Community
6842 Mental Health Center Residential Services.
6843 AIX 4: Use size_t for SOCKADDR_SIZE_T and SOCKOPT_SIZE_T.
6844 Suggested by Brett Hogden of Rochester Gas & Electric
6846 Linux: avoid compile problem for versions of <setjmp.h> that
6847 #define both setjmp and longjmp. Problem pointed out
6848 by J.R. Oldroyd of TerraNet.
6849 CONFIG: SCO UnixWare 2.1: Support for OSTYPE(sco-uw-2.1)
6850 from Christopher Durham of SCO.
6851 CONFIG: NEXTSTEP: define confCW_FILE to
6852 /etc/sendmail/sendmail.cw to match the usual
6853 configuration. Patch from Dennis Glatting of
6855 CONFIG: MAILER(fax) called a program that hasn't existed for a long
6856 time. Convert to use the HylaFAX 4.0 conventions. Suggested
6858 CONFIG: Improve sample anti-spam rulesets in cf/cf/knecht.mc. These
6859 are the rulesets in use on sendmail.org.
6860 MAKEMAP: give error on GDBM files.
6861 MAIL.LOCAL: Make error messages a bit more explicit, for example,
6862 telling more details on what actually changed when "file
6863 changed after open".
6864 CONTRIB: etrn.pl: Ignore comments in Fw files. Support multiple Fw
6866 CONTRIB: passwd-to-alias.pl: Handle 8 bit characters and '-'.
6868 src/Makefiles/Makefile.OpenBSD
6869 src/Makefiles/Makefile.RISCos.4_0
6871 cf/ostype/sco-uw-2.1.m4
6875 8.8.6/8.8.6 1997/06/14
6876 *************************************************************
6877 * The extensive assistance of Gregory Neil Shapiro of WPI *
6878 * in preparing this release is gratefully appreciated. *
6879 * Sun Microsystems has also provided resources toward *
6880 * continued sendmail development. *
6881 *************************************************************
6882 SECURITY: A few systems allow an open with the O_EXCL|O_CREAT open
6883 mode bits set to create a file that is a symbolic link that
6884 points nowhere. This makes it possible to create a root
6885 owned file in an arbitrary directory by inserting the symlink
6886 into a writable directory after the initial lstat(2) check
6887 determined that the file did not exist. The only verified
6888 example of a system having these odd semantics for O_EXCL
6889 and symbolic links was HP-UX prior to version 9.07. Most
6890 systems do not have the problem, since a exclusive create
6891 of a file disallows symbolic links. Systems that have been
6892 verified to NOT have the problem include AIX 3.x, *BSD,
6893 DEC OSF/1, HP-UX 9.07 and higher, Linux, SunOS, Solaris,
6894 and Ultrix. This is a potential exposure on systems that
6895 have this bug and which do not have a MAILER-DAEMON alias
6896 pointing at a legitimate account, since this will cause old
6897 mail to be dropped in /var/tmp/dead.letter.
6898 SECURITY: Problems can occur on poorly managed systems, specifically,
6899 if maps or alias files are in world writable directories.
6900 If your system has alias maps in writable directories, it
6901 is potentially possible for an attacker to replace the .db
6902 (or .dir and .pag) files by symbolic links pointing at
6903 another database; this can be used either to expose
6904 information (e.g., by pointing an alias file at /etc/spwd.db
6905 and probing for accounts), or as a denial-of-service attack
6906 (by trashing the password database). The fix disallows
6907 symbolic links entirely when rebuilding alias files or on
6908 maps that are in writable directories, and always warns on
6909 writable directories; 8.9 will probably consider writable
6910 directories to be fatal errors. This does not represent an
6911 exposure on systems that have alias files in unwritable
6913 SECURITY: disallow .forward or :include: files that are links (hard
6914 or soft) if the parent directory (or any directory in the
6915 path) is writable by anyone other than the owner. This is
6916 similar to the previous case for user files. This change
6917 should not affect most systems, but is necessary to prevent
6918 an attacker who can write the directory from pointing such
6919 files at other files that are readable only by the owner.
6920 SECURITY: Tighten safechown rules: many systems will say that they
6921 have a safe (restricted to root) chown even on files that
6922 are mounted from another system that allows owners to give
6923 away files. The new rules are very strict, trusting file
6924 ownership only in those few cases where the system has
6925 been verified to be at least as paranoid as necessary.
6926 However, it is possible to relax the rules to partially
6927 trust the ownership if the directory path is not world or
6928 group writable. This might allow someone who has a legitimate
6929 :include: file (referenced directly from /etc/aliases) to
6930 become another non-root user if the :include: file is in a
6931 non-writable directory on an NFS-mounted filesystem where
6932 the local system says that giveaway is denied but it is
6933 actually permitted. I believe this to be a very small set
6934 of cases. If in doubt, do not point :include: aliases at
6935 NFS-mounted filesystems.
6936 SECURITY: When setting a numeric group id using the RunAsUser option
6937 (e.g., "O RunAsUser=10:20", the group id would not be set.
6938 Implicit group ids (e.g., "O RunAsUser=mailnull") or alpha
6939 group ids (e.g., "O RunAsUser=mailuser:mailgrp") worked fine.
6940 The user id was still set properly. Problem noted by Uli
6941 Pralle of the Technical University of Berlin.
6942 Save the initial gid set for use when checking for if the
6943 PrivacyOptions=restrictmailq option is set. Problem reported
6944 by Wolfgang Ley of DFN-CERT.
6945 Make 55x reply codes to the SMTP DATA-"." be non-sticky (i.e., a
6946 failure on one message won't affect future messages to the
6948 IP source route printing had an "off by one" error that would
6949 affect any options that came after the route option. Patch
6951 The "Message is too large" error didn't successfully bounce the error
6952 back to the sender. Problem reported by Stephen More of
6953 PSI; patch from Gregory Neil Shapiro of WPI.
6954 Change SMTP status code 553 to map into Extended code 5.1.0 (instead
6955 of 5.1.3); it apparently gets used in multiple ways.
6956 Suggested by John Myers of Portola Communications.
6957 Fix possible extra null byte generated during collection if errors
6958 occur at the beginning of the stream. Patch contributed by
6959 Andrey A. Chernov and Gregory Neil Shapiro.
6960 Code changes to avoid possible reentrant call of malloc/free within
6961 a signal handler. Problem noted by John Beck of Sun
6963 Move map initialization to be earlier so that check_relay ruleset
6964 will have the latest version of the map data. Problem noted
6965 by Paul Forgey of Metainfo; patch from Gregory Neil Shapiro.
6966 If there are fatal errors during the collection phase (e.g., message
6967 too large) don't send the bogus message.
6968 Avoid "cannot open xfAAA00000" messages when sending to aliases that
6969 have errors and have owner- aliases. Problem noted by Michael
6970 Barber of MTU; fix from Gregory Neil Shapiro of WPI.
6971 Avoid null pointer dereference on illegal Boundary= parameters in
6972 multipart/mixed Content-Type: header. Problem noted by
6973 Richard Muirden of RMIT University.
6974 Always print error messages during newaliases (-bi) even if the
6975 ErrorMode is not set to "print". Fix from Gregory Neil
6977 Test mode could core dump if you did a /map lookup in an optional map
6978 that could not be opened. Based on a fix from John Beck of
6980 If DNS is misconfigured so that the last MX record tried points to
6981 a host that does not have an A record, but other MX records
6982 pointed to something reasonable, don't bounce the message
6983 with a "host unknown" error. Note that this should really
6984 be fixed in the zone file for the domain. Problem noted by
6985 Joe Rhett of Navigist, Inc.
6986 If a map fails (e.g., DNS times out) on all recipient addresses, mark
6987 the message as having been tried; otherwise the next queue
6988 run will not realize that this is a second attempt and will
6989 retry immediately. Problem noted by Bryan Costales of
6991 If the clock is set backwards, and a MinQueueAge is set, no jobs
6992 will be run until the later setting of the clock is reached.
6993 "Problem" (I use the term loosely) noted by Eric Hagberg of
6995 If the load average rises above the cutoff threshold (above which
6996 sendmail will not process the queue at all) during a queue
6997 run, abort the queue run immediately. Problem noted by
6998 Bryan Costales of Mercury Mail.
6999 The variable queue processing algorithm (based on the message size,
7000 number of recipients, message precedence, and job age) was
7001 non-functional -- either the entire queue was processed or
7002 none of the queue was processed. The updated algorithm
7003 does no queue run if a single recipient zero size job will
7005 If there is a fatal ("panic") message that will cause sendmail to
7006 die immediately, never hold the error message for future
7008 Force ErrorMode=print in -bt mode so that all errors are printed
7009 regardless of the setting of the ErrorMode option in the
7010 configuration file. Patch from Gregory Neil Shapiro.
7011 New compile flag HASSTRERROR says that this OS has the strerror(3)
7012 routine available in one of the libraries. Use it in conf.h.
7013 The -m (match only) flag now works on host class maps.
7014 If class hash or btree maps are rebuilt, sendmail will now detect
7015 this and reopen the map. Previously, they could give
7016 erroneous results during a single message processing
7017 (but would recover when the next message was received).
7018 Don't delete zero length queue files when doing queue runs until the
7019 files are at least ten minutes old. This avoids a potential
7020 race condition: the creator creates the qf file, getting back
7021 a file descriptor. The queue runner locks it and deletes it
7022 because it is zero length. The creator then writes the
7023 descriptor that is now for a disconnected file, and the
7024 job goes away. Based on a suggestion by Bryan Costales.
7025 When determining the "validated" host name ($_ macro), do a forward
7026 (A) DNS lookup on the result of the PTR lookup and compare
7027 results. If they differ or if the PTR lookup fails, tag the
7028 address as "may be forged".
7029 Log null connections (i.e., hosts that connect but do not do any
7030 substantive activity on the connection before disconnecting;
7031 "substantive" is defined to be MAIL, EXPN, VRFY, or ETRN.
7032 Always permit "writes" to /dev/null regardless of the link count.
7033 This is safe because /dev/null is special cased, and no open
7034 or write is ever actually attempted. Patch from Villy Kruse
7036 If a message cannot be sent because of a 552 (exceeded storage
7037 allocation) response to the MAIL FROM:<>, and a SIZE= parameter
7038 was given, don't return the body in the bounce, since there
7039 is a very good chance that the message will double-bounce.
7040 Fix possible line truncation if a quoted-printable had an =00 escape
7041 in the body. Problem noted by Charles Karney of the Princeton
7042 Plasma Physics Laboratory.
7043 Notify flags (e.g., -NSUCCESS) were lost on user+detail addresses.
7044 Problem noted by Kari Hurtta of the Finnish Meteorological
7046 The MaxDaemonChildren option wasn't applying to queue runs as
7047 documented. Note that this increases the potential denial
7048 of service problems with this option: an attacker can
7049 connect many times, and thereby lock out queue runs as well
7050 as incoming connections. If you use this option, you should
7051 run the "sendmail -bd" and "sendmail -q30m" jobs separately
7052 to avoid this attack. Failure to limit noted by Matthew
7053 Dillon of BEST Internet Communications.
7054 Always give a message in newaliases if alias files cannot be
7055 opened instead of failing silently. Suggested by Gregory
7056 Neil Shapiro. This change makes the code match the O'Reilly
7058 Some older versions of the resolver could return with h_errno == -1
7059 if no name server could be reached, causing mail to bounce
7060 instead of queueing. Treat this like TRY_AGAIN. Fix from
7061 John Beck of SunSoft.
7062 If a :include: file is owned by a user that does not have an entry
7063 in the passwd file, sendmail could dereference a null pointer.
7064 Problem noted by Satish Mynam of Sun Microsystems.
7065 Take precautions to make sure that the SMTP protocol cannot get out
7066 of sync if (for example) an alias file cannot be opened.
7067 Fix a possible race condition that can cause a SIGALRM to come in
7068 immediately after a SIGHUP, causing the new sendmail to die.
7069 Avoid possible hang on SVr3 systems when doing child reaping. Patch
7070 from Villy Kruse of TwinCom.
7071 Ignore improperly formatted SMTP reply codes. Previously these were
7072 partially processed, which could cause confusing error
7074 Fix possible bogus pointer dereference when doing ldapx map lookups
7075 on some architectures.
7077 A/UX: from Jim Jagielski of NASA/GSFC.
7078 glibc: SOCK_STREAM was changed from a #define to an enum,
7079 thus breaking #ifdef SOCK_STREAM. Only option seems
7080 to be to assume SOCK_STREAM if __GNU_LIBRARY__ is
7081 defined. Problem reported by A Sun of the University
7083 Solaris: use SIOCGIFNUM to get the number of interfaces on
7084 the system rather than guessing at compile time.
7085 Patch contributed by John Beck of Sun Microsystems.
7086 Intel Paragon: from Wendy Lin of Purdue University.
7087 GNU Hurd: from Miles Bader of the GNU project.
7088 RISC/os 4.50 from Harlan Stenn of PFCS Corporation.
7089 ISC Unix: wait never returns if SIGCLD signals are blocked.
7090 Unfortunately releasing them opens a race condition,
7091 but there appears to be no fix for this. Patch from
7092 Gregory Neil Shapiro.
7093 BIND 8.1 for IPv6 compatibility from John Kennedy.
7094 Solaris: a bug in strcasecmp caused characters with the
7095 high order bit set to apparently randomly match
7096 letters -- for example, $| (0233) matches "i" and "I".
7097 Problem noted by John Gregson of the University of
7099 IRIX 6.x: make Makefile.IRIX.6.2 apply to all 6.x. From
7101 IRIX 6.x: Create Makefiles for systems that claim to be
7102 IRIX64 but are 6.2 or higher (so use the regular
7104 IRIX 6.x: Fix load average computation on 64 bit kernels.
7105 Problem noted by Eric Hagberg of Morgan Stanley.
7106 CONFIG: Some canonification was still done for UUCP-like addresses
7107 even if FEATURE(nocanonify) was set. Problem pointed out by
7109 CONFIG: In some cases UUCP mailers wouldn't properly recognize all
7110 local names as local. Problem noted by Jeff Polk of BSDI;
7111 fix provided by Gregory Neil Shapiro.
7112 CONFIG: The "local:user" syntax entries in mailertables and other
7113 "mailer:user" syntax locations returned an incorrect value
7114 for the $h macro. Problem noted by Gregory Neil Shapiro.
7115 CONFIG: Retain "+detail" information when forwarding mail to a
7116 MAIL_HUB, LUSER_RELAY, or LOCAL_RELAY. Patch from Philip
7117 Guenther of Gustavus Adolphus College.
7118 CONFIG: Make sure user+detail works for FEATURE(virtusertable);
7119 rules are the same as for aliasing. Based on a patch from
7120 Gregory Neil Shapiro.
7121 CONFIG: Break up parsing rules into several pieces; this should
7122 have no functional change in this release, but makes it
7123 possible to have better anti-spam rulesets in the future.
7124 CONFIG: Disallow double dots in host names to avoid having the
7125 HostStatusDirectory store status under the wrong name.
7126 In some cases this can be used as a denial-of-service attack.
7127 Problem noted by Ron Jarrell of Virginia Tech, patch from
7128 Gregory Neil Shapiro.
7129 CONFIG: Don't use F=m (multiple recipients per invocation) for
7130 MAILER(procmail), but do pass F=Pn9 (include Return-Path:,
7131 don't include From_, and convert to 8-bit). Suggestions
7132 from Kimmo Suominen and Roderick Schertler.
7133 CONFIG: Domains under $=M (specified with MASQUERADE_DOMAIN) were
7134 being masqueraded as though FEATURE(masquerade_entire_domain)
7135 was specified, even when it wasn't.
7136 MAIL.LOCAL: Solaris 2.6 has snprintf. From John Beck of SunSoft.
7137 MAIL.LOCAL: SECURITY: check to make sure that an attacker doesn't
7138 "slip in" a symbolic link between the lstat(2) call and the
7139 exclusive open. This is only a problem on System V derived
7140 systems that allow an exclusive create on files that are
7141 symbolic links pointing nowhere.
7142 MAIL.LOCAL: If the final mailbox close() failed, the user id was
7143 not reset back to root, which on some systems would cause
7144 later mailboxes to fail. Also, any partial message would
7145 not be truncated, which could result in repeated deliveries.
7146 Problem noted by Bruce Evans via Peter Wemm (FreeBSD
7148 MAKEMAP: Handle cases where O_EXLOCK is #defined to be 0. A similar
7149 change to the sendmail map code was made in 8.8.3. Problem
7150 noted by Gregory Neil Shapiro.
7151 MAKEMAP: Give warnings on file problems such as map files that are
7152 symbolic links; although makemap is not set-user-ID root, it is
7153 often run as root and hence has the potential for the same
7154 sorts of problems as alias rebuilds.
7155 MAKEMAP: Change compilation so that it will link properly on
7157 CONTRIB: etrn.pl: search for Cw as well as Fw lines in sendmail.cf.
7158 Accept an optional list of arguments following the server
7159 name for the ETRN arguments to use (instead of $=w). Other
7160 miscellaneous bug fixes. From Christian von Roques via
7161 John Beck of Sun Microsystems.
7162 CONTRIB: Add passwd-to-alias.pl, contributed by Kari Hurtta. This
7163 Perl script converts GECOS information in the /etc/passwd
7164 file into aliases, allowing for faster access to full name
7165 lookups; it is also clever about adding aliases (to root)
7166 for system accounts.
7169 cf/ostype/gnuhurd.m4
7171 contrib/passwd-to-alias.pl
7172 src/Makefiles/Makefile.IRIX64.6.1
7173 src/Makefiles/Makefile.IRIX64.6.x
7175 src/Makefiles/Makefile.IRIX.6.2 => Makefile.IRIX.6.x
7176 src/Makefiles/Makefile.IRIX64 => Makefile.IRIX64.6.0
7178 8.8.5/8.8.5 1997/01/21
7179 SECURITY: Clear out group list during startup. Without this, sendmail
7180 will continue to run with the group permissions of the caller,
7181 even if RunAsUser is specified.
7182 SECURITY: Make purgestat (-bH) be root-only. This is not in response
7183 to any known attack, but it's best to be conservative.
7184 Suggested by Peter Wemm of DIALix.
7185 SECURITY: Fix buffer overrun problem in MIME code that has possible
7186 security implications. Patch from Alex Garthwaite of the
7187 University of Pennsylvania.
7188 Use of a -f flag with a phrase attached (e.g., "-f 'Full Name <addr>'")
7189 would truncate the address after "Full". Although the -f
7190 syntax is incorrect (since it is in the envelope, it
7191 shouldn't have comments and full names), the failure mode
7192 was unnecessarily awful.
7193 Fix a possible null pointer dereference when converting 8-bit data
7194 to a 7-bit format. Problem noted by Jim Hutchins of
7195 Sandia National Labs and David James of British Telecom.
7196 Clear out stale state that affected F=9 on SMTP mailers in queue
7197 runs. Although this really shouldn't be used (F=9 is for
7198 final delivery only, and using it on an SMTP mailer makes
7199 it possible for a message to be converted from 8->7->8->7
7200 bits several times), it shouldn't have failed with a syserr.
7201 Problem noted by Eric Hagberg of Morgan Stanley.
7202 _Really_ fix the multiple :maildrop code in the user database
7203 module. Patch from Roy Mongiovi of Georgia Tech.
7204 Let F lines in the configuration file actually read root-only
7205 files if the configuration file is safe. Based on a
7206 patch from Keith Reynolds of SCO.
7207 ETRN followed by QUIT would hold the connection open until the queue
7208 run completed. Problem noted by Truck Lewis of TDK
7210 It turns out that despite the documentation, the TCP wrappers library
7211 does _not_ log rejected connections. Do the logging ourselves.
7212 Problem noted by Fletcher Mattox of the University of Texas
7214 If sendmail finds a qf file in its queue directory that is an unknown
7215 version (e.g., when backing out to an old version), the
7216 error is reported on every queue run. Change it to only
7217 give the error once (and rename the qf => Qf). Patch from
7218 William A. Gianopoulos of Raytheon Company.
7219 Start a new session when doing background delivery; currently it
7220 ignored signals but didn't start a new signal, that caused
7221 some problems if a background process tried to send mail
7222 under certain circumstances. Problem noted by Eric Hagberg
7223 of Morgan Stanley; fix from Kari Hurtta.
7224 Simplify test for skipping a queue run to just check if the current
7225 load average is >= the queueing load average. Previously
7226 the check factored in some other parameters that caused it
7227 to essentially never skip the queue run. Patch from Bryan
7229 If the SMTP server is running in "nullserver" mode (that is, it is
7230 rejecting all commands), start sleeping after MAXBADCOMMAND
7231 (25) commands; this helps prevent a bad guy from putting
7232 you into a tight loop as a denial-of-service attack. Based
7233 on an e-mail conversation with Brad Knowles of AOL.
7234 Slow down when too many "light weight" commands have been issued;
7235 this helps prevent a class of denial-of-service attacks.
7236 The current values and defaults are:
7237 MAXNOOPCOMMANDS 20 NOOP, VERB, ONEX, XUSR
7238 MAXHELOCOMMANDS 3 HELO, EHLO
7239 MAXVRFYCOMMANDS 6 VRFY, EXPN
7240 MAXETRNCOMMANDS 8 ETRN
7241 These will probably be configurable in a future release.
7242 On systems that have uid_t typedefed to be an unsigned short, programs
7243 that had the F=S flag and no U= equate would be invoked with
7244 the real uid set to 65535 rather than being left unchanged.
7245 In some cases, NOTIFY=NEVER was not being honored. Problem noted
7246 by Steve Hubert of the University of Washington, Seattle.
7247 Mail that was Quoted-Printable encoded and had a soft line break on
7248 the last line (i.e., an incomplete continuation) had the last
7249 line dropped. Since this appears to be illegal it isn't
7250 clear what to do with it, but flushing the last line seems
7251 to be a better "fail soft" approach. Based on a patch from
7253 If AllowBogusHELO and PrivacyOptions=needmailhelo are both set, a
7254 bogus HELO command still causes the "Polite people say HELO
7255 first" error message. Problem pointed out by Chris Thomas
7256 of UCLA; patch from John Beck of SunSoft.
7257 Handle "sendmail -bp -qSfoobar" properly if restrictqrun is set
7258 in PrivacyOptions. The -q shouldn't turn this command off.
7259 Problem noted by Murray Kucherawy of Pacific Bell Internet;
7260 based on a patch from Gregory Neil Shapiro of WPI.
7261 Don't consider SMTP reply codes 452 or 552 (exceeded storage allocation)
7262 in a DATA transaction to be sticky; these can occur because
7263 a message is too large, and smaller messages should still go
7264 through. Problem noted by Matt Dillon of Best Internet
7266 In some cases bounces were saved in /var/tmp/dead.letter even if they
7267 had been successfully delivered to the envelope sender.
7268 Problem noted Eric Hagberg of Morgan Stanley; solution from
7269 Gregory Neil Shapiro of WPI.
7270 Give better diagnostics on long alias lines. Based on code contributed
7271 by Patrick Gosling of the University of Cambridge.
7272 Increase the number of virtual interfaces that will be probed for
7273 alternate names. Problem noted by Amy Rich of Shore.Net.
7275 UXP/DS V20L10 for Fujitsu DS/90: Makefile patches from
7276 Toshiaki Nomura of Fujitsu Limited.
7277 SunOS with LDAP support: compile problems with struct timeval.
7278 Patch from Nick Cuccia of TCSI Corporation.
7279 SCO: from Keith Reynolds of SCO.
7280 Solaris: kstat load average computation wasn't being used.
7281 Fixes from Michael Ju. Tokarev of Telecom Service, JSC
7283 OpenBSD: from Jason Downs of teeny.org.
7284 Altos System V: from Tim Rice.
7285 Solaris 2.5: from Alan Perry of SunSoft.
7286 Solaris 2.6: from John Beck of SunSoft.
7287 Harris Nighthawk PowerUX (mh6000 box): from Bob Miorelli
7288 of Pratt & Whitney <miorelli@pweh.com>.
7289 CONFIG: It seems that I hadn't gotten the Received: line syntax
7290 _just_right_ yet. Tweak it again. I'll omit the names
7291 of the "contributors" (quantity two) in this one case.
7292 As of now, NO MORE DISCUSSION about the syntax of the
7294 CONFIG: Although FEATURE(nullclient) uses EXPOSED_USER (class $=E),
7295 it never inserts that class into the output file. Fix it
7296 so it will honor EXPOSED_USER but will _not_ include root
7297 automatically in this class. Problem noted by Ronan KERYELL
7298 of Centre de Recherche en Informatique de l'École Nationale
7299 Supérieure des Mines de Paris (CRI-ENSMP).
7300 CONFIG: Clean up handling of "local:" syntax in relay specifications
7301 such as LUSER_RELAY. This change permits the following
7302 syntaxes: ``local:'' will send to the same user on the
7303 local machine (e.g., in a mailertable entry for "host",
7304 ``local:'' will cause an address addressed to user@host to
7305 go to user on the local machone). ``local:user'' will send
7306 to the named user on the local machine. ``local:user@host''
7307 is equivalent to ``local:user'' (the host is ignored). In
7308 all cases, the original user@host is passed in $@ (i.e., the
7309 detail information). Inspired by a report from Michael Fuhr.
7310 CONFIG: Strip quotes from the first word of an "error:" host
7311 indication. This lets you set (for example) the LUSER_RELAY
7312 to be ``error:\"5.1.1\" Your Message Here''. Note the use
7313 of the \" so that the resulting string is properly quoted.
7314 Problem noted by Gregory Neil Shapiro of WPI.
7315 OP.ME: documentation was inconsistent about whether sendmail did a
7316 NOOP or a RSET to probe the connection (it does a RSET).
7317 Inconsistency noted by Deeran Peethamparam.
7318 OP.ME: insert additional blank pages so it will print properly on
7319 a duplex printer. From Matthew Black of Cal State University,
7322 8.8.4/8.8.4 1996/12/02
7323 SECURITY: under some circumstances, an attacker could get additional
7324 permissions by hard linking to files that were group
7325 writable by the attacker. The solution is to disallow any
7326 files that have hard links -- this will affect .forward,
7327 :include:, and output files. Problem noted by Terry
7328 Kyriacopoulos of Interlog Internet Services. As a
7329 workaround, set UnsafeGroupWrites -- always a good idea.
7330 SECURITY: the TryNullMXList (w) option should not be safe -- if it
7331 is, it is possible to do a denial-of-service attack on
7332 MX hosts that rely on the use of the null MX list. There
7333 is no danger if you have this option turned off (the default).
7334 Problem noted by Dan Bernstein. Also, make the DontInitGroups
7335 unsafe. I know of no specific attack against this, although
7336 a denial-of-service attack is probably possible, but in theory
7337 you should not be able to safely tweak anything that affects
7338 the permissions that are used when mail is delivered.
7339 Purgestat could go into an infinite loop if one of the host status
7340 directories somehow became empty. Problem noted by Roy
7341 Mongiovi of Georgia Tech.
7342 Processes got "lost" when counting children due to a race condition.
7343 This caused "proc_list_probe: lost pid" messages to be logged.
7344 Problem noted by several people.
7345 On systems with System V SIGCLD child signal semantics (notably AIX
7346 and HP-UX), mail transactions would print the message "451
7347 SMTP-MAIL: lost child: No child processes". Problem noted
7349 Miscellaneous compiler warnings on picky compilers (or when setting
7350 gcc to high warning levels). From Tom Moore of NCR Corp.
7351 SMTP protocol errors, and most errors on MAIL FROM: lines should
7352 not be persistent between runs, since they are based on the
7353 message rather than the host. Problem noted by Matt Dillon
7354 of Best Internet Communications.
7355 The F=7 flag was ignored on SMTP mailers. Problem noted by Tom Moore
7356 of NCR (a.k.a., AT&T Global Information Solutions).
7357 Avoid the possibility of having a child daemon run to completion
7358 (including closing the SMTP socket) before the parent has
7359 had a chance to close the socket; this can cause the parent
7360 to hang for a long time waiting for the socket to drain.
7361 Patch from Don Lewis of TDK Semiconductor.
7362 If the fork() failed in a queue run, the queue runners would not be
7363 rescheduled (so queue runs would stop). Patch from Don Lewis.
7364 Some error conditions in ETRN could cause output without an SMTP
7365 status code. Problem noted by Don Lewis.
7366 Multiple :maildrop addresses in the user database didn't work properly.
7367 Patch from Roy Mongiovi of Georgia Tech.
7368 Add ".db" automatically onto any user database spec that does not
7369 already have it; this is for consistency with makemap, the
7370 K line, and the documentation. Inconsistency pointed out
7372 Allow sendmail to be properly called in nohup mode. Patch from
7373 Kyle Jones of UUNET.
7374 Change ETRN to ignore but still update host status files; previously
7375 it would ignore them and not save the updated status, which
7376 caused stale information to be maintained. Based on a patch
7377 from Christopher Davis of Kapor Enterprises Inc. Also, have
7378 ETRN ignore the MinQueueAge option.
7379 Patch long term host status to recover more gracefully from an empty
7380 host status file condition. Patch from NAKAMURA Motonori
7381 of Kyoto University.
7382 Several patches to signal handling code to fix potential race
7383 conditions from Don Lewis.
7384 Make it possible to compile with -DDAEMON=0 (previously it had some
7385 compile errors). This turns DAEMON, QUEUE, and SMTP into
7386 0/1 compilation flags. Note that DAEMON is an obsolete
7387 compile flag; use NETINET instead. Solution based on a
7388 patch from Bryan Costales.
7390 AIX4: getpwnam() and getpwuid() do a sequential scan of the
7391 /etc/security/passwd file when called as root. This
7392 is very slow on some systems. To speed it up, use the
7393 (undocumented) _getpw{nam,uid}_shadow() routines.
7394 Patch from Chris Thomas of UCLA/OAC Systems Group.
7395 SCO 5.x: include -lprot in the Makefile. Patch from Bill
7396 Glicker of Burrelle's Information Service.
7397 NEWS-OS 4.x: need a definition for MODE_T to compile. Patch
7398 from Makoto MATSUSHITA of Osaka University.
7399 SunOS 4.0.3: compile problems. Patches from Andrew Cole of
7400 Leeds University and SASABE Tetsuro of the University
7402 DG/UX 5.4.4.11 from Brian J. Murrell of InterLinx Support
7404 Domain/OS from Don (Truck) Lewis of TDK Semiconductor Corp.
7405 I believe this to have only been a problem if you
7406 compiled with -DUSE_VENDOR_CF_PATH -- another reason
7407 to stick with /etc/sendmail.cf as your One True Path.
7408 Digital UNIX (OSF/1 on Alpha) load average computation from
7409 Martin Laubach of the Technischen Universität Wien.
7410 CONFIG: change default Received: line to be multiple lines rather
7411 than one long one. By popular demand.
7412 MAIL.LOCAL: warnings weren't being logged on some systems. Patch
7413 from Jerome Berkman of U.C. Berkeley.
7414 MAKEMAP: be sure to zero hinfo to avoid cruft that can cause runs
7415 to take a very long time. Problem noted by Yoshiro YONEYA
7416 of NTT Software Corporation.
7417 CONTRIB: add etrn.pl, contributed by John Beck.
7421 8.8.3/8.8.3 1996/11/17
7422 SECURITY: it was possible to get a root shell by lying to sendmail
7423 about argv[0] and then sending it a signal. Problem noted
7424 by Leshka Zakharoff <leshka@leshka.chuvashia.su> on the
7425 best-of-security list.
7426 Log sendmail binary version number in "Warning: .cf version level
7427 (%d) exceeds program functionality (%d) message" -- this
7428 should make it clearer to people that they are running
7430 Fix a problem that occurs when you open an SMTP connection and then
7431 do one or more ETRN commands followed by a MAIL command; at
7432 the end of the DATA phase sendmail would incorrectly report
7433 "451 SMTP-MAIL: lost child: No child processes". Problem
7434 noted by Eric Bishop of Virginia Tech.
7435 When doing text-based host canonification (typically /etc/hosts
7436 lookup), a null host name would match any /etc/hosts entry
7437 with space at the end of the line. Problem noted by Steve
7438 Hubert of the University of Washington, Seattle.
7439 7 to 8 bit BASE64 MIME conversions could duplicate bits of text.
7440 Problem reported by Tom Smith of Digital Equipment Corp.
7441 Increase the size of the DNS answer buffer -- the standard UDP packet
7442 size PACKETSZ (512) is not sufficient for some nameserver
7443 answers containing very many resource records. The resolver
7444 may also switch to TCP and retry if it detects UDP packet
7445 overflow. Also, allow for the fact that the resolver
7446 routines res_query and res_search return the size of the
7447 *un*truncated answer in case the supplied answer buffer it
7448 not big enough to accommodate the entire answer. Patch from
7450 Improvements to MaxDaemonChildren code. If you think you have too
7451 many children, probe the ones you have to verify that they
7452 are still around. Suggested by Jared Mauch of CICnet, Inc.
7453 Also, do this probe before growing the vector of children
7454 pids; this previously caused the vector to grow indefinitely
7455 due to a race condition. Problem reported by Kyle Jones of
7457 On some architectures, <db.h> (from the Berkeley DB library) defines
7458 O_EXLOCK to zero; this fools the map compilation code into
7459 thinking that it can avoid race conditions by locking on open.
7460 Change it to check for O_EXLOCK non-zero. Problem noted by
7461 Leif Erlingsson of Data Lege.
7462 Always call res_init() on startup (if compiled in, of course) to
7463 allow the sendmail.cf file to tweak resolver flags; without
7464 it, flag tweaks in ResolverOptions are ignored. Patch from
7465 Andrew Sun of Merrill Lynch.
7466 Improvements to host status printing code. Suggested by Steve Hubert
7467 of the University of Washington, Seattle.
7468 Change MinQueueAge option processing to do the check for the job age
7469 when reading the queue file, rather than at the end; this
7470 avoids parsing the addresses, which can do DNS lookups.
7471 Problem noted by John Beck of InReference, Inc.
7472 When MIME was being 7->8 bit decoded, "From " lines weren't being
7473 properly escaped. Problem noted by Peter Nilsson of the
7474 University of Linkoping.
7475 In some cases, sendmail would retain root permissions during queue
7476 runs even if RunAsUser was set. Problem noted by Mark
7477 Thomas of Mark G. Thomas Consulting.
7478 If the F=l flag was set on an SMTP mailer to indicate that it is
7479 actually local delivery, and NOTIFY=SUCCESS is specified in
7480 the envelope, and the receiving SMTP server speaks DSN, then
7481 the DSN would be both generated locally and propagated to the
7483 The U= mailer field didn't correctly extract the group id if the
7484 user id was numeric. Problem noted by Kenneth Herron of
7485 MCI Telecommunications Communications.
7486 If a message exceeded the fixed maximum size on input, the body of
7487 the message was included in the bounce. Note that this did
7488 not occur if it exceeded the maximum _output_ size. Problem
7489 reported by Kyle Jones of UUNET.
7491 AIX4: 4.1 doesn't have a working setreuid(2); change the
7492 AIX4 defines to use seteuid(2) instead, which
7493 works on 4.1 as well as 4.2. Problem noted by
7494 HÃ¥kan Lindholm of interAF, Sweden.
7495 AIX4: use tzname[] vector to determine time zone name.
7496 Patch from NAKAMURA Motonori of Kyoto University.
7497 MkLinux: add Makefile.Linux.ppc and OSTYPE(mklinux) support.
7498 Contributed by Paul DuBois <dubois@primate.wisc.edu>.
7499 Solaris: kstat(3k) support for retrieving the load average.
7500 This adds the LA_KSTAT definition for LA_TYPE.
7501 The outline of the implementation was contributed
7502 by Michael Tokarev of Telecom Service, JSC, Moscow.
7503 HP-UX 10.0 gripes about the (perfectly legal!) forward
7504 declaration of struct rusage at the top of conf.h;
7505 change it to only be included if you are using gcc,
7506 which is apparently the only compiler that requires
7507 it in the first place. Problem noted by Jeff
7508 Earickson of Colby College.
7509 IRIX: don't default to using gcc. IRIX is a civilized
7510 operating system that comes with a decent compiler
7511 by default. Problem noted by Barry Bouwsma and
7513 CONFIG: specify F=9 as default in FEATURE(local_procmail) for
7514 consistency with other local mailers. Inconsistency
7515 pointed out by Teddy Hogeborn <teddy@fukt.hk-r.se>.
7516 CONFIG: if the "limited best mx" feature is used (to reduce DNS
7517 overhead) as part of the bestmx_is_local feature, the
7518 domain part was dropped from the name. Patch from Steve
7519 Hubert of the University of Washington, Seattle.
7520 CONFIG: catch addresses of the form "user@.dom.ain"; these could
7521 end up being translated to the null host name, which would
7522 return any entry in /etc/hosts that had a space at the end
7523 of the line. Problem noted by Steve Hubert of the
7524 University of Washington, Seattle.
7525 CONFIG: add OSTYPE(aix4). From Michael Sofka of Rensselaer
7526 Polytechnic Institute.
7527 MAKEMAP: tweak hash and btree parameters for better performance.
7528 Patch from Matt Dillon of Best Internet Communications.
7530 src/Makefiles/Makefile.Linux.ppc
7532 cf/ostype/mklinux.m4
7534 8.8.2/8.8.2 1996/10/18
7535 SECURITY: fix a botch in the 7-bit MIME patch; the previous patch
7536 changed the code but didn't fix the problem.
7538 Solaris: Don't use the system getusershell(3); it can
7539 apparently corrupt the heap in some circumstances.
7540 Problem found by Ken Pizzini of Spry, Inc.
7541 OP.ME: document several mailer flags that were accidentally omitted
7542 from this document. These flags were F=d, F=j, F=R, and F=9.
7545 8.8.1/8.8.1 1996/10/17
7546 SECURITY: unset all environment variables that the resolver will
7547 examine during queue runs and daemon mode. Problem noted
7548 by Dan Bernstein of the University of Illinois at Chicago.
7549 SECURITY: in some cases an illegal 7-bit MIME-encoded text/plain
7550 message could overflow a buffer if it was converted back
7551 to 8 bits. This caused core dumps and has the potential
7552 for a remote attack. Problem first noted by Gregory Shapiro
7554 Avoid duplicate deliveries of error messages on systems that don't
7555 have flock(2) support. Patch from Motonori Nakamura of
7557 Ignore null FallBackMX (V) options. If this option is null (as
7558 opposed to undefined) it can cause "null signature" syserrs
7559 on illegal host names.
7560 If a Base64 encoded text/plain message has no trailing newline in
7561 the encoded text, conversion back to 8 bits will drop the
7562 final line. Problem noted by Pierre David.
7563 If running with a RunAsUser, sendmail would give bogus "cannot
7564 setuid" (or seteuid, or setreuid) messages on some systems.
7565 Problem pointed out by Jordan Mendelson of Web Services, Inc.
7566 Always print error messages in -bv mode -- previously, -bv would
7567 be absolutely silent on errors if the error mode was sent
7568 to (say) mail-back. Problem noted by Kyle Jones of UUNET.
7569 If -qI/R/S is set (or the ETRN command is used), ignore all long
7570 term host status. This is necessary because it is common
7571 to do this when you know a host has just come back up.
7572 Disallow duplicate HELO/EHLO commands as required by RFC 1651 section
7573 4.2. Excessive permissiveness noted by Lee Flight of the
7574 University of Leicester.
7575 If a service (such as NIS) is specified as the last entry in the
7576 service switch, but that service is not compiled in, sendmail
7577 would return a temporary failure when an entry was not found
7578 in the map. This caused the message to be queued instead of
7579 bouncing immediately. Problem noted by Harry Edmon of the
7580 University of Washington.
7582 Solaris 2.3 had compilation problems in conf.c. Several
7583 people pointed this out.
7584 NetBSD from Charles Hannum of MIT.
7585 AIX4 improvements based on info from Steve Bauer of South
7586 Dakota School of Mines & Technology.
7587 CONFIG: ``error:code message'' syntax was broken in virtusertable.
7588 Patch from Gil Kloepfer Jr.
7589 CONFIG: if FEATURE(nocanonify) was specified, hosts in $=M (set
7590 using MASQUERADE_DOMAIN) were not masqueraded unless they
7591 were also in $=w. Problem noted by Zoltan Basti of
7593 MAIL.LOCAL: patches to compile and link cleanly on AIX. Based
7594 on a patch from Eric Hagberg of Morgan Stanley.
7595 MAIL.LOCAL: patches to compile on NEXTSTEP. From Patrick Nolan
7596 of Stanford via Robert La Ferla.
7598 8.8.0/8.8.0 1996/09/26
7599 Under some circumstances, Bcc: headers would not be properly
7600 deleted. Pointed out by Jonathan Kamens of OpenVision.
7601 Log a warning if the sendmail daemon is invoked without a full
7602 pathname, which prevents "kill -1" from working. I was
7603 urged to put this in by Andrey A. Chernov of DEMOS (Russia).
7604 Fix small buffer overflow. Since the data in this buffer was not
7605 read externally, there was no security problem (and in fact
7606 probably wouldn't really overflow on most compilers). Pointed
7607 out by KIZU takashi of Osaka University.
7608 Fix problem causing domain literals such as [1.2.3.4] to be ignored
7609 if a FallbackMXHost was specified in the configuration file
7610 -- all mail would be sent to the fallback even if the original
7611 host was accessible. Pointed out by Munenari Hirayama of
7613 A message that didn't terminate with a newline would (sometimes) not
7614 have the trailing "." added properly in the SMTP dialogue,
7615 causing SMTP to hang. Patch from Per Hedeland of Ericsson.
7616 The DaemonPortOptions suboption to bind to a particular address was
7617 incorrect and nonfunctional due to a misunderstanding of the
7618 semantics of binding on a passive socket. Patch from
7619 NIIBE Yutaka of Mitsubishi Research Institute.
7620 Increase the number of MX hosts for a single name to 100 to better
7621 handle the truly huge service providers such as AOL, which
7622 has 13 at the moment (and climbing). In order to avoid
7623 trashing memory, the buffer for all names has only been
7624 slightly increased in size, to 12.8K from 10.2K -- this means
7625 that if a single name had 100 MX records, the average size
7626 of those records could not exceed 128 bytes. Requested by
7627 Brad Knowles of America On Line.
7628 Restore use of IDENT returns where the OSTYPE field equals "OTHER".
7629 Urged by Dan Bernstein of U.C. Berkeley.
7630 Print q_statdate and q_specificity in address structure debugging
7632 Expand MCI structure flag bits for debugging output.
7633 Support IPv6-style domain literals, which can have colons between
7635 Log open file descriptors for the "cannot dup" messages in deliver();
7636 this is an attempt to track down a bug that one person seems
7637 to be having (it may be a Solaris bug!).
7638 DSN NOTIFY parameters were not properly propagated across queue runs;
7639 this caused the NOTIFY info to sometimes be lost. Problem
7640 pointed out by Claus Assmann of the
7641 Christian-Albrechts-University of Kiel.
7642 The statistics gathered in the sendmail.st file were too high; in
7643 some cases failures (e.g., user unknown or temporary failure)
7644 would count as a delivery as far as the statistics were
7645 concerned. Problem noted by Tom Moore of AT&T GIS.
7646 Systems that don't have flock() would not send split envelopes in
7647 the initial run. Problem pointed out by Leonard Zubkoff of
7649 Move buffer overflow checking -- these primarily involve distrusting
7650 results that may come from NIS and DNS.
7651 4.4-BSD-derived systems, including FreeBSD, NetBSD, and BSD/OS didn't
7652 include <paths.h> and hence had the wrong pathnames for a few
7653 things like /var/tmp. Reported by Matthew Green.
7654 Conditions were reversed for the Priority: header, resulting in all
7655 values being interpreted as non-urgent except for non-urgent,
7656 which was interpreted as normal. Patch from Bryan Costales.
7657 The -o (optional) flag was being ignored on hash and btree maps
7658 since 8.7.2. Fix from Bryan Costales.
7659 Content-Types listed in class "q" will always be encoded as
7660 Quoted-Printable (or more accurately, will never be encoded
7661 as base64). The class can have primary types (e.g., "text")
7662 or full types (e.g., "text/plain"). Based on a suggestion by
7663 Marius Olafsson of the University of Iceland.
7664 Define ${envid} to be the original envelope id (from the ESMTP DSN
7665 dialogue) so it can be passed to programs in mailers.
7666 Define ${bodytype} to be the body type (from the -B flag or the
7667 BODY= ESMTP parameter) so it can be passed to programs in
7669 Cause the VRFY command to return 252 instead of 250 unless the F=q
7670 flag is set in the mailer descriptor. Suggested by John
7672 Implement ESMTP ETRN command to flush the queue for a specific host.
7673 The command takes a host name; data for that host is
7674 immediately (and asynchronously) flushed. Because this shares
7675 the -qR implementation, other hosts may be attempted, but
7676 there should be no security implications. Implementation
7677 from John Beck of InReference, Inc. See RFC 1985 for details.
7678 Add three new command line flags to pass in DSN parameters: -V envid
7679 (equivalent to ENVID=envid on the MAIL command), -R ret
7680 (equivalent to RET=ret on the MAIL command), and -Nnotify
7681 (equivalent to NOTIFY=notify on the RCPT command). Note
7682 that the -N flag applies to all recipients; there is no way
7683 to specify per-address notifications on the command line,
7684 nor is there an equivalent for the ORCPT= per-address
7686 Restore LogLevel option to be safe (it can only be increased);
7687 apparently I went into paranoid mode between 8.6 and 8.7
7688 and made it unsafe. Pointed out by Dabe Murphy of the
7689 University of Maryland.
7690 New logging on log level 15: all SMTP traffic. Patches from
7691 Andrew Gross of San Diego Supercomputer Center.
7692 NetInfo property value searching code wasn't stopping when it found
7693 a match. This was causing the wrong values to be found (and
7694 had a memory leak). Found by Bastian Schleuter of TU-Berlin.
7695 Add new F=0 (zero) mailer flag to turn off MX lookups. It was pointed
7696 out by Bill Wisner of Electronics for Imaging that you can't
7697 use the bracket address form for the MAIL_HUB macro, since
7698 that causes the brackets to remain in the envelope recipient
7699 address used for delivery. The simple fix (stripping off the
7700 brackets in the config file) breaks the use of IP literal
7701 addresses. This flag will solve that problem.
7702 Add MustQuoteChars option. This is a list of characters that must
7703 be quoted if they are found in the phrase part of an address
7704 (that is, the full name part). The characters @,;:\()[] are
7705 always in this list and cannot be removed. The default is
7706 this list plus . and ' to match RFC 822.
7707 Add AllowBogusHELO option; if set, sendmail will allow HELO commands
7708 that do not include a host name for back compatibility with
7709 some stupid SMTP clients. Setting this violates RFC 1123
7711 Add MaxDaemonChildren option; if this is set, sendmail will start
7712 rejecting connections if it has more than this many
7713 outstanding children accepting mail. Note that you may
7714 see more processes than this because of outgoing mail; this
7715 is for incoming connections only.
7716 Add ConnectionRateThrottle option. If set to a positive value, the
7717 number of incoming SMTP connections that will be permitted
7718 in a single second is limited to this number. Connections are
7719 not refused during this time, just deferred. The intent is to
7720 flatten out demand so that load average limiting can kick in.
7721 It is less radical than MaxDaemonChildren, which will stop
7722 accepting connections even if all the connections are idle
7723 (e.g., due to connection caching).
7724 Add Timeout.hoststatus option. This interval (defaulting to 30m)
7725 specifies how long cached information about the state of a
7726 host will be kept before they are considered stale and the
7727 host is retried. If you are using persistent host status
7728 (i.e., the HostStatusDirectory option is set) this will apply
7729 between runs; otherwise, it applies only within a single queue
7730 run and hence is useful only for hosts that have large queues
7731 that take a very long time to run.
7732 Add SingleLineFromHeader option. If set, From: headers are coerced
7733 into being a single line even if they had newlines in them
7734 when read. This is to get around a botch in Lotus Notes.
7735 Text class maps were totally broken -- if you ever retrieved the last
7736 item in a table it would be truncated. Problem noted by
7737 Gregory Neil Shapiro of WPI.
7738 Extend the lines printed by the mailq command (== the -bp flag) when
7739 -v is given to 120 characters; this allows more information
7740 to be displayed. Suggested by Gregory Neil Shapiro of WPI.
7741 Allow macro definitions (`D' lines) with unquoted commas; previously
7742 this was treated as end-of-input. Problem noted by Bryan
7744 The RET= envelope parameter (used for DSNs) wasn't properly written
7745 to the queue file. Fix from John Hughes of Atlantic
7747 Close /var/tmp/dead.letter after a successful write -- otherwise
7748 if this happens in a queue run it can cause nasty delays.
7749 Problem noted by Mark Horton of AT&T.
7750 If userdb entries pointed to userdb entries, and there were multiple
7751 values for a given key, the database cursor would get
7752 trashed by the recursive call. Problem noted by Roy Mongiovi
7753 of Georgia Tech. Fixed by reading all the values and creating
7754 a comma-separated list; thus, the -v output will be somewhat
7755 different for this case.
7756 Fix buffer allocation problem with Hesiod-based userdb maps when
7757 HES_GETMAILHOST is defined. Based on a patch by Betty Lee
7758 of Stanford University.
7759 When envelopes were split due to aliases with owner- aliases, and
7760 there was some error on one of the lists, more than one of
7761 the owners would get the message. Problem pointed out by
7762 Roy Mongiovi of Georgia Tech.
7763 Detect excessive recursion in macro expansions, e.g., $X defined
7764 in terms of $Y which is defined in terms of $X. Problem
7765 noted by Bryan Costales; patch from Eric Wassenaar.
7766 When using F=U to get "ugly UUCP" From_ lines, a buffer could in
7767 some cases get trashed causing bogus From_ lines. Fix from
7768 Kyle Jones of UUNET.
7769 When doing load average initialization, if the nlist call for avenrun
7770 failed, the second and subsequent lookups wouldn't notice
7771 that fact causing bogus load averages to be returned. Noted
7772 by Casper Dik of Sun Holland.
7773 Fix problem with incompatibility with some versions of inet_aton that
7774 have changed the return value to unsigned, so a check for an
7775 error return of -1 doesn't work. Use INADDR_NONE instead.
7776 This could cause mail to addresses such as [foo.com] to bounce
7777 or get dropped. Problem noted by Christophe Wolfhugel of the
7779 DSNs were inconsistent if a failure occurred during the DATA phase
7780 rather than the RCPT phase: the Action: would be correct, but
7781 the detailed status information would be wrong. Problem noted
7782 by Bob Snyder of General Electric Company.
7783 Add -U command line flag and the XUSR ESMTP extension, both indicating
7784 that this is the initial MUA->MTA submission. The flag current
7785 does nothing, but in future releases (when MUAs start using
7786 these flags) it will probably turn on things like DNS
7788 Default end-of-line string (E= specification on mailer [M] lines)
7789 to \r\n on SMTP mailers. Default remains \n on non-SMTP
7791 Change the internal definition for the *file* and *include* mailers
7792 to have $u in the argument vectors so that they aren't
7793 misinterpreted as SMTP mailers and thus use \r\n line
7794 termination. This will affect anyone who has redefined
7795 either of these in their configuration file.
7796 Don't assume that IDENT servers close the connection after a query;
7797 responses can be newline terminated. From Terry Kennedy of
7798 St. Peter's College.
7799 Avoid core dumps on erroneous configuration files that have
7800 $#mailer with nothing following. From Bryan Costales.
7801 Avoid null pointer dereference with high debug values in unlockqueue.
7802 Fix from Randy Martin of Clemson University.
7803 Fix possible buffer overrun when expanding very large macros. Fix
7804 from Kyle Jones of UUNET.
7805 After 25 EXPN or VRFY commands, start pausing for a second before
7806 processing each one. This avoids a certain form of denial
7807 of service attack. Potential attack pointed out by Bryan
7809 Allow new named (not numbered!) config file rules to do validity
7810 checking on SMTP arguments: check_mail for MAIL commands and
7811 check_rcpt for RCPT commands. These rulesets can do anything
7812 they want; their result is ignored unless they resolve to the
7813 $#error mailer, in which case the indicated message is printed
7814 and the command is rejected. Similarly, the check_compat
7815 ruleset is called before delivery with "from_addr $| to_addr"
7816 (the $| is a meta-symbol used to separate the two addresses);
7817 it can give a "this sender can't send to this recipient"
7818 notification. Note that this patch allows $| to stand alone
7820 Define new macros ${client_name}, ${client_addr}, and ${client_port}
7821 that have the name, IP address, and port number (respectively)
7822 of the SMTP client (that is, the entity at the other end of
7823 the connection. These can be used in (e.g.) check_rcpt to
7824 verify that someone isn't trying to relay mail through your
7825 host inappropriately. Be sure to use the deferred evaluation
7826 form, for example $&{client_name}, to avoid having these bound
7827 when sendmail reads the configuration file.
7828 Add new config file rule check_relay to check the incoming connection
7829 information. Like check_compat, it is passed the host name
7830 and host address separated by $| and can reject connections
7832 Allow IDA-style recursive function calls. Code contributed by Mark
7833 Lovell and Paul Vixie.
7834 Eliminate the "No ! in UUCP From address!" message" -- instead, create
7835 a virtual UUCP address using either a domain address or the $k
7836 macro. Based on code contributed by Mark Lovell and Paul
7838 Add Stanford LDAP map. Requires special libraries that are not
7839 included with sendmail. Contributed by Booker C. Bense
7840 <bbense@networking.stanford.edu>; contact him for support.
7841 See also the src/READ_ME file.
7842 Allow -dANSI to turn on ANSI escape sequences in debug output; this
7843 puts metasymbols (e.g., $+) in reverse video. Really useful
7844 only for debugging deep bits of code where it is important to
7845 distinguish between the single-character metasymbol $+ and the
7846 two characters $, +.
7847 Changed ruleset 89 (executed in dumpstate()) to a named ruleset,
7849 Add new UnsafeGroupWrites option; if set, .forward and :include:
7850 files that are group writable are considered "unsafe" -- that
7851 is, programs and files referenced from such files are not
7853 Delete bogosity test for FallBackMXhost; this prevented it to be a
7854 name that was not in DNS or was a domain-literal. Problem
7856 Change the introduction to error messages to more clearly delineate
7857 permanent from temporary failures; if both existed in a
7858 single message it could be confusing. Suggested by John
7859 Beck of InReference, Inc.
7860 The IngoreDot (i) option didn't work for lines that were terminated
7861 with CRLF. Problem noted by Ted Stockwell of Secure
7862 Computing Corporation.
7863 Add a heuristic to improve the handling of unbalanced `<' signs in
7864 message headers. Problem reported by Matt Dillon of Best
7865 Internet Communications.
7866 Check for bogus characters in the 0200-0237 range; since these are
7867 used internally, very strange errors can occur if those
7868 characters appear in headers. Problem noted by Anders Gertz
7870 Implement 7 -> 8 bit MIME conversions. This only takes place if the
7871 recipient mailer has the F=9 flag set, and only works on
7872 text/plain body types. Code contributed by Marius Olafsson
7873 of the University of Iceland.
7874 Special case "postmaster" name so that it is always treated as lower
7875 case in alias files regardless of configuration settings;
7876 this prevents some potential problems where "Postmaster" or
7877 "POSTMASTER" might not match "postmaster". In most cases
7878 this change is a no-op.
7879 The -o map flag was ignored for text maps. Problem noted by Bryan
7881 The -a map flag was ignored for dequote maps. Problem noted by
7883 Fix core dump when a lookup of a class "prog" map returns no
7884 response. Patch from Bryan Costales.
7885 Log instances where sendmail is deferring or rejecting connections
7886 on LogLevel 14. Suggested by Kyle Jones of UUNET.
7887 Include port number in process title for network daemons. Suggested
7888 by Kyle Jones of UUNET.
7889 Send ``double bounces'' (errors that occur when sending an error
7890 message) to the address indicated in the DoubleBounceAddress
7891 option (default: postmaster). Previously they were always
7892 sent to postmaster. Suggested by Kyle Jones of UUNET.
7893 Add new mode, -bD, that acts like -bd in all respects except that
7894 it runs in foreground. This is useful for using with a
7895 wrapper that "watches" system services. Suggested by Kyle
7897 Fix botch in spacing around (parenthesized) comments in addresses
7898 when the comment comes before the address. Patch from
7899 Motonori Nakamura of Kyoto University.
7900 Use the prefix "Postmaster notify" on the Subject: lines of messages
7901 that are being bounced to postmaster, rather than "Returned
7902 mail". This permits the person who is postmaster more
7903 easily determine what messages are to their role as
7904 postmaster versus bounces to mail they actually sent. Based
7905 on a suggestion by Motonori Nakamura.
7906 Add new value "time" for QueueSortOrder option; this causes the queue
7907 to be sorted strictly by the time of submission. Note that
7908 this can cause very bad behavior over slow lines (because
7909 large jobs will tend to delay small jobs) and on nodes with
7910 heavy traffic (because old things in the queue for hosts that
7911 are down delay processing of new jobs). Also, this does not
7912 guarantee that jobs will be delivered in submission order
7913 unless you also set DeliveryMode=queue. In general, it should
7914 probably only be used on the command line, and only in
7915 conjunction with -qRhost.domain. In fact, there are very few
7916 cases where it should be used at all. Based on an
7917 implementation by Motonori Nakamura.
7918 If a map lookup in ruleset 5 returns tempfail, queue the message in
7919 the same manner as other rulesets. Previously a temporary
7920 failure in ruleset 5 was ignored. Patch from Booker Bense
7921 of Stanford University.
7922 Don't proceed to the next MX host if an SMTP MAIL command returns a
7923 5yz (permanent failure) code. The next MX host will still be
7924 tried if the connection cannot be opened in the first place
7925 or if the MAIL command returns a 4yz (temporary failure) code.
7926 (It's hard to know what to do here, since neither RFC 974 nor
7927 RFC 1123 specify when to proceed to the next MX host.)
7928 Suggested by Jonathan Kamens of OpenVision, Inc.
7929 Add new "-t" flag for map definitions (the "K" line in the .cf file).
7930 This causes map lookups that get a temporary failure (e.g.,
7931 name server failure) to _not_ defer the delivery of the
7932 message. This should only be used if your configuration file
7933 is prepared to do something sensible in this case. Based on
7934 an idea by Gregory Shapiro of WPI.
7935 Fix problem finding network interface addresses. Patch from
7937 Don't reject qf entries that are not owned by your effective uid if
7938 you are not running set-user-ID; this makes management of
7939 certain kinds of firewall setups difficult. Patch
7940 suggested by Eamonn Coleman of Qualcomm.
7941 Add persistent host status. This keeps the information normally
7942 maintained within a single queue run in disk files that are
7943 shared between sendmail instances. The HostStatusDirectory
7944 is the directory in which the information is maintained. If
7945 not set, persistent host status is turned off. If not a full
7946 pathname, it is relative to the queue directory. A common
7947 value is ".hoststat".
7948 There are also two new operation modes:
7949 * -bh prints the status of hosts that have had recent
7951 * -bH purges the host statuses. No attempt is made to save
7952 recent status information.
7953 This feature was originally written by Paul Vixie of Vixie
7954 Enterprises for KJS and adapted for V8 by Mark Lovell of
7955 Bigrock Consulting. Paul's funding of Mark and Mark's patience
7956 with my insistence that things fit cleanly into the V8
7957 framework is gratefully appreciated.
7958 New SingleThreadDelivery option (requires HostStatusDirectory to
7959 operate). Avoids letting two sendmails on the local machine
7960 open connections to the same remote host at the same time.
7961 This reduces load on the other machine, but can cause mail to
7962 be delayed (for example, if one sendmail is delivering a huge
7963 message, other sendmails won't be able to send even small
7964 messages). Also, it requires another file descriptor (for the
7965 lock file) per connection, so you may have to reduce
7966 ConnectionCacheSize to avoid running out of per-process
7967 file descriptors. Based on the persistent host status code
7968 contributed by Paul Vixie and Mark Lovell.
7969 Allow sending to non-simple files (e.g., /dev/null) even if the
7970 SafeFileEnvironment option is set. Problem noted by Bryan
7972 The -qR flag mistakenly matched flags in the "R" line of the queue
7973 file. Problem noted by Bryan Costales.
7974 If a job was aborted using the interrupt signal (e.g., control-C from
7975 the keyboard), on some occasions an empty df file would be
7976 left around; these would collect in the queue directory.
7977 Problem noted by Bryan Costales.
7978 Change the makesendmail script to enhance the search for Makefiles
7979 based on release number. For example, on SunOS 5.5.1, it will
7980 search for Makefile.SunOS.5.5.1, Makefile.SunOS.5.5, and then
7981 Makefile.SunOS.5.x (in addition to the other rules, e.g.,
7982 adding $arch). Problem noted by Jason Mastaler of Atlanta
7984 When creating maps using "newaliases", always map the keys to lower
7985 case when creating the map unless the -f flag is specified on
7986 the map itself. Previously this was done based on the F=u
7987 flag in the local mailer, which meant you could create aliases
7988 that you could never access. Problem noted by Bob Wu of DEC.
7989 When a job was read from the queue, the bits causing notification on
7990 failure or delay were always set. This caused those
7991 notifications to be sent even if NOTIFY=NEVER had been
7992 specified. Problem noted by Steve Hubert of the University
7993 of Washington, Seattle.
7994 Add new configurable routine validate_connection (in conf.c). This
7995 lets you decide if you are willing to accept traffic from
7996 this host. If it returns FALSE, all SMTP commands will return
7997 "550 Access denied". -DTCPWRAPPERS will include support for
7998 TCP wrappers; you will need to add -lwrap to the link line.
7999 (See src/READ_ME for details.)
8000 Don't include the "THIS IS A WARNING MESSAGE ONLY" banner on postmaster
8001 bounces. Some people seemed to think that this could be
8002 confusing (even though it is true). Suggested by Motonori
8004 Add new RunAsUser option; this causes sendmail to do a setuid to that
8005 user early in processing to avoid potential security problems.
8006 However, this means that all .forward and :include: files must
8007 be readable by that user, and all files to be written must be
8008 writable by that user and all programs will be executed by that
8009 user. It is also incompatible with the SafeFileEnvironment
8010 option. In other words, it may not actually add much to
8011 security. However, it should be useful on firewalls and other
8012 places where users don't have accounts and the aliases file is
8014 Add Timeout.iconnect. This is like Timeout.connect except it is used
8015 only on the first attempt to delivery to an address. It could
8016 be set to be lower than Timeout.connect on the principle that
8017 the mail should go through quickly to responsive hosts; less
8018 responsive hosts get to wait for the next queue run.
8019 Fix a problem on Solaris that occasionally causes programs
8020 (such as vacation) to hang with their standard input connected
8021 to a UDP port. It also created some signal handling problems.
8022 The problems turned out to be an interaction between vfork(2)
8023 and some of the libraries, particularly NIS/NIS+. I am
8024 indebted to Tor Egge <tegge@idt.ntnu.no> for this fix.
8025 Change user class map to do the same matching that actual delivery
8026 will do instead of just a /etc/passwd lookup. This adds
8027 fuzzy matching to the user map. Patch from Dan Oscarsson.
8028 The Timeout.* options are not safe -- they can be used to create a
8029 denial-of-service attack. Problem noted by Christophe
8031 Don't send PostmasterCopy messages in the event of a "delayed"
8032 notification. Suggested by Barry Bouwsma.
8033 Don't advertise "VERB" ESMTP extension if the "noexpn" privacy
8034 option is set, since this disables VERB mode. Suggested
8035 by John Hawkinson of MIT.
8036 Complain if the QueueDirectory (Q) option is not set. Problem noted
8037 by Motonori Nakamura of Kyoto University.
8038 Only queue messages on transient .forward open failures if there
8039 were no successful opens. The previous behavior caused it
8040 to queue even if a "fall back" .forward was found. Problem
8041 noted by Ann-Kian Yeo of the Dept. of Information Systems
8042 and Computer Science (DISCS), NUS, Singapore.
8043 Don't do 8->7 bit conversions when bouncing a MIME message that
8044 is bouncing because of a MIME error during 8->7 bit conversion;
8045 the encapsulated message will bounce again, causing a loop.
8046 Problem noted by Steve Hubert of the University of Washington.
8047 Create xf (transcript) files using the TempFileMode option value
8048 instead of 0644. Suggested by Ann-Kian Yeo of the
8049 National University of Singapore.
8050 Print errors if setgid/setuid/etc. fail during delivery. This helps
8051 detect cases where DefaultUser is set to something that the
8052 system can't cope with.
8054 Support for AIX/RS 2.2.1 from Mark Whetzel of Western
8055 Atlas International.
8056 Patches for Intel Paragon OSF/1 1.3 from Leo Bicknell
8058 On DEC OSF/1 3.2 and earlier, the MatchGECOS code would only
8059 work on the first recipient of a message due to a
8060 bug in the getpwent family. If this is something you
8061 use, you can define DEC_OSF_BROKEN_GETPWENT=1 for a
8062 workaround. From Maximum Entropy of Sanford C.
8063 Bernstein and Associates.
8064 FreeBSD 1.1.5.1 uname -r returns a string containing
8065 parentheses, which breaks makesendmail. Reported
8066 by Piero Serini <piero@strider.ibenet.it>.
8067 Sequent DYNIX/ptx 4.0.2 patches from Jack Woolley of
8068 Systems and Computer Technology Corporation.
8069 Solaris 2.x: omit the UUCP grade parameter (-g flag) because
8070 it is system-dependent. Problem noted by J.J. Bailey
8071 of Bailey Computer Consulting.
8072 Pyramid NILE running DC/OSx support from Earle F. Ake of
8073 Hassler Communication Systems Technology, Inc.
8074 HP-UX 10.x compile glitches, reported by Anne Brink of the
8075 U.S. Army and James Byrne of Harte & Lyne Limited.
8076 NetBSD from Matthew Green of the NetBSD crew.
8077 SCO 5.x from Keith Reynolds of SCO.
8078 IRIX 6.2 from Robert Tarrall of the University of
8079 Colorado and Kari Hurtta of the Finnish Meteorological
8081 UXP/DS (Fujitsu/ICL DS/90 series) support from Diego R.
8082 Lopez, CICA (Seville).
8083 NCR SVR4 MP-RAS 3.x support from Tom Moore of NCR.
8084 PTX 3.2.0 from Kenneth Stailey of the US Department of Labor
8085 Employment Standards Administration.
8086 Altos System V (5.3.1) from Tim Rice of Multitalents.
8087 Concurrent Systems Corporation Maxion from Donald R. Laster
8089 NetInfo maps (improved debugging and multi-valued aliases)
8090 from Adrian Steinmann of Steinmann Consulting.
8091 ConvexOS 11.5 (including SecureWare C2 and the Share Scheduler)
8092 from Eric Schnoebelen of Convex.
8093 Linux 2.0 mail.local patches from Horst von Brand.
8094 NEXTSTEP 3.x compilation from Robert La Ferla.
8095 NEXTSTEP 3.x code changes from Allan J. Nathanson of NeXT.
8096 Solaris 2.5 configuration fixes for mail.local by Jim Davis
8097 of the University of Arizona.
8098 Solaris 2.5 has a working setreuid. Noted by David Linn of
8099 Vanderbilt University.
8100 Solaris changes for praliases, makemap, mailstats, and smrsh.
8101 Previously you had to add -DSOLARIS in Makefile.dist;
8102 this auto-detects. Based on a patch from Randall
8103 Winchester of the University of Maryland.
8104 CONFIG: add generic-nextstep3.3.mc file. Contributed by
8105 Robert La Ferla of Hot Software.
8106 CONFIG: allow mailertables to resolve to ``error:code message''
8107 (where "code" is an exit status) on domains (previously
8108 worked only on hosts). Patch from Cor Bosman of Xs4all
8110 CONFIG: hooks for IPv6-style domain literals.
8111 CONFIG: predefine ALIAS_FILE and change the prototype file so that
8112 if it is undefined the AliasFile option is never set; this
8113 should be transparent for most everyone. Suggested by John
8115 CONFIG: add FEATURE(limited_masquerade). Without this feature, any
8116 domain listed in $=w is masqueraded. With it, only those
8117 domains listed in a MASQUERADE_DOMAIN macro are masqueraded.
8118 CONFIG: add FEATURE(masquerade_entire_domain). This causes
8119 masquerading specified by MASQUERADE_DOMAIN to apply to all
8120 hosts under those domains as well as the domain headers
8121 themselves. For example, if a configuration had
8122 MASQUERADE_DOMAIN(foo.com), then without this feature only
8123 foo.com would be masqueraded; with it, *.foo.com would be
8124 masqueraded as well. Based on an implementation by Richard
8125 (Pug) Bainter of U. Texas.
8126 CONFIG: add FEATURE(genericstable) to do a more general rewriting of
8127 outgoing addresses. Defaults to ``hash -o /etc/genericstable''.
8128 Keys are user names; values are outgoing mail addresses. Yes,
8129 this does overlap with the user database, and figuring out
8130 just when to use which one may be tricky. Based on code
8131 contributed by Richard (Pug) Bainter of U. Texas with updates
8132 from Per Hedeland of Ericsson.
8133 CONFIG: add FEATURE(virtusertable) to do generalized rewriting of
8134 incoming addresses. Defaults to ``hash -o /etc/virtusertable''.
8135 Keys are either fully qualified addresses or just the host
8136 part (with the @ sign). For example, a table containing:
8137 info@foo.com foo-info
8138 info@bar.com bar-info
8139 @baz.org jane@elsewhere.net
8140 would send all mail destined for info@foo.com to foo-info
8141 (which is presumably an alias), mail addressed to info@bar.com
8142 to bar-info, and anything addressed to anyone at baz.org will
8143 be sent to jane@elsewhere.net. The names foo.com, bar.com,
8144 and baz.org must all be in $=w. Based on discussions with
8145 a great many people.
8146 CONFIG: add nullclient configurations to define SMTP_MAILER_FLAGS.
8147 Suggested by Richard Bainter.
8148 CONFIG: add FAX_MAILER_ARGS to tweak the arguments passed to the
8150 CONFIG: allow mailertable entries to resolve to local:user; this
8151 passes the original user@host in to procmail-style local
8152 mailers as the "detail" information to allow them to do
8153 additional clever processing. From Joe Pruett of
8154 Teleport Corporation. Delivery to the original user can
8155 be done by specifying "local:" (with nothing after the colon).
8156 CONFIG: allow any context that takes "mailer:domain" to also take
8157 "mailer:user@domain" to force mailing to the given user;
8158 "local:user" can also be used to do local delivery. This
8159 applies on *_RELAY and in the mailertable entries. Based
8160 on a suggestion by Ribert Kiessling of Easynet.
8161 CONFIG: Allow FEATURE(bestmx_is_local) to take an argument that
8162 limits the possible domains; this reduces the number of DNS
8163 lookups required to support this feature. For example,
8164 FEATURE(bestmx_is_local, my.site.com) limits the lookups
8165 to domains under my.site.com. Code contributed by Anthony
8166 Thyssen <anthony@cit.gu.edu.au>.
8167 CONFIG: LOCAL_RULESETS introduces any locally defined rulesets,
8168 such as the check_rcpt ruleset. Suggested by Gregory Shapiro
8170 CONFIG: MAILER_DEFINITIONS introduces any mailer definitions, in the
8171 event you have to define local mailers. Suggested by
8172 Gregory Shapiro of WPI.
8173 CONFIG: fix cases where a three- (or more-) stage route-addr could
8174 be misinterpreted as a list:...; syntax. Based on a patch by
8175 Vlado Potisk <Vlado_Potisk@tempest.sk>.
8176 CONFIG: Fix masquerading of UUCP addresses when the UUCP relay is
8177 remotely connected. The address host!user was being
8178 converted to host!user@thishost instead of host!user@uurelay.
8179 Problem noted by William Gianopoulos of Raytheon Company.
8180 CONFIG: add confTO_ICONNECT to set Timeout.iconnect.
8181 CONFIG: change FEATURE(redirect) message from "User not local" to
8182 "User has moved"; the former wording was confusing if the
8183 new address is still on the local host. Based on a suggestion
8185 CONFIG: add support in FEATURE(nullclient) for $=E (exposed users).
8186 However, the class is not pre-initialized to contain root.
8187 Suggested by Gregory Neil Shapiro.
8188 CONTRIB: Remove XLA code at the request of the author, Christophe
8190 CONTRIB: Add re-mqueue.pl, contributed by Paul Pomes of Qualcomm.
8191 MAIL.LOCAL: make it possible to compile mail.local on Solaris. Note
8192 well: this produces a slightly different mailbox format (no
8193 Content-Length: headers), file ownerships and modes are
8194 different (not owned by group mail; mode 600 instead of 660),
8195 and the local mailer flags will have to be tweaked (make them
8196 match bsd4.4) in order to use this mailer. Patches from Paul
8197 Hammann of the Missouri Research and Education Network.
8198 MAIL.LOCAL: in some cases it could return EX_OK even though there
8199 was a delivery error, such as if the ownership on the file
8200 was wrong or the mode changed between the initial stat and
8201 the open. Problem reported by William Colburn of the New
8202 Mexico Institute of Mining and Technology.
8203 MAILSTATS: handle zero length files more reliably. Patch from Bryan
8205 MAILSTATS: add man page contributed by Keith Bostic of BSDI.
8206 MAKEMAP: The -d flag (to allow duplicate keys) to a btree map wasn't
8207 honored. Fix from Michael Scott Shappe.
8208 PRALIASES: add man page contributed by Keith Bostic of BSDI.
8210 src/Makefiles/Makefile.AIX.2
8211 src/Makefiles/Makefile.IRIX.6.2
8212 src/Makefiles/Makefile.maxion
8213 src/Makefiles/Makefile.NCR.MP-RAS.3.x
8214 src/Makefiles/Makefile.SCO.5.x
8215 src/Makefiles/Makefile.UXPDSV20
8216 mailstats/mailstats.8
8217 praliases/praliases.8
8218 cf/cf/generic-nextstep3.3.mc
8219 cf/feature/genericstable.m4
8220 cf/feature/limited_masquerade.m4
8221 cf/feature/masquerade_entire_domain.m4
8222 cf/feature/virtusertable.m4
8226 cf/ostype/solaris2.ml.m4
8228 contrib/re-mqueue.pl
8230 src/Makefiles/Makefile.Solaris
8234 src/Makefiles/Makefile.NCR3000 => Makefile.NCR.MP-RAS.2.x
8235 src/Makefiles/Makefile.SCO.3.2v4.2 => Makefile.SCO.4.2
8236 src/Makefiles/Makefile.UXPDS => Makefile.UXPDSV10
8237 src/Makefiles/Makefile.NeXT => Makefile.NeXT.2.x
8238 src/Makefiles/Makefile.NEXTSTEP => Makefile.NeXT.3.x
8240 8.7.6/8.7.3 1996/09/17
8241 SECURITY: It is possible to force getpwuid to fail when writing the
8242 queue file, causing sendmail to fall back to running programs
8243 as the default user. This is not exploitable from off-site.
8244 Workarounds include using a unique user for the DefaultUser
8245 (old u & g options) and using smrsh as the local shell.
8246 SECURITY: fix some buffer overruns; in at least one case this allows
8247 a local user to get root. This is not known to be exploitable
8248 from off-site. The workaround is to disable chfn(1) commands.
8250 8.7.5/8.7.3 1996/03/04
8251 Fix glitch in 8.7.4 when putting certain internal lines; this can
8252 in some case cause connections to hang or messages to have
8253 extra spaces in odd places. Patch from Eric Wassenaar;
8254 reports from Eric Hall of Chiron Corporation, Stephen
8255 Hansen of Stanford University, Dean Gaudet of HotWired,
8258 8.7.4/8.7.3 1996/02/18
8259 SECURITY: In some cases it was still possible for an attacker to
8260 insert newlines into a queue file, thus allowing access to
8261 any user (except root).
8262 CONFIG: no changes -- it is not a bug that the configuration
8263 version number is unchanged.
8265 8.7.3/8.7.3 1995/12/03
8266 Fix botch in name server timeout in RCPT code; this problem caused
8267 two responses in SMTP, which breaks things horribly. Fix
8268 from Gregory Neil Shapiro of WPI.
8269 Verify that L= value on M lines cannot be negative, which could cause
8270 negative array subscripting. Not a security problem since
8271 this has to be in the config file, but it could have caused
8272 core dumps. Pointed out by Bryan Costales.
8273 Fix -d21 debug output for long macro names. Pointed out by Bryan
8276 SCO doesn't have ftruncate. From Bill Aten of Computerizers.
8277 IBM's version of arpa/nameser.h defaults to the wrong byte
8278 order. Tweak it to work properly. Based on fixes
8279 from Fletcher Mattox of UTexas and Betty Lee of
8280 Stanford University.
8281 CONFIG: add confHOSTS_FILE m4 variable to set HostsFile option.
8282 Deficiency pointed out by Bryan Costales of ICSI.
8284 8.7.2/8.7.2 1995/11/19
8285 REALLY fix the backslash escapes in SmtpGreetingMessage,
8286 OperatorChars, and UnixFromLine options. They were not
8287 properly repaired in 8.7.1.
8288 Completely delete the Bcc: header if and only if there are other
8289 valid recipient headers (To:, Cc: or Apparently-To:, the
8290 last being a historic botch, of course). If Bcc: is the
8291 only recipient header in the message, its value is tossed,
8292 but the header name is kept. The old behavior (always keep
8293 the header name and toss the value) allowed primary recipients
8294 to see that a Bcc: went to _someone_.
8295 Include queue id on ``Authentication-Warning: <host>: <user> set
8296 sender to <address> using -f'' syslog messages. Suggested
8298 If a sequence or switch map lookup entry gets a tempfail but then
8299 continues on to another map type, but the name is not found,
8300 return a temporary failure from the sequence or switch map.
8301 For example, if hosts search ``dns files'' and DNS fails
8302 with a tempfail, the hosts map will go on and search files,
8303 but if it fails the whole thing should be a tempfail, not
8304 a permanent (host unknown) failure, even though that is the
8305 failure in the hosts.files map. This error caused hard
8306 bounces when it should have requeued.
8307 Aliases to files such as /users/bar/foo/inbox, with /users/bar/foo
8308 owned by bar mode 700 and inbox being set-user-ID bar stopped
8309 working properly due to excessive paranoia. Pointed out by
8310 John Hawkinson of Panix.
8311 An SMTP RCPT command referencing a host that gave a nameserver
8312 timeout would return a 451 command (8.6 accepted it and
8313 queued it locally). Revert to the 8.6 behavior in order
8314 to simplify queue management for clustered systems. Suggested
8315 by Gregory Neil Shapiro of WPI. The same problem could break
8316 MH, which assumes that the SMTP session will succeed (tsk, tsk
8317 -- mail gets lost!); this was pointed out by Stuart Pook of
8319 Fix possible buffer overflow in munchstring(). This was not a security
8320 problem because you couldn't specify any argument to this
8321 without first giving up root privileges, but it is still a
8322 good idea to avoid future problems. Problem noted by John
8323 Hawkinson and Sam Hartman of MIT.
8324 ``452 Out of disk space for temp file'' messages weren't being
8325 printed. Fix from David Perlin of Nanosoft.
8326 Don't advertise the ESMTP DSN extension if the SendMimeErrors option
8327 is not set, since this is required to get the actual DSNs
8328 created. Problem pointed out by John Gardiner Myers of CMU.
8329 Log permission problems that cause .forward and :include: files to
8330 be untrusted or ignored on log level 12 and higher. Suggested
8331 by Randy Martin of Clemson University.
8332 Allow user ids in U= clauses of M lines to have hyphens and
8334 Fix overcounting of recipients -- only happened when sending to an
8335 alias. Pointed out by Mark Andrews of SGI and Jack Woolley
8336 of Systems and Computer Technology Corporation.
8337 If a message is sent to an address that fails, the error message that
8338 is returned could show some extraneous "success" information
8339 included even if the user did not request success notification,
8340 which was confusing. Pointed out by Allan Johannesen of WPI.
8341 Config files that had no AliasFile definition were defaulting to
8342 using /etc/aliases; this caused problems with nullclient
8343 configurations. Change it back to the 8.6 semantics of
8344 having no local alias file unless it is declared. Problem
8345 noted by Charles Karney of Princeton University.
8346 Fix compile problem if NOTUNIX is defined. Pointed out by Bryan
8348 Map lookups of class "userdb" maps were always case sensitive; they
8349 should be controlled by the -f flag like other maps. Pointed
8350 out by Bjart Kvarme <bjart.kvarme@usit.uio.no>.
8351 Fix problem that caused some addresses to be passed through ruleset 5
8352 even when they were tagged as "sticky" by prefixing the
8353 address with an "@". Patch from Thomas Dwyer III of Michigan
8354 Technological University.
8355 When converting a message to Quoted-Printable, prevent any lines with
8356 dots alone on a line by themselves. This is because of the
8357 preponderance of broken mailers that still get this wrong.
8358 Code contributed by Per Hedeland of Ericsson.
8359 Fix F{macro}/file construct -- it previously did nothing. Pointed
8360 out by Bjart Kvarme of USIT/UiO (Norway).
8361 Announce whether a cached connection is SMTP or ESMTP (in -v mode).
8362 Requested by Allan Johannesen.
8363 Delete check for text format of alias files -- it should be legal
8364 to have the database format of the alias files without the
8365 text version. Problem pointed out by Joe Rhett of Navigist,
8367 If "Ot" was specified with no value, the TZ variable was not properly
8368 imported from the environment. Pointed out by Frank Crawford
8369 <frank@ansto.gov.au>.
8370 Some architectures core dumped on "program" maps that didn't have
8371 extra arguments. Patch from Booker C. Bense of Stanford
8373 Queue run processes would re-spawn daemons when given a SIGHUP; only
8374 the parent should do this. Fix from Brian Coan of the
8375 Association for Progressive Communications.
8376 If MinQueueAge was set and a message was considered but not run
8377 during a queue run and the Timeout.queuereturn interval was
8378 reached, a "timed out" error message would be returned that
8379 didn't include the failed address (and claimed to be a warning
8380 even though it was fatal). The fix is to not return such
8381 messages until they are actually tried, i.e., in the next
8382 MinQueueAge interval. Problem noted by Rein Tollevik of
8384 Add HES_GETMAILHOST compile flag to support MIT Hesiod distributions
8385 that have the hes_getmailhost() routine. DEC Hesiod
8386 distributions do not have this routine. Based on a patch
8387 from Betty Lee of Stanford University.
8388 Extensive cleanups to map open code to handle a locking race condition
8389 in ndbm, hash, and btree format database files on some (most
8390 non-4.4-BSD based) OS architectures. This should solve the
8391 occasional "user unknown" problem during alias rebuilds that
8392 has plagued me for quite some time. Based on a patch from
8393 Thomas Dwyer III of Michigan Technological University.
8395 Solaris: Change location of newaliases and mailq from
8396 /usr/ucb to /usr/bin to match Sun settings. From
8397 James B. Davis of TCI.
8398 DomainOS: Makefile.DomainOS doesn't require -ldbm. From
8399 Don Lewis of Silicon Systems.
8400 HP-UX 10: rename Makefile.HP-UX.10 => Makefile.HP-UX.10.x
8401 so that the makesendmail script will find it. Pointed
8402 out by Richard Allen of the University of Iceland.
8403 Also, use -Aa -D_HPUX_SOURCE instead of -Ae, which
8404 isn't supported on all compilers.
8405 UXPDS: compilation fixes from Diego R. Lopez.
8406 CONFIG: FAX mailer wasn't setting .FAX as a pseudo-domain unless
8407 you also had a FAX_RELAY. From Thomas.Tornblom@Hax.SE.
8408 CONFIG: Minor glitch in S21 -- attachment of local domain name
8409 didn't have trailing dot. From Jim Hickstein of Teradyne.
8410 CONFIG: Fix best_mx_is_local feature to allow nested addresses such as
8411 user%host@thishost. From Claude Scarpelli of Infobiogen
8413 CONFIG: OSTYPE(hpux10) failed to define the location of the help file.
8414 Pointed out by Hannu Martikka of Nokia Telecommunications.
8415 CONFIG: Diagnose some inappropriate ordering in configuration files,
8416 such as FEATURE(smrsh) listed after MAILER(local). Based on
8417 a bug report submitted by Paul Hoffman of Proper Publishing.
8418 CONFIG: Make OSTYPE files consistently not override settings that
8419 have already been set. Previously it worked differently
8420 for different files.
8421 CONFIG: Change relay mailer to do masquerading like 8.6 did. My take
8422 is that this is wrong, but the change was causing problems
8423 for some people. From Per Hedeland of Ericsson.
8424 CONTRIB: bitdomain.c patch from John Gardiner Myers <jgm+@CMU.EDU>;
8425 portability changes for Posix environments (no functional
8428 8.7.1/8.7.1 1995/10/01
8429 Old macros that have become options (SmtpGreetingMessage,
8430 OperatorChars, and UnixFromLine) didn't allow backslash
8431 escapes in the options, where they previously had. Bug
8432 pointed out by John Hawkinson of MIT.
8433 Fix strange case of an executable called by a program map that
8434 returns a value but also a non-zero exit status; this
8435 would give contradictory results in the higher level; in
8436 particular, the default clause in the map lookup would be
8437 ignored. Change to ignore the value if the program returns
8438 non-zero exit status. From Tom Moore of AT&T GIS.
8439 Shorten parameters passed to syslog() in some contexts to avoid a
8440 bug in many vendors' implementations of that routine. Although
8441 this isn't really a bug in sendmail per se, and my solution
8442 has to assume that syslog() has at least a 1K buffer size
8443 internally (I know some vendors have shortened this
8444 dramatically -- they're on their own), sendmail is a popular
8445 target. Also, limit the size of %s arguments in sprintf.
8446 These both have possible security implications. Solutions
8447 suggested by Casper Dik of Sun's Network Security Group
8448 (Holland), Mark Seiden, and others.
8449 Fix a problem that might cause a non-standard -B (body type)
8450 parameter to be passed to the next server with undefined
8451 results. This could have security implications.
8452 If a filesystem was at > 100% utilization, the freediskspace()
8453 routine incorrectly returned an error rather than zero.
8454 Problem noted by G. Paul Ziemba of Alantec.
8455 Change MX sort order so that local hostnames (those in $=w) always
8456 sort first within a given preference. This forces the bestmx
8457 map to always return the local host first, if it is included
8458 in the list of highest priority MX records. From K. Robert
8460 Avoid some possible null pointer dereferences. Fixes from Randy
8461 Martin <WOLF@CLEMSON.EDU>
8462 When sendmail starts up on systems that have no fully qualified
8463 domain name (FQDN) anywhere in the first matching host map
8464 (e.g., /etc/hosts if the hosts service searches "files dns"),
8465 sendmail would sleep to try to find a FQDN, which it really
8466 really needs. This has been changed to fall through to the
8467 next map type if it can't find a FQDN -- i.e., if the hosts
8468 file doesn't have a FQDN, it will try dns even though the
8469 short name was found in /etc/hosts. This is probably a crock,
8470 but many people have hosts files without FQDNs. Remember:
8471 domain names are your friends.
8472 Log a high-priority message if you can't find your FQDN during startup.
8473 Suggested by Simon Barnes of Schlumberger Limited.
8474 When using Hesiod, initialize it early to improve error reporting.
8475 Patch from Don Lewis of Silicon Systems, Inc.
8476 Apparently at least some versions of Linux have a 90 !minute! TCP
8477 connection timeout in the kernel. Add a new "connect" timeout
8478 to limit this time. Defaults to zero (use whatever the
8479 kernel provides). Based on code contributed by J.R. Oldroyd
8481 Under some circumstances, a failed message would not be properly
8482 removed from the queue, causing tons of bogus error messages.
8483 (This fix eliminates the problematic EF_KEEPQUEUE flag.)
8484 Problem noted by Allan E Johannesen and Gregory Neil Shapiro
8487 On IRIX 5.x, there was an inconsistency in the setting
8488 of sendmail.st location. Change the Makefile to
8489 install it in /var/sendmail.st to match the OSTYPE
8490 file and SGI standards. From Andre
8491 <andre@curry.zfe.siemens.de>.
8492 Support for Fujitsu/ICL UXP/DS (For the DS/90 Series)
8493 from Diego R. Lopez <drlopez@cica.es>.
8494 Linux compilation patches from J.R. Oldroyd of TerraNet, Inc.
8495 LUNA 2 Mach patches from Motonori Nakamura.
8496 SunOS Makefile was including -ldbm, which is for the old
8497 dbm library. The ndbm library is part of libc.
8498 CONFIG: avoid bouncing ``user@host.'' (note trailing dot) with
8499 ``local configuration error'' in nullclient configuration.
8500 Patch from Gregory Neil Shapiro of WPI.
8501 CONFIG: don't allow an alias file in nullclient configurations --
8502 since all addresses are relayed, they give errors during
8503 rebuild. Suggested by Per Hedeland of Ericsson.
8504 CONFIG: local mailer on Solaris 2 should always get a -f flag because
8505 otherwise the F=S causes the From_ line to imply that root is
8506 the sender. Problem pointed out by Claude Scarpelli of
8507 Infobiogen (France).
8509 cf/feature/use_ct_file.m4 (omitted from 8.7 by mistake)
8510 src/Makefiles/Makefile.KSR (omitted from 8.7 by mistake)
8511 src/Makefiles/Makefile.UXPDS
8514 Fix a problem that could cause sendmail to run out of file
8515 descriptors due to a trashed data structure after a
8516 vfork. Fix from Brian Coan of the Institute for
8517 Global Communications.
8518 Change the VRFY response if you have disabled VRFY -- some
8519 people seemed to think that it was too rude.
8520 Avoid reference to uninitialized file descriptor if HASFLOCK
8521 was not defined. This was used "safely" in the sense
8522 that it only did a stat, but it would have set the
8523 map modification time improperly. Problem pointed out
8524 by Roy Mongiovi of Georgia Tech.
8525 Clean up the Subject: line on warning messages and return
8526 receipts so that they don't say "Returned mail:"; this
8528 Move ruleset entry/exit debugging from 21.2 to 21.1 -- this is
8529 useful enough to make it worthwhile printing on "-d".
8530 Avoid logging alias statistics every time you read the alias
8531 file on systems with no database method compiled in.
8532 If you have a name with a trailing dot, and you try looking it
8533 up using gethostbyname without the dot (for /etc/hosts
8534 compatibility), be sure to turn off RES_DEFNAMES and
8535 RES_DNSRCH to avoid finding the wrong name accidentally.
8536 Problem noted by Charles Amos of the University of
8538 Don't do timeouts in collect if you are not running SMTP.
8539 There is nothing that says you can't have a long
8540 running program piped into sendmail (possibly via
8541 /bin/mail, which just execs sendmail). Problem reported
8542 by Don "Truck" Lewis of Silicon Systems.
8543 Try gethostbyname() even if the DNS lookup fails iff option I
8544 is not set. This allows you to have hosts listed in
8545 NIS or /etc/hosts that are not known to DNS. It's normally
8546 a bad idea, but can be useful on firewall machines. This
8547 should really be broken out on a separate flag, I suppose.
8548 Avoid compile warnings against BIND 4.9.3, which uses function
8549 prototypes. From Don Lewis of Silicon Systems.
8550 Avoid possible incorrect diagnosis of DNS-related errors caused
8551 by things like attempts to resolve uucp names using
8552 $[ ... $] -- the fix is to clear h_errno at appropriate
8553 times. From Kyle Jones of UUNET.
8554 SECURITY: avoid denial-of-service attacks possible by destroying
8555 the alias database file by setting resource limits low.
8556 This involves adding two new compile-time options:
8557 HASSETRLIMIT (indicating that setrlimit(2) support is
8558 available) and HASULIMIT (indicating that ulimit(2) support
8559 is available -- the Release 3 form is used). The former
8560 is assumed on BSD-based systems, the latter on System
8561 V-based systems. Attack noted by Phil Brandenberger of
8562 Swarthmore University.
8563 New syntaxes in test (-bt) mode:
8564 ``.Dmvalue'' will define macro "m" to "value".
8565 ``.Ccvalue'' will add "value" to class "c".
8566 ``=Sruleset'' will dump the contents of the indicated
8568 ``=M'' will display the known mailers.
8569 ``-ddebug-spec'' is equivalent to the command-line
8571 ``$m'' will print the value of macro $m.
8572 ``$=c'' will print the contents of class $=c.
8573 ``/mx host'' returns the MX records for ``host''.
8574 ``/parse address'' will parse address, returning the value of
8575 crackaddr (essentially, the comment information)
8576 and the parsed address.
8577 ``/try mailer address'' will rewrite address into the form
8578 it will have when presented to the indicated mailer.
8579 ``/tryflags flags'' will set flags used by parsing. The
8580 flags can be `H' for header or `E' for envelope,
8581 and `S' for sender or `R' for recipient. These
8582 can be combined, so `HR' sets flags for header
8584 ``/canon hostname'' will try to canonify hostname and
8586 ``/map mapname key'' will look up `key' in the indicated
8587 `mapname' and return the result.
8588 Somewhat better handling of UNIX-domain socket addresses -- it
8589 should show the pathname rather than hex bytes.
8590 Restore ``-ba'' mode -- this reads a file from stdin and parses
8591 the header for envelope sender information and uses
8592 CRLF as message terminators. It was thought to be
8593 obsolete (used only for Arpanet NCP protocols), but it
8594 turns out that the UK ``Grey Book'' protocols require
8596 Fix a fix in previous release -- if gethostname and gethostbyname
8597 return a name without dots, and if an attempt to canonify
8598 that name fails, wait one minute and try again. This can
8599 result in an extra 60 second delay on startup if your system
8600 hostname (as returned by hostname(1)) has no dot and no names
8601 listed in /etc/hosts or your NIS map have a dot.
8602 Check for proper domain name on HELO and EHLO commands per
8603 RFC 1123 section 5.2.5. Problem noted by Thomas Dwyer III
8604 of Michigan Technological University.
8605 Relax chownsafe rules slightly -- old version said that if you
8606 can't tell if _POSIX_CHOWN_RESTRICTED is set (that is,
8607 if fpathconf returned EINVAL or ENOSYS), assume that
8608 chown is not safe. The new version falls back to whether
8609 you are on a BSD system or not. This is important for
8610 SunOS, which apparently always returns one of those
8611 error codes. This impacts whether you can mail to files
8613 Syntax errors such as unbalanced parentheses in the configuration
8614 file could be omitted if you had "Oem" prior to the
8615 syntax error in the config file. Change to always print
8616 the error message. It was especially weird because it
8617 would cause a "warning" message to be sent to the Postmaster
8618 for every message sent (but with no transcript). Problem
8619 noted by Gregory Paris of Motorola.
8620 Rewrite collect and putbody to handle full 8-bit data, including
8621 zero bytes. These changes are internally extensive, but
8622 should have minimal impact on external function.
8623 Allow full words for option names -- if the option letter is
8624 (apparently) a space, then take the word following -- e.g.,
8626 The full list of old and new names is as follows:
8632 b MinFreeBlocks/MaxMessageSize
8633 C CheckpointInterval
8635 D AutoRebuildAliases
8648 k ConnectionCacheSize
8649 K ConnectionCacheTimeout
8676 The old macros that passed information into sendmail have
8677 been changed to options; those correspondences are:
8678 $e SmtpGreetingMessage
8681 $q (deleted -- not necessary)
8682 To avoid possible problems with an older sendmail,
8683 configuration level 6 is accepted by this version of
8684 sendmail; any config file using the new names should
8685 specify "V6" in the configuration.
8686 Change address parsing to properly note that a phrase before a
8687 colon and a trailing semicolon are essentially the same
8688 as text outside of angle brackets (i.e., sendmail should
8689 treat them as comments). This is to handle the
8690 ``group name: addr1, addr2, ..., addrN;'' syntax (it will
8691 assume that ``group name:'' is a comment on the first
8692 address and the ``;'' is a comment on the last address).
8693 This requires config file support to get right. It does
8694 understand that :: is NOT this syntax, and can be turned
8695 off completely by setting the ColonOkInAddresses option.
8696 Level 6 config files added with new mailer flags:
8697 A Addresses are aliasable.
8698 i Do udb rewriting on envelope as well as header
8699 sender lines. Applies to the from address mailer
8700 flags rather than the recipient mailer flags.
8701 j Do udb rewriting on header recipient addresses.
8702 Applies to the sender mailer flags rather than the
8703 recipient mailer flags.
8704 k Disable check for loops when doing HELO command.
8705 o Always run as the mail recipient, even on local
8707 w Check for an /etc/passwd entry for this user.
8708 5 Pass addresses through ruleset 5.
8709 : Check for :include: on this address.
8710 | Check for |program on this address.
8711 / Check for /file on this address.
8712 @ Look up sender header addresses in the user
8713 database. Applies to the mailer flags for the
8714 mailer corresponding to the envelope sender
8715 address, rather than to recipient mailer flags.
8716 Pre-level 6 configuration files set A, w, 5, :, |, /, and @
8717 on the "local" mailer, the o flag on the "prog" and "*file*"
8718 mailers, and the ColonOkInAddresses option.
8719 Eight-to-seven bit MIME conversions. This borrows ideas from
8720 John Beck of Hewlett-Packard, who generously contributed
8721 their implementation to me, which I then didn't use (see
8722 mime.c for an explanation of why). This adds the
8723 EightBitMode option (a.k.a. `8') and an F=8 mailer flag
8724 to control handling of 8-bit data. These have to cope with
8725 two types of 8-bit data: unlabelled 8-bit data (that is,
8726 8-bit data that is entered without declaring it as 8-bit
8727 MIME -- technically this is illegal according to the
8728 specs) and labelled 8-bit data (that is, it was declared
8729 as 8BITMIME in the ESMTP session or by using the
8730 -B8BITMIME command line flag). If the F=8 mailer flag is
8731 set then 8-bit data is sent to non-8BITMIME machines
8732 instead of converting to 7 bit (essentially using
8733 just-send-8 semantics). The values for EightBitMode are:
8734 m convert unlabelled 8-bit input to 8BITMIME, and do
8735 any necessary conversion of 8BITMIME to 7BIT
8736 (essentially, the full MIME option).
8737 p pass unlabelled 8-bit input, but convert labelled
8738 8BITMIME input to 7BIT as required (default).
8739 s strict adherence: reject unlabelled 8-bit input,
8740 convert 8BITMIME to 7BIT as required. The F=8
8742 Unlabelled 8-bit data is rejected in mode `s' regardless of
8744 Add new internal class 'n', which is the set of MIME Content-Types
8745 which can not be 8 to 7 bit encoded because of other
8746 considerations. Types "multipart/*" and "message/*" are
8747 never directly encoded (although their components can be).
8748 Add new internal class 's', which is the set of subtypes of the
8749 MIME message/* content type that can be treated as though
8750 they are an RFC822 message. It is predefined to have
8751 "rfc822". Suggested By Kari Hurtta.
8752 Add new internal class 'e'. This is the set of MIME
8753 Content-Transfer-Encodings that can be converted to
8754 a seven bit format (Quoted-Printable or Base64). It is
8755 preinitialized to contain "7bit", "8bit", and "binary".
8756 Add C=charset mailer parameter and the the DefaultCharSet option (no
8757 short name) to set the default character set to use in the
8758 Content-Type: header when doing encoding of an 8-bit message
8759 which isn't marked as MIME into MIME format. If the C=
8760 parameter is set on the Envelope From address, use that as
8761 the default encoding; else use the DefaultCharSet option.
8762 If neither is set, it defaults to "unknown-8bit" as
8763 suggested by RFC 1428 section 3.
8764 Allow ``U=user:group'' field in mailer definition to set a default
8765 user and group that a mailer will be executed as. This
8766 overrides the 'u' and 'g' options, and if the `F=S' flag is
8767 also set, it is the uid/gid that will always be used (that
8768 is, the controlling address is ignored). The values may be
8769 numeric or symbolic; if only a symbolic user is given (no
8770 group) that user's default group in the passwd file is used
8771 as the group. Based on code donated by Chip Rosenthal of
8773 Allow `u' option to also accept user:group as a value, in the same
8774 fashion as the U= mailer option.
8775 Add the symbolic time zone name in the Arpanet format dates (as
8776 a comment). This adds a new compile-time configuration
8777 flag: TZ_TYPE can be set to TZ_TM_NAME (use the value
8778 of (struct tm *)->tm_name), TZ_TM_ZONE (use the value
8779 of (struct tm *)->tm_zone), TZ_TZNAME (use extern char
8780 *tzname[(struct tm *)->tm_isdst]), TZ_TIMEZONE (use
8781 timezone()), or TZ_NONE (don't include the comment). Code
8782 from Chip Rosenthal.
8783 The "Timeout" option (formerly "r") is extended to allow suboptions.
8786 There are also two new suboptions "queuereturn" and
8787 "queuewarn"; these subsume the old T option. Thus, to
8788 set them both the preferred new syntax is
8789 O Timeout.queuereturn = 5d
8790 O Timeout.queuewarn = 4h
8791 Sort queue by host name instead of by message priority if the
8792 QueueSortOrder option (no short name) is set is set to
8793 ``host''. This makes better use of the connection cache,
8794 but may delay more ``interactive'' messages behind large
8795 backlogs under some circumstances. This is probably a
8796 good option if you have high speed links or don't do lots
8797 of ``batch'' messages, but less good if you are using
8798 something like PPP on a 14.4 modem. Based on code
8799 contributed by Roy Mongiovi of Georgia Tech (my main
8800 contribution was to make it configurable).
8801 Save i-number of df file in qf file to simplify rebuilding of queue
8802 after disastrous disk crash. Suggested by Kyle Jones of
8803 UUNET; closely based on code from KJS DECWRL code written
8804 by Paul Vixie. NOTA BENE: The qf files produced by 8.7
8805 are NOT back compatible with 8.6 -- that is, you can convert
8806 from 8.6 to 8.7, but not the other direction.
8807 Add ``F=d'' mailer flag to disable all use of angle brackets in
8808 route-addrs in envelopes; this is because in some cases
8809 they can be sent to the shell, which interprets them as
8811 Don't include error file (option E) with return-receipts; this
8813 Don't send "Warning: cannot send" messages to owner-* or
8814 *-request addresses. Suggested by Christophe Wolfhugel
8815 of the Institut Pasteur, Paris.
8816 Allow -O command line flag to set long form options.
8817 Add "MinQueueAge" option to set the minimum time between attempts
8818 to run the queue. For example, if the queue interval
8819 (-q value) is five minutes, but the minimum queue age
8820 is fifteen minutes, jobs won't be tried more often than
8821 once every fifteen minutes. This can be used to give
8822 you more responsiveness if your delivery mode is set to
8824 Allow "fileopen" timeout (default: 60 seconds) for opening
8825 :include: and .forward files.
8826 Add "-k", "-v", and "-z" flags to map definitions; these set the
8827 key field name, the value field name, and the field
8828 delimiter. The field delimiter can be a single character
8829 or the sequence "\t" or "\n" for tab or newline.
8830 These are for use by NIS+ and similar access methods.
8831 Change maps to always strip quotes before lookups; the -q flag
8832 turns off this behavior. Suggested by Motonori Nakamura.
8833 Add "nisplus" map class. Takes -k and -v flags to choose the
8834 key and value field names respectively. Code donated by
8836 Add "hesiod" map class. The "file name" is used as the
8837 "HesiodNameType" parameter to hes_resolve(3). Returns the
8838 first value found for the match. Code donated by Scott
8839 Hutton of Indiana University.
8840 Add "netinfo" (NeXT NetInfo) map class. Maps can have a -k flag to
8841 specify the name of the property that is searched as the
8842 key and a -v flag to specify the name of the property that
8843 is returned as the value (defaults to "members"). The
8844 default map is "/aliases". Some code based on code
8845 contributed by Robert La Ferla of Hot Software.
8846 Add "text" map class. This does slow, linear searches through
8847 text files. The -z flag specifies a column delimiter
8848 (defaults to any sequence of white space), the -k flag
8849 sets the key column number, and the -v flag sets the
8850 value column number. Lines beginning with `#' are treated
8852 Add "program" map class to execute arbitrary programs. The search
8853 key is presented as the last argument; the output is one
8854 line read from the programs standard output. Exit statuses
8855 are from sysexits.h.
8856 Add "sequence" map class -- searches maps in sequence until it
8857 finds a match. For example, the declarations:
8860 Kmapseq sequence map1 map2
8861 defines a map "mapseq" that first searches map1; if the
8862 value is found it is returned immediately, otherwise
8863 map2 is searched and the value returned.
8864 Add "switch" map class. This is much like "sequence" except that
8865 the ordering is fetched from an external file, usually
8866 the system service switch. The parameter is the name of
8867 the service to switch on, and the maps that it will use
8868 are the name of the switch map followed by ".service_type".
8869 For example, if the declaration of the map is
8870 Ksample switch hosts
8871 and the system service switch specifies that hosts are
8872 looked up using dns and nis in that order, then this is
8874 Ksample sequence sample.dns sample.nis
8875 The subordinate maps (sample.*) must already be defined.
8876 Add "user" map class -- looks up users using getpwnam. Takes a
8877 "-v field" flag on the definition that tells what passwd
8878 entry to return -- legal values are name, passwd, uid, gid,
8879 gecos, dir, and shell. Generally expected to be used with
8880 the -m (matchonly) flag.
8881 Add "bestmx" map class -- returns the best MX value for the host
8882 listed as the value. If there are several "best" MX records
8883 for this host, one will be chosen at random.
8884 Add "userdb" map class -- looks up entries in the user database.
8885 The "file name" is actually the tag that will be used,
8886 typically "mailname". If there are multiple entries
8887 matching the name, the one chosen is undefined.
8888 Add multiple queue timeouts (both return and warning). These are
8889 set by the Precedence: or Priority: header fields to one of
8890 three values. If a Priority: is set and has value "normal",
8891 "urgent", or "non-urgent" the corresponding timeouts are
8892 used. If no priority is set, the Precedence: is consulted;
8893 if negative, non-urgent timeouts are used; if greater than
8894 zero, urgent timeouts are used. Otherwise, normal timeouts
8895 are used. The timeouts are set by setting the six timeouts
8896 queue{warn,return}.{urgent,normal,non-urgent}.
8897 Fix problem when a mail address is resolved to a $#error mailer
8898 with a temporary failure indication; it works in SMTP,
8899 but when delivering locally the mail is silently discarded.
8900 This patch, from Kyle Jones of UUNET, bounces it instead
8901 of queueing it (queueing is very hard).
8902 When using /etc/hosts or NIS-style lookups, don't assume that
8903 the first name in the list is the best one -- instead,
8904 search for the first one with a dot. For example, if
8905 an /etc/hosts entry reads
8906 128.32.149.68 mammoth mammoth.CS.Berkeley.EDU
8907 this change will use the second name as the canonical
8908 machine name instead of the initial, unqualified name.
8909 Change dequote map to replace spaces in quoted text with a value
8910 indicated by the -s flag on the dequote map definition.
8911 For example, ``Mdequote dequote -s_'' will change
8912 "Foo Bar" into an unquoted Foo_Bar instead of leaving it
8913 quoted (because of the space character). Suggested by Dan
8914 Oscarsson for use in X.400 addresses.
8915 Implement long macro names as ${name}; long class names can
8916 be similarly referenced as $={name} and $~{name}.
8917 Definitions are (e.g.) ``D{name}value''. Names that have
8918 a leading lower case letter or punctuation characters are
8919 reserved for internal use by sendmail; i.e., config files
8920 should use names that begin with a capital letter. Based
8921 on code contributed by Dan Oscarsson.
8922 Fix core dump if getgrgid returns a null group list (as opposed
8923 to an empty group list, that is, a pointer to a list
8924 with no members). Fix from Andrew Chang of Sun Microsystems.
8925 Fix possible core dump if malloc fails -- if the malloc in xalloc
8926 failed, it called syserr which called newstr which called
8927 xalloc.... The newstr is now avoided for "panic" messages.
8928 Reported by Stuart Kemp of James Cook University.
8929 Improve connection cache timeouts; previously, they were not even
8930 checked if you were delivering to anything other than an
8931 IPC-connected host, so a series of (say) local mail
8932 deliveries could cause cached connections to be open
8933 much longer than the specified timeout.
8934 If an incoming message exceeds the maximum message size, stop
8935 writing the incoming bytes to the queue data file, since
8936 this can fill your mqueue partition -- this is a possible
8937 denial-of-service attack.
8938 Don't reject all numeric local user names unless HESIOD is
8939 defined. It turns out that Posix allows all-numeric
8940 user names. Fix from Tony Sanders of BSDI.
8941 Add service switch support. If the local OS has a service
8942 switch (e.g., /etc/nsswitch.conf on Solaris or /etc/svc.conf
8943 on DEC systems) that will be used; otherwise, it falls back
8944 to using a local mechanism based on the ServiceSwitchFile
8945 option (default: /etc/service.switch). For example, if the
8946 service switch lists "files" and "nis" for the aliases
8947 service, that will be the default lookup order. the "files"
8948 ("local" on DEC) service type expands to any alias files
8949 you listed in the configuration file, even if they aren't
8950 actually file lookups.
8951 Option I (NameServerOptions) no longer sets the "UseNameServer"
8952 variable which tells whether or not DNS should be considered
8953 canonical. This is now determined based on whether or not
8954 "dns" is in the service list for "hosts".
8955 Add preliminary support for the ESMTP "DSN" extension (Delivery
8956 Status Notifications). DSN notifications override
8957 Return-Receipt-To: headers, which are bogus anyhow --
8958 support for them has been removed.
8959 Add T=mts-name-type/address-type/diagnostic-type keyletter to mailer
8960 definitions to define the types used in DSN returns for
8961 MTA names, addresses, and diagnostics respectively.
8962 Extend heuristic to force running in ESMTP mode to look for the
8963 five-character string "ESMTP" anywhere in the 220 greeting
8964 message (not just the second line). This is to provide
8965 better compatibility with other ESMTP servers.
8966 Print sequence number of job when running the queue so you can
8967 easily see how much progress you have made. Suggested
8968 by Peter Wemm of DIALix.
8969 Map newlines to spaces in logged message-ids; some versions of
8970 syslog truncate the rest of the line after newlines.
8971 Suggested by Fletcher Mattox of U. Texas.
8972 Move up forking for job runs so that if a message is split into
8973 multiple envelopes you don't get "fork storms" -- this
8974 also improves the connection cache utilization.
8975 Accept "<<>>", "<<<>>>", and so forth as equivalent to "<>" for
8976 the purposes of refusing to send error returns. Suggested
8977 by Motonori Nakamura of Ritsumeikan University.
8978 Relax rules on when a file can be written when referenced from
8979 the aliases file: use the default uid/gid instead of the
8980 real uid/gid. This allows you to create a file owned by
8981 and writable only by the default uid/gid that will work
8982 all the time (without having the set-user-ID bit set). Change
8983 suggested by Shau-Ping Lo and Andrew Cheng of Sun
8985 Add "DialDelay" option (no short name) to provide an "extra"
8986 delay for dial on demand systems. If this is non-zero
8987 and a connect fails, sendmail will wait this long and
8988 then try again. If it takes longer than the kernel
8989 timeout interval to establish the connection, this
8990 option can give the network software time to establish
8991 the link. The default units are seconds.
8992 Move logging of sender information to be as early as possible;
8993 previously, it could be delayed a while for SMTP mail
8994 sent to aliases. Suggested by Brad Knowles of the
8995 Defense Information Systems Agency.
8996 Call res_init() before setting RES_DEBUG; this is required by
8997 BIND 4.9.3, or so I'm told. From Douglas Anderson of
8998 the National Computer Security Center.
8999 Add xdelay= field in logs -- this is a transaction delay, telling
9000 you how long it took to deliver to this address on the
9001 last try. It is intended to be used for sorting mailing
9002 lists to favor "quick" addresses. Provided for use by
9003 the mailprio scripts (see below).
9004 If a map cannot be opened, and that map is non-optional, and
9005 an address requires that map for resolution, queue the
9006 map instead of bouncing it. This involves creating a
9007 pseudo-class of maps called "bogus-map" -- if a required
9008 map cannot be opened, the class is changed to bogus-map;
9009 all queries against bogus-map return "tempfail". The
9010 bogus-map class is not directly accessible. A sample
9011 implementation was donated by Jem Taylor of Glasgow
9012 University Computing Service.
9013 Fix a possible core dump when mailing to a program that talks
9014 SMTP on its standard input. Fix from Keith Moore of
9015 the University of Kentucky.
9016 Make it possible to resolve filenames to $#local $: @ /filename;
9017 previously, the "@" would cause it to not be recognized
9018 as a file. Problem noted by Brian Hill of U.C. Davis.
9019 Accept a -1 signal to re-exec the daemon. This only works if
9020 argv[0] is a full path to sendmail.
9021 Fix bug in "addr=..." field in O option on little-endian machines
9022 -- the network number wasn't being converted to network
9023 byte order. Patch from Kurt Lidl of Pix Technologies
9025 Pre-initialize the resolver early on; this is to avoid a bug with
9026 BIND 4.9.3 that can cause the _res.retry field to get
9027 reset to zero, causing all name server lookups to time
9028 out. Fix from Matt Day of Artisoft.
9029 Restore T line (trusted users) in config file -- but instead of
9030 locking out the -f flag, they just tell whether or not
9031 an X-Authentication-Warning: will be added. This really
9032 just creates new entries in class 't', so "Ft/file/name"
9033 can be used to read trusted user names from a file.
9034 Trusted users are also allowed to execute programs even
9035 if they have a shell that isn't in /etc/shells.
9036 Improve NEWDB alias file rebuilding so it will create them
9037 properly if they do not already exist. This had been
9038 a MAYBENEXTRELEASE feature in 8.6.9.
9039 Check for @:@ entry in NIS maps before starting up to avoid
9040 (but not prevent, sigh) race conditions. This ought to
9041 be handled properly in ypserv, but isn't. Suggested by
9042 Michael Beirne of Motorola.
9043 Refuse connections if there isn't enough space on the filesystem
9044 holding the queue. Contributed by Robert Dana of Wolf
9046 Skip checking for directory permissions in the path to a file
9047 when checking for file permissions iff setreuid()
9048 succeeded -- it is unnecessary in that case. This avoids
9049 significant performance problems when looking for .forward
9050 files. Based on a suggestion by Win Bent of USC.
9051 Allow symbolic ruleset names. Syntax can be "Sname" to get an
9052 arbitrary ruleset number assigned or "Sname = integer"
9053 to assign a specific ruleset number. Reference is
9054 $>name_or_number. Names can be composed of alphas, digits,
9055 underscore, or hyphen (first character must be non-numeric).
9056 Allow -o flag on AliasFile lines to make the alias file optional.
9057 From Bryan Costales of ICSI.
9058 Add NoRecipientAction option to handle the case where there is
9059 no legal recipient header in the message. It can take
9061 None Leave the message as is. The
9062 message will be passed on even
9063 though it is in technically
9065 Add-To Add a To: header with any
9066 recipients that it can find from
9067 the envelope. This risks exposing
9069 Add-Apparently-To Add an Apparently-To: header. This
9070 has almost no redeeming social value,
9071 and is provided only for back
9073 Add-To-Undisclosed Add a header reading
9074 To: undisclosed-recipients:;
9075 which will have the effect of
9076 making the message legal without
9077 exposing Bcc: recipients.
9078 Add-Bcc To add an empty Bcc: header.
9079 There is a chance that mailers down
9080 the line will delete this header,
9081 which could cause exposure of Bcc:
9083 The default is NoRecipientAction=None.
9084 Truncate (rather than delete) Bcc: lines in the header. This
9085 should prevent later sendmails (at least, those that don't
9086 themselves delete Bcc:) from considering this message to
9087 be non-conforming -- although it does imply that non-blind
9088 recipients can see that a Bcc: was sent, albeit not to whom.
9089 Add SafeFileEnvironment option. If declared, files named as delivery
9090 targets must be regular files in addition to the regular
9091 checks. Also, if the option is non-null then it is used as
9092 the name of a directory that is used as a chroot(2)
9093 environment for the delivery; the file names listed in an
9094 alias or forward should include the name of this root.
9095 For example, if you run with
9096 O SafeFileEnvironment=/arch
9097 then aliases should reference "/arch/rest/of/path". If a
9098 value is given, sendmail also won't try to save to
9099 /usr/tmp/dead.letter (instead it just leaves the job in the
9100 queue as Qfxxxxxx). Inspired by *Hobbit*'s sendmail patch kit.
9101 Support -A flag for alias files; this will comma concatenate like
9102 entries. For example, given the aliases:
9105 and an alias file declared as:
9106 OAhash:-A /etc/aliases
9107 the final alias inserted will be "list: member1,member2";
9108 without -A you will get an error on the second and subsequent
9109 alias for "list". Contributed by Bryan Costales of ICSI.
9110 Line-buffer transcript file. Suggested by Liudvikas Bukys.
9111 Fix a problem that could cause very long addresses to core dump in
9112 some special circumstances. Problem pointed out by Allan
9114 (Internal change.) Change interface to expand() (macro expansion)
9115 to be simpler and more consistent.
9116 Delete check for funny qf file names. This didn't really give
9117 any extra security and caused some people some problems.
9118 (If you -really- want this, define PICKY_QF_NAME_CHECK
9119 at compile time.) Suggested by Kyle Jones of UUNET.
9120 (Internal change.) Change EF_NORETURN to EF_NO_BODY_RETN and
9121 merge with DSN code; this is simpler and more consistent.
9122 This may affect some people who have written their own
9123 checkcompat() routine.
9124 (Internal change.) Eliminate `D' line in qf file. The df file
9125 is now assumed to be the same name as the qf file (with
9126 the `q' changed to a `d', of course).
9127 Avoid forking for delivery if all recipient mailers are marked as
9128 "expensive" -- this can be a major cost on some systems.
9129 Essentially, this forces sendmail into "queue only" mode
9130 if all it is going to do is queue anyway.
9131 Avoid sending a null message in some rather unusual circumstances
9132 (specifically, the RCPT command returns a temporary
9133 failure but the connection is lost before the DATA
9134 command). Fix from Scott Hammond of Secure Computing
9136 Change makesendmail to use a somewhat more rational naming scheme:
9137 Makefiles and obj directories are named $os.$rel.$arch,
9138 where $os is the operating system (e.g., SunOS), $rel is
9139 the release number (e.g., 5.3), and $arch is the machine
9140 architecture (e.g., sun4). Any of these can be omitted,
9141 and anything after the first dot in a release number can
9142 be replaced with "x" (e.g., SunOS.4.x.sun4). The previous
9143 version used $os.$arch.$rel and was rather less general.
9144 Change makesendmail to do a "make depend" in the target directory
9145 when it is being created. This involves adding an empty
9146 "depend:" entry in most Makefiles.
9147 Ignore IDENT return value if the OSTYPE field returns "OTHER",
9148 as indicated by RFC 1413. Pointed out by Kari Hurtta
9149 of the Finnish Meteorological Institute.
9150 Fix problem that could cause multiple responses to DATA command
9151 on header syntax errors (e.g., lines beginning with colons).
9152 Problem noted by Jens Thomassen of the University of Oslo.
9153 Don't let null bytes in headers cause truncation of the rest of
9155 Log Authentication-Warning:s. Suggested by Motonori Nakamura.
9156 Increase timeouts on message data puts to allow time for receivers
9157 to canonify addresses in headers on the fly. This is still
9158 a rather ugly heuristic. From Motonori Nakamura.
9159 Add "HasWildcardMX" suboption to ResolverOptions; if set, MX
9160 records are not used when canonifying names, and when MX
9161 lookups are done for addressing they must be fully
9162 qualified. This is useful if you have a wildcard MX record,
9163 although it may cause other problems. In general, don't use
9164 wildcard MX records. Patch from Motonori Nakamura.
9165 Eliminate default two-line SMTP greeting message. Instead of
9166 adding an extra "ESMTP spoken here" line, the word "ESMTP"
9167 is added between the first and second word of the first
9168 line of the greeting message (i.e., immediately after the
9169 host name). This eliminates the need for the BROKEN_SMTP_PEERS
9170 compile flag. Old sendmails won't see the ESMTP, but that's
9171 acceptable because SIZE was the only useful extension that
9172 old sendmails understand.
9173 Avoid gethostbyname calls on UNIX domain sockets during SIGUSR1
9174 invoked state dumps. From Masaharu Onishi.
9175 Allow on-line comments in .forward and :include: files; they are
9176 introduced by the string "<LWSP>#@#<LWSP>", where <LWSP>
9177 is a space or a tab. This is intended for native
9178 representation of non-ASCII sets such as Japanese, where
9179 existing encodings would be unreadable or would lose
9180 data -- for example,
9181 <motonori@cs.ritsumei.ac.jp> NAKAMURA Motonori
9182 (romanized/less information)
9183 <motonori@cs.ritsumei.ac.jp> =?ISO-2022-JP?B?GyRCQ2ZCPBsoQg==?=
9184 =?ISO-2022-JP?B?GyRCQUdFNRsoQg==?=
9185 (with MIME encoding, not human readable)
9186 <motonori@cs.ritsumei.ac.jp> #@# ^[$BCfB<^[(B ^[$BAGE5^[(B
9187 (native encoding with ISO-2022-JP)
9188 The last form is human readable in the Japanese environment.
9189 Based on a fix from (surprise!) Motonori Nakamura.
9190 Don't make SMTP error returns on MAIL FROM: line be "sticky" for all
9191 messages to that host; these are most frequently associated
9192 with addresses rather than the host, with the exception of
9193 421 (service shutting down). The effect was to cause queues
9194 to sometimes take an excessive time to flush. Reported by
9195 Robert Sargent of Southern Geographics Technologies and
9196 Eric Prestemon of American University.
9197 Add Nice=N mailer option to set the niceness at which a mailer will
9198 run. This is actually a relative niceness (that is, an
9199 increment on the background value).
9200 Log queue runs that are skipped due to high loads. They are logged
9201 at LOG_INFO priority iff the log level is > 8. Contributed
9202 by Bruce Nagel of Data General.
9203 Allow the error mailer to accept a DSN-style error status code
9204 instead of an sysexits status code in the host part.
9205 Anything with a dot will be interpreted as a DSN-style code.
9206 Add new mailer flag: F=3 will tell translations to Quoted-Printable
9207 to encode characters that might be munged by an EBCDIC system
9208 in addition to the set required by RFC 1521. The additional
9209 characters are !, ", #, $, @, [, \, ], ^, `, {, |, }, and ~.
9210 (Think of "IBM 360" as the mnemonic for this flag.)
9211 Change check for mailing to files to look for a pathname of [FILE]
9212 rather than looking for the mailer named *file*. The mapping
9213 of leading slashes still goes to the *file* mailer. This
9214 allows you to implement the *file* mailer as a separate
9215 program, for example, to insert a Content-Length: header
9216 or do special security policy. However, note that the usual
9217 initial checking for the file permissions is still done, and
9218 the program in question needs to be very careful about how
9219 it does the file write to avoid security problems.
9220 Be able to read ~root/.forward even if the path isn't accessible to
9221 regular users. This is disrecommended because sendmail
9222 sometimes does not run as root (e.g., when an unsafe option
9223 is specified on the command line), but should otherwise be
9224 safe because .forward files must be owned by the user for
9225 whom mail is being forwarded, and cannot be a symbolic link.
9226 Suggested by Forrest Aldrich of Wang Laboratories.
9227 Add new "HostsFile" option that is the pathname to the /etc/hosts
9228 file. This is used for canonifying hostnames when the
9229 service type is "files".
9230 Implement programs on F (read class from file) line. The syntax is
9231 Fc|/path/to/program to read the output from the program
9233 Probe the network interfaces to find alternate names for this
9234 host. Requires the SIOCGIFCONF ioctl call. Code
9235 contributed by SunSoft.
9236 Add "E" configuration line to set or propagate environment
9237 variables into children. "E<envar>" will propagate
9238 the named variable from the environment when sendmail
9239 was invoked into any children it calls; "E<envar>=<value>"
9240 sets the named variable to the indicated value. Any
9241 variables not explicitly named will not be in the child
9242 environment. However, sendmail still forces an
9243 "AGENT=sendmail" environment variable, in part to enforce
9244 at least one environment variable, since many programs and
9245 libraries die horribly if this is not guaranteed.
9246 Change heuristic for rebuilding both NEWDB and NDBM versions of
9247 alias databases -- new algorithm looks for the substring
9248 "/yp/" in the file name. This is more portable and involves
9249 less overhead. Suggested by Motonori Nakamura.
9250 Dynamically allocate the queue work list so that you don't lose
9251 jobs in large queue runs. The old QUEUESIZE compile parameter
9252 is replaced by QUEUESEGSIZE (the unit of allocation, which
9253 should not need to be changed) and the MaxQueueRunSize option,
9254 which is the absolute maximum number of jobs that will ever
9255 be handled in a single queue run. Based on code contributed
9256 by Brian Coan of the Institute for Global Communications.
9257 Log message when a message is dropped because it exceeds the maximum
9258 message size. Suggested by Leo Bicknell of Virginia Tech.
9259 Allow trusted users (those on a T line or in $=t) to use -bs without
9260 an X-Authentication-Warning: added. Suggested by Mark Thomas
9261 of Mark G. Thomas Consulting.
9262 Announce state of compile flags on -d0.1 (-d0.10 throws in the
9263 OS-dependent defines). The old semantic of -d0.1 to not
9264 run the daemon in background has been moved to -d99.100,
9265 and the old 52.5 flag (to avoid disconnect() from closing
9266 all output files) has been moved to 52.100. This makes
9267 things more consistent (flags below .100 don't change
9268 semantics) and separates out the backgrounding so that
9269 it doesn't happen automatically on other unrelated debugging
9271 If -t is used but no addresses are found in the header, give an
9272 error message rather than just doing nothing. Fix from
9274 On systems (like SunOS) where the effective gid is not necessarily
9275 included in the group list returned by getgroups(), the
9276 `restrictmailq' option could sometimes cause an authorized
9277 user to not be able to use `mailq'. Fix from Charles Hannum
9279 Allow symbolic service names for [IPC] mailers. Suggested by
9280 Gerry Magennis of Logica International.
9281 Add DontExpandCnames option to prevent $[ ... $] from expanding CNAMEs
9282 when running DNS. For example, if the name FTP.Foo.ORG is
9283 a CNAME for Cruft.Foo.ORG, then when sitting on a machine in
9284 the Foo.ORG domain a lookup of "FTP" returns "Cruft.Foo.ORG"
9285 if this option is not set, or "FTP.Foo.ORG" if it is set.
9286 This is technically illegal under RFC 822 and 1123, but the
9287 IETF is moving toward legalizing it. Note that turning on
9288 this option is not sufficient to guarantee that a downstream
9289 neighbor won't rewrite the address for you.
9290 Add "-m" flag to makesendmail script -- this tells you what object
9291 directory and Makefile it will use, but doesn't actually do
9293 Do some additional checking on the contents of the qf file to try
9294 to detect attacks against the qf file. In particular,
9295 abort on any line beginning "From ", and add an "end of
9296 file" line -- any data after that line is prohibited.
9297 Always use /etc/sendmail.cf, regardless of the arbitrary vendor
9298 choices. This can be overridden in the Makefile by using
9299 either -DUSE_VENDOR_CF_PATH to get the vendor location
9300 (to the extent that we know it) or by defining
9301 _PATH_SENDMAILCF (which is a "hard override"). This allows
9302 sendmail 8 to have more consistent installation instructions.
9303 Allow macros on `K' line in config file. Suggested by Andrew Chang
9304 of Sun Microsystems.
9305 Improved symbol table hash function from Eric Wassenaar. This one
9306 is at least 50% faster.
9307 Fix problem that didn't notice that timeout on file open was a
9308 transient error. Fix from Larry Parmelee of Cornell
9310 Allow comments (lines beginning with a `#') in files read for
9311 classes. Suggested by Motonori Nakamura.
9312 Make SIGINT (usually ^C) in test mode return to the prompt instead
9313 of dropping out entirely. This makes testing some of the
9314 name server lookups easier to deal with when there are
9315 hung servers. From Motonori Nakamura.
9316 Add new ${opMode} macro that is set to the current operation mode
9317 (e.g., `s' for -bs, `t' for -bt, etc.). Suggested by
9318 Claude Marinier <MARINIER@emp.ewd.dreo.dnd.ca>.
9319 Add new delivery mode (Odd) that defers all map lookups to queue runs.
9320 Kind of like queue-only mode (Odq) except it tries to avoid
9321 any external service requests; for dial-on-demand hosts that
9322 want to minimize DNS lookups when mail is being queued. For
9323 this to work you will also have to make sure that gethostbyname
9324 of your local host name does not do a DNS lookup.
9325 Improved handling of "out of space" conditions from John Myers of
9327 Improved security for mailing to files on systems that have fchmod(2)
9329 Improve "cannot send message for N days" message -- now says "could
9330 not send for past N days". Suggested by Tom Moore of AT&T
9331 Global Information Solutions.
9332 Less misleading Subject: line on messages sent to postmaster only.
9333 From Motonori Nakamura.
9334 Avoid duplicate error messages on bad command line flags. From
9336 Better error message for case where ruleset 0 falls off the end
9337 or otherwise does not resolve to a canonical triple.
9338 Fix a problem that could cause multiple bounce messages if a bad
9339 address was sent along with a good address to an SMTP
9340 site where that SMTP site returned a 4yz code in response
9341 to the final dot of the data. Problem reported by David
9342 James of British Telecom.
9343 Add "volatile" declarations so that gcc -O2 will work. Patches
9344 from Alexander Dupuy of System Management ARTS.
9345 Delete duplicates in MX lists -- believe it or not, there are sites
9346 that list the same host twice in an MX list. This deletion
9347 only works on adjacent preferences, so an MX list that
9348 had A=5, B=10, A=15 would leave both As, but one that had
9349 A=5, A=10, B=15 would reduce to A, B. This is intentional,
9350 just in case there is something weird I haven't thought of.
9351 Suggested by Barry Shein of Software Tool & Die.
9352 SECURITY: .forward files cannot be symbolic links. If they are,
9353 a bad guy can read your private files.
9355 Solaris 2 from Rob McMahon <cudcv@csv.warwick.ac.uk>.
9356 System V Release 4 from Motonori Nakamura of Ritsumeikan
9357 University. This expands the disk size
9358 checking to include all (?) SVR4 configurations.
9359 System V Release 4 from Kimmo Suominen -- initgroups(3)
9360 and setrlimit(2) are both available.
9361 System V Release 4 from sob@sculley.ffg.com -- some versions
9362 apparently "have EX_OK defined in other headerfiles."
9363 Linux Makefile typo.
9364 Linux getusershell(3) is broken in Slackware 2.0 --
9365 from Andrew Pam of Xanadu Australia.
9366 More Linux tweaking from John Kennedy of California State
9368 Cray changes from Eric Wassenaar: ``On Cray, shorts,
9369 ints, and longs are all 64 bits, and all structs
9370 are multiples of 64 bits. This means that the
9371 sizeof operator returns only multiples of 8.
9372 This requires adaptation of code that really
9373 deals with 32 bit or 16 bit fields, such as IP
9374 addresses or nameserver fields.''
9375 DG/UX 5.4.3 from Mark T. Robinson <mtr@ornl.gov>. To
9376 get the old behavior, use -DDGUX_5_4_2.
9377 DG/UX hack: add _FORCE_MAIL_LOCAL_=yes environment
9378 variable to fix bogus /bin/mail behavior.
9379 Tandem NonStop-UX from Rick McCarty <mccarty@mpd.tandem.com>.
9380 This also cleans up some System V Release 4 compile
9382 Solaris 2: sendmail.cw file should be in /etc/mail to
9383 match all the other configuration files. Fix
9384 from Glenn Barry of Emory University.
9385 Solaris 2.3: compile problem in conf.c. Fix from Alain
9386 Nissen of the University of Liege, Belgium.
9387 Ultrix: freespace calculation was incorrect. Fix from
9388 Takashi Kizu of Osaka University.
9389 SVR4: running in background gets a SIGTTOU because the
9390 emulation code doesn't realize that "getpeername"
9391 doesn't require reading the file. Fix from Peter
9393 Solaris 2.3: due to an apparent bug in the socket emulation
9394 library, sockets can get into a "wedged" state where
9395 they just return EPROTO; closing and re-opening the
9396 socket clears the problem. Fix from Bob Manson
9397 of Ohio State University.
9398 Hitachi 3050R & 3050RX running HI-UX/WE2: portability
9399 fixes from Akihiro Hashimoto ("Hash") of Chiba
9401 AIX changes to allow setproctitle to work from Rainer Schöpf
9402 of Zentrum für Datenverarbeitung der Universität
9404 AIX changes for load average from Ed Ravin of NASA/Goddard.
9405 SCO Unix from Chip Rosenthal of Unicom (code was using the
9407 ANSI C fixes from Adam Glass (NetBSD project).
9408 Stardent Titan/ANSI C fixes from Kate Hedstrom of Rutgers
9410 DG-UX fixes from Bruce Nagel of Data General.
9411 IRIX64 updates from Mark Levinson of the University of
9412 Rochester Medical Center.
9413 Altos System V (``the first UNIX/XENIX merge the Altos
9414 did for their Series 1000 & Series 2000 line;
9415 their merged code was licensed back to AT&T and
9416 Microsoft and became System V release 3.2'') from
9417 Tim Rice <timr@crl.com>.
9418 OSF/1 running on Intel Paragon from Jeff A. Earickson
9419 <jeff@ssd.intel.com> of Intel Scalable Systems
9421 Amdahl UTS System V 2.1.5 (SVr3-based) from Janet Jackson
9422 <janet@dialix.oz.au>.
9423 System V Release 4 (statvfs semantic fix) from Alain
9425 HP-UX 10.x multiprocessor load average changes from
9426 Scott Hutton and Jeff Sumler of Indiana University.
9427 Cray CSOS from Scott Bolte of Cray Computer Corporation.
9428 Unicos 8.0 from Douglas K. Rand of the University of North
9429 Dakota, Scientific Computing Center.
9430 Solaris 2.4 fixes from Sanjay Dani of Dani Communications.
9431 ConvexOS 11.0 from Christophe Wolfhugel.
9432 IRIX 4.0.5 from David Ashton-Reader of CADcentre.
9433 ISC UNIX from J. J. Bailey.
9434 HP-UX 9.xx on the 8xx series machines from Remy Giraud
9436 HP-UX configuration from Tom Lane <tgl@sss.pgh.pa.us>.
9437 IRIX 5.2 and 5.3 from Kari E. Hurtta.
9438 FreeBSD 2.0 from Mike Hickey of Federal Data Corporation.
9439 Sony NEWS-OS 4.2.1R and 6.0.3 from Motonori Nakamura.
9440 Omron LUNA unios-b, mach from Motonori Nakamura.
9441 NEC EWS-UX/V 4.2 from Motonori Nakamura.
9442 NeXT 2.1 from Bryan Costales.
9443 AUX patch thanks to Mike Erwin of Apple Computer.
9444 HP-UX 10.0 from John Beck of Hewlett-Packard.
9445 Ultrix: allow -DBROKEN_RES_SEARCH=0 if you are using a
9446 non-DEC resolver. Suggested by Allan Johannesen.
9447 UnixWare 2.0 fixes from Petr Lampa of the Technical
9448 University of Brno (Czech Republic).
9449 KSR OS 1.2.2 support from Todd Miller of the University
9451 UX4800 support from Kazuhisa Shimizu of NEC.
9452 MAKEMAP: allow -d flag to allow insertion of duplicate aliases
9453 in type ``btree'' maps. The semantics of this are undefined
9454 for regular maps, but it can be useful for the user database.
9455 MAKEMAP: lock database file while rebuilding to avoid sendmail
9456 lookups while the rebuild is going on. There is a race
9457 condition between the open(... O_TRUNC ...) and the lock
9458 on the file, but it should be quite small.
9459 SMRSH: sendmail restricted shell added to the release. This can
9460 be used as an alternative to /bin/sh for the "prog" mailer,
9461 giving the local administrator more control over what
9462 programs can be run from sendmail.
9463 MAIL.LOCAL: add this local mailer to the tape. It is not really
9464 part of the release proper, and isn't fully supported; in
9465 particular, it does not run on System V based systems and
9467 CONTRIB: a patch to rmail.c from Bill Gianopoulos of Raytheon
9468 to allow rmail to compile on systems that don't have
9469 function prototypes and systems that don't have snprintf.
9470 CONTRIB: add the "mailprio" scripts that will help you sort mailing
9471 lists by transaction delay times so that addresses that
9472 respond quickly get sent first. This is to prevent very
9473 sluggish servers from delaying other peoples' mail.
9474 Contributed by Tony Sanders of BSDI.
9475 CONTRIB: add the "bsdi.mc" file as contributed by Tony Sanders
9476 of BSDI. This has a lot of comments to help people out.
9477 CONFIG: Don't have .mc files include(../m4/cf.m4) -- instead,
9478 put this on the m4 command line. On GNU m4 (which
9479 supports the __file__ primitive) you can run m4 in an
9480 arbitrary directory -- use either:
9481 m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf
9483 m4 -I${CFDIR} m4/cf.m4 config.mc > config.cf
9484 On other versions of m4 that don't support __file__, you
9486 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 ...
9487 (Note the trailing slash on the _CF_DIR_ definition.)
9488 Old versions of m4 will default to _CF_DIR_=.. for back
9490 CONFIG: fix mail from <> so it will properly convert to
9491 MAILER-DAEMON on local addresses.
9492 CONFIG: fix code that was supposed to catch colons in host
9493 names. Problem noted by John Gardiner Myers of CMU.
9494 CONFIG: allow use of SMTP_MAILER_MAX in nullclient configuration.
9495 From Paul Riddle of the University of Maryland, Baltimore
9497 CONFIG: Catch and reject "." as a host address.
9498 CONFIG: Generalize domaintable to look up all domains, not
9499 just unqualified ones.
9500 CONFIG: Delete OLD_SENDMAIL support -- as near as I can tell, it
9501 was never used and didn't work anyway.
9502 CONFIG: Set flags A, w, 5, :, /, |, and @ on the "local" mailer
9503 and d on all mailers in the UUCP class.
9504 CONFIG: Allow "user+detail" to be aliased specially: it will first
9505 look for an alias for "user+detail", then for "user+*", and
9506 finally for "user". This is intended for forwarding mail
9507 for system aliases such as root and postmaster to a
9509 CONFIG: add confEIGHT_BIT_HANDLING to set option 8 (see above).
9510 CONFIG: add smtp8 mailer; this has the F=8 (just-send-8) flag set.
9511 The F=8 flag is also set on the "relay" mailer, since
9512 this is expected to be another sendmail.
9513 CONFIG: avoid qualifying all UUCP addresses sent via SMTP with
9514 the name of the UUCP_RELAY -- in some cases, this is the
9515 wrong value (e.g., when we have local UUCP connections),
9516 and this can create unreplyable addresses. From Chip
9517 Rosenthal of Unicom.
9518 CONFIG: add confRECEIVED_HEADER to change the format of the
9519 Received: header inserted into all messages. Suggested by
9520 Gary Mills of the University of Manitoba.
9521 CONFIG: Make "notsticky" the default; use FEATURE(stickyhost)
9522 to get the old behavior. I did this upon observing
9523 that almost everyone needed this feature, and that the
9524 concept I was trying to make happen didn't work with
9525 some user agents anyway. FEATURE(notsticky) still works,
9527 CONFIG: Add LUSER_RELAY -- the host to which unrecognized user
9528 names are sent, rather than immediately diagnosing them
9530 CONFIG: Add SMTP_MAILER_ARGS, ESMTP_MAILER_ARGS, SMTP8_MAILER_ARGS,
9531 and RELAY_MAILER_ARGS to set the arguments for the
9532 indicated mailers. All default to "IPC $h". Patch from
9533 Larry Parmelee of Cornell University.
9534 CONFIG: pop mailer needs F=n flag to avoid "annoying side effects
9535 on the client side" and F=P to get an appropriate
9536 return-path. From Kimmo Suominen.
9537 CONFIG: add FEATURE(local_procmail) to use the procmail program
9538 as the local mailer. For addresses of the form "user+detail"
9539 the "detail" part is passed to procmail via the -a flag.
9540 Contributed by Kimmo Suominen.
9541 CONFIG: add MAILER(procmail) to add an interface to procmail for
9542 use from mailertables. This lets you execute arbitrary
9543 procmail scripts. Contributed by Kimmo Suominen.
9544 CONFIG: add T= fields (MTS type) to local, smtp, and uucp mailers.
9545 CONFIG: add OSTYPE(ptx2) for DYNIX/ptx 2.x from Sequent. From
9546 Paul Southworth of CICNet Systems Support.
9547 CONFIG: use -a$g as default to UUCP mailers, instead of -a$f.
9548 This causes the null return path to be rewritten as
9549 MAILER-DAEMON; otherwise UUCP gets horribly confused.
9550 From Michael Hohmuth of Technische Universitat Dresden.
9551 CONFIG: Add FEATURE(bestmx_is_local) to cause any hosts that
9552 list us as the best possible MX record to be treated as
9553 though they were local (essentially, assume that they
9554 are included in $=w). This can cause additional DNS
9555 traffic, but is easier to administer if this fits your
9556 local model. It does not work reliably if there are
9557 multiple hosts that share the best MX preference.
9558 Code contributed by John Oleynick of Rutgers.
9559 CONFIG: Add FEATURE(smrsh) to use smrsh (the SendMail Restricted
9560 SHell) instead of /bin/sh as the program used for delivery
9561 to programs. If an argument is included, it is used as
9562 the path to smrsh; otherwise, /usr/local/etc/smrsh is
9564 CONFIG: Add LOCAL_MAILER_MAX and PROCMAILER_MAILER_MAX to limit the
9565 size of messages to the local and procmail mailers
9566 respectively. Contributed by Brad Knowles of the Defense
9567 Information Systems Agency.
9568 CONFIG: Handle leading ``phrase:'' and trailing ``;'' as comments
9569 (just like text outside of angle brackets) in order to
9570 properly deal with ``group: addr1, ... addrN;'' syntax.
9571 CONFIG: Require OSTYPE macro (the defaults really don't apply to
9572 any real systems any more) and tweak the DOMAIN macro
9573 so that it is less likely that users will accidentally use
9574 the Berkeley defaults. Also, create some generic files
9575 that really can be used in the real world.
9576 CONFIG: Add new configuration macros to set character sets for
9577 messages _arriving from_ various mailers: LOCAL_MAILER_CHARSET,
9578 SMTP_MAILER_CHARSET, and UUCP_MAILER_CHARSET.
9579 CONFIG: Change UUCP_MAX_SIZE to UUCP_MAILER_MAX for consistency.
9580 The old name will still be accepted for a while at least.
9581 CONFIG: Implement DECNET_RELAY as spec for host to which DECNET
9582 mail (.DECNET pseudo-domain or node::user) will be sent.
9583 As with all relays, it can be ``mailer:hostname''. Suggested
9585 CONFIG: Add MAILER(mail11) to get DECnet support. Code contributed
9586 by Barb Dijker of Labyrinth Computer Services.
9587 CONFIG: change confCHECK_ALIASES to default to False -- it has poor
9588 performance for large alias files, and this confused many
9590 CONFIG: Add confCF_VERSION to append local information to the
9591 configuration version number displayed during SMTP startup.
9592 CONFIG: fix some.newsgroup.usenet@local.host syntax (previously it
9593 would only work when locally addressed. Fix from
9594 Edvard Tuinder of Cistron Internet Services.
9595 CONFIG: use ${opMode} to avoid error on .REDIRECT addresses if option
9596 "n" (CheckAliases) is set when rebuilding alias database.
9597 Based on code contributed by Claude Marinier.
9598 CONFIG: Allow mailertable to have values of the form
9599 ``error:code message''. The ``code'' is a status code
9600 derived from the sysexits codes -- e.g., NOHOST or UNAVAILABLE.
9601 Contributed by David James <dwj@agw.bt.co.uk>.
9602 CONFIG: add MASQUERADE_DOMAIN(domain list) to extend the list of
9603 sender domains that will be replaced with the masquerade name.
9604 These domains will not be treated as local, but if mail passes
9605 through with sender addresses in those domains they will be
9606 replaced by the masquerade name. These can also be specified
9607 in a file using MASQUERADE_DOMAIN_FILE(filename).
9608 CONFIG: add FEATURE(masquerade_envelope) to masquerade the envelope
9609 as well as the header. Substantial improvements to this
9610 code were contributed by Per Hedeland.
9611 CONFIG: add MAILER(phquery) to define a new "ph" mailer; this can be
9612 accessed from a mailertable to do CCSO ph lookups. Contributed
9614 CONFIG: add MAILER(cyrus) to define a new Cyrus mailer; this can be
9615 used to define cyrus and cyrusbb mailers (for IMAP support).
9616 Contributed by John Gardiner Myers of Carnegie Mellon.
9617 CONFIG: add confUUCP_MAILER to select default mailer to use for
9618 UUCP addressing. Suggested by Tom Moore of AT&T GIS.
9621 cf/cf/cs-solaris2.mc
9623 cf/cf/generic-bsd4.4.mc
9624 cf/cf/generic-hpux10.mc
9625 cf/cf/generic-hpux9.mc
9626 cf/cf/generic-osf1.mc
9627 cf/cf/generic-solaris2.mc
9628 cf/cf/generic-sunos4.1.mc
9629 cf/cf/generic-ultrix4.mc
9631 cf/domain/berkeley-only.m4
9632 cf/domain/generic.m4
9633 cf/feature/bestmx_is_local.m4
9634 cf/feature/local_procmail.m4
9635 cf/feature/masquerade_envelope.m4
9637 cf/feature/stickyhost.m4
9638 cf/feature/use_ct_file.m4
9642 cf/mailer/phquery.m4
9643 cf/mailer/procmail.m4
9644 cf/ostype/amdahl-uts.m4
9645 cf/ostype/bsdi2.0.m4
9650 cf/ostype/unknown.m4
9653 contrib/rmail.oldsys.patch
9654 mail.local/mail.local.0
9660 src/Makefiles/Makefile.CSOS
9661 src/Makefiles/Makefile.EWS-UX_V
9662 src/Makefiles/Makefile.HP-UX.10
9663 src/Makefiles/Makefile.IRIX.5.x
9664 src/Makefiles/Makefile.IRIX64
9665 src/Makefiles/Makefile.ISC
9666 src/Makefiles/Makefile.KSR
9667 src/Makefiles/Makefile.NEWS-OS.4.x
9668 src/Makefiles/Makefile.NEWS-OS.6.x
9669 src/Makefiles/Makefile.NEXTSTEP
9670 src/Makefiles/Makefile.NonStop-UX
9671 src/Makefiles/Makefile.Paragon
9672 src/Makefiles/Makefile.SCO.3.2v4.2
9673 src/Makefiles/Makefile.SunOS.5.3
9674 src/Makefiles/Makefile.SunOS.5.4
9675 src/Makefiles/Makefile.SunOS.5.5
9676 src/Makefiles/Makefile.UNIX_SV.4.x.i386
9677 src/Makefiles/Makefile.uts.systemV
9678 src/Makefiles/Makefile.UX4800
9686 cf/cf/alpha.mc => cf/cf/s2k-osf1.mc
9687 cf/cf/chez.mc => cf/cf/chez.cs.mc
9688 cf/cf/hpux-cs-exposed.mc => cf/cf/cs-hpux9.mc
9689 cf/cf/osf1-cs-exposed.mc => cf/cf/cs-osf1.mc
9690 cf/cf/s2k.mc => cf/cf/s2k-ultrix4.mc
9691 cf/cf/sunos4.1-cs-exposed.mc => cf/cf/cs-sunos4.1.mc
9692 cf/cf/ultrix4.1-cs-exposed.mc => cf/cf/cs-ultrix4.mc
9693 cf/cf/vangogh.mc => cf/cf/vangogh.cs.mc
9694 cf/domain/Berkeley.m4 => cf/domain/Berkeley.EDU.m4
9695 cf/domain/cs-exposed.m4 => cf/domain/CS.Berkeley.EDU.m4
9696 cf/domain/eecs-hidden.m4 => cf/domain/EECS.Berkeley.EDU.m4
9697 cf/domain/s2k.m4 => cf/domain/S2K.Berkeley.EDU.m4
9698 cf/ostype/hpux.m4 => cf/ostype/hpux9.m4
9699 cf/ostype/irix.m4 => cf/ostype/irix4.m4
9700 cf/ostype/ultrix4.1.m4 => cf/ostype/ultrix4.m4
9701 src/Makefile.* => src/Makefiles/Makefile.*
9702 src/Makefile.AUX => src/Makefiles/Makefile.A-UX
9703 src/Makefile.BSDI => src/Makefiles/Makefile.BSD-OS
9704 src/Makefile.DGUX => src/Makefiles/Makefile.dgux
9705 src/Makefile.RISCos => src/Makefiles/Makefile.UMIPS
9706 src/Makefile.SunOS.4.0.3 => src/Makefiles/Makefile.SunOS.4.0
9711 cf/cf/hpux-cs-hidden.mc
9713 cf/cf/osf1-cs-hidden.mc
9714 cf/cf/sunos3.5-cs-exposed.mc
9715 cf/cf/sunos3.5-cs-hidden.mc
9716 cf/cf/sunos4.1-cs-hidden.mc
9717 cf/cf/ultrix4.1-cs-hidden.mc
9718 cf/domain/cs-hidden.m4
9719 contrib/rcpt-streaming
9720 src/Makefiles/Makefile.SunOS.5.x
9722 8.6.13/8.6.12 1996/01/25
9723 SECURITY: In some cases it was still possible for an attacker to
9724 insert newlines into a queue file, thus allowing access to
9725 any user (except root).
9726 CONFIG: no changes -- it is not a bug that the configuration
9727 version number is unchanged.
9729 8.6.12/8.6.12 1995/03/28
9730 Fix to IDENT code (it was getting the size of the reply buffer
9731 too small, so nothing was ever accepted). Fix from several
9732 people, including Allan Johannesen, Shane Castle of the
9733 Boulder County Information Services, and Jeff Smith of
9734 Warwick University (all arrived within a few hours of
9736 Fix a problem that could cause large jobs to run out of
9737 file descriptors on systems that use vfork() rather
9740 8.6.11/8.6.11 1995/03/08
9741 The ``possible attack'' message would be logged more often
9742 than necessary if you are using Pine as a user agent.
9743 The wrong host would be reported in the ``possible attack''
9744 message when attempted from IDENT.
9745 In some cases the syslog buffer could be overflowed when
9746 reporting the ``possible attack'' message. This can
9747 cause denial of service attacks. Truncate the message
9748 to 80 characters to prevent this problem.
9749 When reading the IDENT response a loop is needed around the
9750 read from the network to ensure that you don't get
9752 Password entries without any shell listed (that is, a null
9753 shell) wouldn't match as "ok". Problem noted by
9755 When running BIND 4.9.x a problem could occur because the
9756 _res.options field is initialized differently than it
9757 was historically -- this requires that sendmail call
9758 res_init before it tweaks any bits.
9759 Fix an incompatibility in openxscript() between the file open mode
9760 and the stdio mode passed to fdopen. This caused UnixWare
9761 2.0 to have conniptions. Fix from Martin Sohnius of
9763 Fix problem with static linking of local getopt routine when
9764 using GNU's ld command. Fix from John Kennedy of
9766 It was possible to turn off privacy flags. Problem noted by
9768 Be more paranoid about writing files. Suggestions by *Hobbit*
9769 and Liudvikas Bukys.
9770 MAKEMAP: fixes for 64 bit machines (DEC Alphas in particular)
9771 from Spider Boardman.
9772 CONFIG: No changes (version number only, to keep it in sync
9775 8.6.10/8.6.10 1995/02/10
9776 SECURITY: Diagnose bogus values to some command line flags that
9777 could allow trash to get into headers and qf files.
9778 Validate the name of the user returned by the IDENT protocol.
9779 Some systems that really dislike IDENT send intentionally
9780 bogus information. Problem pointed out by Michael Bushnell
9781 of the Free Software Foundation. Has some security
9783 Fix a problem causing error messages about DNS problems when
9784 the host name contained a percent sign to act oddly
9785 because it was passed as a printf-style format string.
9786 In some cases this could cause core dumps.
9787 Avoid possible buffer overrun in returntosender() if error
9788 message is quite long. From Fletcher Mattox of the
9789 University of Texas.
9790 Fix a problem that would silently drop "too many hops" error
9791 messages if and only if you were sending to an alias.
9792 From Jon Giltner of the University of Colorado and
9793 Dan Harton of Oak Ridge National Laboratory.
9794 Fix a bug that caused core dumps on some systems if -d11.2 was
9795 set and e->e_message was null. Fix from Bruce Nagel of
9797 Fix problem that can still cause df files to be left around
9798 after "hop count exceeded" messages. Fix from Andrew
9799 Chang and Shau-Ping Lo of SunSoft.
9800 Fix a problem that can cause buffer overflows on very long
9801 user names (as might occur if you piped to a program
9802 with a lot of arguments).
9803 Avoid returning an error and re-queueing if the host signature
9804 is null; this can occur on addresses like ``user@.''.
9805 Problem noted by Wesley Craig and the University of
9807 Avoid possible calls to malloc(0) if MCI caching is turned
9808 off. Bug fix from Pierre David of the Laboratoire
9809 Parallelisme, Reseaux, Systemes et Modelisation (PRiSM),
9810 Universite de Versailles - St Quentin, and Jacky
9812 Make a local copy of the line being sent via senttolist() -- in
9813 some cases, buffers could get trashed by map lookups
9814 causing it to do unexpected things. This also simplifies
9815 some of the map code.
9816 CONFIG: No changes (version number only, to keep it in sync
9819 8.6.9/8.6.9 1994/04/19
9820 Do all mail delivery completely disconnected from any terminal.
9821 This provides consistency with daemon delivery and
9822 may have some security implications.
9823 Make sure that malloc doesn't get called with zero size,
9824 since that fails on some systems. Reported by Ed
9825 Hill of the University of Iowa.
9826 Fix multi-line values for $e (SMTP greeting message). Reported
9827 by Mike O'Connor of Ford Motor Company.
9828 Avoid syserr if no NIS domain name is defined, but the map it
9829 is trying to open is optional. From Win Bent of USC.
9830 Changes for picky compilers from Ed Gould of Digital Equipment.
9831 Hesiod support for UDB from Todd Miller of the University of
9832 Colorado. Use "hesiod" as the service name in the U
9834 Fix a problem that failed to set the "authentic" host name (that
9835 is, the one derived from the socket info) if you called
9836 sendmail -bs from inetd. Based on code contributed by
9837 Todd Miller (this problem was also reported by Guy Helmer
9838 of Dakota State University). This also fixes a related
9839 problem reported by Liudvikas Bukys of the University of
9841 Parameterize "nroff -h" in all the Makefiles so people with
9842 variant versions can use them easily. Suggested by
9843 Peter Collinson of Hillside Systems.
9844 SMTP "MAIL" commands with multiple ESMTP parameters required two
9845 spaces between parameters instead of one. Reported by
9846 Valdis Kletnieks of Virginia Tech.
9847 Reduce the number of system calls during message collection by
9848 using global timeouts around the collect() loop. This
9849 code was contributed by Eric Wassenaar.
9850 If the initial hostname name gathering results in a name
9851 without a dot (usually caused by NIS misconfiguration)
9852 and BIND is compiled in, directly access DNS to get
9853 the canonical name. This should make life easier for
9854 Solaris systems. If it still can't be resolved, and
9855 if the name server is listed as "required", try again
9856 in 30 seconds. If that also fails, exit immediately to
9857 avoid bogus "config error: mail loops back to myself"
9859 Improve the "MAIL DELETED BECAUSE OF LACK OF DISK SPACE" error
9860 message to explain how much space was available and
9861 sound a bit less threatening. Suggested by Stan Janet
9862 of the National Institute of Standards and Technology.
9863 If mail is delivered to an alias that has an owner, deliver any
9864 requested return-receipt immediately, and strip the
9865 Return-Receipt-To: header from the subsequent message.
9866 This prevents a certain class of denial of service
9867 attack, arguably gives more reasonable semantics, and
9868 moves things more towards what will probably become a
9869 network standard. Suggested by Christopher Davis of
9871 Add a "noreceipts" privacy flag to turn off all return receipts
9872 without recompiling.
9873 Avoid printing ESMTP parameters as part of the error message
9874 if there are errors during parsing. This change is
9876 Avoid sending out error messages during the collect phase of
9877 SMTP; there is an MVS mailer from UCLA that gets
9878 confused by this. Of course, I think it's their bug....
9879 Check for the $j macro getting undefined, losing a dot, or getting
9880 lost from $=w in the daemon before accepting a connection;
9881 if it is, it dumps state, prints a LOG_ALERT message,
9882 and drops core for debugging. This is an attempt to
9883 track down a bug that I thought was long since gone.
9884 If you see this, please forward the log fragment to
9885 sendmail@sendmail.ORG.
9886 Change OLD_NEWDB from a #ifdef to a #if so it can be turned off
9887 with -DOLD_NEWDB=0 on the command line. From Christophe
9889 Instead of trying to truncate the listen queue for the server
9890 SMTP port when the load average is too high, just close
9891 the port completely and reopen it later as needed.
9892 This ensures that the other end gets a quick "connection
9893 refused" response, and that the connection can be
9894 recovered later. In particular, some socket emulations
9895 seem to get confused if you tweak the listen queue
9896 size around and can never start listening to connections
9897 again. The down side is that someone could start up
9898 another daemon process in the interim, so you could
9899 have multiple daemons all not listening to connections;
9900 this could in turn cause the sendmail.pid file to be
9901 incorrect. A better approach might be to accept the
9902 connection and give a 421 code, but that could break
9903 other mailers in mysterious ways and have paging behavior
9905 Fix a glitch in TCP-level debugging that caused flag 16.101 to
9906 set debugging on the wrong socket. From Eric Wassenaar.
9907 When creating a df* temporary file, be sure you truncate any
9908 existing data in the file -- otherwise system crashes
9909 and the like could result in extra data being sent.
9910 DOC: Replace the CHANGES-R5-R8 readme file with a paper in the
9911 doc directory. This includes some additional
9913 CONFIG: change UUCP rules to never add $U! or $k! on the front
9914 of recipient envelope addresses. This should have been
9915 handled by the $&h trick, but broke if people were
9916 mixing domainized and UUCP addresses. They should
9917 probably have converted all the way over to uucp-uudom
9918 instead of uucp-{new,old}, but the failure mode was to
9919 loop the mail, which was bad news.
9921 Newer BSDI systems (several people).
9922 Older BSDI systems from Christophe Wolfhugel.
9923 Intergraph CLIX, from Paul Southworth of CICNet.
9924 UnixWare, from Evan Champion.
9925 NetBSD from Adam Glass.
9926 Solaris from Quentin Campbell of the University of
9927 Newcastle upon Tyne.
9928 IRIX from Dean Cookson and Bill Driscoll of Mitre
9930 NCR 3000 from Kevin Darcy of Chrysler Financial Corporation.
9931 SunOS (it has setsid() and setvbuf() calls) from
9932 Jonathan Kamens of OpenVision Technologies.
9933 HP-UX from Tor Lillqvist.
9936 src/Makefile.NCR3000
9937 doc/changes/Makefile
9938 doc/changes/changes.me
9939 doc/changes/changes.ps
9941 8.6.8/8.6.6 1994/03/21
9942 SECURITY: it was possible to read any file as root using the
9943 E (error message) option. Reported by Richard Jones;
9944 fixed by Michael Corrigan and Christophe Wolfhugel.
9946 8.6.7/8.6.6 1994/03/14
9947 SECURITY: it was possible to get root access by using weird
9948 values to the -d flag. Thanks to Alain Durand of
9949 INRIA for forwarding me the notice from the bugtraq
9952 8.6.6/8.6.6 1994/03/13
9953 SECURITY: the ability to give files away on System V-based
9954 systems proved dangerous -- don't run as the owner
9955 of a :include: file on a system that allows giveaways.
9956 Unfortunately, this also applies to determining a
9958 IMPORTANT: Previous versions weren't expiring old connections
9959 in the connection cache for a long time under some
9960 circumstances. This could result in resource exhaustion,
9961 both at your end and at the other end. This checks the
9962 connections for timeouts much more frequently. From
9963 Doug Anderson of NCSC.
9964 Fix a glitch that snuck in that caused programs to be run as
9965 the sender instead of the recipient if the mail was
9966 from a local user to another local user. From
9967 Motonori Nakamura of Kyoto University.
9968 Fix "wildcard" on /etc/shells matching -- instead of looking
9969 for "*", look for "/SENDMAIL/ANY/SHELL/". From
9970 Bryan Costales of ICSI.
9971 Change the method used to declare the "statfs" availability;
9972 instead of HASSTATFS and/or HASUSTAT with a ton of
9973 tweaking in conf.c, there is a single #define called
9974 SFS_TYPE which takes on one of six values (SFS_NONE
9975 for no statfs availability, SFS_USTAT for the ustat(2)
9976 syscall, SFS_4ARGS for a four argument statfs(2) call,
9977 and SFS_VFS, SFS_MOUNT, or SFS_STATFS for a two argument
9978 statfs(2) call with the declarations in <sys/vfs.h>,
9979 <sys/mount.h>, or <sys/statfs.h> respectively).
9980 Fix glitch in NetInfo support that could return garbage if
9981 there was no "/locations/sendmail" property. From
9982 David Meyer of the University of Virginia.
9983 Change HASFLOCK from defined/not-defined to a 0/1 definition
9984 to allow Linux to turn it off even though it is a
9986 Allow setting of "ident" timeout to zero to turn off the ident
9988 Make 7-bit stripping local to a connection (instead of to a
9989 mailer); this allows you to specify that SMTP is a
9990 7-bit channel, but revert to 8-bit should it advertise
9991 that it supports 8BITMIME. You still have to specify
9992 mailer flag 7 to get this stripping at all.
9993 Improve makesendmail script so it handles more cases automatically.
9994 Tighten up restrictions on taking ownership of :include: files
9995 to avoid problems on systems that allow you to give away
9997 Fix a problem that made it impossible to rebuild the alias
9998 file if it was on a read-only file system. From
9999 Harry Edmon of the University of Washington.
10000 Improve MX randomization function. From John Gardiner Myers
10002 Fix a minor glitch causing a bogus message to be printed (used
10003 %s instead of %d in a printf string for the line number)
10004 when a bad queue file was read. From Harry Edmon.
10005 Allow $s to remain NULL on locally generated mail. I'm not
10006 sure this is necessary, but a lot of people have complained
10007 about it, and there is a legitimate question as to whether
10008 "localhost" is legal as an 822-style domain.
10009 Fix a problem with very short line lengths (mailer L= flag) in
10010 headers. This causes a leading space to be added onto
10011 continuation lines (including in the body!), and also
10012 tries to wrap headers containing addresses (From:, To:,
10013 etc) intelligently at the shorter line lengths. Problem
10014 Reported by Lars-Johan Liman of SUNET Operations Center.
10015 Log the real user name when logging syserrs, since these can have
10016 security implications. Suggested by several people.
10017 Fix address logging of cached connections -- it used to always
10018 log the numeric address as zero. This is a somewhat
10019 bogus implementation in that it does an extra system
10020 call, but it should be an inexpensive one. Fix from
10022 Tighten up handling of short syslog buffers even more -- there
10023 were cases where the outgoing relay= name was too long
10024 to share a line with delay= and mailer= logging.
10025 Limit the overhead on split envelopes to one open file descriptor
10026 per envelope -- previously the overhead was three
10027 descriptors. This was in response to a problem reported
10028 by P{r (Pell) Emanuelsson.
10029 Fixes to better handle the case of unexpected connection closes;
10030 this redirects the output to the transcript so the info
10031 is not lost. From Eric Wassenaar.
10032 Fix potential string overrun if you macro evaluate a string that
10033 has a naked $ at the end. Problem noted by James Matheson
10034 <jmrm@eng.cam.ac.uk>.
10035 Make default error number on $#error messages 553 (``Requested
10036 action not taken: mailbox name not allowed'') instead of
10037 501 (``Syntax error in parameters or arguments'') to
10038 avoid bogus "protocol error" messages.
10039 Strip off any existing trailing dot on names during $[ ... $]
10040 lookup. This prevents it from ending up with two dots
10041 on the end of dot terminated names. From Wesley Craig
10042 of the University of Michigan and Bryan Costales of ICSI.
10043 Clean up file class reading so that the debugging information is
10044 more informative. It hadn't been using setclass, so you
10045 didn't see the class items being added.
10046 Avoid core dump if you are running a version of sendmail where
10047 NIS is compiled in, and you specify an NIS map, but
10048 NIS is not running. Fix from John Oleynick of
10050 Diagnose bizarre case where res_search returns a failure value,
10051 but sets h_errno to a success value.
10052 Make sure that "too many hops" messages are considered important
10053 enough to send an error to the Postmaster (that is, the
10054 address specified in the P option). This fix should
10055 help problems that cause the df file to be left around
10056 sometimes -- unfortunately, I can't seem to reproduce
10057 the problem myself.
10058 Avoid core dump (null pointer reference) on EXPN command; this
10059 only occurred if your log level was set to 10 or higher
10060 and the target account was an alias or had a .forward file.
10061 Problem noted by Janne Himanka.
10062 Avoid "denial of service" attacks by someone who is flooding your
10063 SMTP port with bad commands by shutting the connection
10064 after 25 bad commands are issued. From Kyle Jones of
10066 Fix core dump on error messages with very long "to" buffers;
10067 fmtmsg overflows the message buffer. Fixed by trimming
10068 the to address to 203 characters. Problem reported by
10070 Fix configuration for HASFLOCK -- there were some spots where
10071 a #ifndef was incorrectly #ifdef. Pointed out by
10072 George Baltz of the University of Maryland.
10073 Fix a typo in savemail() that could cause the error message To:
10074 lists to be incorrect in some places. From Motonori
10076 Fix a glitch that can cause duplicate error messages on split
10077 envelopes where an address on one of the lists has a
10078 name server failure. Fix from Voradesh Yenbut of the
10079 University of Washington.
10080 Fix possible bogus pointer reference on ESMTP parameters that
10081 don't have an ``=value'' part.
10082 CNAME loops caused an error message to be generated, but also
10083 re-queued the message. Changed to just re-queue the
10084 message (it's really hard to just bounce it because
10085 of the weird way the name server works in the presence
10086 of CNAME loops). Problem noted by James M.R.Matheson
10087 of Cambridge University.
10088 Avoid giving ``warning: foo owned process doing -bs'' messages
10089 if they use ``MAIL FROM:<foo>'' where foo is their true
10090 user name. Suggested by Andreas Stolcke of ICSI.
10091 Change the NAMED_BIND compile flag to be a 0/1 flag so you can
10092 override it easily in the Makefile -- that is, you can
10093 turn it off using -DNAMED_BIND=0.
10094 If a gethostbyname(...) of an address with a trailing dot fails,
10095 try it without the trailing dot. This is because if
10096 you have a version of gethostbyname() that falls back
10097 to NIS or the /etc/hosts file it will fail to find
10098 perfectly reasonable names that just don't happen to
10099 be dot terminated in the hosts file. You don't want to
10100 strip the dot first though because we're trying to ensure
10101 that country names that match one of your subdomains get
10103 PRALIASES: fix bogus output on non-null-terminated strings.
10104 From Bill Gianopoulos of Raytheon.
10105 CONFIG: Avoid rewriting anything that matches $w to be $j.
10106 This was in code intended to only catch the self-literal
10107 address (that is, [1.2.3.4], where 1.2.3.4 is your
10108 IP address), but the code was broken. However, it will
10109 still do this if $M is defined; this is necessary to
10110 get client configurations to work (sigh). Note that this
10111 means that $M overrides :mailname entries in the user
10112 database! Problem noted by Paul Southworth.
10113 CONFIG: Fix definition of Solaris help file location. From
10114 Steve Cliffe <steve@gorgon.cs.uow.edu.au>.
10115 CONFIG: Fix bug that broke news.group.USENET mappings.
10116 CONFIG: Allow declaration of SMTP_MAILER_MAX, FAX_MAILER_MAX,
10117 and USENET_MAILER_MAX to tweak the maximum message
10118 size for various mailers.
10119 CONFIG: Change definition of USENET_MAILER_ARGS to include argv[0]
10120 instead of assuming that it is "inews" for consistency
10121 with other mailers. From Michael Corrigan of UC San Diego.
10122 CONFIG: When mail is forwarded to a LOCAL_RELAY or a MAIL_HUB,
10123 qualify the address in the SMTP envelope as user@{relay|hub}
10124 instead of user@$j. From Bill Wisner of The Well.
10125 CONFIG: Fix route-addr syntax in nullrelay configuration set.
10126 CONFIG: Don't turn off case mapping of user names in the local
10127 mailer for IRIX. This was different than most every other
10129 CONFIG: Avoid infinite loops on certainly list:; syntaxes in
10130 envelope. Noted by Thierry Besancon
10131 <besancon@excalibur.ens.fr>.
10132 CONFIG: Don't include -z by default on uux line -- most systems
10133 don't want it set by default. Pointed out by Philippe
10134 Michel of Thomson CSF.
10135 CONFIG: Fix some bugs with mailertables -- for example, if your
10136 host name was foo.bar.ray.com and you matched against
10137 ".ray.com", the old implementation bound %1 to "bar"
10138 instead of "foo.bar". Also, allow "." in the mailertable
10139 to match anything -- essentially, take over SMART_HOST.
10140 This also moves matching of explicit local host names
10141 before the mailertable so they don't have to be special
10142 cased in the mailertable data. Reported by Bill
10143 Gianopoulos of Raytheon; the fix for the %1 binding
10144 problem was contributed by Nicholas Comanos of the
10145 University of Sydney.
10146 CONFIG: Don't include "root" in class $=L (users to deliver
10147 locally, even if a hub or relay exists) by default.
10148 This is because of the known bug where definition of
10149 both a LOCAL_RELAY and a MAIL_HUB causes $=L to ignore
10150 both and deliver into the local mailbox.
10151 CONFIG: Move up bitdomain and uudomain handling so that they
10152 are done before .UUCP class matching; uudomain was
10153 reported as ineffective before. This also frees up
10154 diversion 8 for future use. Problem reported by Kimmo
10156 CONFIG: Don't try to convert dotted IP address (e.g., [1.2.3.4])
10157 into host names. As pointed out by Jonathan Kamens,
10158 these are often used because either the forward or reverse
10159 mapping is broken; this translation makes it broken again.
10160 DOC: Clarify $@ and $: in the Install & Op Guide. From Kimmo
10163 Unicos from David L. Kensiski of Sterling Software.
10164 DomainOS from Don Lewis of Silicon Systems.
10165 GNU m4 1.0.3 from Karst Koymans of Utrecht University.
10166 Convex from Kimmo Suominen <kim@tac.nyc.ny.us>.
10167 NetBSD from Adam Glass <glass@sun-lamp.cs.berkeley.edu>.
10168 BSD/386 from Tony Sanders of BSDI.
10169 Apollo from Eric Wassenaar.
10170 DGUX from Doug Anderson.
10171 Sequent DYNIX/ptx 2.0 from Tim Wright of Sequent.
10173 src/Makefile.DomainOS
10175 src/Makefile.SunOS.5.1
10176 src/Makefile.SunOS.5.2
10177 src/Makefile.SunOS.5.x
10179 cf/ostype/domainos.m4
10182 doc/usenix/Makefile
10184 8.6.5/8.6.5 1994/01/13
10185 Security fix: /.forward could be owned by anyone (the test
10186 to allow root to own any file was backwards). From
10187 Bob Campbell at U.C. Berkeley.
10188 Security fix: group ids were not completely set when programs
10189 were invoked. This caused programs to have group
10190 permissions they should not have had (usually group
10191 daemon instead of their own group). In particular,
10192 Perl scripts would refuse to run.
10193 Security: check to make sure files that are written are not
10194 symbolic links (at least under some circumstances).
10195 Although this does not respond to a specific known
10196 attack, it's just a good idea. Suggested by
10197 Christian Wettergren.
10198 Security fix: if a user had an NFS mounted home directory on
10199 a system with a restricted shell listed in their
10200 /etc/passwd entry, they could still execute any
10201 program by putting that in their .forward file.
10202 This fix prevents that by insisting that their shell
10203 appear in /etc/shells before allowing a .forward to
10204 execute a program or write a file. You can disable
10205 this by putting "*" in /etc/shells. It also won't
10206 permit world-writable :include: files to reference
10207 programs or files (there's no way to disable this).
10208 These behaviors are only one level deep -- for
10209 example, it is legal for a world-writable :include:
10210 file to reference an alias that writes a file, on
10211 the assumption that the alias file is well controlled.
10212 Security fix: root was not treated suspiciously enough when
10213 looking into subdirectories. This would potentially
10214 allow a cracker to examine files that were publicly
10215 readable but in a non-publicly searchable directory.
10216 Fix a problem that causes an error on QUIT on a cached
10217 connection to create problems on the current job.
10218 These are typically unrelated, so errors occur in
10220 Reset CurrentLA in sendall() -- this makes sendmail queue
10221 runs more responsive to load average, and fixes a
10222 problem that ignored the load average in locally
10223 generated mail. From Eric Wassenaar.
10224 Fix possible core dump on aliases with null LHS. From
10225 John Orthoefer of BB&N.
10226 Revert to using flock() whenever possible -- there are just
10227 too many bugs in fcntl() locking, particularly over
10228 NFS, that cause sendmail to fail in perverse ways.
10229 Fix a bug that causes the connection cache to get confused
10230 when sending error messages. This resulted in
10231 "unexpected close" messages. It should fix itself
10232 on the following queue run. Problem noted by
10233 Liudvikas Bukys of the University of Rochester.
10234 Include $k in $=k as documented in the Install & Op Guide.
10235 This seems odd, but it was documented.... From
10236 Michael Corrigan of UCSD.
10237 Fix problem that caused :include:s from alias files to be
10238 forced to be owned by root instead of daemon
10239 (actually DefUid). From Tim Irvin.
10240 Diagnose unrecognized I option values -- from Mortin Forssen
10241 of the Chalmers University of Technology.
10242 Make "error" mailer work consistently when there is no error
10243 code associated with it -- previously it returned OK
10244 even though there was a real problem. Now it assumes
10246 Fix bug that caused the last header line of messages that had
10247 no body and which were terminated with EOF instead of
10248 "." to be discarded. Problem noted by Liudvikas Bukys.
10249 Fix core dump on SMTP mail to programs that failed -- it tried
10250 to go to a "next MX host" when none existed, causing
10251 a core dump. From der Mouse at McGill University.
10252 Change IDENTPROTO from a defined/not defined to a 0/1 switch;
10253 this makes it easier to turn it off (using
10254 -DIDENTPROTO=0 in the Makefile). From der Mouse.
10255 Fix YP_MASTER_NAME store to use the unupdated result of
10256 gethostname() (instead of myhostname(), which tries
10257 to fully qualify the name) to be consistent with
10258 SunOS. If your hostname is unqualified, this fixes
10259 transfers to secondary servers. Bug noted by Keith
10260 McMillan of Ameritech Services, Inc.
10261 Fix Ultrix problem: gethostbyname() can return a very large
10262 (> 500) h_length field, which causes the sockaddr
10263 to be trashed. Use the size of the sockaddr instead.
10264 Fix from Bob Manson of Ohio State.
10265 Don't assume "-a." on host lookups if NAMED_BIND is not
10266 defined -- this confuses gethostbyname on hosts
10267 file lookups, which doesn't understand the trailing
10269 Log SMTP server subprocesses that die with a signal instead
10270 of from a clean exit.
10271 If you don't have option "I" set, don't assume that a DNS
10272 "host unknown" message is authoritative -- it
10273 might still be found in /etc/hosts.
10274 Fix a problem that would cause Deferred: messages to be sent
10275 as the subject of an error message, even though the
10276 actual cause of a message was more severe than that.
10277 Problem noted by Chris Seabrook of OSSI.
10278 Fix race condition in DBM alias file locking. From Kyle
10280 Limit delivery syslog line length to avoid bugs in some
10281 versions of syslog(3). This adds a new compile time
10282 variable SYSLOG_BUFSIZE. From Jay Plett of Princeton
10283 University, which is in turn derived from IDA.
10284 Fix quotes inside of comments in addresses -- previously
10285 it insisted that they be balanced, but the 822 spec
10286 says that they should be ignored.
10287 Dump open file state to syslog upon receiving SIGUSR1 (for
10288 debugging). This also evaluates ruleset 89, if set
10289 (with the null input), and logs the result. This
10290 should be used sparingly, since the rewrite process
10292 Change -qI, -qR, and -qS flags to be case-insensitive as
10293 documented in the Bat Book.
10294 If the mailer returned EX_IOERR or EX_OSERR, sendmail did not
10295 return an error message and did not requeue the message.
10296 Fix based on code from Roland Dirlewanger of
10297 Reseau Regional Aquarel, Bordeaux, France.
10298 Fix a problem that caused a seg fault if you got a 421 error
10299 code during some parts of connection initialization.
10300 I've only seen this when talking to buggy mailers on
10301 the other end, but it shouldn't give a seg fault in
10302 any case. From Amir Plivatsky.
10303 Fix core dump caused by a ruleset call that returns null.
10304 Fix from Bryan Costales of ICSI.
10305 Full-Name: field was being ignored. Fix from Motonori Nakamura
10306 of Kyoto University.
10307 Fix a possible problem with very long input lines in setproctitle.
10308 From P{r Emanuelsson.
10309 Avoid putting "This is a warning message" out on return receipts.
10310 Suggested by Douglas Anderson.
10311 Detect loops caused by recursive ruleset calls. Suggested by
10313 Initialize non-alias maps during alias rebuilds -- they may be
10314 needed for parsing. Problem noted by Douglas Anderson.
10315 Log sender address even if no message was collected in SMTP
10316 (e.g., if all RCPTs failed). Suggested by Motonori
10318 Don't reflect the owner-list contents into the envelope sender
10319 address if the value contains ", :, /, or | (to avoid
10320 illegal addresses appearing there).
10321 Efficiency hack for toktype macro -- from Craig Partridge of
10323 Clean up DNS error printing so that a host name is always
10325 Remember to set $i during queue runs. Reported by Stephen
10326 Campbell of Dartmouth University.
10327 If the environment variable HOSTALIASES is set, use it during
10328 canonification as the name of a file with per-user host
10329 translations so that headers are properly mapped. Reported
10330 by Anne Bennett of Concordia University.
10331 Avoid printing misleading error message if SMTP mailer (not
10332 using [IPC]) should die on a core dump.
10333 Avoid incorrect diagnosis of "file 1 closed" when it is caused
10334 by the other end closing the connection. From
10335 Dave Morrison of Oracle.
10336 Improve several of the error messages printed by "mailq"
10337 to include a host name or other useful information.
10338 Add NetInfo preliminary support for NeXT systems. From Vince
10340 Fix a glitch that sometimes caused :include:s that pointed to
10341 NFS filesystems that were down to give an "aliasing/
10342 forwarding loop broken" message instead of queueing
10343 the message for retry. Noted by William C Fenner of
10344 the NRL Connection Machine Facility.
10345 Fix a problem that could cause a core dump if the input sequence
10346 had (or somehow acquired) a \231 character.
10347 Make sure that route-addrs always have <angle brackets> around
10348 them in non-SMTP envelopes (SMTP envelopes already do
10350 Avoid weird headers on unbalanced punctuation of the form:
10351 ``Joe User <user)'' -- this caused reference to the
10352 null macro. Fix from Rick McCarty of IO.COM.
10353 Fix a problem that caused an alias "user: user@local.host" to
10354 not have the QNOTREMOTE bit set; this caused configs
10355 to act as if FEATURE(notsticky) was defined even when
10356 it was not. The effect of the problem was to make it
10357 very hard to to set up satellite sites that had a few
10358 local accounts, with everything else forwarded to a
10359 corporate hub. Reported by Detlef Drewanz of the
10360 University of Rostock and Mark Frost of NCD.
10361 Change queuing to not call rulesets 3, {1 or 2}, 4 on header
10362 addresses. This is more efficient (fewer name server
10363 calls) and fixes certain unusual configurations, such
10364 as those that have ruleset 4 do something that is
10365 non-idempotent unless a mailer-specific ruleset did
10366 something else. Problem reported by Brian J. Coan
10367 of the Institute for Global Communications.
10368 Fix the "obsolete argument" routine in main to better understand
10369 new arguments. For example, if you used ``sendmail
10370 -C config -v -q'' it would choke on the -q because
10371 the -C would stop looking for old-format arguments.
10372 Fix the code that was intended to allow two users to forward their
10373 mail to the same program and have them appear unique.
10374 Portability fixes for:
10375 SCO UNIX from Murray Kucherawy.
10376 SCO Open Server 3.2v4 from Philippe Brand.
10377 System V Release 4 from Rick Ellis and others.
10378 OSF/1 from Steve Campbell.
10379 DG/UX from Ben Mesander of the USGS and Bryan Curnutt
10380 of Stoner Associates.
10381 Motorola SysV88 from Kevin Johnson of Motorola.
10382 Solaris 2.3 from Casper H.S. Dik of the University
10383 of Amsterdam and John Caruso of University
10385 FreeBSD from Ollivier Robert.
10386 NetBSD from Adam Glass.
10387 TitanOS from Kate Hedstrom of Rutgers University.
10388 Irix from Bryan Curnutt.
10389 Dynix from Jim Davis of the University of Arizona.
10391 Linux from John Kennedy of California State University
10393 Solaris 2.x from Tony Boner of the U.S. Air Force.
10394 NEXTSTEP 3.x from Vince DeMarco.
10395 HP-UX from various people. NOTA BENE: the location
10396 of the config file has moved to /usr/lib
10397 to match the HP-UX version of sendmail.
10398 CONFIG: Don't do any recipient rewriting on relay mailer;
10399 since this is intended only for internal use, the
10400 usual RFC 821/822/1123 rules can be relaxed. The
10401 main point of this is to avoid munging (ugh) UUCP
10402 addresses when relaying internally.
10403 CONFIG: fix typo in mailer/uucp.m4 that mutilates list:;
10404 syntax addresses delivered via UUCP. Solution
10405 provided by Peter Wemm.
10406 CONFIG: fix thumb-fumble in default UUCP relaying in ruleset
10407 zero; it caused double @ signs in addresses. From
10408 Irving Reid of the University of Toronto.
10409 CONFIG: Portability fixes for SCO Unix 3.2 with TCP/IP 1.2.1
10410 from Markku Toijala of ICL Personal Systems Oy.
10411 CONFIG: Add trailing "." on pseudo-domains for consistency;
10412 this fixes a problem (noted by Al Whaley of Sunnyside)
10413 that made it hard to recognize your own pseudodomain
10415 CONFIG: catch "@host" syntax errors (i.e., null local-parts)
10416 rather than letting them get "local configuration
10417 error"s. Problem noted by John Gardiner Myers.
10418 CONFIG: add uucp-uudom mailer variant, based on code posted
10419 by Spider Boardman <spider@Orb.Nashua.NH.US>; this
10420 has uucp-dom semantics but old UUCP syntax. This
10421 also permits "uucp-old" as an alias for "uucp" and
10422 "uucp-new" as a synonym for "suucp" for consistency.
10423 CONFIG: add POP mailer support (from Kimmo Suominen
10424 <kim@grendel.lut.fi>).
10425 CONFIG: drop CSNET_RELAY support -- CSNET is long gone.
10426 CONFIG: fix bug caused with domain literal addresses (e.g.,
10427 ``[128.32.131.12]'') when FEATURE(allmasquerade)
10428 was set; it would get an additional @masquerade.host
10429 added to the address. Problem noted by Peter Wan
10431 CONFIG: make sure that the local UUCP name is in $=w. From
10432 Jim Murray of Stratus.
10433 CONFIG: changes to UUCP rewriting to simulate IDA-style "V"
10434 mailer flag. Briefly, if you are sending to host
10435 "foo", then it rewrites "foo!...!baz" to "...!baz",
10436 "foo!baz" remains "foo!baz", and anything else has
10437 the local name prepended.
10438 CONFIG: portability fixes for HP-UX.
10439 DOC: several minor problems fixed in the Install & Op Guide.
10440 MAKEMAP: fix core dump problem on lines that are too long or
10441 which lack newline. From Mark Delany.
10442 MAILSTATS: print sums of columns (total messages & kbytes
10443 in and out of the system). From Tom Ferrin of UC
10444 San Francisco Computer Graphics Lab.
10445 SIGNIFICANT USER- OR SYSAD-VISIBLE CHANGES:
10446 On HP-UX, /etc/sendmail.cf has been moved to
10447 /usr/lib/sendmail.cf to match HP sendmail.
10448 Permissions have been tightened up on world-writable
10449 :include: files and accounts that have shells
10450 that are not listed in /etc/shells. This may
10451 cause some .forward files that have worked
10452 before to start failing.
10453 SIGUSR1 dumps some state to the log.
10457 src/Makefile.FreeBSD
10458 src/Makefile.Mach386
10459 src/Makefile.NetBSD
10460 src/Makefile.RISCos
10465 cf/ostype/bsdi1.0.m4
10467 cf/ostype/dynix3.2.m4
10468 cf/ostype/sco3.2.m4
10469 makemap/Makefile.dist
10470 praliases/Makefile.dist
10472 8.6.4/8.6.4 1993/10/31
10473 Repair core-dump problem (write to read-only memory segment)
10474 if you fall back to the return-to-Postmaster case in
10475 savemail. Problem reported by Richard Liu.
10476 Immediately diagnose bogus sender addresses in SMTP. This
10477 makes quite certain that crackers can't use this
10479 Reliability Fix: check return value from fclose() and fsync()
10480 in a few critical places.
10481 Minor problem in initsys() that reversed a condition for
10482 redirecting the output channel on queue runs. It's
10483 not clear this code even does anything. From Eric
10484 Wassenaar of the Dutch National Institute for Nuclear
10485 and High-Energy Physics.
10486 Fix some problems that caused queue runs to do "too much work",
10487 such as double-reading the Errors-To: header. From
10489 Error messages on writing the temporary file (including the
10490 data file) were getting suppressed in SMTP -- this
10491 fix causes them to be properly reported. From Eric
10493 Some changes to support AF_UNIX sockets -- this will only
10494 really become relevant in the next release, but some
10495 people need it for local patches. From Michael
10496 Corrigan of UC San Diego.
10497 Use dynamically allocated memory (instead of static buffers)
10498 for macros defined in initsys() and settime(); since
10499 these can have different values depending on which
10500 envelope they are in. From Eric Wassenaar.
10501 Improve logging to show ctladdr on to= logging; this tells you
10502 what uid/gid processes ran as.
10503 Fix a problem that caused error messages to be discarded if
10504 the sender address was unparseable for some reason;
10505 this was supposed to fall back to the "return to
10507 Improve aliaswait backoff algorithm.
10508 Portability patches for Linux (8.6.3 required another header
10509 file) (from Karl London) and SCO UNIX.
10510 CONFIG: patch prog mailer to not strip host name off of envelope
10511 addresses (so that it matches local again). From
10513 CONFIG: change uucp-dom mailer so that "<>" translates to $n;
10514 this prevents uux from seeing lines with null names like
10515 ``From Sat Oct 30 14:55:31 1993''. From Motonori
10516 Nakamura of Kyoto University.
10517 CONFIG: handle <list:;> syntax correctly. This isn't legal, but
10518 it shouldn't fail miserably. From Motonori Nakamura.
10520 8.6.2/8.6.2 1993/10/15
10521 Put a "successful delivery" message in the transcript for
10522 addresses that get return-receipts.
10523 Put a prominent "this is only a warning" message in warning
10524 messages -- some people don't read carefully enough
10525 and end up sending the message several times.
10526 Include reason for temporary failure in the "warning" return
10527 message. Currently, it just says "cannot send for
10529 Fix the "Original message received" time generated for
10530 returntosender messages. It was previously listed as
10531 the current time. Bug reported by Eric Hagberg of
10532 Cornell University Medical College.
10533 If there is an error when writing the body of a message,
10534 don't send the trailing dot and wait for a response
10535 in sender SMTP, as this could cause the connection to
10536 hang up under some bizarre circumstances. From Eric
10538 Fix some server SMTP synchronization problems caused when
10539 connections fail during message collection. From
10541 Fix a problem that can cause srvrsmtp to reject mail if the
10542 name server is down -- it accepts the RCPT but rejects
10543 the DATA command. Problem reported by Jim Murray of
10545 Fix a problem that can cause core dumps if the config file
10546 incorrectly resolves to a null hostname. Reported by
10547 Allan Johannesen of WPI.
10548 Non-root use of -C flag, dangerous -f flags, and use of -oQ
10549 by non-root users were not put into
10550 X-Authentication-Warning:s as intended because the
10551 config file hadn't set the PrivacyOptions yet. Fix
10552 from Sven-Ove Westberg of the University of Lulea.
10553 Under very odd circumstances, the alias file rebuild code
10554 could get confused as to whether a database was
10556 Check "vendor code" on the end of V lines -- this is
10557 intended to provide a hook for vendor-specific
10558 configuration syntax. (This is a "new feature",
10559 but I've made an exception to my rule in a belief
10560 that this is a highly exceptional case.)
10561 Portability fixes for DG/UX (from Douglas Anderson of NCSC),
10562 SCO Unix (from Murray Kucherawy), A/UX, and OSF/1
10563 (from Jon Forrest of UC Berkeley)
10564 CONFIG: fix ``mailer:host'' form of UUCP relay naming.
10566 8.6.1/8.6 1993/10/08
10567 Portability fixes for A/UX and Encore UMAX V.
10568 Fix error message handling -- if you had a name server down
10569 causing an error during parsing, that message was never
10570 propagated to the queue file.
10573 Configuration cleanup: make it easier to undo IDENTPROTO in
10574 conf.h (other systems have the same bug).
10575 If HASGETDTABLESIZE and _SC_OPEN_MAX are both defined, assume
10576 getdtablesize() instead of sysconf(); a disturbingly
10577 large number of systems defined _SC_OPEN_MAX in the
10578 header files but don't have the syscall.
10579 Another patch to really truly ignore MX records in getcanonname
10581 Fix problem that caused the "250 IAA25499 Message accepted for
10582 delivery" message to be omitted if there was an error
10583 in the header of the message (e.g., a bad Errors-To:
10584 line). Pointed out by Michael Corrigan of UCSD.
10585 Announce name of host we are chatting when we get errors; this
10586 is an IDA-ism suggested by Christophe Wolfhugel.
10587 Portability fixes for Alpha OSF/1 (from Anthony Baxter of the
10588 Australian Artificial Intelligence Institute), SCO Unix
10589 (from Murray Kucherawy of Hookup Communication Corp.),
10590 NeXT (from Vince DeMarco and myself), Linux (from
10591 Karl London <karl@borg.demon.co.uk>), BSDI (from
10592 Christophe Wolfhugel, and SVR4 on Dell (from Kimmo
10593 Suominen), AUX 3.0 on Macintosh, and ANSI C compilers.
10594 Some changes to get around gcc optimizer bugs. From Takahiro
10596 Fix error recovery in queueup if another tf file of the same
10597 name already exists. Problem stumbled over by Bill
10598 Wisner of The Well.
10599 Output YP_MASTER_NAME and YP_LAST_MODIFIED without null bytes.
10600 Problem noted by Keith McMillan of Ameritech Services.
10601 Deal with group permissions properly when opening .forward and
10602 :include: files. This relaxes the 8.1C restrictions
10603 slightly more. This includes proper setting of groups
10604 when reading :include: files, allowing you to read some
10605 files that you should be able to read but have previously
10606 been denied unless you owned them or they had "other"
10608 Make certain that $j is in $=w (after the .cf is read) so that
10609 if the user is forced to override some silly system,
10610 MX suppression will still work.
10611 Fix a couple of efficiency problems where newstr was double-
10612 calling expensive routines. In at least one case, it
10613 wasn't guaranteed that they would always return the
10614 same result. Problem noted by Christophe Wolfhugel.
10615 Fix null pointer dereference in putoutmsg -- only on an error
10616 condition from a non-SMTP mailer. From Motonori
10618 Macro expand "C" line class definitions before scanning so that
10620 Fix problem that caused error message to be sent while still
10621 trying to send the original message if the connection
10622 is closed during a DATA command after getting an error
10623 on an RCPT command (pretty obscure). Problem reported
10624 by John Myers of CMU.
10625 Fix reply to NOOP to be 250 instead of 200 -- this is a long
10627 Fix a nasty bug causing core dumps when returning the "warning:
10628 cannot deliver for N hours -- will keep trying" message;
10629 it only occurred if you had PostmasterCopy set and
10630 only on some architectures. Although sendmail would
10631 keep trying, it would send error messages on each
10632 queue interval. This is an important fix.
10633 Allow u and g options to take user and group names respectively.
10634 Don't do a chdir into the queue directory in -bt mode to make
10635 ruleset testing a bit easier.
10636 Don't allow users to turn off logging (using -oL) on the command
10637 line -- command line can only raise, not lower, logging
10639 Set $u to the original recipient on the SMTP transaction or on
10640 the command line. This is only done if there is exactly
10641 one recipient. Technically, this does not meet the
10642 specs, because it does not guarantee a domain on the
10644 Fix a problem that dumped error messages on bad addresses if
10645 you used the -t flag. Problem noted by Josh Smith of
10646 Harvey Mudd College.
10647 Given an address such as ``<foo> <bar>'', auto-quote the first
10648 ``<foo>'' part, giving ``"<foo>" <bar>''. This is to
10649 avoid the problem of people who use angle brackets in
10650 their full name information.
10651 Fix a null pointer dereference if you set option "l", have
10652 an Errors-To: header in the message, and have Errors-To:
10653 defined in the config file H lines. From J.R. Oldroyd.
10654 Put YPCOMPAT on #ifdef NIS instead -- it's one less thing to get
10655 wrong when compiling. Suggested by Rick McCarty of TI.
10656 Fix a problem that could pass negative SIZE parameter if the
10657 df file got lost; this would cause servers to always
10658 give a temporary failure, making the problem even worse.
10659 Problem noted by Allan Johannesen of WPI.
10660 Add "ident" timeout (one of the "r" option selectors) for IDENT
10661 protocol timeouts (30s default). Requested by Murray
10662 Kucherawy of HookUp Communication Corp. to handle bogus
10663 PC TCP/IP implementations.
10664 Change $w default definition to be just the first component of
10665 the domain name on config level 5. The $j macro defaults
10666 to the FQDN; $m remains as before. This lets well-behaved
10667 config files use any of the short, long, or subdomain
10669 Add makesendmail script in src to try to automate multi-architecture
10670 builds. I know, this is sub-optimal, but it is still
10672 Fix very obscure race condition that can cause a queue run to
10673 get a queue file for an already completed job. This
10674 problem has existed for years. Problem noted by the
10675 long suffering Allan Johannesen of WPI.
10676 Fix a problem that caused the raw sender name to be passed to
10677 udbsender instead of the canonified name -- this caused
10678 it to sometimes miss records that it should have found.
10679 Relax check of name on HELO packet so that a program using -bs
10680 that claims to be itself works properly.
10681 Restore rewriting of $: part of address through 2, R, 4 in
10682 buildaddr -- this requires passing a lot of flags to get
10683 it right. Unlike old versions, this ONLY rewrites
10684 recipient addresses, not sender addresses.
10685 Fix a bug that caused core dumps in config files that cannot
10686 resolve /file/name style addresses. Fix from Jonathan
10687 Kamens of OpenVision Technologies.
10688 Fix problem with fcntl locking that can cause error returns to
10689 be lost if the lock is lost; this required fully
10690 queueing everything, dropping the envelope (so errors
10691 would get returned), and then re-reading the queue from
10693 Fix a problem that caused aliases that redefine an otherwise
10694 true address to still send to the original address
10695 if and only if the alias failed in certain bizarre
10696 ways (e.g, if they pointed at a list:; syntax address).
10697 Problem pointed out by Jonathan Kamens.
10698 Remove support for frozen configuration files. They caused
10699 more trouble than it was worth.
10700 Fix problem that can cause error messages to get ignored when
10701 using both -odb and -t flags. Problem noted by Rob
10702 McNicholas at U.C. Berkeley.
10703 Include all "normal" variations on hostname in $=w. For example,
10704 if the host name is vangogh.cs.berkeley.edu, $=w will
10705 contain vangogh, vangogh.cs, and vangogh.cs.berkeley.edu.
10706 Add "restrictqrun" privacy flag -- without this, anyone can run
10708 Reset SmtpPhase global on initial connection creation so that
10709 messages don't come out with stale information.
10710 Pass an "ext" argument to lockfile so that error/log messages
10711 will properly reflect the true filename being locked.
10712 Put all [...] address forms into $=w -- this eliminates the need
10713 for MAXIPADDR in conf.h. Suggested by John Gardiner
10715 Fix a bug that can cause qf files to be left around even after
10716 an SMTP RSET command. Problem and fix from Michael
10718 Don't send a PostmasterCopy to errors when the Precedence: is
10719 negative. Error reports still go to the envelope
10721 Add LA_SHORT for load averages.
10722 Lock sendmail.st file when posting statistics.
10723 Add "SendBufSize" and "RcvBufSize" suboptions to "O" option to
10724 set the size of the TCP send and receive buffers; if you
10725 run over a slow slip line you may need to set these down
10726 (although it would be better to fix the SLIP implementation
10727 so that it's not necessary to recompile every program
10728 that does bulk data transfer).
10729 Allow null defaults on $( ... $) lookups. Problem reported by
10731 Diagnose crufty S and V config lines. This resulted from an
10732 observation that some people were using the SITE macro
10733 without the SITECONFIG macro first, which was causing
10734 bogus config files that were not caught.
10735 Fix makemap -f flag to turn off case folding (it was turning it
10736 on instead). THIS IS A USER VISIBLE CHANGE!!!
10737 Fix a problem that caused multiple error messages to be sent if
10738 you used "sendmail -t -oem -odb", your system uses fcntl
10739 locking, and one of the recipient addresses is unknown.
10740 Reset uid earlier in include() so that recursive .forwards or
10741 :include:s don't use the wrong uid.
10742 If file descriptor 0, 1, or 2 was closed when sendmail was
10743 called, the code to recover the descriptor was broken.
10744 This sometimes (only sometimes) caused problems with the
10745 alias file. Fix from Motonori Nakamura.
10746 Fix a problem that caused aliaswait to go into infinite recursion
10747 if the @:@ metasymbol wasn't found in the alias file.
10748 Improve error message on newaliases if database files cannot be
10749 opened or if running with no database format defined.
10750 Do a better estimation of the size of error messages when NoReturn
10751 is set. Problem noted by P{r (Pell) Emanuelsson.
10752 Fix a problem causing the "c" option (don't connect to expensive
10753 mailers) to be ignored in SMTP. Problem noted and the
10754 solution suggested by Robert Elz of The University of
10756 Improve connection caching algorithm by passing "[host]" to
10757 hostsignature, which strips the square brackets and
10758 returns the real name. This allows mailertable entries
10759 to match regular entries.
10760 Re-enable Return-Receipt-To: -- people seem to want this stupid
10761 feature, even if it doesn't work right.
10762 Catch and log attempts to try the "wiz" command in server SMTP.
10763 This also ups the log level from LOG_NOTICE to LOG_CRIT.
10764 Be more generous at assigning $z to the home directory -- do this
10765 for programs that are specified through a .forward file.
10766 Fix from Andrew Chang of Sun Microsystems.
10767 Always save a fatal error message in preference to a non-fatal
10768 error message so that the "subject" line of return
10769 messages is the best possible.
10770 CONFIG: reduce the number of quotes needed to quote configuration
10771 parameters with commas: two quotes should work now, e.g.,
10772 define(ALIAS_FILE, ``/etc/aliases,/etc/aliases.local'').
10773 CONFIG: class $=Z is a set of UUCP hosts that use uucp-dom
10774 connections (domain-ized UUCP).
10775 CONFIG: fix bug in default maps (-o must be before database file
10776 name). Pointed out by Christophe Wolfhugel.
10777 CONFIG: add FEATURE(nodns) to state that we are not relying on
10778 DNS. This would presumably be used in UUCP islands.
10779 CONFIG: add OSTYPE(nextstep) and OSTYPE(linux).
10780 CONFIG: log $u in Received: line. This is in technical violation
10781 of the standards, since it doesn't guarantee a domain
10783 CONFIG: don't assume "m" in local mailer flags -- this means that
10784 if you redefine LOCAL_MAILER_FLAGS you will have to include
10785 the "m" flag should you want it. Apparently some Solaris 2.2
10786 installations can't handle multiple local recipients.
10787 Problem noted by Josh Smith.
10788 CONFIG: add confDOMAIN_NAME to set $j (if undefined, $j defaults).
10789 CONFIG: change default version level from 4 to 5.
10790 CONFIG: add FEATURE(nullclient) to create a config file that
10791 forwards all mail to a hub without ever looking at the
10792 addresses in any detail.
10793 CONFIG: properly strip mailer: information off of relays when
10794 used to change .BITNET form into %-hack form.
10795 CONFIG: fix a problem that caused infinite loops if presented
10796 with an address such as "!foo".
10797 CONFIG: check for self literal (e.g., [128.32.131.12]) even if
10798 the reverse "PTR" mapping is broken. There's a better
10799 way to do this, but the change is fairly major and I
10800 want to hold it for another release. Problem noted by
10804 Serious bug: if you used a command line recipient that was unknown
10805 sendmail would not send a return message (it was treating
10806 everything as though it had an SMTP-style client that
10807 would do the return itself). Problem noted by Josh Smith.
10808 Change "trymx" option in getcanonname() to ignore all MX data,
10809 even during a T_ANY query. This actually didn't break
10810 anything, because the only time you called getcanonname
10811 with !trymx was if you already knew there were no MX
10812 records, but it is somewhat cleaner. From Motonori
10814 Don't call getcanonname from getmxrr if you already know there
10815 are no DNS records matching the name.
10816 Fix a problem causing error messages to always include "The
10817 original message was received ... from localhost".
10818 The correct original host information is now included.
10819 Previous change to cf/sh/makeinfo.sh doesn't port to Ultrix (their
10820 version of "test" doesn't have the -x flag). Change it
10821 to use -f instead. From John Myers.
10822 CONFIG: 8.4 mistakenly set the default SMTP-style mailer to
10823 esmtp -- it should be smtp.
10824 CONFIG: send all relayed mail using confRELAY_MAILER (defaults
10825 to "relay" (a variant of "smtp") if MAILER(smtp) is used,
10826 else "suucp" if MAILER(uucp) is used, else "unknown");
10827 this cleans up the configs somewhat. This fixes a serious
10828 problem that caused route-addrs to get mistaken as relays,
10829 pointed out by John Myers. WARNING: this also causes
10830 the default on SMART_HOST to change from "suucp" to
10831 "relay" if you have MAILER(smtp) specified.
10834 Add option `w'. If you receive a message that comes to you because
10835 you are the best (lowest preference) target of an MX, and
10836 you haven't explicitly recognized the source MX host in
10837 your .cf file, this option will cause you to try the target
10838 host directly (as if there were no MX for it at all). If
10839 `w' is not set, this case is a configuration error.
10840 Beware: if `w' is set, senders may get bogus errors like
10841 "message timed out" or "host unknown" for problems that
10842 are really configuration errors. This option is
10843 disrecommended, provided only for compatibility with
10845 Fix a problem that caused the incoming socket to be left open
10846 when sendmail forks after the DATA command. This caused
10847 calling systems to wait in FIN_WAIT_2 state until the
10848 entire list was processed and the child closed -- a
10849 potentially prodigious amount of time. Problem noted
10851 Fix problem (created in 6.64) that caused mail sent to multiple
10852 addresses, one of which was a bad address, to completely
10853 suppress the sending of the message. This changes
10854 handling of EF_FATALERRS somewhat, and adds an
10855 EF_GLOBALERRS flag. This also fixes a potential problem
10856 with duplicate error messages if there is a syntax error
10857 in the header of a message that isn't noticed until late
10858 in processing. Original problem pointed out by Josh Smith
10859 of Harvey Mudd College. This release includes quite a bit
10860 of dickering with error handling (see below).
10861 Back out SMTP transaction if MAIL gets nested 501 error. This
10862 will only hurt already-broken software and should help
10864 Fix a problem that broke aliases when neither NDBM nor NEWDB were
10865 compiled in. It would never read the alias file.
10866 Repair unbalanced `)' and `>' (the "open" versions are already
10868 Logging of "done" in dropenvelope() was incorrect: it would
10869 log this even when the queue file still existed. Change
10870 this to only log "done" (at log level 11) when the
10871 queue file is actually removed. From John Myers.
10872 Log "lost connection" in server SMTP at log level 20 if there
10873 is no pending transaction. Some senders just close the
10874 connection rather than sending QUIT.
10875 Fix a bug causing getmxrr to add a dot to the end of unqualified
10876 domains that do not have MX records -- this would cause
10877 the subsequent host name lookup to fail. The problem
10878 only occurred if you had FEATURE(nocanonify) set.
10879 Problem noted by Rick McCarty of Texas Instruments.
10880 Fix invocation of setvbuf when passed a -X flag -- I had
10881 unwittingly used an ANSI C extension, and this caused
10882 core dumps on some machines.
10883 Diagnose self-destructive alias loops on RCPT as well as EXPN.
10884 Previously it just gave an empty send queue, which
10885 then gave either "Need RCPT (recipient)" at the DATA
10886 (confusing, since you had given an RCPT command which
10887 returned 250) or just dropped the email, depending on
10888 whether you were running VERBose mode. Now it usually
10889 diagnoses this case as "aliasing/forwarding loop broken".
10890 Unfortunately, it still doesn't adequately diagnose
10891 some true error conditions.
10892 Add internal concept of "warning messages" using 6xx codes.
10893 These are not reported only to Postmaster. Unbalanced
10894 parens, brackets, and quotes are printed as 653 codes.
10895 They are always mapped to 5xx codes before use in SMTP.
10896 Clean up error messages to tell both the actual address that
10897 failed and the alias they arose from. This makes it
10898 somewhat easier to diagnose problems. Difficulty noted
10899 by Motonori Nakamura.
10900 Fix a problem that inappropriately added a ctladdr to addresses
10901 that shouldn't have had one during a queue run. This
10902 caused error messages to be handled differently during
10903 a queue run than a direct run.
10904 Don't print the qf name and line number if you get errors during
10905 the direct run of the queue from srvrsmtp -- this was
10906 just extra stuff for users to crawl through.
10907 Put command line flags on second line of pid file so you can
10908 auto-restart the daemon with all appropriate arguments.
10909 Use "kill `head -1 /etc/sendmail.pid`" to stop the
10910 daemon, and "eval `tail -1 /etc/sendmail.pid`" to
10912 Remove the ``setuid(getuid())'' in main -- this caused the
10913 IDENT daemon to screw up. This required that I change
10914 HASSETEUID to HASSETREUID and complicate the mode
10915 changing somewhat because both Ultrix and SunOS seem
10916 to have a bug causing seteuid() to set the saved uid
10917 as well as the effective. The program test/t_setreuid.c
10918 will test to see if your implementation of setreuid(2)
10919 is appropriately functional.
10920 The FallBackMXhost (option V) handling failed to properly identify
10921 fallback to yourself -- most of the code was there,
10922 but it wasn't being enabled. Problem noted by Murray
10923 Kucherawy of the University of Waterloo.
10924 Change :include: open timeout from ETIMEDOUT to an internal
10925 code EOPENTIMEOUT; this avoids adding "during SmtpPhase
10926 with CurHostName" in error messages, which can be
10927 confusing. Reported by Jonathan Kamens of OpenVision
10929 Back out setpgrp (setpgid on POSIX systems) call to reset the
10930 process group id. The original fix was to get around
10931 some problems with recalcitrant MUAs, but it breaks
10932 any call from a shell that creates a process group id
10933 different from the process id. I could try to fix
10934 this by diddling the tty owner (using tcsetpgrp or
10935 equivalent) but this is too likely to break other
10937 Portability changes:
10938 Support -M as equivalent to -oM on Ultrix -- apparently
10939 DECnet calls sendmail with -MrDECnet -Ms<HOST> -bs
10940 instead of using standard flags. Oh joy. This
10941 behavior reported by Jon Giltner of University
10943 SGI IRIX -- this includes several changes that should
10944 help other strict ANSI compilers.
10945 SCO Unix -- from Murray Kucherawy of HookUp Communication
10947 Solaris running the Sun C compiler (which despite the
10948 documentation apparently doesn't define
10949 __STDC__ by default).
10950 ConvexOS from Eric Schnoebelen of Convex.
10951 Sony NEWS workstations and Omron LUNA workstations from
10953 CONFIG: add confTRY_NULL_MX_LIST to set option `w'.
10954 CONFIG: delete `C' and `e' from default SMTP mailers flags;
10955 several people have made a good argument that this
10956 creates more problems than it solves (although this
10957 may prove painful in the short run).
10958 CONFIG: generalize all the relays to accept a "mailer:host"
10960 CONFIG: move local processing in ruleset 0 into a new ruleset
10961 98 (8 on old sendmail). Domain literal [a.b.c.d]
10962 addresses are also passed through this ruleset.
10963 CONFIG: if neither SMART_HOST nor MAILER(smtp) were defined,
10964 internet-style addresses would "fall off the end" of
10965 ruleset zero and be interpreted as local -- however,
10966 the angle brackets confused the recursive call.
10967 These are now diagnosed as "Unrecognized host name".
10968 CONFIG: USENET rules weren't included in S0 because of a mistaken
10969 ifdef(`_MAILER_USENET_') instead of
10970 ifdef(`_MAILER_usenet_'). Problem found by Rein Tollevik
10971 of SINTEF RUNIT, Oslo.
10972 CONFIG: move up LOCAL_RULE_0 processing so that it happens very
10973 early in ruleset 0; this allows .mc authors to bypass
10974 things like the "short circuit" code for local addresses.
10975 Prompted by a comment by Bill Wisner of The Well.
10976 CONFIG: add confSMTP_MAILER to define the mailer used (smtp or
10977 esmtp) to send SMTP mail. This allows you to default
10978 to esmtp but use a mailertable or other override to
10979 deal with broken servers. This logic was pointed out
10980 to me by Bill Wisner. Ditto for confLOCAL_MAILER.
10981 Changes to cf/sh/makeinfo.sh to make it portable to SVR4
10982 environments. Ugly as sin.
10985 Fix setuid problems introduced in 8.2 that caused messages
10986 like "Cannot create qfXXXXXX: Invalid argument"
10987 or "Cannot reopen dfXXXXXX: Permission denied". This
10988 involved a new compile flag "HASSETEUID" that takes
10989 the place of the old _POSIX_SAVED_IDS -- it turns out
10990 that the POSIX interface is broken enough to break
10991 some systems badly. This includes some fixes for
10992 HP-UX. Also fixes problems where the real uid is
10993 not reset properly on startup (from Neil Rickert).
10994 Fix a problem that caused timed out messages to not report the
10995 addresses that timed out. Error messages are also more
10997 Drop required bandwidth on connections from 64 bytes/sec to
10999 Further Solaris portability changes -- doesn't require the BSD
11000 compatibility library. This also adds a new
11001 "HASGETDTABLESIZE" compile flag which can be used if
11002 you want to use getdtablesize(2) instead of sysconf(2).
11003 These are loosely based on changes from David Meyer at
11004 University of Oregon. This now seems to work, at least
11005 for quick test cases.
11006 Fix a problem that can cause duplicate error messages to be
11007 sent if you are in SMTP, you send to multiple addresses,
11008 and at least one of those addresses is good and points
11009 to an account that has a .forward file (whew!).
11010 Fix a problem causing messages to be discarded if checkcompat()
11011 returned EX_TEMPFAIL (because it didn't properly mark
11012 the "to" address). Problem noted by John Myers.
11013 Fix dfopen to return NULL if the open failed; I was depending
11014 on fdopen(-1) returning NULL, which isn't the case. This
11015 isn't serious, but does result in weird error diagnoses.
11016 From Michael Corrigan.
11017 CONFIG: add UUCP_MAX_SIZE M4 macro to set the maximum size of
11018 messages sent through UUCP-family mailers. Suggested
11019 by Bill Wisner of The Well.
11020 CONFIG: if both MAILER(uucp) and MAILER(smtp) are specified,
11021 include a "uucp-dom" mailer that uses domain-style
11022 addressing. Suggested by Bill Wisner.
11023 CONFIG: Add LOCAL_SHELL_FLAGS and LOCAL_SHELL_ARGS to match
11024 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS. Suggested by
11025 Christophe Wolfhugel.
11026 CONFIG: Add OSTYPE(aix3). From Christophe Wolfhugel.
11029 Don't drop out on config file parse errors in -bt mode.
11030 On older configuration files, assume option "l" (use Errors-To
11031 header) for back compatibility. NOTE: this DOES NOT
11032 imply an endorsement of the Errors-To: header in any way.
11033 Accept -x flag on AIX-3 as well as OSF/1. Why, why, why???
11034 Don't log errors on EHLO -- it isn't a "real" error for an old
11035 SMTP server to give an error on this command, and
11036 logging it in the transcript can be confusing. Fix
11038 IRIX compatibility changes provided by Dan Rich
11039 <drich@sandman.lerc.nasa.gov>.
11040 Solaris 2 compatibility changes. Provided by Bob Cunningham
11041 <bob@kahala.soest.hawaii.edu>, John Oleynick
11042 <juo@klinzhai.rutgers.edu>
11043 Debugging: -d17 was overloaded (hostsignature and usersmtp.c);
11044 move usersmtp (smtpinit and smtpmailfrom) to -d18 to
11045 match the other flags in that file.
11046 Flush transcript before fork in mailfile(). From Eric Wassenaar.
11047 Save h_errno in mci struct and improve error message display.
11048 Changes from Eric Wassenaar.
11049 Open /dev/null for the transcript if the create of the xf file
11050 failed; this avoids at least one possible null pointer
11051 reference in very weird cases. From Eric Wassenaar.
11052 Clean up statistics gathering; it was over-reporting because of
11053 forks. From Eric Wassenaar.
11054 Fix problem that causes old Return-Path: line to override new
11055 Return-Path: line (conf.c needs H_FORCE to avoid
11056 re-using old value). From Motonori Nakamura.
11057 Fix broken -m flag in K definition -- even if -m (match only)
11058 was specified, it would still replace the key with the
11059 value. Noted by Rick McCarty of Texas Instruments.
11060 If the name server timed out over several days, no "timed out"
11061 message would ever be sent back. The timeout code
11062 has been moved from markfailure() to dropenvelope()
11063 so that all such failures should be diagnosed. Pointed
11064 out by Christophe Wolfhugel and others.
11065 Relax safefile() constraints: directories in an include or
11066 forward path must be readable by self if the controlling
11067 user owns the entry, readable by all otherwise (e.g.,
11068 when reading your .forward file, you have to own and
11069 have X permission in it; everyone needs X permission in
11070 the root and directories leading up to your home);
11071 include files must be readable by anyone, but need not
11073 If _POSIX_SAVED_IDS is defined, setuid to the owner before
11074 reading a .forward file; this gets around some problems
11075 on NFS mounts if root permission is not exported and
11076 the user's home directory isn't x'able.
11077 Additional NeXT portability enhancements from Axel Zinser.
11078 Additional HP-UX portability enhancements from Brian Bullen.
11079 Add a timeout around SMTP message writes; this assumes you can
11080 get throughput of at least 64 bytes/second. Note that
11081 this does not impact the "datafinal" default, which
11082 is separate; this is just intended to work around
11083 network clogs that will occur before the final dot
11084 is sent. From Eric Wassenaar.
11085 Change map code to set the "include null" flag adaptively --
11086 it initially tries both, but if it finds anything
11087 matching without a null it never tries again with a
11088 null and vice versa. If -N is specified, it never
11089 tries without the null and creates new maps with a
11090 null byte. If -O is specified, it never tries with
11091 the null (for efficiency). If -N and -O are specified,
11092 you get -NO (get it?) lookup at all, so this would
11093 be a bad idea. If you don't specify either -N or -O,
11095 Fix recognition of "same from address" so that MH submissions
11096 will insert the appropriate full name information;
11097 this used to work and got broken somewhere along the
11099 Some changes to eliminate some unnecessary SYSERRs in the
11100 log. For example, if you lost a connection, don't
11101 bother reporting that fact on the connection you lost.
11102 Add some "extended debugging" flags to try to track down
11103 why we get occasional problems with file descriptor
11104 one being closed when execing a mailer; it seems to
11105 only happen when there has been another error in the
11106 same transaction. This requires XDEBUG, defined
11107 by default in conf.h.
11108 Add "-X filename" command line flag, which logs both sides of
11109 all SMTP transactions. This is intended ONLY for
11110 debugging bad implementations of other mailers; start
11111 it up, send a message from a mailer that is failing,
11112 and then kill it off and examine the indicated log.
11113 This output is not intended to be particularly human
11114 readable. This also adds the HASSETVBUF compile
11115 flag, defaulted on if your compiler defines __STDC__.
11116 CONFIG: change SMART_HOST to override an SMTP mailer. If you
11117 have a local net that should get direct connects, you
11118 will need to use LOCAL_NET_CONFIG to catch these hosts.
11119 See cf/README for an example.
11120 CONFIG: add LOCAL_MAILER_ARGS (default: `mail -d $u') to handle
11121 sites that don't use the -d flag.
11122 CONFIG: hide recipient addresses as well as sender addresses
11123 behind $M if FEATURE(allmasquerade) is specified; this
11124 has been requested by several people, but can break
11125 local aliases. For example, if you mail to "localalias"
11126 this will be rewritten as "localalias@masqueradehost";
11127 although initial delivery will work, replies will be
11128 broken. Use it sparingly.
11129 CONFIG: add FEATURE(domaintable). This maps unqualified domains
11130 to qualified domains in headers. I believe this is
11131 largely equivalent to the IDA feature of the same name.
11132 CONFIG: use $U as UUCP name instead of $k. This permits you
11133 to override the "system name" as your UUCP name --
11134 in particular, to use domain-ized UUCP names. From
11135 Bill Wisner of The Well.
11136 CONFIG: create new mailer "esmtp" that always tries EHLO
11137 first. This is currently unused in the config files,
11138 but could be used in a mailertable entry.
11140 8.1C/8.1B 1993/06/27
11141 Serious security bug fix: it was possible to read any file on
11142 the system, regardless of ownership and permissions.
11143 If a subroutine returns a fully qualified address, return it
11144 immediately instead of feeding it back into rewriting.
11145 This fixes a problem with mailertable lookups.
11146 CONFIG: fix some M4 frotz (concat => CONCAT)
11148 8.1B/8.1A 1993/06/12
11149 Serious bug fix: pattern matching backup algorithm stepped by
11150 two tokens in classes instead of one. Found by Claus
11151 Assmann at University of Kiel, Germany.
11153 8.1A/8.1A 1993/06/08
11154 Another mailertable fix....
11157 4.4BSD freeze. No semantic changes.