2 @(#)RELEASE_NOTES 8.9.3.1 (Berkeley) 2/4/1999
5 This listing shows the version of the sendmail binary, the version
6 of the sendmail configuration files, the date of release, and a
7 summary of the changes in that release.
10 SECURITY: Limit message headers to a maximum of 32K bytes (total
11 of all headers in a single message) to prevent a denial of
12 service attack. This limit will be configurable in 8.10.
13 Problem noted by Michal Zalewski of the "Internet for
14 Schools" project (IdS).
15 Prevent segmentation fault on an LDAP lookup if the LDAP map
16 was closed due to an earlier failure. Problem noted by
17 Jeff Wasilko of smoe.org. Fix from Booker Bense of
18 Stanford University and Per Hedeland of Ericsson.
19 Preserve the order of the MIME headers in multipart messages
20 when performing the MIME header length check. This
21 will allow PGP signatures to function properly. Problem
22 noted by Lars Hecking of University College, Cork, Ireland.
23 If ruleset 5 rewrote the local address to an :include: directive,
24 the delivery would fail with an "aliasing/forwarding loop
25 broken" error. Problem noted by Eric C Hagberg of Morgan
26 Stanley. Fix from Per Hedeland of Ericsson.
27 Allow -T to work for bestmx maps. Fix from Aaron Schrab of
28 ExecPC Internet Systems.
29 During the transfer of a message in an SMTP transaction, if a
30 TCP timeout occurs, the message would be properly queued
31 for later retry but the failure would be logged as
32 "Illegal Seek" instead of a timeout. Problem noted by
33 Piotr Kucharski of the Warsaw School of Economics (SGH)
34 and Carles Xavier Munyoz Baldo of CTV Internet.
35 Prevent multiple deliveries on a self-referencing alias if the
36 F=w mailer flag is not set. Problem noted by Murray S.
37 Kucherawy of Concentric Network Corporation and Per
39 Do not strip empty headers but if there is no value and a
40 default is defined in sendmail.cf, use the default.
41 Problem noted by Philip Guenther of Gustavus Adolphus
42 College and Christopher McCrory of Netus, Inc.
43 Don't inherit information about the sender (notably the full name)
44 in SMTP (-bs) mode, since this might be called from inetd.
45 Accept any 3xx reply code in response to DATA command instead of
46 requiring 354. This change will match the wording to be
47 published in the updated SMTP specification from the DRUMS
50 AIX 4.2.0.2 ships with a /usr/lib/libbind.a which should
51 not be used. It conflicts with the resolver
52 built into libc.a. "bind" has been removed
53 from the confLIBSEARCH BuildTools variable.
54 Users who have installed BIND 8.X will have
55 to add it back in their site.config.m4 file.
56 Problem noted by Ole Holm Nielsen of the
57 Technical University of Denmark.
58 CRAY TS 10.0.x from Sven Nielsen of San Diego
60 Improved LDAP version 3 integration based on input
61 from Kurt D. Zeilenga of the OpenLDAP Foundation,
62 John Beck of Sun Microsystems, and Booker Bense
63 of Stanford University.
64 Linux doesn't have a standard way to get the timezone
65 between different releases. Back out the
66 change in 8.9.2 and don't attempt to derive
67 a timezone. Problem reported by Igor S. Livshits
68 of the University of Illinois at Urbana-Champaign
69 and Michael Dickens of Tetranet Communications.
70 Reliant UNIX, the new name for SINIX, from Gert-Jan Looy
72 SunOS 5.8 from John Beck of Sun Microsystems.
73 CONFIG: SCO UnixWare 2.1 and 7.0 need TZ to get the proper
74 timezone. Problem noted by Petr Lampa of Technical
76 CONFIG: Handle <@bestmx-host:user@otherhost> addressing properly
77 when using FEATURE(bestmx_is_local). Patch from Neil W.
78 Rickert of Northern Illinois University.
79 CONFIG: Properly handle source routed and %-hack addresses on
80 hosts which the mailertable remaps to local:. Patch from
81 Neil W. Rickert of Northern Illinois University.
82 CONFIG: Internal fixup of mailertable local: map value. Patch from
83 Larry Parmelee of Cornell University.
84 CONFIG: Only add back +detail from host portion of mailer triplet
85 on local mailer triplets if it was originally +detail.
86 Patch from Neil W. Rickert of Northern Illinois University.
87 CONFIG: The bestmx_is_local checking done in check_rcpt would
88 cause later checks to fail. Patch from Paul J Murphy of
91 BuildTools/OS/CRAYTS.10.0.x
92 BuildTools/OS/ReliantUNIX
93 BuildTools/OS/SunOS.5.8
96 SECURITY: Remove five second sleep on accepting daemon connections
97 due to an accept() failure. This sleep could be used
98 for a denial of service attack.
99 Do not silently ignore queue files with names which are too long.
100 Patch from Bryan Costales of InfoBeat, Inc.
101 Do not store failures closing an SMTP session in persistent
102 host status. Reported by Graeme Hewson of Oracle
104 Allow symbolic link forward files if they are in safe directories.
105 Problem noted by Andreas Schott of the Max Planck Society.
106 Missing columns in a text map could cause a segmentation fault.
107 Fix from David Lee of the University of Durham.
108 Note that for 8.9.X, PrivacyOptions=goaway also includes the
109 noetrn flag. This is scheduled to change in a future
110 version of sendmail. Problem noted by Theo Van Dinter of
111 Chrysalis Symbolic Designa and Alan Brown of Manawatu
113 When trying to do host canonification in a Wildcard MX
114 environment, try an MX lookup of the hostname without the
115 default domain appended. Problem noted by Olaf Seibert of
116 Polderland Language & Speech Technology.
117 Reject SMTP RCPT To: commands with only comments (i.e.
118 'RCPT TO: (comment)'. Problem noted by Earle Ake of
119 Hassler Communication Systems Technology, Inc.
120 Handle any number of %s in the LDAP filter spec. Patch from
121 Per Hedeland of Ericsson.
122 Clear ldapx open timeouts even if the map open failed to prevent
123 a segmentation fault. Patch from Wayne Knowles of the
124 National Institute of Water & Atmospheric Research Ltd.
125 Do not syslog envelope clone messages when using address
126 verification (-bv). Problem noted by Kari Hurtta of the
127 Finnish Meteorological Institute.
128 Continue to perform queue runs while in daemon mode even if the
129 daemon is rejecting connections due to a disk full
130 condition. Problem noted by JR Oldroyd of TerraNet
132 Include full filename on installation of the sendmail.hf file
133 in case the $HFDIR directory does not exist. Problem
134 noted by Josef Svitak of Montana State University.
135 Close all maps when exiting the process with one exception.
136 Berkeley DB can use internal shared memory locking for
137 its memory pool. Closing a map opened by another process
138 will interfere with the shared memory and locks of the
139 parent process leaving things in a bad state. For
140 Berkeley DB, only close the map if the current process
141 is also the one that opened the map, otherwise only close
142 the map file descriptor. Thanks to Yoseff Francus of
143 Collective Technologies for volunteering his system for
145 Avoid null pointer dereference on XDEBUG output for SMTP reply
146 failures. Problem noted by Carlos Canau of EUnet Portugal.
147 On mailq and hoststat listings being piped to another program, such
148 as more, if the pipe closes (i.e. the user quits more),
149 stop sending output and exit. Patch from Allan E Johannesen
150 of Worcester Polytechnic Institute.
151 In accordance with the documentation, LDAP map lookup failures
152 are now considered temporary failures instead of permanent
153 failures unless the -t flag is used in the map definition.
154 Problem noted by Booker Bense of Stanford University and
155 Eric C. Hagberg of Morgan Stanley.
156 Fix by one error reporting on long alias names. Problem noted by
157 H. Paul Hammann of the Missouri Research and Education
159 Fix DontBlameSendmail=IncludeFileInUnsafeDirPath behavior. Problem
160 noted by Barry S. Finkel of Argonne National Laboratory.
161 When automatically converting from 8 bit to quoted printable MIME,
162 be careful not to miss a multi-part boundary if that
163 boundary is preceded by a boundary-like line. Problem
164 noted by Andreas Raschle of Ansid Inc. Fix from
165 Kari Hurtta of the Finnish Meteorological Institute.
166 Avoid bogus reporting of "LMTP tobuf overflow" when the buffer
167 has enough space for the additional address. Problem
168 noted by Steve Cliffe of the University of Wollongong.
169 Fix DontBlameSendmail=FileDeliveryToSymlink behavior. Problem
170 noted by Alex Vorobiev of Swarthmore College.
171 If the check_compat ruleset resolves to the $#discard mailer,
172 discard the current recipient. Unlike check_relay,
173 check_mail, and check_rcpt, the entire envelope is not
174 discarded. Problem noted by RZ D. Rahlfs. Fix from
175 Claus Assmann of Christian-Albrechts-University of Kiel.
176 Avoid segmentation fault when reading ServiceSwitchFile files with
177 bogus formatting. Patch from Kari Hurtta of the Finnish
178 Meteorological Institute.
179 Support Berkeley DB 2.6.4 API change.
180 OP.ME: Pages weren't properly output on duplexed printers. Fix
181 from Matthew Black of CSU Long Beach.
183 Apple Rhapsody from Wilfredo Sanchez of Apple Computer, Inc.
184 Avoid a clash with IRIX 6.2 getopt.h and the UserDatabase
185 option structure. Problem noted by Ashley M.
186 Kirchner of Photo Craft Laboratories, Inc.
187 Break out IP address to hostname translation for
188 reading network interface addresses into
189 class 'w'. Patch from John Kennedy of
190 Cal State University, Chico.
191 AIX 4.x use -qstrict with -O3 to prevent the optimized
192 from changing the semantics of the compiled
193 program. From Simon Travaglia of the
194 University of Waikato, New Zealand.
195 FreeBSD 2.2.2 and later support setusercontext(). From
196 Peter Wemm of DIALix.
197 FreeBSD 3.x fix from Peter Wemm of DIALix.
198 IRIX 5.x has a syslog buffer size of 512 bytes. From
199 Nao NINOMIYA of Utsunomiya University.
200 IRIX 6.5 64-bit Build support.
201 LDAP Version 3 support from John Beck and Ravi Iyer
203 Linux does not implement seteuid() properly. From
204 John Kennedy of Cal State University, Chico.
205 Linux timezone type was set improperly. From Takeshi Itoh
207 NCR MP-RAS 3.x needs -lresolv for confLIBS. From
209 NeXT 4.x correction to man page path. From J. P. McCann
211 System V Rel 5.x (a.k.a UnixWare7 w/o BSD-Compatibility Libs)
212 from Paul Gampe of the Asia Pacific Network
214 ULTRIX now requires an optimization limit of 970 from
215 Allan E Johannesen of Worcester Polytechnic
217 Fix extern declaration for sm_dopr(). Fix from Henk
218 van Oers of Algemeen Nederlands Persbureau.
219 CONFIG: Catch @hostname,user@anotherhost.domain as relaying.
220 Problem noted by Mark Rogov of AirMedia, Inc. Fix from
221 Claus Assmann of Christian-Albrechts-University of Kiel.
222 CONFIG: Do not refer to http://maps.vix.com/ on RBL rejections as
223 there are multiple RBL's available and the MAPS RBL may
224 not be the one in use. Suggested by Alan Brown of
225 Manawatu Internet Services.
226 CONFIG: Properly strip route addresses (i.e. @host1:user@host2)
227 when stripping down a recipient address to check for
228 relaying. Patch from Claus Assmann of
229 Christian-Albrechts-University of Kiel and Neil W Rickert
230 of Northern Illinois University.
231 CONFIG: Allow the access database to override RBL lookups. Patch
232 from Claus Assmann of Christian-Albrechts-University of
234 CONFIG: UnixWare 7 support from Phillip P. Porch of The Porch
236 CONFIG: Fixed check for deferred delivery mode warning. Patch
237 from Claus Assmann of Christian-Albrechts-University of
238 Kiel and Per Hedeland of Ericsson.
239 CONFIG: If a recipient using % addressing is used, e.g.
240 user%site@othersite, and othersite's MX records are now
241 checked for local hosts if FEATURE(relay_based_on_MX) is
242 used. Problem noted by Alexander Litvin of Lucky Net Ltd.
243 Patch from Alexander Litvin of Lucky Net Ltd and
244 Claus Assmann of Christian-Albrechts-University of Kiel.
245 MAIL.LOCAL: Prevent warning messages from appearing in the LMTP
246 stream. Do not allow more than one response per recipient.
247 MAIL.LOCAL: Handle routed addresses properly when using LMTP. Fix
248 from John Beck of Sun Microsystems.
249 MAIL.LOCAL: Properly check for CRLF when using LMTP. Fix from
250 John Beck of Sun Microsystems.
251 MAIL.LOCAL: Substitute MAILER-DAEMON for the LMTP empty sender in
252 the envelope From header.
253 MAIL.LOCAL: Accept underscores in hostnames in LMTP mode.
254 Problem noted by Glenn A. Malling of Syracuse University.
255 MAILSTATS: Document msgsrej and msgsdis fields in the man page.
256 Problem noted by Richard Wong of Princeton University.
257 MAKEMAP: Build group list so group writable files are allowed with
258 the -s flag. Problem noted by Curt Sampson of Internet
259 Portal Services, Inc.
260 PRALIASES: Automatically handle alias files created without the
261 NULL byte at the end of the key. Patch from John Beck of
263 PRALIASES: Support Berkeley DB 2.6.4 API change.
265 BuildTools/OS/IRIX64.6.5
266 BuildTools/OS/UnixWare.5.i386
272 If both an OS specific site configuration file and a generic
273 site.config.m4 file existed, only the latter was used
274 instead of both. Problem noted by Geir Johannessen of
275 the Norwegian University of Science and Technology.
276 Fix segmentation fault while converting 8 bit to 7 bit MIME
277 multipart messages by trying to write to an unopened
278 file descriptor. Fix from Kari Hurtta of the Finnish
279 Meteorological Institute.
280 Do not assume Message: and Text: headers indicate the end of
281 the header area when parsing MIME headers. Problem noted
282 by Kari Hurtta of the Finnish Meteorological Institute.
283 Setting the confMAN#SRC Build variable would only effect the
284 installation commands. The man pages would still be
285 built with .0 extensions. Problem noted by Bryan
286 Costales of InfoBeat, Inc.
287 Installation of manual pages didn't honor the DESTDIR environment
288 variable. Problem noted by Bryan Costales of InfoBeat, Inc.
289 If the check_relay ruleset resolved to the discard mailer, messages
290 were still delivered. Problem noted by Mirek Luc of NASK.
291 Mail delivery to files would fail with an Operating System Error
292 if sendmail was not running as root, i.e. RunAsUser was set.
293 Problem noted by Leonard N. Zubkoff of Dandelion Digital.
294 Prevent MinQueueAge from interfering from queued items created
295 in the future, i.e. if the system clock was set ahead
296 and then back. Problem noted by Michael Miller of the
297 University of Natal, Pietermaritzburg.
298 Do not advertise ETRN support in ESTMP EHLO reply if noetrn is
299 set in the PrivacyOptions option. Fix from Ted Rule of
301 Log invalid persistent host status file lines instead of
302 bouncing the message. Problem noted by David Lindes of
304 Move creation of empty sendmail.st file from installation to
305 compilation. Installation may be done from a read-only
306 mount. Fix from Bryan Costales of InfoBeat, Inc. and Ric
307 Anderson of the Oasis Research Center, Inc.
308 Enforce the maximum number of User Database entries limit. Problem
309 noted by Gary Buchanan of Credence Systems Inc.
310 Allow dead.letter files in root's home directory. Problem noted
311 by Anna Ullman of Sun Microsystems.
312 Program deliveries in forward files could be marked unsafe if
313 any directory listed in the ForwardPath option did not
314 exist. Problem noted by Jorg Bielak of Coastal Web Online.
315 Do not trust the length of the address structure returned by
316 gethostbyname(). Problem noted by Chris Evans of Oxford
318 If the SIZE= MAIL From: ESMTP parameter is too large, use the
319 5.3.4 DSN status code instead of 5.2.2. Similarly, for
320 non-local deliveries, if the message is larger than the
321 mailer maximum message size, use 5.3.4 instead of 5.2.3.
322 Suggested by Antony Bowesman of
323 Fujitsu/TeaWARE Mail/MIME System.
325 Fix the check for an IP address reverse lookup for
326 use in $&{client_name} on 64 bit platforms.
327 From Gilles Gallot of Institut for Development
328 and Resources in Intensive Scientific computing.
329 BSD-OS uses .0 for man page extensions. From Jeff Polk
331 DomainOS detection for Build. Also, version 10.4 and later
332 ship a unistd.h. Fixes from Takanobu Ishimura of
334 NeXT 4.x uses /usr/lib/man/cat for its man pages. From
335 J. P. McCann of E I A.
336 SCO 4.X and 5.X include NDBM support. From Vlado Potisk
338 CONFIG: Do not pass spoofed PTR results through resolver for
339 qualification. Problem noted by Michiel Boland of
340 Digital Valley Internet Professionals; fix from
341 Kari Hurtta of the Finnish Meteorological Institute.
342 CONFIG: Do not try to resolve non-DNS hostnames such as UUCP,
343 BITNET, and DECNET addresses for resolvable senders.
344 Problem noted by Alexander Litvin of Lucky Net Ltd.
345 CONFIG: Work around Sun's broken configuration which sends bounce
346 messages as coming from @@hostname instead of <>. LMTP
347 would not accept @@hostname.
348 OP.ME: Corrections to complex sendmail startup script from Rick
349 Troxel of the National Institutes of Health.
350 RMAIL: Do not install rmail by default, require 'make force-install'
351 as this rmail isn't the same as others. Suggested by
352 Kari Hurtta of the Finnish Meteorological Institute.
354 BuildTools/OS/DomainOS.10.4
357 SECURITY: To prevent users from reading files not normally
358 readable, sendmail will no longer open forward, :include:,
359 class, ErrorHeader, or HelpFile files located in unsafe
360 (i.e. group or world writable) directory paths. Sites
361 which need the ability to override security can use the
362 DontBlameSendmail option. See the README file for more
364 SECURITY: Problems can occur on poorly managed systems, specifically,
365 if maps or alias files are in world writable directories.
366 This fixes the change added to 8.8.6 to prevent links in these
367 world writable directories.
368 SECURITY: Make sure ServiceSwitchFile option file is not a link if
369 it is in a world writable directory.
370 SECURITY: Never pass a tty to a mailer -- if a mailer can get at the
371 tty it may be able to push bytes back to the senders input.
372 Unfortunately this breaks -v mode. Problem noted by
373 Wietse Venema of the Global Security Analysis Lab at
374 IBM T.J. Watson Research.
375 SECURITY: Empty group list if DontInitGroups is set to true to
376 prevent program deliveries from picking up extra group
377 privileges. Problem reported by Wolfgang Ley of DFN-CERT.
378 SECURITY: The default value for DefaultUser is now set to the uid and
379 gid of the first existing user mailnull, sendmail, or daemon
380 that has a non-zero uid. If none of these exist, sendmail
381 reverts back to the old behavior of using uid 1 and gid 1.
382 This is a security problem for Linux which has chosen that
383 uid and gid for user bin instead of daemon. If DefaultUser
384 is set in the configuration file, that value overrides this
386 SECURITY: Since 8.8.7, the check for non-setuid binaries
387 interfered with setting an alternate group id for the
388 RunAsUser option. Problem noted by Randall Winchester of
389 the University of Maryland.
390 Add support for Berkeley DB 2.X. Based on patch from John Kennedy
391 of Cal State University, Chico.
392 Remove support for OLD_NEWDB (pre-1.5 version of Berkeley DB). Users
393 which previously defined OLD_NEWDB=1 must now upgrade to the
394 current version of Berkeley DB.
395 Added support for regular expressions using the new map class regex.
396 From Jan Krueger of Unix-AG of University of Hannover.
397 Support for BIND 8.1.1's hesiod for hesiod maps and hesiod
398 UserDatabases from Randall Winchester of the University
400 Allow any shell for user shell on program deliveries on V1
401 configurations for backwards compatibility on machines which
402 do not have getusershell(). Fix from John Beck of Sun
404 On operating systems which change the process title by reusing the
405 argument vector memory, sendmail could corrupt memory if the
406 last argument was either "-q" or "-d". Problem noted by
407 Frank Langbein of the University of Stuttgart.
408 Support Local Mail Transfer Protocol (LMTP) between sendmail and
409 mail.local on the F=z flag.
410 Macro-expand the contents of the ErrMsgFile. Previously this was
411 only done if you had magic characters (0x81) to indicate
412 macro expansion. Now $x will be expanded. This means that
413 real dollar signs have to be backslash escaped.
414 TCP Wrappers expects "unknown" in the hostname argument if the
415 reverse DNS lookup for the incoming connection fails.
416 Problem noted by Randy Grimshaw of Syracuse University and
417 Wietse Venema of the Global Security Analysis Lab at
418 IBM T.J. Watson Research.
419 DSN success bounces generated from an invocation of sendmail -t
420 would be sent to both the sender and MAILER-DAEMON.
421 Problem noted by Claus Assmann of
422 Christian-Albrechts-University of Kiel.
423 Avoid "Error 0" messages on delivery mailers which exit with a
424 valid exit value such as EX_NOPERM. Fix from Andreas Luik
425 of ISA Informationssysteme GmbH.
426 Tokenize $&x expansions on right hand side of rules. This eliminates
427 the need to use tricks like $(dequote "" $&{client_name} $)
428 to cause the ${client_name} macro to be properly tokenized.
429 Add the MaxRecipientsPerMessage option: this limits the number of
430 recipients that will be accepted in a single SMTP
431 transaction. After this number is reached, sendmail
432 starts returning "452 Too many recipients" to all RCPT
433 commands. This can be used to limit the number of recipients
434 per envelope (in particular, to discourage use of the server
435 for spamming). Note: a better approach is to restrict
437 Fixed pointer initialization for LDAP lmap struct, fixed -s option
438 to ldapx map and added timeout for ldap_open call to
439 avoid hanging sendmail in the event of hung LDAP servers.
440 Patch from Booker Bense of Stanford University.
441 Allow multiple -qI, -qR, or -qS queue run limiters. For example,
442 '-qRfoo -qRbar' would deliver mail to recipients with foo or
443 bar in their address. Patch from Allan E Johannesen of
444 Worcester Polytechnic Institute.
445 The bestmx map will now return a list of the MX servers for a host if
446 passed a column delimiter via the -z map flag. This can be
447 used to check if the server is an MX server for the recipient
448 of a message. This can be used to help prevent relaying.
449 Patch from Mitchell Blank Jr of Exec-PC.
450 Mark failures for the *file* mailer and return bounce messages to the
451 sender for those failures.
452 Prevent bogus syslog timestamps on errors in sendmail.cf by
453 preserving the TZ environment variable until TimeZoneSpec
454 has been determined. Problem noted by Ralf Hildebrandt of
455 Technical University of Braunschweig. Patch from Per Hedeland
457 Print test input in address test mode when input is not from the tty
458 when the -v flag is given (i.e. sendmail -bt -v) to make
459 output easier to decipher. Problem noted by Aidan Nichol
461 The LDAP map -s flag was not properly parsed and the error message
462 given included the remainder of the arguments instead of
463 solely the argument in error. Problem noted by Aidan Nichol
465 New DontBlameSendmail option. This option allows administrators to
466 bypass some of sendmail's file security checks at the expense
467 of system security. This should only be used if you are
468 absolutely sure you know the consequences. The available
469 DontBlameSendmail options are:
472 ClassFileInUnsafeDirPath
473 ErrorHeaderInUnsafeDirPath
474 GroupWritableDirPathSafe
475 GroupWritableForwardFileSafe
476 GroupWritableIncludeFileSafe
477 GroupWritableAliasFile
478 HelpFileinUnsafeDirPath
479 WorldWritableAliasFile
480 ForwardFileInGroupWritableDirPath
481 IncludeFileInGroupWritableDirPath
482 ForwardFileInUnsafeDirPath
483 IncludeFileInUnsafeDirPath
484 ForwardFileInUnsafeDirPathSafe
485 IncludeFileInUnsafeDirPathSafe
487 LinkedAliasFileInWritableDir
488 LinkedClassFileInWritableDir
489 LinkedForwardFileInWritableDir
490 LinkedIncludeFileInWritableDir
491 LinkedMapInWritableDir
492 LinkedServiceSwitchFileInWritableDir
493 FileDeliveryToHardLink
494 FileDeliveryToSymLink
499 RunProgramInUnsafeDirPath
501 New DontProbeInterfaces option to turn off the inclusion of all the
502 interface names in $=w on startup. In particular, if you
503 have lots of virtual interfaces, this option will speed up
504 startup. However, unless you make other arrangements, mail
505 sent to those addresses will be bounced.
506 Automatically create alias databases if they don't exist and
507 AutoRebuildAliases is set.
508 Add PrivacyOptions=noetrn flag to disable the SMTP ETRN command.
509 Suggested by Christophe Wolfhugel of the Institut Pasteur.
510 Add PrivacyOptions=noverb flag to disable the SMTP VERB command.
511 When determining the client host name ($&{client_name} macro), do
512 a forward (A) DNS lookup on the result of the PTR lookup
513 and compare results. If they differ or if the PTR lookup
514 fails, &{client_name} will contain the IP address
515 surrounded by square brackets (e.g. [127.0.0.1]).
516 New map flag: -Tx appends "x" to lookups that return temporary failure
517 (i.e, it is like -ax for the temporary failure case, in
518 contrast to the success case).
519 New syntax to do limited checking of header syntax. A config line
522 causes the indicated Ruleset to be invoked on the Header
523 when read. This ruleset works like the check_* rulesets --
524 that is, it can reject mail on the basis of the contents.
525 Limit the size of the HELO/EHLO parameter to prevent spammers
526 from hiding their connection information in Received:
528 When SingleThreadDelivery is active, deliveries to locked hosts
529 are skipped. This will cause the delivering process to
530 try the next MX host or queue the message if no other MX
531 hosts are available. Suggested by Alexander Litvin.
532 The [FILE] mailer type now delivers to the file specified in the
533 A= equate of the mailer definition instead of $u. It also
534 obeys all of the F= mailer flags such as the MIME
535 7/8 bit conversion flags. This is useful for defining
536 a mailer which delivers to the same file regardless of the
537 recipient (e.g. 'A=FILE /dev/null' to discard unwanted mail).
538 Do not assume the identity of a remote connection is root@localhost
539 if the remote connection closes the socket before the
540 remote identity can be queried.
541 Change semantics of the F=S mailer flag back to 8.7.5 behavior.
542 Some mailers, including procmail, require that the real
543 uid is left unchanged by sendmail. Problem noted by Per
544 Hedeland of Ericsson.
545 No longer is the src/obj*/Makefile selected from a large list -- it
546 is now generated using the information in BuildTools/OS/ --
547 some of the details are determined dynamically via
548 BuildTools/bin/configure.sh.
549 The other programs in the sendmail distribution -- mail.local,
550 mailstats, makemap, praliases, rmail, and smrsh -- now use
551 the new Build method which creates an operating system
552 specific Makefile using the information in BuildTools.
553 Make 4xx reply codes to the SMTP MAIL command be non-sticky (i.e.,
554 a failure on one message won't affect future messages to the
555 same host). This is necessary if the remote host sends
556 a 451 error if the domain of the sender does not resolve
557 as is common in anti-spam configurations. Problem noted
558 by Mitchell Blank Jr of Exec-PC.
559 New "discard" mailer for check_* rulesets and header checking
560 rulesets. If one of the above rulesets resolves to the
561 $#discard mailer, the commands will be accepted but the
562 message will be completely discarded after it is accepting.
563 This means that even if only one of the recipients
564 resolves to the $#discard mailer, none of the recipients
565 will receive the mail. Suggested by Brian Kantor.
566 All but the last cloned envelope of a split envelope were queued
567 instead of being delivered. Problem noted by John Caruso
568 of CNET: The Computer Network.
569 Fix deadlock situation in persistent host status file locking.
570 Syslog an error if a user forward file could not be read due to
571 an error. Patch from John Beck of Sun Microsystems.
572 Use the first name returned on machine lookups when canonifying a
573 hostname via NetInfo. Patch from Timm Wetzel of GWDG.
574 Clear the $&{client_addr}, $&{client_name}, and $&{client_port}
575 macros when delivering a bounce message to prevent
576 rejection by a check_compat ruleset which uses these macros.
577 Problem noted by Jens Hamisch of AgiX Internetservices GmbH.
578 If the check_relay ruleset resolves to the the error mailer, the
579 error in the $: portion of the resolved triplet is used
580 in the rejection message given to the remote machine.
581 Suggested by Scott Gifford of The Internet Ramp.
582 Set the $&{client_addr}, $&{client_name}, and $&{client_port} macros
583 before calling the check_relay ruleset. Suggested by Scott
584 Gifford of The Internet Ramp.
585 Sendmail would get a segmentation fault if a mailer exited with an
586 exit code of 79. Problem noted by Aaron Schrab of ExecPC
587 Internet. Fix from Christophe Wolfhugel of the Pasteur
589 Separate snprintf/vsnprintf routines into separate file for use by
591 Allow multiple map lookups on right hand side, e.g.,
592 R$* $( host $1 $) $| $( passwd $1 $). Patch from
593 Christophe Wolfhugel of the Pasteur Institute.
594 Properly generate success DSN messages if requested for aliases
595 which have owner- aliases. Problem noted by Kari Hurtta
596 of the Finnish Meteorological Institute.
597 Properly display delayed-expansion macros ($&{macroname}) in
598 address test mode (-bt). Problem noted by Bryan Costales
600 -qR could sometimes match names incorrectly. Problem noted by
601 Lutz Euler of Lavielle EDV Systemberatung GmbH & Co.
602 Include a magic number and version in the StatusFile for the
604 Record the number of rejected and discarded messages in the
605 StatusFile for display by the mailstats command. Patch
606 from Randall Winchester of the University of Maryland.
607 IDENT returns where the OSTYPE field equals "OTHER" now list the
608 user portion as IDENT:username@site instead of
609 username@site to differentiate the two. Suggested by
610 Kari Hurtta of the Finnish Meteorological Institute.
611 Enforce timeout for LDAP queries. Patch from Per Hedeland of
613 Change persistent host status filename substitution so '/' is
614 replaced by ':' instead of '|' to avoid clashes. Also
615 avoid clashes with hostnames with leading dots. Fix from
616 Mitchell Blank Jr. of Exec-PC.
617 If the system lock table is full, only attempt to create a new
618 queue entry five times before giving up. Previously, it
619 was attempted indefinitely which could cause the partition
620 to run out of inodes. Problem noted by Suzie Weigand of
621 Stratus Computer, Inc.
622 In verbose mode, warn if the sendmail.cf version is less than the
623 currently supported version.
624 Sorting for QueueSortOrder=host is now case insensitive. Patch
625 from Randall S. Winchester of the University of Maryland.
626 Properly quote a full name passed via the -F command line option,
627 the Full-Name: header, or the NAME environment variable if
628 it contains characters which must be quoted. Problem noted
629 by Kari Hurtta of the Finnish Meteorological Institute.
630 Avoid possible race condition that unlocked a mail job before
631 releasing the transcript file on systems that use flock(2).
632 In some cases, this might result in a "Transcript Unavailable"
633 message in error bounces.
634 Accept SMTP replies which contain only a reply code and no
635 accompanying text. Problem noted by Fernando Fraticelli of
636 Digital Equipment Corporation.
638 AIX 4.1 uses int for SOCKADDR_LEN_T from Motonori Nakamura
640 AIX 4.2 requires <userpw.h> before <usersec.h>. Patch from
641 Randall S. Winchester of the University of
643 AIX 4.3 from Valdis Kletnieks of Virginia Tech CNS.
644 CRAY T3E from Manu Mahonen of Center for Scientific Computing
646 Digital UNIX now uses statvfs for determining free
647 disk space. Patch from Randall S. Winchester of
648 the University of Maryland.
649 HP-UX 11.x from Richard Allen of Opin Kerfi HF and
650 Regis McEwen of Progress Software Corporation.
651 IRIX 64 bit fixes from Kari Hurtta of the Finnish
652 Meteorological Institute.
653 IRIX 6.2 configuration fix for mail.local from Michael Kyle
654 of CIC/Advanced Computing Laboratory.
655 IRIX 6.5 from Thomas H Jones II of SGI.
656 IRIX 6.X load average code from Bob Mende of SGI.
657 QNX from Glen McCready <glen@qnx.com>.
658 SCO 4.2 and 5.x use /usr/bin instead of /usr/ucb for links
659 to sendmail. Install with group bin instead of kmem
660 as kmem does not exist. From Guillermo Freige of
661 Gobernacion de la Pcia de Buenos Aires and Paul
663 SunOS 4.X does not include memmove(). Patch from
664 Per Hedeland of Ericsson.
665 SunOS 5.7 includes getloadavg() function for determining
666 load average. Patch from John Beck of Sun
668 CONFIG: Increment version number of config file.
669 CONFIG: add DATABASE_MAP_TYPE to set the default type of database
670 map for the various maps. The default is hash. Patch from
671 Robert Harker of Harker Systems.
672 CONFIG: new confEBINDIR m4 variable for defining the executable
673 directory for certain programs.
674 CONFIG: new FEATURE(local_lmtp) to use the new LMTP support for
675 local mail delivery. By the default, /usr/libexec/mail.local
676 is used. This is expected to be the mail.local shipped
677 with 8.9 which is LMTP capable. The path is based on the
678 new confEBINDIR m4 variable.
679 CONFIG: Use confEBINDIR in determining path to smrsh for
680 FEATURE(smrsh). Note that this changes the default from
681 /usr/local/etc/smrsh to /usr/libexec/smrsh. To obtain the
682 old path for smrsh, use FEATURE(smrsh, /usr/local/etc/smrsh).
683 CONFIG: DOMAIN(generic) changes the default confFORWARD_PATH to
684 include $z/.forward.$w+$h and $z/.forward+$h which allow
685 the user to setup different .forward files for
686 user+detail addressing.
687 CONFIG: add confMAX_RCPTS_PER_MESSAGE, confDONT_PROBE_INTERFACES,
688 and confDONT_BLAME_SENDMAIL to set MaxRecipientsPerMessage,
689 DontProbeInterfaces, and DontBlameSendmail options.
690 CONFIG: by default do not allow relaying (that is, accepting mail
691 from outside your domain and sending it to another host
692 outside your domain).
693 CONFIG: new FEATURE(promiscuous_relay) to allow mail relaying from
694 any site to any site.
695 CONFIG: new FEATURE(relay_entire_domain) allows any host in your
696 domain as defined by the 'm' class ($=m) to relay.
697 CONFIG: new FEATURE(relay_based_on_MX) to allow relaying based on
698 the MX records of the host portion of an incoming recipient.
699 CONFIG: new FEATURE(access_db) which turns on the access database
700 feature. This database give you the ability to allow
701 or refuse to accept mail from specified domains for
702 administrative reasons. By default, names that are listed
703 as "OK" in the access db are domain names, not host names.
704 CONFIG: new confCR_FILE m4 variable for defining the name of the file
705 used for class 'R'. Defaults to /etc/mail/relay-domains.
706 CONFIG: new command RELAY_DOMAIN(domain) and RELAY_DOMAIN_FILE(file)
707 to add items to class 'R' ($=R) for hosts allowed to relay.
708 CONFIG: new FEATURE(relay_hosts_only) to change the behavior
709 of FEATURE(access_db) and class 'R' to lookup individual
711 CONFIG: new FEATURE(loose_relay_check). Normally, if a recipient
712 using % addressing is used, e.g. user%site@othersite,
713 and othersite is in class 'R', the check_rcpt ruleset
714 will strip @othersite and recheck user@site for relaying.
715 This feature changes that behavior. It should not be
716 needed for most installations.
717 CONFIG: new FEATURE(relay_local_from) to allow relaying if the
718 domain portion of the mail sender is a local host. This
719 should only be used if absolutely necessary as it opens
720 a window for spammers. Patch from Randall S. Winchester of
721 the University of Maryland.
722 CONFIG: new FEATURE(blacklist_recipients) turns on the ability to
723 block incoming mail destined for certain recipient
724 usernames, hostnames, or addresses.
725 CONFIG: By default, MAIL FROM: commands in the SMTP session will be
726 refused if the host part of the argument to MAIL FROM: cannot
727 be located in the host name service (e.g., DNS).
728 CONFIG: new FEATURE(accept_unresolvable_domains) accepts
729 unresolvable hostnames in MAIL FROM: SMTP commands.
730 CONFIG: new FEATURE(accept_unqualified_senders) accepts
731 MAIL FROM: senders which do not include a domain.
732 CONFIG: new FEATURE(rbl) Turns on rejection of hosts found in the
733 Realtime Blackhole List. You can specify the RBL name
734 server to contact by specifying it as an optional argument.
735 The default is rbl.maps.vix.com. For details, see
736 http://maps.vix.com/rbl/.
737 CONFIG: Call Local_check_relay, Local_check_mail, and
738 Local_check_rcpt from check_relay, check_mail, and
739 check_rcpt. Users with local rulesets should place the
740 rules using LOCAL_RULESETS. If a Local_check_* ruleset
741 returns $#OK, the message is accepted. If the ruleset
742 returns a mailer, the appropriate action is taken, else
743 the return of the ruleset is ignored.
744 CONFIG: CYRUS_MAILER_FLAGS now includes the /:| mailer flags by
745 default to support file, :include:, and program deliveries.
746 CONFIG: Remove the default for confDEF_USER_ID so the binary can
747 pick the proper default value. See the SECURITY note
748 above for more information.
749 CONFIG: FEATURE(nodns) now warns the user that the feature is a
750 no-op. Patch from Kari Hurtta of the Finnish
751 Meteorological Institute.
752 CONFIG: OSTYPE(osf1) now sets DefaultUserID (confDEF_USER_ID) to
753 daemon since DEC's /bin/mail will drop the envelope
754 sender if run as mailnull. See the Digital UNIX section
755 of src/README for more information. Problem noted by
756 Kari Hurtta of the Finnish Meteorological Institute.
757 CONFIG: .cf files are now stored in the same directory with the
758 .mc files instead of in the obj directory.
759 CONFIG: New options confSINGLE_LINE_FROM_HEADER,
760 confALLOW_BOGUS_HELO, and confMUST_QUOTE_CHARS for
761 setting SingleLineFromHeader, AllowBogusHELO, and
762 MustQuoteChars respectively.
763 MAIL.LOCAL: support -l flag to run LMTP on stdin/stdout. This
764 SMTP-like protocol allows detailed reporting of delivery
765 status on a per-user basis. Code donated by John Myers of
766 CMU (now of Netscape).
767 MAIL.LOCAL: HP-UX support from Randall S. Winchester of the
768 University of Maryland. NOTE: mail.local is not
769 compatible with the stock HP-UX mail format. Be sure to
770 read mail.local/README.
771 MAIL.LOCAL: Prevent other mail delivery agents from stealing a
772 mailbox lock. Patch from Randall S. Winchester of the
773 University of Maryland.
774 MAIL.LOCAL: glibc portability from John Kennedy of Cal State
776 MAIL.LOCAL: IRIX portability from Kari Hurtta of the Finnish
777 Meteorological Institute.
778 MAILSTATS: Display the number of rejected and discarded messages
779 in the StatusFile. Patch from Randall Winchester of the
780 University of Maryland.
781 MAKEMAP: New -s flag to ignore safety checks on database map files
782 such as linked files in world writable directories.
783 MAKEMAP: Add support for Berkeley DB 2.X. Remove OLD_NEWDB support.
784 PRALIASES: Add support for Berkeley DB 2.X.
785 PRALIASES: Do not automatically include NDBM support. Problem
786 noted by Ralf Hildebrandt of the Technical University of
788 RMAIL: Improve portability for other platforms. Patches from
789 Randall S. Winchester of the University of Maryland and
790 Kari Hurtta of the Finnish Meteorological Institute.
792 src/Makefiles/Makefile.* files have been modified to use
793 the new build mechanism and are now BuildTools/OS/*.
794 src/makesendmail changed to symbolic link to src/Build.
796 BuildTools/M4/header.m4
797 BuildTools/M4/depend/BSD.m4
798 BuildTools/M4/depend/CC-M.m4
799 BuildTools/M4/depend/NCR.m4
800 BuildTools/M4/depend/Solaris.m4
801 BuildTools/M4/depend/X11.m4
802 BuildTools/M4/depend/generic.m4
803 BuildTools/OS/AIX.4.2
804 BuildTools/OS/AIX.4.x
805 BuildTools/OS/CRAYT3E.2.0.x
806 BuildTools/OS/HP-UX.11.x
807 BuildTools/OS/IRIX.6.5
808 BuildTools/OS/NEXTSTEP.4.x
809 BuildTools/OS/NeXT.4.x
810 BuildTools/OS/NetBSD.8.3
812 BuildTools/OS/SunOS.5.7
813 BuildTools/OS/dcosx.1.x.NILE
815 BuildTools/Site/README
817 BuildTools/bin/configure.sh
818 BuildTools/bin/find_m4.sh
819 BuildTools/bin/install.sh
822 cf/cf/generic-hpux10.cf
823 cf/feature/accept_unqualified_senders.m4
824 cf/feature/accept_unresolvable_domains.m4
825 cf/feature/access_db.m4
826 cf/feature/blacklist_recipients.m4
827 cf/feature/loose_relay_check.m4
828 cf/feature/local_lmtp.m4
829 cf/feature/promiscuous_relay.m4
831 cf/feature/relay_based_on_MX.m4
832 cf/feature/relay_entire_domain.m4
833 cf/feature/relay_hosts_only.m4
834 cf/feature/relay_local_from.m4
836 contrib/doublebounce.pl
838 mail.local/Makefile.m4
841 mailstats/Makefile.m4
845 praliases/Makefile.m4
855 cf/cf/Makefile (replaced by Makefile.dist)
857 mail.local/Makefile.dist
859 mailstats/Makefile.dist
861 makemap/Makefile.dist
863 praliases/Makefile.dist
868 src/Makefiles/Makefile.AIX.4 (split into AIX.4.x and AIX.4.2)
869 src/Makefiles/Makefile.SMP_DC.OSx.NILE
870 (renamed BuildTools/OS/dcosx.1.x.NILE)
871 src/Makefiles/Makefile.Utah (obsolete platform)
874 cf/cf/Makefile.dist => Makefile
875 cf/cf/obj/* => cf/cf/*
876 src/READ_ME => src/README
879 If the check_relay ruleset failed, the relay= field was logged
880 incorrectly. Problem noted by Kari Hurtta of the Finnish
881 Meteorological Institute.
882 If /usr/tmp/dead.letter already existed, sendmail could not
883 add additional bounces to it. Problem noted by Thomas J.
884 Arseneault of SRI International.
885 If an SMTP mailer used a non-standard port number for the outgoing
886 connection, it would be displayed incorrectly in verbose mode.
887 Problem noted by John Kennedy of Cal State University, Chico.
888 Log the ETRN parameter specified by the client before altering them
889 to internal form. Suggested by Bob Kupiec of GES-Verio.
890 EXPN and VRFY SMTP commands on malformed addresses were logging as
891 User unknown with bogus delay= values. Change them to log
892 the same as compliant addresses. Problem noted by Kari E.
893 Hurtta of the Finnish Meteorological Institute.
894 Ignore the debug resolver option unless using sendmail debug trace
895 option for resolver. Problem noted by Greg Nichols of Wind
897 If SingleThreadDelivery was enabled and the remote server returned a
898 protocol error on the DATA command, the connection would be
899 closed but the persistent host status file would not be
900 unlocked so other sendmail processes could not deliver to
901 that host. Problem noted by Peter Wemm of DIALix.
902 If queueing up a message due to an expensive mailer, don't increment
903 the number of delivery attempts or set the last delivery
904 attempt time so the message will be delivered on the next
905 queue run regardless of MinQueueAge. Problem noted by
906 Brian J. Coan of the Institute for Global Communications.
907 Authentication warnings of "Processed from queue _directory_" and
908 "Processed by _username_ with -C _filename_" would be logged
909 with the incorrect timestamp. Problem noted by Kari E. Hurtta
910 of the Finnish Meteorological Institute.
911 Use a better heuristic for detecting GDBM.
912 Log null connections on dropped connections. Problem noted by
913 Jon Lewis of Florida Digital Turnpike.
914 If class dbm maps are rebuilt, sendmail will now detect this and
915 reopen the map. Previously, they could give stale
916 results during a single message processing (but would
917 recover when the next message was received). Fix from
918 Joe Pruett of Q7 Enterprises.
919 Do not log failures such as "User unknown" on -bv or SMTP VRFY
920 requests. Problem noted by Kari E. Hurtta of the
921 Finnish Meteorological Institute.
922 Do not send a bounce message back to the sender regarding bad
923 recipients if the SMTP connection is dropped before the
924 message is accepted. Problem noted by Kari E. Hurtta of the
925 Finnish Meteorological Institute.
926 Use "localhost" instead of "[UNIX: localhost]" when connecting to
927 sendmail via a UNIX pipe. This will allow rulesets using
928 $&{client_name} to process without sending the string through
929 dequote. Problem noted by Alan Barrett of Internet Africa.
930 A combination of deferred delivery mode, a double bounce situation,
931 and the inability to save a bounce message to
932 /var/tmp/dead.letter would cause sendmail to send a bounce
933 to postmaster but not remove the offending envelope from the
934 queue causing it to create a new bounce message each time the
935 queue was run. Problem noted by Brad Doctor of Net Daemons
937 Remove newlines from hostname information returned via DNS. There are
938 no known security implications of newlines in hostnames as
939 sendmail filters newlines in all vital areas; however, this
940 could cause confusing error messages.
941 Starting with sendmail 8.8.6, mail sent with the '-t' option would be
942 rejected if any of the specified addresses were bad. This
943 behavior was modified to only reject the bad addresses and not
944 the entire message. Problem noted by Jozsef Hollosi of
946 Use Timeout.fileopen when delivering mail to a file. Suggested by
947 Bryan Costales of InfoBeat, Inc.
948 Display the proper Final-Recipient on DSN messages for non-SMTP
949 mailers. Problem noted by Kari E. Hurtta of the
950 Finnish Meteorological Institute.
951 An error in calculating the available space in the list of addresses
952 for logging deliveries could cause an address to be silently
954 Include the initial user environment if sendmail is restarted via
955 a HUP signal. This will give room for the process title.
956 Problem noted by Jon Lewis of Florida Digital Turnpike.
957 Mail could be delivered without a body if the machine does not
958 support flock locking and runs out of processes during
959 delivery. Fix from Chuck Lever of the University of Michigan.
960 Drop recipient address from 251 and 551 SMTP responses per RFC 821.
961 Problem noted by Kari E. Hurtta of the Finnish Meteorological
963 Make sure non-rebuildable database maps are opened before the
964 rebuildable maps (i.e. alias files) in case the database maps
965 are needed for verifying the left hand side of the aliases.
966 Problem noted by Lloyd Parkes of Victoria University.
967 Make sure sender RFC822 source route addresses are alias expanded for
968 bounce messages. Problem noted by Juergen Georgi of
969 RUS University of Stuttgart.
971 Return a temporary error instead of a permanent error if an LDAP map
972 search returns an error. This will allow sequenced maps which
973 use other LDAP servers to be checked. Fix from Booker Bense
974 of Stanford University.
975 When automatically converting from quoted printable to 8bit text do
976 not pad bare linefeeds with a space. Problem noted by Theo
977 Nolte of the University of Technology Aachen, Germany.
979 Non-standard C compilers may have had a problem compiling
980 conf.c due to a standard C external declaration of
981 setproctitle(). Problem noted by Ted Roberts of
982 Electronic Data Systems.
983 AUX: has a broken O_EXCL implementation. Reported by Jim
984 Jagielski of jaguNET Access Services.
985 BSD/OS: didn't compile if HASSETUSERCONTEXT was defined.
986 Digital UNIX: Digital UNIX (and possibly others) moves
987 loader environment variables into the loader memory
988 area. If one of these environment variables (such as
989 LD_LIBRARY_PATH) was the last environment variable,
990 an invalid memory address would be used by the process
991 title routine causing memory corruption. Problem
992 noted by Sam Hartman of Mesa Internet Systems.
993 GNU libc: uses an enum for _PC_CHOWN_RESTRICTED which caused
994 chownsafe() to always return 0 even if the OS does
995 not permit file giveaways. Problem noted by
996 Yasutaka Sumi of The University of Tokyo.
997 IRIX6: Syslog buffer size set to 512 bytes. Reported by
998 Gerald Rinske of Siemens Business Services VAS.
999 Linux: Pad process title with NULLs. Problem noted by
1000 Jon Lewis of Florida Digital Turnpike.
1001 SCO OpenServer 5.0: SIOCGIFCONF ioctl call returns an
1002 incorrect value for the number of interfaces.
1003 Problem noted by Chris Loelke of JetStream Internet
1005 SINIX: Update for Makefile and syslog buffer size from Gerald
1006 Rinske of Siemens Business Services VAS.
1007 Solaris: Make sure HASGETUSERSHELL setting for SunOS is not
1008 used on a Solaris machine. Problem noted by
1009 Stephen Ma of Jtec Pty Limited.
1010 CONFIG: SINIX: Update from Gerald Rinske of Siemens Business
1012 MAKEMAP: Use a better heuristic for detecting GDBM.
1013 CONTRIB: expn.pl: Updated version from the author, David Muir Sharnoff.
1014 OP.ME: Document the F=i mailer flag. Problem noted by Per Hedeland of
1017 8.8.7/8.8.7 97/08/03
1018 If using Berkeley DB on systems without O_EXLOCK (open a file with
1019 an exclusive lock already set -- i.e., almost all systems
1020 except 4.4-BSD derived systems), the initial attempt at
1021 rebuilding aliases file if the database didn't already
1022 exist would fail. Patch from Raymund Will of LST Software
1024 Bogus incoming SMTP commands would reset the SMTP conversation.
1025 Problem noted by Fredrik Jönsson of the Royal Institute
1026 of Technology, Stockholm.
1027 Since TCP Wrappers includes setenv(), unsetenv(), and putenv(),
1028 some environments could give "multiple definitions" for these
1029 routines during compilation. If using TCP Wrappers, assume
1030 that these routines are included as though they were in the
1031 C library. Patch from Robert La Ferla.
1032 When a NEWDB database map was rebuilt at the same time it was being
1033 used by a queue run, the maps could be left locked for the
1034 duration of the queue run, causing other processes to hang.
1035 Problem noted by Kendall Libby of Shore.NET.
1036 In some cases, NoRecipientAction=add-bcc was being ignored, so the
1037 mail was passed on without any recipient header. This could
1038 cause problems downstream. Problem noted by Xander Jansen
1039 of SURFnet ExpertiseCentrum.
1040 Give error when GDBM is used with sendmail. GDBM's locking and
1041 linking of the .dir and .pag files interferes with sendmail's
1042 locking and security checks. Problems noted by Fyodor
1043 Yarochkin of the Kyrgyz Republic FreeNet.
1044 Don't fsync qf files if SuperSafe option is not set.
1045 Avoid extra calls to gethostbyname for addresses for which a
1046 gethostbyaddr found no value. Also, ignore any returns
1047 from gethostbyaddr that look like a dotted quad.
1048 If PTR lookup fails when looking up an SMTP peer, don't tag it as
1049 "may be forged", since at the network level we pretty much
1050 have to assume that the information is good.
1051 In some cases, errors during an SMTP session could leave files
1053 Better handling of missing file descriptors (0, 1, 2) on startup.
1054 Better handling of non-setuid binaries -- avoids certain obnoxious
1055 errors during testing.
1056 Errors in file locking of NEWDB maps had the incorrect file name
1057 printed in the error message.
1058 If the AllowBogusHELO option were set and an EHLO with a bad or
1059 missing parameter were issued, the EHLO behaved like a HELO.
1060 Load limiting never kicked in for incoming SMTP transactions if the
1061 DeliveryMode=background and any recipient was an alias or
1062 had a .forward file. From Nik Conwell of Boston University.
1063 On some non-Posix systems, the decision of whether chown(2) permits
1064 file giveaway was undefined. From Tetsu Ushijima of the
1065 Tokyo Institute of Technology.
1066 Fix race condition that could cause the body of a message to be
1067 lost (so only the header was delivered). This only occurs
1068 on systems that do not use flock(2), and only when a queue
1069 runner runs during a critical section in another message
1070 delivery. Based on a patch from Steve Schweinhart of
1072 If a qf file was found in a mail queue directory that had a problem
1073 (wrong ownership, bad format, etc.) and the file name was
1074 exactly MAXQFNAME bytes long, then instead of being tried
1075 once, it would be tried on every queue run. Problem noted
1076 by Bryan Costales of Mercury Mail.
1077 If the system supports an st_gen field in the status structure,
1078 include it when reporting that a file has changed after open.
1079 This adds a new compile flag, HAS_ST_GEN (0/1 option).
1080 This out to be checked as well as reported, since it is
1081 theoretically possible for an attacker to remove a file after
1082 it is opened and replace it with another file that has the
1083 same i-number, but some filesystems (notably AFS) return
1084 garbage in this field, and hence always look like the file
1085 has changed. As a practical matter this is not a security
1086 problem, since the files can be neither hard nor soft links,
1087 and on no filesystem (that I am aware of) is it possible to
1088 have two files on the same filesystem with the same i-number
1090 Delete the root Makefile from the distribution -- it is only for
1091 use internally, and does not work at customer sites.
1092 Fix botch that caused the second MAIL FROM: command in a single
1093 transaction to clear the entire transaction. Problem
1094 noted by John Kennedy of Cal State University, Chico.
1095 Work properly on machines that have _PATH_VARTMP defined without
1096 a trailing slash. (And a pox on vendors that decide to
1097 ignore the established conventions!) Problem noted by
1098 Gregory Neil Shapiro of WPI.
1099 Internal changes to make it easier to add another protocol family
1100 (intended for IPv6). Patches are from John Kennedy of
1102 In certain cases, 7->8 bit MIME decoding of Base64 text could leave
1103 an extra space at the beginning of some lines. Problem
1104 noted by Charles Karney of Princeton University; fix based
1105 on a patch from Christophe Wolfhugel.
1107 Allow _PATH_VENDOR_CF to be set in Makefile for consistency
1108 with the _Sendmail_ book, 2nd edition. Note that
1109 the book is actually wrong: _PATH_SENDMAILCF should
1111 AIX 3.x: Include <sys/select.h>. Patch from Gene Rackow
1112 of Argonne National Laboratory.
1113 OpenBSD from from Paul DuBois of the University of Wisconsin.
1114 RISC/os 4.0 from Paul DuBois of the University of Wisconsin.
1115 SunOS: Include <memory.h> to fix warning from util.c. From
1116 James Aldridge of EUnet Ltd.
1117 Solaris: Change STDIR (location of status file) to /etc/mail
1119 Linux, Dynix, UNICOS: Remove -DNDBM and -lgdbm from
1120 Makefiles. Use NEWDB on Linux instead.
1121 NCR MP-RAS 3.x with STREAMware TCP/IP: SIOCGIFNUM ioctl
1122 exists but behaves differently than other OSes.
1123 Add SIOCGIFNUM_IS_BROKEN compile flag to get
1124 around the problem. Problem noted by Tom Moore of
1126 HP-UX 9.x: fix compile warnings for old select API. Problem
1127 noted by Tom Smith of Digital Equipment Corp.
1128 UnixWare 2.x: compile warnings on offsetof macro. Problem
1129 noted by Tom Good of the Community Access Information
1131 SCO 4.2: compile problems caused by a change in the type of
1132 the "length" parameters passed to accept, getpeername,
1133 getsockname, and getsockopt. Adds new compile flags
1134 SOCKADDR_SIZE_T and SOCKOPT_SIZE_T. Problem reported
1135 by Tom Good of St. Vincent's North Richmond Community
1136 Mental Health Center Residential Services.
1137 AIX 4: Use size_t for SOCKADDR_SIZE_T and SOCKOPT_SIZE_T.
1138 Suggested by Brett Hogden of Rochester Gas & Electric
1140 Linux: avoid compile problem for versions of <setjmp.h> that
1141 #define both setjmp and longjmp. Problem pointed out
1142 by J.R. Oldroyd of TerraNet.
1143 CONFIG: SCO UnixWare 2.1: Support for OSTYPE(sco-uw-2.1)
1144 from Christopher Durham of SCO.
1145 CONFIG: NEXTSTEP: define confCW_FILE to
1146 /etc/sendmail/sendmail.cw to match the usual
1147 configuration. Patch from Dennis Glatting of
1149 CONFIG: MAILER(fax) called a program that hasn't existed for a long
1150 time. Convert to use the HylaFAX 4.0 conventions. Suggested
1152 CONFIG: Improve sample anti-spam rulesets in cf/cf/knecht.mc. These
1153 are the rulesets in use on sendmail.org.
1154 MAKEMAP: give error on GDBM files.
1155 MAIL.LOCAL: Make error messages a bit more explicit, for example,
1156 telling more details on what actually changed when "file
1157 changed after open".
1158 CONTRIB: etrn.pl: Ignore comments in Fw files. Support multiple Fw
1160 CONTRIB: passwd-to-alias.pl: Handle 8 bit characters and '-'.
1162 src/Makefiles/Makefile.OpenBSD
1163 src/Makefiles/Makefile.RISCos.4_0
1165 cf/ostype/sco-uw-2.1.m4
1169 8.8.6/8.8.6 97/06/14
1170 *************************************************************
1171 * The extensive assistance of Gregory Neil Shapiro of WPI *
1172 * in preparing this release is gratefully appreciated. *
1173 * Sun Microsystems has also provided resources toward *
1174 * continued sendmail development. *
1175 *************************************************************
1176 SECURITY: A few systems allow an open with the O_EXCL|O_CREAT open
1177 mode bits set to create a file that is a symbolic link that
1178 points nowhere. This makes it possible to create a root
1179 owned file in an arbitrary directory by inserting the symlink
1180 into a writable directory after the initial lstat(2) check
1181 determined that the file did not exist. The only verified
1182 example of a system having these odd semantics for O_EXCL
1183 and symbolic links was HP-UX prior to version 9.07. Most
1184 systems do not have the problem, since a exclusive create
1185 of a file disallows symbolic links. Systems that have been
1186 verified to NOT have the problem include AIX 3.x, *BSD,
1187 DEC OSF/1, HP-UX 9.07 and higher, Linux, SunOS, Solaris,
1188 and Ultrix. This is a potential exposure on systems that
1189 have this bug and which do not have a MAILER-DAEMON alias
1190 pointing at a legitimate account, since this will cause old
1191 mail to be dropped in /var/tmp/dead.letter.
1192 SECURITY: Problems can occur on poorly managed systems, specifically,
1193 if maps or alias files are in world writable directories.
1194 If your system has alias maps in writable directories, it
1195 is potentially possible for an attacker to replace the .db
1196 (or .dir and .pag) files by symbolic links pointing at
1197 another database; this can be used either to expose
1198 information (e.g., by pointing an alias file at /etc/spwd.db
1199 and probing for accounts), or as a denial-of-service attack
1200 (by trashing the password database). The fix disallows
1201 symbolic links entirely when rebuilding alias files or on
1202 maps that are in writable directories, and always warns on
1203 writable directories; 8.9 will probably consider writable
1204 directories to be fatal errors. This does not represent an
1205 exposure on systems that have alias files in unwritable
1207 SECURITY: disallow .forward or :include: files that are links (hard
1208 or soft) if the parent directory (or any directory in the
1209 path) is writable by anyone other than the owner. This is
1210 similar to the previous case for user files. This change
1211 should not affect most systems, but is necessary to prevent
1212 an attacker who can write the directory from pointing such
1213 files at other files that are readable only by the owner.
1214 SECURITY: Tighten safechown rules: many systems will say that they
1215 have a safe (restricted to root) chown even on files that
1216 are mounted from another system that allows owners to give
1217 away files. The new rules are very strict, trusting file
1218 ownership only in those few cases where the system has
1219 been verified to be at least as paranoid as necessary.
1220 However, it is possible to relax the rules to partially
1221 trust the ownership if the directory path is not world or
1222 group writable. This might allow someone who has a legitimate
1223 :include: file (referenced directly from /etc/aliases) to
1224 become another non-root user if the :include: file is in a
1225 non-writable directory on an NFS-mounted filesystem where
1226 the local system says that giveaway is denied but it is
1227 actually permitted. I believe this to be a very small set
1228 of cases. If in doubt, do not point :include: aliases at
1229 NFS-mounted filesystems.
1230 SECURITY: When setting a numeric group id using the RunAsUser option
1231 (e.g., "O RunAsUser=10:20", the group id would not be set.
1232 Implicit group ids (e.g., "O RunAsUser=mailnull") or alpha
1233 group ids (e.g., "O RunAsUser=mailuser:mailgrp") worked fine.
1234 The user id was still set properly. Problem noted by Uli
1235 Pralle of the Technical University of Berlin.
1236 Save the initial gid set for use when checking for if the
1237 PrivacyOptions=restrictmailq option is set. Problem reported
1238 by Wolfgang Ley of DFN-CERT.
1239 Make 55x reply codes to the SMTP DATA-"." be non-sticky (i.e., a
1240 failure on one message won't affect future messages to the
1242 IP source route printing had an "off by one" error that would
1243 affect any options that came after the route option. Patch
1245 The "Message is too large" error didn't successfully bounce the error
1246 back to the sender. Problem reported by Stephen More of
1247 PSI; patch from Gregory Neil Shapiro of WPI.
1248 Change SMTP status code 553 to map into Extended code 5.1.0 (instead
1249 of 5.1.3); it apparently gets used in multiple ways.
1250 Suggested by John Myers of Portola Communications.
1251 Fix possible extra null byte generated during collection if errors
1252 occur at the beginning of the stream. Patch contributed by
1253 Andrey A. Chernov and Gregory Neil Shapiro.
1254 Code changes to avoid possible reentrant call of malloc/free within
1255 a signal handler. Problem noted by John Beck of Sun
1257 Move map initialization to be earlier so that check_relay ruleset
1258 will have the latest version of the map data. Problem noted
1259 by Paul Forgey of Metainfo; patch from Gregory Neil Shapiro.
1260 If there are fatal errors during the collection phase (e.g., message
1261 too large) don't send the bogus message.
1262 Avoid "cannot open xfAAA00000" messages when sending to aliases that
1263 have errors and have owner- aliases. Problem noted by Michael
1264 Barber of MTU; fix from Gregory Neil Shapiro of WPI.
1265 Avoid null pointer dereference on illegal Boundary= parameters in
1266 multipart/mixed Content-Type: header. Problem noted by
1267 Richard Muirden of RMIT University.
1268 Always print error messages during newaliases (-bi) even if the
1269 ErrorMode is not set to "print". Fix from Gregory Neil
1271 Test mode could core dump if you did a /map lookup in an optional map
1272 that could not be opened. Based on a fix from John Beck of
1274 If DNS is misconfigured so that the last MX record tried points to
1275 a host that does not have an A record, but other MX records
1276 pointed to something reasonable, don't bounce the message
1277 with a "host unknown" error. Note that this should really
1278 be fixed in the zone file for the domain. Problem noted by
1279 Joe Rhett of Navigist, Inc.
1280 If a map fails (e.g., DNS times out) on all recipient addresses, mark
1281 the message as having been tried; otherwise the next queue
1282 run will not realize that this is a second attempt and will
1283 retry immediately. Problem noted by Bryan Costales of
1285 If the clock is set backwards, and a MinQueueAge is set, no jobs
1286 will be run until the later setting of the clock is reached.
1287 "Problem" (I use the term loosely) noted by Eric Hagberg of
1289 If the load average rises above the cutoff threshold (above which
1290 sendmail will not process the queue at all) during a queue
1291 run, abort the queue run immediately. Problem noted by
1292 Bryan Costales of Mercury Mail.
1293 The variable queue processing algorithm (based on the message size,
1294 number of recipients, message precedence, and job age) was
1295 non-functional -- either the entire queue was processed or
1296 none of the queue was processed. The updated algorithm
1297 does no queue run if a single recipient zero size job will
1299 If there is a fatal ("panic") message that will cause sendmail to
1300 die immediately, never hold the error message for future
1302 Force ErrorMode=print in -bt mode so that all errors are printed
1303 regardless of the setting of the ErrorMode option in the
1304 configuration file. Patch from Gregory Neil Shapiro.
1305 New compile flag HASSTRERROR says that this OS has the strerror(3)
1306 routine available in one of the libraries. Use it in conf.h.
1307 The -m (match only) flag now works on host class maps.
1308 If class hash or btree maps are rebuilt, sendmail will now detect
1309 this and reopen the map. Previously, they could give
1310 erroneous results during a single message processing
1311 (but would recover when the next message was received).
1312 Don't delete zero length queue files when doing queue runs until the
1313 files are at least ten minutes old. This avoids a potential
1314 race condition: the creator creates the qf file, getting back
1315 a file descriptor. The queue runner locks it and deletes it
1316 because it is zero length. The creator then writes the
1317 descriptor that is now for a disconnected file, and the
1318 job goes away. Based on a suggestion by Bryan Costales.
1319 When determining the "validated" host name ($_ macro), do a forward
1320 (A) DNS lookup on the result of the PTR lookup and compare
1321 results. If they differ or if the PTR lookup fails, tag the
1322 address as "may be forged".
1323 Log null connections (i.e., hosts that connect but do not do any
1324 substantive activity on the connection before disconnecting;
1325 "substantive" is defined to be MAIL, EXPN, VRFY, or ETRN.
1326 Always permit "writes" to /dev/null regardless of the link count.
1327 This is safe because /dev/null is special cased, and no open
1328 or write is ever actually attempted. Patch from Villy Kruse
1330 If a message cannot be sent because of a 552 (exceeded storage
1331 allocation) response to the MAIL FROM:<>, and a SIZE= parameter
1332 was given, don't return the body in the bounce, since there
1333 is a very good chance that the message will double-bounce.
1334 Fix possible line truncation if a quoted-printable had an =00 escape
1335 in the body. Problem noted by Charles Karney of the Princeton
1336 Plasma Physics Laboratory.
1337 Notify flags (e.g., -NSUCCESS) were lost on user+detail addresses.
1338 Problem noted by Kari Hurtta of the Finnish Meteorological
1340 The MaxDaemonChildren option wasn't applying to queue runs as
1341 documented. Note that this increases the potential denial
1342 of service problems with this option: an attacker can
1343 connect many times, and thereby lock out queue runs as well
1344 as incoming connections. If you use this option, you should
1345 run the "sendmail -bd" and "sendmail -q30m" jobs separately
1346 to avoid this attack. Failure to limit noted by Matthew
1347 Dillon of BEST Internet Communications.
1348 Always give a message in newaliases if alias files cannot be
1349 opened instead of failing silently. Suggested by Gregory
1350 Neil Shapiro. This change makes the code match the O'Reilly
1352 Some older versions of the resolver could return with h_errno == -1
1353 if no name server could be reached, causing mail to bounce
1354 instead of queueing. Treat this like TRY_AGAIN. Fix from
1355 John Beck of SunSoft.
1356 If a :include: file is owned by a user that does not have an entry
1357 in the passwd file, sendmail could dereference a null pointer.
1358 Problem noted by Satish Mynam of Sun Microsystems.
1359 Take precautions to make sure that the SMTP protocol cannot get out
1360 of sync if (for example) an alias file cannot be opened.
1361 Fix a possible race condition that can cause a SIGALRM to come in
1362 immediately after a SIGHUP, causing the new sendmail to die.
1363 Avoid possible hang on SVr3 systems when doing child reaping. Patch
1364 from Villy Kruse of TwinCom.
1365 Ignore improperly formatted SMTP reply codes. Previously these were
1366 partially processed, which could cause confusing error
1368 Fix possible bogus pointer dereference when doing ldapx map lookups
1369 on some architectures.
1371 A/UX: from Jim Jagielski of NASA/GSFC.
1372 glibc: SOCK_STREAM was changed from a #define to an enum,
1373 thus breaking #ifdef SOCK_STREAM. Only option seems
1374 to be to assume SOCK_STREAM if __GNU_LIBRARY__ is
1375 defined. Problem reported by A Sun of the University
1377 Solaris: use SIOCGIFNUM to get the number of interfaces on
1378 the system rather than guessing at compile time.
1379 Patch contributed by John Beck of Sun Microsystems.
1380 Intel Paragon: from Wendy Lin of Purdue University.
1381 GNU Hurd: from Miles Bader of the GNU project.
1382 RISC/os 4.50 from Harlan Stenn of PFCS Corporation.
1383 ISC Unix: wait never returns if SIGCLD signals are blocked.
1384 Unfortunately releasing them opens a race condition,
1385 but there appears to be no fix for this. Patch from
1386 Gregory Neil Shapiro.
1387 BIND 8.1 for IPv6 compatibility from John Kennedy.
1388 Solaris: a bug in strcasecmp caused characters with the
1389 high order bit set to apparently randomly match
1390 letters -- for example, $| (0233) matches "i" and "I".
1391 Problem noted by John Gregson of the University of
1393 IRIX 6.x: make Makefile.IRIX.6.2 apply to all 6.x. From
1395 IRIX 6.x: Create Makefiles for systems that claim to be
1396 IRIX64 but are 6.2 or higher (so use the regular
1398 IRIX 6.x: Fix load average computation on 64 bit kernels.
1399 Problem noted by Eric Hagberg of Morgan Stanley.
1400 CONFIG: Some canonification was still done for UUCP-like addresses
1401 even if FEATURE(nocanonify) was set. Problem pointed out by
1403 CONFIG: In some cases UUCP mailers wouldn't properly recognize all
1404 local names as local. Problem noted by Jeff Polk of BSDI;
1405 fix provided by Gregory Neil Shapiro.
1406 CONFIG: The "local:user" syntax entries in mailertables and other
1407 "mailer:user" syntax locations returned an incorrect value
1408 for the $h macro. Problem noted by Gregory Neil Shapiro.
1409 CONFIG: Retain "+detail" information when forwarding mail to a
1410 MAIL_HUB, LUSER_RELAY, or LOCAL_RELAY. Patch from Philip
1411 Guenther of Gustavus Adolphus College.
1412 CONFIG: Make sure user+detail works for FEATURE(virtusertable);
1413 rules are the same as for aliasing. Based on a patch from
1414 Gregory Neil Shapiro.
1415 CONFIG: Break up parsing rules into several pieces; this should
1416 have no functional change in this release, but makes it
1417 possible to have better anti-spam rulesets in the future.
1418 CONFIG: Disallow double dots in host names to avoid having the
1419 HostStatusDirectory store status under the wrong name.
1420 In some cases this can be used as a denial-of-service attack.
1421 Problem noted by Ron Jarrell of Virginia Tech, patch from
1422 Gregory Neil Shapiro.
1423 CONFIG: Don't use F=m (multiple recipients per invocation) for
1424 MAILER(procmail), but do pass F=Pn9 (include Return-Path:,
1425 don't include From_, and convert to 8-bit). Suggestions
1426 from Kimmo Suominen and Roderick Schertler.
1427 CONFIG: Domains under $=M (specified with MASQUERADE_DOMAIN) where
1428 being masqueraded as though FEATURE(masquerade_entire_domain)
1429 was specified, even when it wasn't.
1430 MAIL.LOCAL: Solaris 2.6 has snprintf. From John Beck of SunSoft.
1431 MAIL.LOCAL: SECURITY: check to make sure that an attacker doesn't
1432 "slip in" a symbolic link between the lstat(2) call and the
1433 exclusive open. This is only a problem on System V derived
1434 systems that allow an exclusive create on files that are
1435 symbolic links pointing nowhere.
1436 MAIL.LOCAL: If the final mailbox close() failed, the user id was
1437 not reset back to root, which on some systems would cause
1438 later mailboxes to fail. Also, any partial message would
1439 not be truncated, which could result in repeated deliveries.
1440 Problem noted by Bruce Evans via Peter Wemm (FreeBSD
1442 MAKEMAP: Handle cases where O_EXLOCK is #defined to be 0. A similar
1443 change to the sendmail map code was made in 8.8.3. Problem
1444 noted by Gregory Neil Shapiro.
1445 MAKEMAP: Give warnings on file problems such as map files that are
1446 symbolic links; although makemap is not setuid root, it is
1447 often run as root and hence has the potential for the same
1448 sorts of problems as alias rebuilds.
1449 MAKEMAP: Change compilation so that it will link properly on
1451 CONTRIB: etrn.pl: search for Cw as well as Fw lines in sendmail.cf.
1452 Accept an optional list of arguments following the server
1453 name for the ETRN arguments to use (instead of $=w). Other
1454 miscellaneous bug fixes. From Christian von Roques via
1455 John Beck of Sun Microsystems.
1456 CONTRIB: Add passwd-to-alias.pl, contributed by Kari Hurtta. This
1457 Perl script converts GECOS information in the /etc/passwd
1458 file into aliases, allowing for faster access to full name
1459 lookups; it is also clever about adding aliases (to root)
1460 for system accounts.
1463 cf/ostype/gnuhurd.m4
1465 contrib/passwd-to-alias.pl
1466 src/Makefiles/Makefile.IRIX64.6.1
1467 src/Makefiles/Makefile.IRIX64.6.x
1469 src/Makefiles/Makefile.IRIX.6.2 => Makefile.IRIX.6.x
1470 src/Makefiles/Makefile.IRIX64 => Makefile.IRIX64.6.0
1472 8.8.5/8.8.5 97/01/21
1473 SECURITY: Clear out group list during startup. Without this, sendmail
1474 will continue to run with the group permissions of the caller,
1475 even if RunAsUser is specified.
1476 SECURITY: Make purgestat (-bH) be root-only. This is not in response
1477 to any known attack, but it's best to be conservative.
1478 Suggested by Peter Wemm of DIALix.
1479 SECURITY: Fix buffer overrun problem in MIME code that has possible
1480 security implications. Patch from Alex Garthwaite of the
1481 University of Pennsylvania.
1482 Use of a -f flag with a phrase attached (e.g., "-f 'Full Name <addr>'")
1483 would truncate the address after "Full". Although the -f
1484 syntax is incorrect (since it is in the envelope, it
1485 shouldn't have comments and full names), the failure mode
1486 was unnecessarily awful.
1487 Fix a possible null pointer dereference when converting 8-bit data
1488 to a 7-bit format. Problem noted by Jim Hutchins of
1489 Sandia National Labs and David James of British Telecom.
1490 Clear out stale state that affected F=9 on SMTP mailers in queue
1491 runs. Although this really shouldn't be used (F=9 is for
1492 final delivery only, and using it on an SMTP mailer makes
1493 it possible for a message to be converted from 8->7->8->7
1494 bits several times), it shouldn't have failed with a syserr.
1495 Problem noted by Eric Hagberg of Morgan Stanley.
1496 _Really_ fix the multiple :maildrop code in the user database
1497 module. Patch from Roy Mongiovi of Georgia Tech.
1498 Let F lines in the configuration file actually read root-only
1499 files if the configuration file is safe. Based on a
1500 patch from Keith Reynolds of SCO.
1501 ETRN followed by QUIT would hold the connection open until the queue
1502 run completed. Problem noted by Truck Lewis of TDK
1504 It turns out that despite the documentation, the TCP wrappers library
1505 does _not_ log rejected connections. Do the logging ourselves.
1506 Problem noted by Fletcher Mattox of the University of Texas
1508 If sendmail finds a qf file in its queue directory that is an unknown
1509 version (e.g., when backing out to an old version), the
1510 error is reported on every queue run. Change it to only
1511 give the error once (and rename the qf => Qf). Patch from
1512 William A. Gianopoulos of Raytheon Company.
1513 Start a new session when doing background delivery; currently it
1514 ignored signals but didn't start a new signal, that caused
1515 some problems if a background process tried to send mail
1516 under certain circumstances. Problem noted by Eric Hagberg
1517 of Morgan Stanley; fix from Kari Hurtta.
1518 Simplify test for skipping a queue run to just check if the current
1519 load average is >= the queueing load average. Previously
1520 the check factored in some other parameters that caused it
1521 to essentially never skip the queue run. Patch from Bryan
1523 If the SMTP server is running in "nullserver" mode (that is, it is
1524 rejecting all commands), start sleeping after MAXBADCOMMAND
1525 (25) commands; this helps prevent a bad guy from putting
1526 you into a tight loop as a denial-of-service attack. Based
1527 on an e-mail conversation with Brad Knowles of AOL.
1528 Slow down when too many "light weight" commands have been issued;
1529 this helps prevent a class of denial-of-service attacks.
1530 The current values and defaults are:
1531 MAXNOOPCOMMANDS 20 NOOP, VERB, ONEX, XUSR
1532 MAXHELOCOMMANDS 3 HELO, EHLO
1533 MAXVRFYCOMMANDS 6 VRFY, EXPN
1534 MAXETRNCOMMANDS 8 ETRN
1535 These will probably be configurable in a future release.
1536 On systems that have uid_t typedefed to be an unsigned short, programs
1537 that had the F=S flag and no U= equate would be invoked with
1538 the real uid set to 65535 rather than being left unchanged.
1539 In some cases, NOTIFY=NEVER was not being honored. Problem noted
1540 by Steve Hubert of the University of Washington, Seattle.
1541 Mail that was Quoted-Printable encoded and had a soft line break on
1542 the last line (i.e., an incomplete continuation) had the last
1543 line dropped. Since this appears to be illegal it isn't
1544 clear what to do with it, but flushing the last line seems
1545 to be a better "fail soft" approach. Based on a patch from
1547 If AllowBogusHELO and PrivacyOptions=needmailhelo are both set, a
1548 bogus HELO command still causes the "Polite people say HELO
1549 first" error message. Problem pointed out by Chris Thomas
1550 of UCLA; patch from John Beck of SunSoft.
1551 Handle "sendmail -bp -qSfoobar" properly if restrictqrun is set
1552 in PrivacyOptions. The -q shouldn't turn this command off.
1553 Problem noted by Murray Kucherawy of Pacific Bell Internet;
1554 based on a patch from Gregory Neil Shapiro of WPI.
1555 Don't consider SMTP reply codes 452 or 552 (exceeded storage allocation)
1556 in a DATA transaction to be sticky; these can occur because
1557 a message is too large, and smaller messages should still go
1558 through. Problem noted by Matt Dillon of Best Internet
1560 In some cases bounces were saved in /var/tmp/dead.letter even if they
1561 had been successfully delivered to the envelope sender.
1562 Problem noted Eric Hagberg of Morgan Stanley; solution from
1563 Gregory Neil Shapiro of WPI.
1564 Give better diagnostics on long alias lines. Based on code contributed
1565 by Patrick Gosling of the University of Cambridge.
1566 Increase the number of virtual interfaces that will be probed for
1567 alternate names. Problem noted by Amy Rich of Shore.Net.
1569 UXP/DS V20L10 for Fujitsu DS/90: Makefile patches from
1570 Toshiaki Nomura of Fujitsu Limited.
1571 SunOS with LDAP support: compile problems with struct timeval.
1572 Patch from Nick Cuccia of TCSI Corporation.
1573 SCO: from Keith Reynolds of SCO.
1574 Solaris: kstat load average computation wasn't being used.
1575 Fixes from Michael Ju. Tokarev of Telecom Service, JSC
1577 OpenBSD: from Jason Downs of teeny.org.
1578 Altos System V: from Tim Rice.
1579 Solaris 2.5: from Alan Perry of SunSoft.
1580 Solaris 2.6: from John Beck of SunSoft.
1581 Harris Nighthawk PowerUX (mh6000 box): from Bob Miorelli
1582 of Pratt & Whitney <miorelli@pweh.com>.
1583 CONFIG: It seems that I hadn't gotten the Received: line syntax
1584 _just_right_ yet. Tweak it again. I'll omit the names
1585 of the "contributors" (quantity two) in this one case.
1586 As of now, NO MORE DISCUSSION about the syntax of the
1588 CONFIG: Although FEATURE(nullclient) uses EXPOSED_USER (class $=E),
1589 it never inserts that class into the output file. Fix it
1590 so it will honor EXPOSED_USER but will _not_ include root
1591 automatically in this class. Problem noted by Ronan KERYELL
1592 of Centre de Recherche en Informatique de l'École Nationale
1593 Supérieure des Mines de Paris (CRI-ENSMP).
1594 CONFIG: Clean up handling of "local:" syntax in relay specifications
1595 such as LUSER_RELAY. This change permits the following
1596 syntaxes: ``local:'' will send to the same user on the
1597 local machine (e.g., in a mailertable entry for "host",
1598 ``local:'' will cause an address addressed to user@host to
1599 go to user on the local machone). ``local:user'' will send
1600 to the named user on the local machine. ``local:user@host''
1601 is equivalent to ``local:user'' (the host is ignored). In
1602 all cases, the original user@host is passed in $@ (i.e., the
1603 detail information). Inspired by a report from Michael Fuhr.
1604 CONFIG: Strip quotes from the first word of an "error:" host
1605 indication. This lets you set (for example) the LUSER_RELAY
1606 to be ``error:\"5.1.1\" Your Message Here''. Note the use
1607 of the \" so that the resulting string is properly quoted.
1608 Problem noted by Gregory Neil Shapiro of WPI.
1609 OP.ME: documentation was inconsistent about whether sendmail did a
1610 NOOP or a RSET to probe the connection (it does a RSET).
1611 Inconsistency noted by Deeran Peethamparam.
1612 OP.ME: insert additional blank pages so it will print properly on
1613 a duplex printer. From Matthew Black of Cal State University,
1616 8.8.4/8.8.4 96/12/02
1617 SECURITY: under some circumstances, an attacker could get additional
1618 permissions by hard linking to files that were group
1619 writable by the attacker. The solution is to disallow any
1620 files that have hard links -- this will affect .forward,
1621 :include:, and output files. Problem noted by Terry
1622 Kyriacopoulos of Interlog Internet Services. As a
1623 workaround, set UnsafeGroupWrites -- always a good idea.
1624 SECURITY: the TryNullMXList (w) option should not be safe -- if it
1625 is, it is possible to do a denial-of-service attack on
1626 MX hosts that rely on the use of the null MX list. There
1627 is no danger if you have this option turned off (the default).
1628 Problem noted by Dan Bernstein. Also, make the DontInitGroups
1629 unsafe. I know of no specific attack against this, although
1630 a denial-of-service attack is probably possible, but in theory
1631 you should not be able to safely tweak anything that affects
1632 the permissions that are used when mail is delivered.
1633 Purgestat could go into an infinite loop if one of the host status
1634 directories somehow became empty. Problem noted by Roy
1635 Mongiovi of Georgia Tech.
1636 Processes got "lost" when counting children due to a race condition.
1637 This caused "proc_list_probe: lost pid" messages to be logged.
1638 Problem noted by several people.
1639 On systems with System V SIGCLD child signal semantics (notably AIX
1640 and HP-UX), mail transactions would print the message "451
1641 SMTP-MAIL: lost child: No child processes". Problem noted
1643 Miscellaneous compiler warnings on picky compilers (or when setting
1644 gcc to high warning levels). From Tom Moore of NCR Corp.
1645 SMTP protocol errors, and most errors on MAIL FROM: lines should
1646 not be persistent between runs, since they are based on the
1647 message rather than the host. Problem noted by Matt Dillon
1648 of Best Internet Communications.
1649 The F=7 flag was ignored on SMTP mailers. Problem noted by Tom Moore
1650 of NCR (a.k.a., AT&T Global Information Solutions).
1651 Avoid the possibility of having a child daemon run to completion
1652 (including closing the SMTP socket) before the parent has
1653 had a chance to close the socket; this can cause the parent
1654 to hang for a long time waiting for the socket to drain.
1655 Patch from Don Lewis of TDK Semiconductor.
1656 If the fork() failed in a queue run, the queue runners would not be
1657 rescheduled (so queue runs would stop). Patch from Don Lewis.
1658 Some error conditions in ETRN could cause output without an SMTP
1659 status code. Problem noted by Don Lewis.
1660 Multiple :maildrop addresses in the user database didn't work properly.
1661 Patch from Roy Mongiovi of Georgia Tech.
1662 Add ".db" automatically onto any user database spec that does not
1663 already have it; this is for consistency with makemap, the
1664 K line, and the documentation. Inconsistency pointed out
1666 Allow sendmail to be properly called in nohup mode. Patch from
1667 Kyle Jones of UUNET.
1668 Change ETRN to ignore but still update host status files; previously
1669 it would ignore them and not save the updated status, which
1670 caused stale information to be maintained. Based on a patch
1671 from Christopher Davis of Kapor Enterprises Inc. Also, have
1672 ETRN ignore the MinQueueAge option.
1673 Patch long term host status to recover more gracefully from an empty
1674 host status file condition. Patch from NAKAMURA Motonori
1675 of Kyoto University.
1676 Several patches to signal handling code to fix potential race
1677 conditions from Don Lewis.
1678 Make it possible to compile with -DDAEMON=0 (previously it had some
1679 compile errors). This turns DAEMON, QUEUE, and SMTP into
1680 0/1 compilation flags. Note that DAEMON is an obsolete
1681 compile flag; use NETINET instead. Solution based on a
1682 patch from Bryan Costales.
1684 AIX4: getpwnam() and getpwuid() do a sequential scan of the
1685 /etc/security/passwd file when called as root. This
1686 is very slow on some systems. To speed it up, use the
1687 (undocumented) _getpw{nam,uid}_shadow() routines.
1688 Patch from Chris Thomas of UCLA/OAC Systems Group.
1689 SCO 5.x: include -lprot in the Makefile. Patch from Bill
1690 Glicker of Burrelle's Information Service.
1691 NEWS-OS 4.x: need a definition for MODE_T to compile. Patch
1692 from Makoto MATSUSHITA of Osaka University.
1693 SunOS 4.0.3: compile problems. Patches from Andrew Cole of
1694 Leeds University and SASABE Tetsuro of the University
1696 DG/UX 5.4.4.11 from Brian J. Murrell of InterLinx Support
1698 Domain/OS from Don (Truck) Lewis of TDK Semiconductor Corp.
1699 I believe this to have only been a problem if you
1700 compiled with -DUSE_VENDOR_CF_PATH -- another reason
1701 to stick with /etc/sendmail.cf as your One True Path.
1702 Digital UNIX (OSF/1 on Alpha) load average computation from
1703 Martin Laubach of the Technischen Universität Wien.
1704 CONFIG: change default Received: line to be multiple lines rather
1705 than one long one. By popular demand.
1706 MAIL.LOCAL: warnings weren't being logged on some systems. Patch
1707 from Jerome Berkman of U.C. Berkeley.
1708 MAKEMAP: be sure to zero hinfo to avoid cruft that can cause runs
1709 to take a very long time. Problem noted by Yoshiro YONEYA
1710 of NTT Software Corporation.
1711 CONTRIB: add etrn.pl, contributed by John Beck.
1715 8.8.3/8.8.3 96/11/17
1716 SECURITY: it was possible to get a root shell by lying to sendmail
1717 about argv[0] and then sending it a signal. Problem noted
1718 by Leshka Zakharoff <leshka@leshka.chuvashia.su> on the
1719 best-of-security list.
1720 Log sendmail binary version number in "Warning: .cf version level
1721 (%d) exceeds program functionality (%d) message" -- this
1722 should make it clearer to people that they are running
1724 Fix a problem that occurs when you open an SMTP connection and then
1725 do one or more ETRN commands followed by a MAIL command; at
1726 the end of the DATA phase sendmail would incorrectly report
1727 "451 SMTP-MAIL: lost child: No child processes". Problem
1728 noted by Eric Bishop of Virginia Tech.
1729 When doing text-based host canonification (typically /etc/hosts
1730 lookup), a null host name would match any /etc/hosts entry
1731 with space at the end of the line. Problem noted by Steve
1732 Hubert of the University of Washington, Seattle.
1733 7 to 8 bit BASE64 MIME conversions could duplicate bits of text.
1734 Problem reported by Tom Smith of Digital Equipment Corp.
1735 Increase the size of the DNS answer buffer -- the standard UDP packet
1736 size PACKETSZ (512) is not sufficient for some nameserver
1737 answers containing very many resource records. The resolver
1738 may also switch to TCP and retry if it detects UDP packet
1739 overflow. Also, allow for the fact that the resolver
1740 routines res_query and res_search return the size of the
1741 *un*truncated answer in case the supplied answer buffer it
1742 not big enough to accommodate the entire answer. Patch from
1744 Improvements to MaxDaemonChildren code. If you think you have too
1745 many children, probe the ones you have to verify that they
1746 are still around. Suggested by Jared Mauch of CICnet, Inc.
1747 Also, do this probe before growing the vector of children
1748 pids; this previously caused the vector to grow indefinitely
1749 due to a race condition. Problem reported by Kyle Jones of
1751 On some architectures, <db.h> (from the Berkeley DB library) defines
1752 O_EXLOCK to zero; this fools the map compilation code into
1753 thinking that it can avoid race conditions by locking on open.
1754 Change it to check for O_EXLOCK non-zero. Problem noted by
1755 Leif Erlingsson of Data Lege.
1756 Always call res_init() on startup (if compiled in, of course) to
1757 allow the sendmail.cf file to tweak resolver flags; without
1758 it, flag tweaks in ResolverOptions are ignored. Patch from
1759 Andrew Sun of Merrill Lynch.
1760 Improvements to host status printing code. Suggested by Steve Hubert
1761 of the University of Washington, Seattle.
1762 Change MinQueueAge option processing to do the check for the job age
1763 when reading the queue file, rather than at the end; this
1764 avoids parsing the addresses, which can do DNS lookups.
1765 Problem noted by John Beck of InReference, Inc.
1766 When MIME was being 7->8 bit decoded, "From " lines weren't being
1767 properly escaped. Problem noted by Peter Nilsson of the
1768 University of Linkoping.
1769 In some cases, sendmail would retain root permissions during queue
1770 runs even if RunAsUser was set. Problem noted by Mark
1771 Thomas of Mark G. Thomas Consulting.
1772 If the F=l flag was set on an SMTP mailer to indicate that it is
1773 actually local delivery, and NOTIFY=SUCCESS is specified in
1774 the envelope, and the receiving SMTP server speaks DSN, then
1775 the DSN would be both generated locally and propagated to the
1777 The U= mailer field didn't correctly extract the group id if the
1778 user id was numeric. Problem noted by Kenneth Herron of
1779 MCI Telecommunications Communications.
1780 If a message exceeded the fixed maximum size on input, the body of
1781 the message was included in the bounce. Note that this did
1782 not occur if it exceeded the maximum _output_ size. Problem
1783 reported by Kyle Jones of UUNET.
1785 AIX4: 4.1 doesn't have a working setreuid(2); change the
1786 AIX4 defines to use seteuid(2) instead, which
1787 works on 4.1 as well as 4.2. Problem noted by
1788 HÃ¥kan Lindholm of interAF, Sweden.
1789 AIX4: use tzname[] vector to determine time zone name.
1790 Patch from NAKAMURA Motonori of Kyoto University.
1791 MkLinux: add Makefile.Linux.ppc and OSTYPE(mklinux) support.
1792 Contributed by Paul DuBois <dubois@primate.wisc.edu>.
1793 Solaris: kstat(3k) support for retrieving the load average.
1794 This adds the LA_KSTAT definition for LA_TYPE.
1795 The outline of the implementation was contributed
1796 by Michael Tokarev of Telecom Service, JSC, Moscow.
1797 HP-UX 10.0 gripes about the (perfectly legal!) forward
1798 declaration of struct rusage at the top of conf.h;
1799 change it to only be included if you are using gcc,
1800 which is apparently the only compiler that requires
1801 it in the first place. Problem noted by Jeff
1802 Earickson of Colby College.
1803 IRIX: don't default to using gcc. IRIX is a civilized
1804 operating system that comes with a decent compiler
1805 by default. Problem noted by Barry Bouwsma and
1807 CONFIG: specify F=9 as default in FEATURE(local_procmail) for
1808 consistency with other local mailers. Inconsistency
1809 pointed out by Teddy Hogeborn <teddy@fukt.hk-r.se>.
1810 CONFIG: if the "limited best mx" feature is used (to reduce DNS
1811 overhead) as part of the bestmx_is_local feature, the
1812 domain part was dropped from the name. Patch from Steve
1813 Hubert of the University of Washington, Seattle.
1814 CONFIG: catch addresses of the form "user@.dom.ain"; these could
1815 end up being translated to the null host name, which would
1816 return any entry in /etc/hosts that had a space at the end
1817 of the line. Problem noted by Steve Hubert of the
1818 University of Washington, Seattle.
1819 CONFIG: add OSTYPE(aix4). From Michael Sofka of Rensselaer
1820 Polytechnic Institute.
1821 MAKEMAP: tweak hash and btree parameters for better performance.
1822 Patch from Matt Dillon of Best Internet Communications.
1824 src/Makefiles/Makefile.Linux.ppc
1826 cf/ostype/mklinux.m4
1828 8.8.2/8.8.2 96/10/18
1829 SECURITY: fix a botch in the 7-bit MIME patch; the previous patch
1830 changed the code but didn't fix the problem.
1832 Solaris: Don't use the system getusershell(3); it can
1833 apparently corrupt the heap in some circumstances.
1834 Problem found by Ken Pizzini of Spry, Inc.
1835 OP.ME: document several mailer flags that were accidentally omitted
1836 from this document. These flags were F=d, F=j, F=R, and F=9.
1839 8.8.1/8.8.1 96/10/17
1840 SECURITY: unset all environment variables that the resolver will
1841 examine during queue runs and daemon mode. Problem noted
1842 by Dan Bernstein of the University of Illinois at Chicago.
1843 SECURITY: in some cases an illegal 7-bit MIME-encoded text/plain
1844 message could overflow a buffer if it was converted back
1845 to 8 bits. This caused core dumps and has the potential
1846 for a remote attack. Problem first noted by Gregory Shapiro
1848 Avoid duplicate deliveries of error messages on systems that don't
1849 have flock(2) support. Patch from Motonori Nakamura of
1851 Ignore null FallBackMX (V) options. If this option is null (as
1852 opposed to undefined) it can cause "null signature" syserrs
1853 on illegal host names.
1854 If a Base64 encoded text/plain message has no trailing newline in
1855 the encoded text, conversion back to 8 bits will drop the
1856 final line. Problem noted by Pierre David.
1857 If running with a RunAsUser, sendmail would give bogus "cannot
1858 setuid" (or seteuid, or setreuid) messages on some systems.
1859 Problem pointed out by Jordan Mendelson of Web Services, Inc.
1860 Always print error messages in -bv mode -- previously, -bv would
1861 be absolutely silent on errors if the error mode was sent
1862 to (say) mail-back. Problem noted by Kyle Jones of UUNET.
1863 If -qI/R/S is set (or the ETRN command is used), ignore all long
1864 term host status. This is necessary because it is common
1865 to do this when you know a host has just come back up.
1866 Disallow duplicate HELO/EHLO commands as required by RFC 1651 section
1867 4.2. Excessive permissiveness noted by Lee Flight of the
1868 University of Leicester.
1869 If a service (such as NIS) is specified as the last entry in the
1870 service switch, but that service is not compiled in, sendmail
1871 would return a temporary failure when an entry was not found
1872 in the map. This caused the message to be queued instead of
1873 bouncing immediately. Problem noted by Harry Edmon of the
1874 University of Washington.
1876 Solaris 2.3 had compilation problems in conf.c. Several
1877 people pointed this out.
1878 NetBSD from Charles Hannum of MIT.
1879 AIX4 improvements based on info from Steve Bauer of South
1880 Dakota School of Mines & Technology.
1881 CONFIG: ``error:code message'' syntax was broken in virtusertable.
1882 Patch from Gil Kloepfer Jr.
1883 CONFIG: if FEATURE(nocanonify) was specified, hosts in $=M (set
1884 using MASQUERADE_DOMAIN) were not masqueraded unless they
1885 were also in $=w. Problem noted by Zoltan Basti of
1887 MAIL.LOCAL: patches to compile and link cleanly on AIX. Based
1888 on a patch from Eric Hagberg of Morgan Stanley.
1889 MAIL.LOCAL: patches to compile on NEXTSTEP. From Patrick Nolan
1890 of Stanford via Robert La Ferla.
1892 8.8.0/8.8.0 96/09/26
1893 Under some circumstances, Bcc: headers would not be properly
1894 deleted. Pointed out by Jonathan Kamens of OpenVision.
1895 Log a warning if the sendmail daemon is invoked without a full
1896 pathname, which prevents "kill -1" from working. I was
1897 urged to put this in by Andrey A. Chernov of DEMOS (Russia).
1898 Fix small buffer overflow. Since the data in this buffer was not
1899 read externally, there was no security problem (and in fact
1900 probably wouldn't really overflow on most compilers). Pointed
1901 out by KIZU takashi of Osaka University.
1902 Fix problem causing domain literals such as [1.2.3.4] to be ignored
1903 if a FallbackMXHost was specified in the configuration file
1904 -- all mail would be sent to the fallback even if the original
1905 host was accessible. Pointed out by Munenari Hirayama of
1907 A message that didn't terminate with a newline would (sometimes) not
1908 have the trailing "." added properly in the SMTP dialogue,
1909 causing SMTP to hang. Patch from Per Hedeland of Ericsson.
1910 The DaemonPortOptions suboption to bind to a particular address was
1911 incorrect and nonfunctional due to a misunderstanding of the
1912 semantics of binding on a passive socket. Patch from
1913 NIIBE Yutaka of Mitsubishi Research Institute.
1914 Increase the number of MX hosts for a single name to 100 to better
1915 handle the truly huge service providers such as AOL, which
1916 has 13 at the moment (and climbing). In order to avoid
1917 trashing memory, the buffer for all names has only been
1918 slightly increased in size, to 12.8K from 10.2K -- this means
1919 that if a single name had 100 MX records, the average size
1920 of those records could not exceed 128 bytes. Requested by
1921 Brad Knowles of America On Line.
1922 Restore use of IDENT returns where the OSTYPE field equals "OTHER".
1923 Urged by Dan Bernstein of U.C. Berkeley.
1924 Print q_statdate and q_specificity in address structure debugging
1926 Expand MCI structure flag bits for debugging output.
1927 Support IPv6-style domain literals, which can have colons between
1929 Log open file descriptors for the "cannot dup" messages in deliver();
1930 this is an attempt to track down a bug that one person seems
1931 to be having (it may be a Solaris bug!).
1932 DSN NOTIFY parameters were not properly propagated across queue runs;
1933 this caused the NOTIFY info to sometimes be lost. Problem
1934 pointed out by Claus Assmann of the
1935 Christian-Albrechts-University of Kiel.
1936 The statistics gathered in the sendmail.st file were too high; in
1937 some cases failures (e.g., user unknown or temporary failure)
1938 would count as a delivery as far as the statistics were
1939 concerned. Problem noted by Tom Moore of AT&T GIS.
1940 Systems that don't have flock() would not send split envelopes in
1941 the initial run. Problem pointed out by Leonard Zubkoff of
1943 Move buffer overflow checking -- these primarily involve distrusting
1944 results that may come from NIS and DNS.
1945 4.4-BSD-derived systems, including FreeBSD, NetBSD, and BSD/OS didn't
1946 include <paths.h> and hence had the wrong pathnames for a few
1947 things like /var/tmp. Reported by Matthew Green.
1948 Conditions were reversed for the Priority: header, resulting in all
1949 values being interpreted as non-urgent except for non-urgent,
1950 which was interpreted as normal. Patch from Bryan Costales.
1951 The -o (optional) flag was being ignored on hash and btree maps
1952 since 8.7.2. Fix from Bryan Costales.
1953 Content-Types listed in class "q" will always be encoded as
1954 Quoted-Printable (or more accurately, will never be encoded
1955 as base64). The class can have primary types (e.g., "text")
1956 or full types (e.g., "text/plain"). Based on a suggestion by
1957 Marius Olafsson of the University of Iceland.
1958 Define ${envid} to be the original envelope id (from the ESMTP DSN
1959 dialogue) so it can be passed to programs in mailers.
1960 Define ${bodytype} to be the body type (from the -B flag or the
1961 BODY= ESMTP parameter) so it can be passed to programs in
1963 Cause the VRFY command to return 252 instead of 250 unless the F=q
1964 flag is set in the mailer descriptor. Suggested by John
1966 Implement ESMTP ETRN command to flush the queue for a specific host.
1967 The command takes a host name; data for that host is
1968 immediately (and asynchronously) flushed. Because this shares
1969 the -qR implementation, other hosts may be attempted, but
1970 there should be no security implications. Implementation
1971 from John Beck of InReference, Inc. See RFC 1985 for details.
1972 Add three new command line flags to pass in DSN parameters: -V envid
1973 (equivalent to ENVID=envid on the MAIL command), -R ret
1974 (equivalent to RET=ret on the MAIL command), and -Nnotify
1975 (equivalent to NOTIFY=notify on the RCPT command). Note
1976 that the -N flag applies to all recipients; there is no way
1977 to specify per-address notifications on the command line,
1978 nor is there an equivalent for the ORCPT= per-address
1980 Restore LogLevel option to be safe (it can only be increased);
1981 apparently I went into paranoid mode between 8.6 and 8.7
1982 and made it unsafe. Pointed out by Dabe Murphy of the
1983 University of Maryland.
1984 New logging on log level 15: all SMTP traffic. Patches from
1985 Andrew Gross of San Diego Supercomputer Center.
1986 NetInfo property value searching code wasn't stopping when it found
1987 a match. This was causing the wrong values to be found (and
1988 had a memory leak). Found by Bastian Schleuter of TU-Berlin.
1989 Add new F=0 (zero) mailer flag to turn off MX lookups. It was pointed
1990 out by Bill Wisner of Electronics for Imaging that you can't
1991 use the bracket address form for the MAIL_HUB macro, since
1992 that causes the brackets to remain in the envelope recipient
1993 address used for delivery. The simple fix (stripping off the
1994 brackets in the config file) breaks the use of IP literal
1995 addresses. This flag will solve that problem.
1996 Add MustQuoteChars option. This is a list of characters that must
1997 be quoted if they are found in the phrase part of an address
1998 (that is, the full name part). The characters @,;:\()[] are
1999 always in this list and cannot be removed. The default is
2000 this list plus . and ' to match RFC 822.
2001 Add AllowBogusHELO option; if set, sendmail will allow HELO commands
2002 that do not include a host name for back compatibility with
2003 some stupid SMTP clients. Setting this violates RFC 1123
2005 Add MaxDaemonChildren option; if this is set, sendmail will start
2006 rejecting connections if it has more than this many
2007 outstanding children accepting mail. Note that you may
2008 see more processes than this because of outgoing mail; this
2009 is for incoming connections only.
2010 Add ConnectionRateThrottle option. If set to a positive value, the
2011 number of incoming SMTP connections that will be permitted
2012 in a single second is limited to this number. Connections are
2013 not refused during this time, just deferred. The intent is to
2014 flatten out demand so that load average limiting can kick in.
2015 It is less radical than MaxDaemonChildren, which will stop
2016 accepting connections even if all the connections are idle
2017 (e.g., due to connection caching).
2018 Add Timeout.hoststatus option. This interval (defaulting to 30m)
2019 specifies how long cached information about the state of a
2020 host will be kept before they are considered stale and the
2021 host is retried. If you are using persistent host status
2022 (i.e., the HostStatusDirectory option is set) this will apply
2023 between runs; otherwise, it applies only within a single queue
2024 run and hence is useful only for hosts that have large queues
2025 that take a very long time to run.
2026 Add SingleLineFromHeader option. If set, From: headers are coerced
2027 into being a single line even if they had newlines in them
2028 when read. This is to get around a botch in Lotus Notes.
2029 Text class maps were totally broken -- if you ever retrieved the last
2030 item in a table it would be truncated. Problem noted by
2031 Gregory Neil Shapiro of WPI.
2032 Extend the lines printed by the mailq command (== the -bp flag) when
2033 -v is given to 120 characters; this allows more information
2034 to be displayed. Suggested by Gregory Neil Shapiro of WPI.
2035 Allow macro definitions (`D' lines) with unquoted commas; previously
2036 this was treated as end-of-input. Problem noted by Bryan
2038 The RET= envelope parameter (used for DSNs) wasn't properly written
2039 to the queue file. Fix from John Hughes of Atlantic
2041 Close /var/tmp/dead.letter after a successful write -- otherwise
2042 if this happens in a queue run it can cause nasty delays.
2043 Problem noted by Mark Horton of AT&T.
2044 If userdb entries pointed to userdb entries, and there were multiple
2045 values for a given key, the database cursor would get
2046 trashed by the recursive call. Problem noted by Roy Mongiovi
2047 of Georgia Tech. Fixed by reading all the values and creating
2048 a comma-separated list; thus, the -v output will be somewhat
2049 different for this case.
2050 Fix buffer allocation problem with Hesiod-based userdb maps when
2051 HES_GETMAILHOST is defined. Based on a patch by Betty Lee
2052 of Stanford University.
2053 When envelopes were split due to aliases with owner- aliases, and
2054 there was some error on one of the lists, more than one of
2055 the owners would get the message. Problem pointed out by
2056 Roy Mongiovi of Georgia Tech.
2057 Detect excessive recursion in macro expansions, e.g., $X defined
2058 in terms of $Y which is defined in terms of $X. Problem
2059 noted by Bryan Costales; patch from Eric Wassenaar.
2060 When using F=U to get "ugly UUCP" From_ lines, a buffer could in
2061 some cases get trashed causing bogus From_ lines. Fix from
2062 Kyle Jones of UUNET.
2063 When doing load average initialization, if the nlist call for avenrun
2064 failed, the second and subsequent lookups wouldn't notice
2065 that fact causing bogus load averages to be returned. Noted
2066 by Casper Dik of Sun Holland.
2067 Fix problem with incompatibility with some versions of inet_aton that
2068 have changed the return value to unsigned, so a check for an
2069 error return of -1 doesn't work. Use INADDR_NONE instead.
2070 This could cause mail to addresses such as [foo.com] to bounce
2071 or get dropped. Problem noted by Christophe Wolfhugel of the
2073 DSNs were inconsistent if a failure occurred during the DATA phase
2074 rather than the RCPT phase: the Action: would be correct, but
2075 the detailed status information would be wrong. Problem noted
2076 by Bob Snyder of General Electric Company.
2077 Add -U command line flag and the XUSR ESMTP extension, both indicating
2078 that this is the initial MUA->MTA submission. The flag current
2079 does nothing, but in future releases (when MUAs start using
2080 these flags) it will probably turn on things like DNS
2082 Default end-of-line string (E= specification on mailer [M] lines)
2083 to \r\n on SMTP mailers. Default remains \n on non-SMTP
2085 Change the internal definition for the *file* and *include* mailers
2086 to have $u in the argument vectors so that they aren't
2087 misinterpreted as SMTP mailers and thus use \r\n line
2088 termination. This will affect anyone who has redefined
2089 either of these in their configuration file.
2090 Don't assume that IDENT servers close the connection after a query;
2091 responses can be newline terminated. From Terry Kennedy of
2092 St. Peter's College.
2093 Avoid core dumps on erroneous configuration files that have
2094 $#mailer with nothing following. From Bryan Costales.
2095 Avoid null pointer dereference with high debug values in unlockqueue.
2096 Fix from Randy Martin of Clemson University.
2097 Fix possible buffer overrun when expanding very large macros. Fix
2098 from Kyle Jones of UUNET.
2099 After 25 EXPN or VRFY commands, start pausing for a second before
2100 processing each one. This avoids a certain form of denial
2101 of service attack. Potential attack pointed out by Bryan
2103 Allow new named (not numbered!) config file rules to do validity
2104 checking on SMTP arguments: check_mail for MAIL commands and
2105 check_rcpt for RCPT commands. These rulesets can do anything
2106 they want; their result is ignored unless they resolve to the
2107 $#error mailer, in which case the indicated message is printed
2108 and the command is rejected. Similarly, the check_compat
2109 ruleset is called before delivery with "from_addr $| to_addr"
2110 (the $| is a meta-symbol used to separate the two addresses);
2111 it can give a "this sender can't send to this recipient"
2112 notification. Note that this patch allows $| to stand alone
2114 Define new macros ${client_name}, ${client_addr}, and ${client_port}
2115 that have the name, IP address, and port number (respectively)
2116 of the SMTP client (that is, the entity at the other end of
2117 the connection. These can be used in (e.g.) check_rcpt to
2118 verify that someone isn't trying to relay mail through your
2119 host inappropriately. Be sure to use the deferred evaluation
2120 form, for example $&{client_name}, to avoid having these bound
2121 when sendmail reads the configuration file.
2122 Add new config file rule check_relay to check the incoming connection
2123 information. Like check_compat, it is passed the host name
2124 and host address separated by $| and can reject connections
2126 Allow IDA-style recursive function calls. Code contributed by Mark
2127 Lovell and Paul Vixie.
2128 Eliminate the "No ! in UUCP From address!" message" -- instead, create
2129 a virtual UUCP address using either a domain address or the $k
2130 macro. Based on code contributed by Mark Lovell and Paul
2132 Add Stanford LDAP map. Requires special libraries that are not
2133 included with sendmail. Contributed by Booker C. Bense
2134 <bbense@networking.stanford.edu>; contact him for support.
2135 See also the src/READ_ME file.
2136 Allow -dANSI to turn on ANSI escape sequences in debug output; this
2137 puts metasymbols (e.g., $+) in reverse video. Really useful
2138 only for debugging deep bits of code where it is important to
2139 distinguish between the single-character metasymbol $+ and the
2140 two characters $, +.
2141 Changed ruleset 89 (executed in dumpstate()) to a named ruleset,
2143 Add new UnsafeGroupWrites option; if set, .forward and :include:
2144 files that are group writable are considered "unsafe" -- that
2145 is, programs and files referenced from such files are not
2147 Delete bogosity test for FallBackMX host; this prevented it to be a
2148 name that was not in DNS or was a domain-literal. Problem
2150 Change the introduction to error messages to more clearly delineate
2151 permanent from temporary failures; if both existed in a
2152 single message it could be confusing. Suggested by John
2153 Beck of InReference, Inc.
2154 The IngoreDot (i) option didn't work for lines that were terminated
2155 with CRLF. Problem noted by Ted Stockwell of Secure
2156 Computing Corporation.
2157 Add a heuristic to improve the handling of unbalanced `<' signs in
2158 message headers. Problem reported by Matt Dillon of Best
2159 Internet Communications.
2160 Check for bogus characters in the 0200-0237 range; since these are
2161 used internally, very strange errors can occur if those
2162 characters appear in headers. Problem noted by Anders Gertz
2164 Implement 7 -> 8 bit MIME conversions. This only takes place if the
2165 recipient mailer has the F=9 flag set, and only works on
2166 text/plain body types. Code contributed by Marius Olafsson
2167 of the University of Iceland.
2168 Special case "postmaster" name so that it is always treated as lower
2169 case in alias files regardless of configuration settings;
2170 this prevents some potential problems where "Postmaster" or
2171 "POSTMASTER" might not match "postmaster". In most cases
2172 this change is a no-op.
2173 The -o map flag was ignored for text maps. Problem noted by Bryan
2175 The -a map flag was ignored for dequote maps. Problem noted by
2177 Fix core dump when a lookup of a class "prog" map returns no
2178 response. Patch from Bryan Costales.
2179 Log instances where sendmail is deferring or rejecting connections
2180 on LogLevel 14. Suggested by Kyle Jones of UUNET.
2181 Include port number in process title for network daemons. Suggested
2182 by Kyle Jones of UUNET.
2183 Send ``double bounces'' (errors that occur when sending an error
2184 message) to the address indicated in the DoubleBounceAddress
2185 option (default: postmaster). Previously they were always
2186 sent to postmaster. Suggested by Kyle Jones of UUNET.
2187 Add new mode, -bD, that acts like -bd in all respects except that
2188 it runs in foreground. This is useful for using with a
2189 wrapper that "watches" system services. Suggested by Kyle
2191 Fix botch in spacing around (parenthesized) comments in addresses
2192 when the comment comes before the address. Patch from
2193 Motonori Nakamura of Kyoto University.
2194 Use the prefix "Postmaster notify" on the Subject: lines of messages
2195 that are being bounced to postmaster, rather than "Returned
2196 mail". This permits the person who is postmaster more
2197 easily determine what messages are to their role as
2198 postmaster versus bounces to mail they actually sent. Based
2199 on a suggestion by Motonori Nakamura.
2200 Add new value "time" for QueueSortOrder option; this causes the queue
2201 to be sorted strictly by the time of submission. Note that
2202 this can cause very bad behavior over slow lines (because
2203 large jobs will tend to delay small jobs) and on nodes with
2204 heavy traffic (because old things in the queue for hosts that
2205 are down delay processing of new jobs). Also, this does not
2206 guarantee that jobs will be delivered in submission order
2207 unless you also set DeliveryMode=queue. In general, it should
2208 probably only be used on the command line, and only in
2209 conjunction with -qRhost.domain. In fact, there are very few
2210 cases where it should be used at all. Based on an
2211 implementation by Motonori Nakamura.
2212 If a map lookup in ruleset 5 returns tempfail, queue the message in
2213 the same manner as other rulesets. Previously a temporary
2214 failure in ruleset 5 was ignored. Patch from Booker Bense
2215 of Stanford University.
2216 Don't proceed to the next MX host if an SMTP MAIL command returns a
2217 5yz (permanent failure) code. The next MX host will still be
2218 tried if the connection cannot be opened in the first place
2219 or if the MAIL command returns a 4yz (temporary failure) code.
2220 (It's hard to know what to do here, since neither RFC 974 nor
2221 RFC 1123 specify when to proceed to the next MX host.)
2222 Suggested by Jonathan Kamens of OpenVision, Inc.
2223 Add new "-t" flag for map definitions (the "K" line in the .cf file).
2224 This causes map lookups that get a temporary failure (e.g.,
2225 name server failure) to _not_ defer the delivery of the
2226 message. This should only be used if your configuration file
2227 is prepared to do something sensible in this case. Based on
2228 an idea by Gregory Shapiro of WPI.
2229 Fix problem finding network interface addresses. Patch from
2231 Don't reject qf entries that are not owned by your effective uid if
2232 you are not running setuid; this makes management of certain
2233 kinds of firewall setups difficult. Patch suggested by
2234 Eamonn Coleman of Qualcomm.
2235 Add persistent host status. This keeps the information normally
2236 maintained within a single queue run in disk files that are
2237 shared between sendmail instances. The HostStatusDirectory
2238 is the directory in which the information is maintained. If
2239 not set, persistent host status is turned off. If not a full
2240 pathname, it is relative to the queue directory. A common
2241 value is ".hoststat".
2242 There are also two new operation modes:
2243 * -bh prints the status of hosts that have had recent
2245 * -bH purges the host statuses. No attempt is made to save
2246 recent status information.
2247 This feature was originally written by Paul Vixie of Vixie
2248 Enterprises for KJS and adapted for V8 by Mark Lovell of
2249 Bigrock Consulting. Paul's funding of Mark and Mark's patience
2250 with my insistence that things fit cleanly into the V8
2251 framework is gratefully appreciated.
2252 New SingleThreadDelivery option (requires HostStatusDirectory to
2253 operate). Avoids letting two sendmails on the local machine
2254 open connections to the same remote host at the same time.
2255 This reduces load on the other machine, but can cause mail to
2256 be delayed (for example, if one sendmail is delivering a huge
2257 message, other sendmails won't be able to send even small
2258 messages). Also, it requires another file descriptor (for the
2259 lock file) per connection, so you may have to reduce
2260 ConnectionCacheSize to avoid running out of per-process
2261 file descriptors. Based on the persistent host status code
2262 contributed by Paul Vixie and Mark Lovell.
2263 Allow sending to non-simple files (e.g., /dev/null) even if the
2264 SafeFileEnvironment option is set. Problem noted by Bryan
2266 The -qR flag mistakenly matched flags in the "R" line of the queue
2267 file. Problem noted by Bryan Costales.
2268 If a job was aborted using the interrupt signal (e.g., control-C from
2269 the keyboard), on some occasions an empty df file would be
2270 left around; these would collect in the queue directory.
2271 Problem noted by Bryan Costales.
2272 Change the makesendmail script to enhance the search for Makefiles
2273 based on release number. For example, on SunOS 5.5.1, it will
2274 search for Makefile.SunOS.5.5.1, Makefile.SunOS.5.5, and then
2275 Makefile.SunOS.5.x (in addition to the other rules, e.g.,
2276 adding $arch). Problem noted by Jason Mastaler of Atlanta
2278 When creating maps using "newaliases", always map the keys to lower
2279 case when creating the map unless the -f flag is specified on
2280 the map itself. Previously this was done based on the F=u
2281 flag in the local mailer, which meant you could create aliases
2282 that you could never access. Problem noted by Bob Wu of DEC.
2283 When a job was read from the queue, the bits causing notification on
2284 failure or delay were always set. This caused those
2285 notifications to be sent even if NOTIFY=NEVER had been
2286 specified. Problem noted by Steve Hubert of the University
2287 of Washington, Seattle.
2288 Add new configurable routine validate_connection (in conf.c). This
2289 lets you decide if you are willing to accept traffic from
2290 this host. If it returns FALSE, all SMTP commands will return
2291 "550 Access denied". -DTCPWRAPPERS will include support for
2292 TCP wrappers; you will need to add -lwrap to the link line.
2293 (See src/READ_ME for details.)
2294 Don't include the "THIS IS A WARNING MESSAGE ONLY" banner on postmaster
2295 bounces. Some people seemed to think that this could be
2296 confusing (even though it is true). Suggested by Motonori
2298 Add new RunAsUser option; this causes sendmail to do a setuid to that
2299 user early in processing to avoid potential security problems.
2300 However, this means that all .forward and :include: files must
2301 be readable by that user, and all files to be written must be
2302 writable by that user and all programs will be executed by that
2303 user. It is also incompatible with the SafeFileEnvironment
2304 option. In other words, it may not actually add much to
2305 security. However, it should be useful on firewalls and other
2306 places where users don't have accounts and the aliases file is
2308 Add Timeout.iconnect. This is like Timeout.connect except it is used
2309 only on the first attempt to delivery to an address. It could
2310 be set to be lower than Timeout.connect on the principle that
2311 the mail should go through quickly to responsive hosts; less
2312 responsive hosts get to wait for the next queue run.
2313 Fix a problem on Solaris that occasionally causes programs
2314 (such as vacation) to hang with their standard input connected
2315 to a UDP port. It also created some signal handling problems.
2316 The problems turned out to be an interaction between vfork(2)
2317 and some of the libraries, particularly NIS/NIS+. I am
2318 indebted to Tor Egge <tegge@idt.ntnu.no> for this fix.
2319 Change user class map to do the same matching that actual delivery
2320 will do instead of just a /etc/passwd lookup. This adds
2321 fuzzy matching to the user map. Patch from Dan Oscarsson.
2322 The Timeout.* options are not safe -- they can be used to create a
2323 denial-of-service attack. Problem noted by Christophe
2325 Don't send PostmasterCopy messages in the event of a "delayed"
2326 notification. Suggested by Barry Bouwsma.
2327 Don't advertise "VERB" ESMTP extension if the "noexpn" privacy
2328 option is set, since this disables VERB mode. Suggested
2329 by John Hawkinson of MIT.
2330 Complain if the QueueDirectory (Q) option is not set. Problem noted
2331 by Motonori Nakamura of Kyoto University.
2332 Only queue messages on transient .forward open failures if there
2333 were no successful opens. The previous behavior caused it
2334 to queue even if a "fall back" .forward was found. Problem
2335 noted by Ann-Kian Yeo of the Dept. of Information Systems
2336 and Computer Science (DISCS), NUS, Singapore.
2337 Don't do 8->7 bit conversions when bouncing a MIME message that
2338 is bouncing because of a MIME error during 8->7 bit conversion;
2339 the encapsulated message will bounce again, causing a loop.
2340 Problem noted by Steve Hubert of the University of Washington.
2341 Create xf (transcript) files using the TempFileMode option value
2342 instead of 0644. Suggested by Ann-Kian Yeo of the
2343 National University of Singapore.
2344 Print errors if setgid/setuid/etc. fail during delivery. This helps
2345 detect cases where DefaultUid is set to something that the
2346 system can't cope with.
2348 Support for AIX/RS 2.2.1 from Mark Whetzel of Western
2349 Atlas International.
2350 Patches for Intel Paragon OSF/1 1.3 from Leo Bicknell
2352 On DEC OSF/1 3.2 and earlier, the MatchGECOS code would only
2353 work on the first recipient of a message due to a
2354 bug in the getpwent family. If this is something you
2355 use, you can define DEC_OSF_BROKEN_GETPWENT=1 for a
2356 workaround. From Maximum Entropy of Sanford C.
2357 Bernstein and Associates.
2358 FreeBSD 1.1.5.1 uname -r returns a string containing
2359 parentheses, which breaks makesendmail. Reported
2360 by Piero Serini <piero@strider.ibenet.it>.
2361 Sequent DYNIX/ptx 4.0.2 patches from Jack Woolley of
2362 Systems and Computer Technology Corporation.
2363 Solaris 2.x: omit the UUCP grade parameter (-g flag) because
2364 it is system-dependent. Problem noted by J.J. Bailey
2365 of Bailey Computer Consulting.
2366 Pyramid NILE running DC/OSx support from Earle F. Ake of
2367 Hassler Communication Systems Technology, Inc.
2368 HP-UX 10.x compile glitches, reported by Anne Brink of the
2369 U.S. Army and James Byrne of Harte & Lyne Limited.
2370 NetBSD from Matthew Green of the NetBSD crew.
2371 SCO 5.x from Keith Reynolds of SCO.
2372 IRIX 6.2 from Robert Tarrall of the University of
2373 Colorado and Kari Hurtta of the Finnish Meteorological
2375 UXP/DS (Fujitsu/ICL DS/90 series) support from Diego R.
2376 Lopez, CICA (Seville).
2377 NCR SVR4 MP-RAS 3.x support from Tom Moore of NCR.
2378 PTX 3.2.0 from Kenneth Stailey of the US Department of Labor
2379 Employment Standards Administration.
2380 Altos System V (5.3.1) from Tim Rice of Multitalents.
2381 Concurrent Systems Corporation Maxion from Donald R. Laster
2383 NetInfo maps (improved debugging and multi-valued aliases)
2384 from Adrian Steinmann of Steinmann Consulting.
2385 ConvexOS 11.5 (including SecureWare C2 and the Share Scheduler)
2386 from Eric Schnoebelen of Convex.
2387 Linux 2.0 mail.local patches from Horst von Brand.
2388 NEXTSTEP 3.x compilation from Robert La Ferla.
2389 NEXTSTEP 3.x code changes from Allan J. Nathanson of NeXT.
2390 Solaris 2.5 configuration fixes for mail.local by Jim Davis
2391 of the University of Arizona.
2392 Solaris 2.5 has a working setreuid. Noted by David Linn of
2393 Vanderbilt University.
2394 Solaris changes for praliases, makemap, mailstats, and smrsh.
2395 Previously you had to add -DSOLARIS in Makefile.dist;
2396 this auto-detects. Based on a patch from Randall
2397 Winchester of the University of Maryland.
2398 CONFIG: add generic-nextstep3.3.mc file. Contributed by
2399 Robert La Ferla of Hot Software.
2400 CONFIG: allow mailertables to resolve to ``error:code message''
2401 (where "code" is an exit status) on domains (previously
2402 worked only on hosts). Patch from Cor Bosman of Xs4all
2404 CONFIG: hooks for IPv6-style domain literals.
2405 CONFIG: predefine ALIAS_FILE and change the prototype file so that
2406 if it is undefined the AliasFile option is never set; this
2407 should be transparent for most everyone. Suggested by John
2409 CONFIG: add FEATURE(limited_masquerade). Without this feature, any
2410 domain listed in $=w is masqueraded. With it, only those
2411 domains listed in a MASQUERADE_DOMAIN macro are masqueraded.
2412 CONFIG: add FEATURE(masquerade_entire_domain). This causes
2413 masquerading specified by MASQUERADE_DOMAIN to apply to all
2414 hosts under those domains as well as the domain headers
2415 themselves. For example, if a configuration had
2416 MASQUERADE_DOMAIN(foo.com), then without this feature only
2417 foo.com would be masqueraded; with it, *.foo.com would be
2418 masqueraded as well. Based on an implementation by Richard
2419 (Pug) Bainter of U. Texas.
2420 CONFIG: add FEATURE(genericstable) to do a more general rewriting of
2421 outgoing addresses. Defaults to ``hash -o /etc/genericstable''.
2422 Keys are user names; values are outgoing mail addresses. Yes,
2423 this does overlap with the user database, and figuring out
2424 just when to use which one may be tricky. Based on code
2425 contributed by Richard (Pug) Bainter of U. Texas with updates
2426 from Per Hedeland of Ericsson.
2427 CONFIG: add FEATURE(virtusertable) to do generalized rewriting of
2428 incoming addresses. Defaults to ``hash -o /etc/virtusertable''.
2429 Keys are either fully qualified addresses or just the host
2430 part (with the @ sign). For example, a table containing:
2431 info@foo.com foo-info
2432 info@bar.com bar-info
2433 @baz.org jane@elsewhere.net
2434 would send all mail destined for info@foo.com to foo-info
2435 (which is presumably an alias), mail addressed to info@bar.com
2436 to bar-info, and anything addressed to anyone at baz.org will
2437 be sent to jane@elsewhere.net. The names foo.com, bar.com,
2438 and baz.org must all be in $=w. Based on discussions with
2439 a great many people.
2440 CONFIG: add nullclient configurations to define SMTP_MAILER_FLAGS.
2441 Suggested by Richard Bainter.
2442 CONFIG: add FAX_MAILER_ARGS to tweak the arguments passed to the
2444 CONFIG: allow mailertable entries to resolve to local:user; this
2445 passes the original user@host in to procmail-style local
2446 mailers as the "detail" information to allow them to do
2447 additional clever processing. From Joe Pruett of
2448 Teleport Corporation. Delivery to the original user can
2449 be done by specifying "local:" (with nothing after the colon).
2450 CONFIG: allow any context that takes "mailer:domain" to also take
2451 "mailer:user@domain" to force mailing to the given user;
2452 "local:user" can also be used to do local delivery. This
2453 applies on *_RELAY and in the mailertable entries. Based
2454 on a suggestion by Ribert Kiessling of Easynet.
2455 CONFIG: Allow FEATURE(bestmx_is_local) to take an argument that
2456 limits the possible domains; this reduces the number of DNS
2457 lookups required to support this feature. For example,
2458 FEATURE(bestmx_is_local, my.site.com) limits the lookups
2459 to domains under my.site.com. Code contributed by Anthony
2460 Thyssen <anthony@cit.gu.edu.au>.
2461 CONFIG: LOCAL_RULESETS introduces any locally defined rulesets,
2462 such as the check_rcpt ruleset. Suggested by Gregory Shapiro
2464 CONFIG: MAILER_DEFINITIONS introduces any mailer definitions, in the
2465 event you have to define local mailers. Suggested by
2466 Gregory Shapiro of WPI.
2467 CONFIG: fix cases where a three- (or more-) stage route-addr could
2468 be misinterpreted as a list:...; syntax. Based on a patch by
2469 Vlado Potisk <Vlado_Potisk@tempest.sk>.
2470 CONFIG: Fix masquerading of UUCP addresses when the UUCP relay is
2471 remotely connected. The address host!user was being
2472 converted to host!user@thishost instead of host!user@uurelay.
2473 Problem noted by William Gianopoulos of Raytheon Company.
2474 CONFIG: add confTO_ICONNECT to set Timeout.iconnect.
2475 CONFIG: change FEATURE(redirect) message from "User not local" to
2476 "User has moved"; the former wording was confusing if the
2477 new address is still on the local host. Based on a suggestion
2479 CONFIG: add support in FEATURE(nullclient) for $=E (exposed users).
2480 However, the class is not pre-initialized to contain root.
2481 Suggested by Gregory Neil Shapiro.
2482 CONTRIB: Remove XLA code at the request of the author, Christophe
2484 CONTRIB: Add re-mqueue.pl, contributed by Paul Pomes of Qualcomm.
2485 MAIL.LOCAL: make it possible to compile mail.local on Solaris. Note
2486 well: this produces a slightly different mailbox format (no
2487 Content-Length: headers), file ownerships and modes are
2488 different (not owned by group mail; mode 600 instead of 660),
2489 and the local mailer flags will have to be tweaked (make them
2490 match bsd4.4) in order to use this mailer. Patches from Paul
2491 Hammann of the Missouri Research and Education Network.
2492 MAIL.LOCAL: in some cases it could return EX_OK even though there
2493 was a delivery error, such as if the ownership on the file
2494 was wrong or the mode changed between the initial stat and
2495 the open. Problem reported by William Colburn of the New
2496 Mexico Institute of Mining and Technology.
2497 MAILSTATS: handle zero length files more reliably. Patch from Bryan
2499 MAILSTATS: add man page contributed by Keith Bostic of BSDI.
2500 MAKEMAP: The -d flag (to allow duplicate keys) to a btree map wasn't
2501 honored. Fix from Michael Scott Shappe.
2502 PRALIASES: add man page contributed by Keith Bostic of BSDI.
2504 src/Makefiles/Makefile.AIX.2
2505 src/Makefiles/Makefile.IRIX.6.2
2506 src/Makefiles/Makefile.maxion
2507 src/Makefiles/Makefile.NCR.MP-RAS.3.x
2508 src/Makefiles/Makefile.SCO.5.x
2509 src/Makefiles/Makefile.UXPDSV20
2510 mailstats/mailstats.8
2511 praliases/praliases.8
2512 cf/cf/generic-nextstep3.3.mc
2513 cf/feature/genericstable.m4
2514 cf/feature/limited_masquerade.m4
2515 cf/feature/masquerade_entire_domain.m4
2516 cf/feature/virtusertable.m4
2520 cf/ostype/solaris2.ml.m4
2522 contrib/re-mqueue.pl
2524 src/Makefiles/Makefile.Solaris
2528 src/Makefiles/Makefile.NCR3000 => Makefile.NCR.MP-RAS.2.x
2529 src/Makefiles/Makefile.SCO.3.2v4.2 => Makefile.SCO.4.2
2530 src/Makefiles/Makefile.UXPDS => Makefile.UXPDSV10
2531 src/Makefiles/Makefile.NeXT => Makefile.NeXT.2.x
2532 src/Makefiles/Makefile.NEXTSTEP => Makefile.NeXT.3.x
2534 8.7.6/8.7.3 96/09/17
2535 SECURITY: It is possible to force getpwuid to fail when writing the
2536 queue file, causing sendmail to fall back to running programs
2537 as the default user. This is not exploitable from off-site.
2538 Workarounds include using a unique user for the DefaultUser
2539 (old u & g options) and using smrsh as the local shell.
2540 SECURITY: fix some buffer overruns; in at least one case this allows
2541 a local user to get root. This is not known to be exploitable
2542 from off-site. The workaround is to disable chfn(1) commands.
2544 8.7.5/8.7.3 96/03/04
2545 Fix glitch in 8.7.4 when putting certain internal lines; this can
2546 in some case cause connections to hang or messages to have
2547 extra spaces in odd places. Patch from Eric Wassenaar;
2548 reports from Eric Hall of Chiron Corporation, Stephen
2549 Hansen of Stanford University, Dean Gaudet of HotWired,
2552 8.7.4/8.7.3 96/02/18
2553 SECURITY: In some cases it was still possible for an attacker to
2554 insert newlines into a queue file, thus allowing access to
2555 any user (except root).
2556 CONFIG: no changes -- it is not a bug that the configuration
2557 version number is unchanged.
2559 8.7.3/8.7.3 95/12/03
2560 Fix botch in name server timeout in RCPT code; this problem caused
2561 two responses in SMTP, which breaks things horribly. Fix
2562 from Gregory Neil Shapiro of WPI.
2563 Verify that L= value on M lines cannot be negative, which could cause
2564 negative array subscripting. Not a security problem since
2565 this has to be in the config file, but it could have caused
2566 core dumps. Pointed out by Bryan Costales.
2567 Fix -d21 debug output for long macro names. Pointed out by Bryan
2570 SCO doesn't have ftruncate. From Bill Aten of Computerizers.
2571 IBM's version of arpa/nameser.h defaults to the wrong byte
2572 order. Tweak it to work properly. Based on fixes
2573 from Fletcher Mattox of UTexas and Betty Lee of
2574 Stanford University.
2575 CONFIG: add confHOSTS_FILE m4 variable to set HostsFile option.
2576 Deficiency pointed out by Bryan Costales of ICSI.
2578 8.7.2/8.7.2 95/11/19
2579 REALLY fix the backslash escapes in SmtpGreetingMessage,
2580 OperatorChars, and UnixFromLine options. They were not
2581 properly repaired in 8.7.1.
2582 Completely delete the Bcc: header if and only if there are other
2583 valid recipient headers (To:, Cc: or Apparently-To:, the
2584 last being a historic botch, of course). If Bcc: is the
2585 only recipient header in the message, its value is tossed,
2586 but the header name is kept. The old behavior (always keep
2587 the header name and toss the value) allowed primary recipients
2588 to see that a Bcc: went to _someone_.
2589 Include queue id on ``Authentication-Warning: <host>: <user> set
2590 sender to <address> using -f'' syslog messages. Suggested
2592 If a sequence or switch map lookup entry gets a tempfail but then
2593 continues on to another map type, but the name is not found,
2594 return a temporary failure from the sequence or switch map.
2595 For example, if hosts search ``dns files'' and DNS fails
2596 with a tempfail, the hosts map will go on and search files,
2597 but if it fails the whole thing should be a tempfail, not
2598 a permanent (host unknown) failure, even though that is the
2599 failure in the hosts.files map. This error caused hard
2600 bounces when it should have requeued.
2601 Aliases to files such as /users/bar/foo/inbox, with /users/bar/foo
2602 owned by bar mode 700 and inbox being setuid bar stopped
2603 working properly due to excessive paranoia. Pointed out by
2604 John Hawkinson of Panix.
2605 An SMTP RCPT command referencing a host that gave a nameserver
2606 timeout would return a 451 command (8.6 accepted it and
2607 queued it locally). Revert to the 8.6 behavior in order
2608 to simplify queue management for clustered systems. Suggested
2609 by Gregory Neil Shapiro of WPI. The same problem could break
2610 MH, which assumes that the SMTP session will succeed (tsk, tsk
2611 -- mail gets lost!); this was pointed out by Stuart Pook of
2613 Fix possible buffer overflow in munchstring(). This was not a security
2614 problem because you couldn't specify any argument to this
2615 without first giving up root privileges, but it is still a
2616 good idea to avoid future problems. Problem noted by John
2617 Hawkinson and Sam Hartman of MIT.
2618 ``452 Out of disk space for temp file'' messages weren't being
2619 printed. Fix from David Perlin of Nanosoft.
2620 Don't advertise the ESMTP DSN extension if the SendMimeErrors option
2621 is not set, since this is required to get the actual DSNs
2622 created. Problem pointed out by John Gardiner Myers of CMU.
2623 Log permission problems that cause .forward and :include: files to
2624 be untrusted or ignored on log level 12 and higher. Suggested
2625 by Randy Martin of Clemson University.
2626 Allow user ids in U= clauses of M lines to have hyphens and
2628 Fix overcounting of recipients -- only happened when sending to an
2629 alias. Pointed out by Mark Andrews of SGI and Jack Woolley
2630 of Systems and Computer Technology Corporation.
2631 If a message is sent to an address that fails, the error message that
2632 is returned could show some extraneous "success" information
2633 included even if the user did not request success notification,
2634 which was confusing. Pointed out by Allan Johannesen of WPI.
2635 Config files that had no AliasFile definition were defaulting to
2636 using /etc/aliases; this caused problems with nullclient
2637 configurations. Change it back to the 8.6 semantics of
2638 having no local alias file unless it is declared. Problem
2639 noted by Charles Karney of Princeton University.
2640 Fix compile problem if NOTUNIX is defined. Pointed out by Bryan
2642 Map lookups of class "userdb" maps were always case sensitive; they
2643 should be controlled by the -f flag like other maps. Pointed
2644 out by Bjart Kvarme <bjart.kvarme@usit.uio.no>.
2645 Fix problem that caused some addresses to be passed through ruleset 5
2646 even when they were tagged as "sticky" by prefixing the
2647 address with an "@". Patch from Thomas Dwyer III of Michigan
2648 Technological University.
2649 When converting a message to Quoted-Printable, prevent any lines with
2650 dots alone on a line by themselves. This is because of the
2651 preponderance of broken mailers that still get this wrong.
2652 Code contributed by Per Hedeland of Ericsson.
2653 Fix F{macro}/file construct -- it previously did nothing. Pointed
2654 out by Bjart Kvarme of USIT/UiO (Norway).
2655 Announce whether a cached connection is SMTP or ESMTP (in -v mode).
2656 Requested by Allan Johannesen.
2657 Delete check for text format of alias files -- it should be legal
2658 to have the database format of the alias files without the
2659 text version. Problem pointed out by Joe Rhett of Navigist,
2661 If "Ot" was specified with no value, the TZ variable was not properly
2662 imported from the environment. Pointed out by Frank Crawford
2663 <frank@ansto.gov.au>.
2664 Some architectures core dumped on "program" maps that didn't have
2665 extra arguments. Patch from Booker C. Bense of Stanford
2667 Queue run processes would re-spawn daemons when given a SIGHUP; only
2668 the parent should do this. Fix from Brian Coan of the
2669 Association for Progressive Communications.
2670 If MinQueueAge was set and a message was considered but not run
2671 during a queue run and the Timeout.queuereturn interval was
2672 reached, a "timed out" error message would be returned that
2673 didn't include the failed address (and claimed to be a warning
2674 even though it was fatal). The fix is to not return such
2675 messages until they are actually tried, i.e., in the next
2676 MinQueueAge interval. Problem noted by Rein Tollevik of
2678 Add HES_GETMAILHOST compile flag to support MIT Hesiod distributions
2679 that have the hes_getmailhost() routine. DEC Hesiod
2680 distributions do not have this routine. Based on a patch
2681 from Betty Lee of Stanford University.
2682 Extensive cleanups to map open code to handle a locking race condition
2683 in ndbm, hash, and btree format database files on some (most
2684 non-4.4-BSD based) OS architectures. This should solve the
2685 occasional "user unknown" problem during alias rebuilds that
2686 has plagued me for quite some time. Based on a patch from
2687 Thomas Dwyer III of Michigan Technological University.
2689 Solaris: Change location of newaliases and mailq from
2690 /usr/ucb to /usr/bin to match Sun settings. From
2691 James B. Davis of TCI.
2692 DomainOS: Makefile.DomainOS doesn't require -ldbm. From
2693 Don Lewis of Silicon Systems.
2694 HP-UX 10: rename Makefile.HP-UX.10 => Makefile.HP-UX.10.x
2695 so that the makesendmail script will find it. Pointed
2696 out by Richard Allen of the University of Iceland.
2697 Also, use -Aa -D_HPUX_SOURCE instead of -Ae, which
2698 isn't supported on all compilers.
2699 UXPDS: compilation fixes from Diego R. Lopez.
2700 CONFIG: FAX mailer wasn't setting .FAX as a pseudo-domain unless
2701 you also had a FAX_RELAY. From Thomas.Tornblom@Hax.SE.
2702 CONFIG: Minor glitch in S21 -- attachment of local domain name
2703 didn't have trailing dot. From Jim Hickstein of Teradyne.
2704 CONFIG: Fix best_mx_is_local feature to allow nested addresses such as
2705 user%host@thishost. From Claude Scarpelli of Infobiogen
2707 CONFIG: OSTYPE(hpux10) failed to define the location of the help file.
2708 Pointed out by Hannu Martikka of Nokia Telecommunications.
2709 CONFIG: Diagnose some inappropriate ordering in configuration files,
2710 such as FEATURE(smrsh) listed after MAILER(local). Based on
2711 a bug report submitted by Paul Hoffman of Proper Publishing.
2712 CONFIG: Make OSTYPE files consistently not override settings that
2713 have already been set. Previously it worked differently
2714 for different files.
2715 CONFIG: Change relay mailer to do masquerading like 8.6 did. My take
2716 is that this is wrong, but the change was causing problems
2717 for some people. From Per Hedeland of Ericsson.
2718 CONTRIB: bitdomain.c patch from John Gardiner Myers <jgm+@CMU.EDU>;
2719 portability changes for Posix environments (no functional
2722 8.7.1/8.7.1 95/10/01
2723 Old macros that have become options (SmtpGreetingMessage,
2724 OperatorChars, and UnixFromLine) didn't allow backslash
2725 escapes in the options, where they previously had. Bug
2726 pointed out by John Hawkinson of MIT.
2727 Fix strange case of an executable called by a program map that
2728 returns a value but also a non-zero exit status; this
2729 would give contradictory results in the higher level; in
2730 particular, the default clause in the map lookup would be
2731 ignored. Change to ignore the value if the program returns
2732 non-zero exit status. From Tom Moore of AT&T GIS.
2733 Shorten parameters passed to syslog() in some contexts to avoid a
2734 bug in many vendors' implementations of that routine. Although
2735 this isn't really a bug in sendmail per se, and my solution
2736 has to assume that syslog() has at least a 1K buffer size
2737 internally (I know some vendors have shortened this
2738 dramatically -- they're on their own), sendmail is a popular
2739 target. Also, limit the size of %s arguments in sprintf.
2740 These both have possible security implications. Solutions
2741 suggested by Casper Dik of Sun's Network Security Group
2742 (Holland), Mark Seiden, and others.
2743 Fix a problem that might cause a non-standard -B (body type)
2744 parameter to be passed to the next server with undefined
2745 results. This could have security implications.
2746 If a filesystem was at > 100% utilization, the freediskspace()
2747 routine incorrectly returned an error rather than zero.
2748 Problem noted by G. Paul Ziemba of Alantec.
2749 Change MX sort order so that local hostnames (those in $=w) always
2750 sort first within a given preference. This forces the bestmx
2751 map to always return the local host first, if it is included
2752 in the list of highest priority MX records. From K. Robert
2754 Avoid some possible null pointer dereferences. Fixes from Randy
2755 Martin <WOLF@CLEMSON.EDU>
2756 When sendmail starts up on systems that have no fully qualified
2757 domain name (FQDN) anywhere in the first matching host map
2758 (e.g., /etc/hosts if the hosts service searches "files dns"),
2759 sendmail would sleep to try to find a FQDN, which it really
2760 really needs. This has been changed to fall through to the
2761 next map type if it can't find a FQDN -- i.e., if the hosts
2762 file doesn't have a FQDN, it will try dns even though the
2763 short name was found in /etc/hosts. This is probably a crock,
2764 but many people have hosts files without FQDNs. Remember:
2765 domain names are your friends.
2766 Log a high-priority message if you can't find your FQDN during startup.
2767 Suggested by Simon Barnes of Schlumberger Limited.
2768 When using Hesiod, initialize it early to improve error reporting.
2769 Patch from Don Lewis of Silicon Systems, Inc.
2770 Apparently at least some versions of Linux have a 90 !minute! TCP
2771 connection timeout in the kernel. Add a new "connect" timeout
2772 to limit this time. Defaults to zero (use whatever the
2773 kernel provides). Based on code contributed by J.R. Oldroyd
2775 Under some circumstances, a failed message would not be properly
2776 removed from the queue, causing tons of bogus error messages.
2777 (This fix eliminates the problematic EF_KEEPQUEUE flag.)
2778 Problem noted by Allan E Johannesen and Gregory Neil Shapiro
2781 On IRIX 5.x, there was an inconsistency in the setting
2782 of sendmail.st location. Change the Makefile to
2783 install it in /var/sendmail.st to match the OSTYPE
2784 file and SGI standards. From Andre
2785 <andre@curry.zfe.siemens.de>.
2786 Support for Fujitsu/ICL UXP/DS (For the DS/90 Series)
2787 from Diego R. Lopez <drlopez@cica.es>.
2788 Linux compilation patches from J.R. Oldroyd of TerraNet, Inc.
2789 LUNA 2 Mach patches from Motonori Nakamura.
2790 SunOS Makefile was including -ldbm, which is for the old
2791 dbm library. The ndbm library is part of libc.
2792 CONFIG: avoid bouncing ``user@host.'' (note trailing dot) with
2793 ``local configuration error'' in nullclient configuration.
2794 Patch from Gregory Neil Shapiro of WPI.
2795 CONFIG: don't allow an alias file in nullclient configurations --
2796 since all addresses are relayed, they give errors during
2797 rebuild. Suggested by Per Hedeland of Ericsson.
2798 CONFIG: local mailer on Solaris 2 should always get a -f flag because
2799 otherwise the F=S causes the From_ line to imply that root is
2800 the sender. Problem pointed out by Claude Scarpelli of
2801 Infobiogen (France).
2803 cf/feature/use_ct_file.m4 (omitted from 8.7 by mistake)
2804 src/Makefiles/Makefile.KSR (omitted from 8.7 by mistake)
2805 src/Makefiles/Makefile.UXPDS
2808 Fix a problem that could cause sendmail to run out of file
2809 descriptors due to a trashed data structure after a
2810 vfork. Fix from Brian Coan of the Institute for
2811 Global Communications.
2812 Change the VRFY response if you have disabled VRFY -- some
2813 people seemed to think that it was too rude.
2814 Avoid reference to uninitialized file descriptor if HASFLOCK
2815 was not defined. This was used "safely" in the sense
2816 that it only did a stat, but it would have set the
2817 map modification time improperly. Problem pointed out
2818 by Roy Mongiovi of Georgia Tech.
2819 Clean up the Subject: line on warning messages and return
2820 receipts so that they don't say "Returned mail:"; this
2822 Move ruleset entry/exit debugging from 21.2 to 21.1 -- this is
2823 useful enough to make it worthwhile printing on "-d".
2824 Avoid logging alias statistics every time you read the alias
2825 file on systems with no database method compiled in.
2826 If you have a name with a trailing dot, and you try looking it
2827 up using gethostbyname without the dot (for /etc/hosts
2828 compatibility), be sure to turn off RES_DEFNAMES and
2829 RES_DNSRCH to avoid finding the wrong name accidentally.
2830 Problem noted by Charles Amos of the University of
2832 Don't do timeouts in collect if you are not running SMTP.
2833 There is nothing that says you can't have a long
2834 running program piped into sendmail (possibly via
2835 /bin/mail, which just execs sendmail). Problem reported
2836 by Don "Truck" Lewis of Silicon Systems.
2837 Try gethostbyname() even if the DNS lookup fails iff option I
2838 is not set. This allows you to have hosts listed in
2839 NIS or /etc/hosts that are not known to DNS. It's normally
2840 a bad idea, but can be useful on firewall machines. This
2841 should really be broken out on a separate flag, I suppose.
2842 Avoid compile warnings against BIND 4.9.3, which uses function
2843 prototypes. From Don Lewis of Silicon Systems.
2844 Avoid possible incorrect diagnosis of DNS-related errors caused
2845 by things like attempts to resolve uucp names using
2846 $[ ... $] -- the fix is to clear h_errno at appropriate
2847 times. From Kyle Jones of UUNET.
2848 SECURITY: avoid denial-of-service attacks possible by destroying
2849 the alias database file by setting resource limits low.
2850 This involves adding two new compile-time options:
2851 HASSETRLIMIT (indicating that setrlimit(2) support is
2852 available) and HASULIMIT (indicating that ulimit(2) support
2853 is available -- the Release 3 form is used). The former
2854 is assumed on BSD-based systems, the latter on System
2855 V-based systems. Attack noted by Phil Brandenberger of
2856 Swarthmore University.
2857 New syntaxes in test (-bt) mode:
2858 ``.Dmvalue'' will define macro "m" to "value".
2859 ``.Ccvalue'' will add "value" to class "c".
2860 ``=Sruleset'' will dump the contents of the indicated
2862 ``=M'' will display the known mailers.
2863 ``-ddebug-spec'' is equivalent to the command-line
2865 ``$m'' will print the value of macro $m.
2866 ``$=c'' will print the contents of class $=c.
2867 ``/mx host'' returns the MX records for ``host''.
2868 ``/parse address'' will parse address, returning the value of
2869 crackaddr (essentially, the comment information)
2870 and the parsed address.
2871 ``/try mailer address'' will rewrite address into the form
2872 it will have when presented to the indicated mailer.
2873 ``/tryflags flags'' will set flags used by parsing. The
2874 flags can be `H' for header or `E' for envelope,
2875 and `S' for sender or `R' for recipient. These
2876 can be combined, so `HR' sets flags for header
2878 ``/canon hostname'' will try to canonify hostname and
2880 ``/map mapname key'' will look up `key' in the indicated
2881 `mapname' and return the result.
2882 Somewhat better handling of UNIX-domain socket addresses -- it
2883 should show the pathname rather than hex bytes.
2884 Restore ``-ba'' mode -- this reads a file from stdin and parses
2885 the header for envelope sender information and uses
2886 CR-LF as message terminators. It was thought to be
2887 obsolete (used only for Arpanet NCP protocols), but it
2888 turns out that the UK ``Grey Book'' protocols require
2890 Fix a fix in previous release -- if gethostname and gethostbyname
2891 return a name without dots, and if an attempt to canonify
2892 that name fails, wait one minute and try again. This can
2893 result in an extra 60 second delay on startup if your system
2894 hostname (as returned by hostname(1)) has no dot and no names
2895 listed in /etc/hosts or your NIS map have a dot.
2896 Check for proper domain name on HELO and EHLO commands per
2897 RFC 1123 section 5.2.5. Problem noted by Thomas Dwyer III
2898 of Michigan Technological University.
2899 Relax chownsafe rules slightly -- old version said that if you
2900 can't tell if _POSIX_CHOWN_RESTRICTED is set (that is,
2901 if fpathconf returned EINVAL or ENOSYS), assume that
2902 chown is not safe. The new version falls back to whether
2903 you are on a BSD system or not. This is important for
2904 SunOS, which apparently always returns one of those
2905 error codes. This impacts whether you can mail to files
2907 Syntax errors such as unbalanced parentheses in the configuration
2908 file could be omitted if you had "Oem" prior to the
2909 syntax error in the config file. Change to always print
2910 the error message. It was especially weird because it
2911 would cause a "warning" message to be sent to the Postmaster
2912 for every message sent (but with no transcript). Problem
2913 noted by Gregory Paris of Motorola.
2914 Rewrite collect and putbody to handle full 8-bit data, including
2915 zero bytes. These changes are internally extensive, but
2916 should have minimal impact on external function.
2917 Allow full words for option names -- if the option letter is
2918 (apparently) a space, then take the word following -- e.g.,
2920 The full list of old and new names is as follows:
2926 b MinFreeBlocks/MaxMessageSize
2927 C CheckpointInterval
2929 D AutoRebuildAliases
2942 k ConnectionCacheSize
2943 K ConnectionCacheTimeout
2970 The old macros that passed information into sendmail have
2971 been changed to options; those correspondences are:
2972 $e SmtpGreetingMessage
2975 $q (deleted -- not necessary)
2976 To avoid possible problems with an older sendmail,
2977 configuration level 6 is accepted by this version of
2978 sendmail; any config file using the new names should
2979 specify "V6" in the configuration.
2980 Change address parsing to properly note that a phrase before a
2981 colon and a trailing semicolon are essentially the same
2982 as text outside of angle brackets (i.e., sendmail should
2983 treat them as comments). This is to handle the
2984 ``group name: addr1, addr2, ..., addrN;'' syntax (it will
2985 assume that ``group name:'' is a comment on the first
2986 address and the ``;'' is a comment on the last address).
2987 This requires config file support to get right. It does
2988 understand that :: is NOT this syntax, and can be turned
2989 off completely by setting the ColonOkInAddresses option.
2990 Level 6 config files added with new mailer flags:
2991 A Addresses are aliasable.
2992 i Do udb rewriting on envelope as well as header
2993 sender lines. Applies to the from address mailer
2994 flags rather than the recipient mailer flags.
2995 j Do udb rewriting on header recipient addresses.
2996 Applies to the sender mailer flags rather than the
2997 recipient mailer flags.
2998 k Disable check for loops when doing HELO command.
2999 o Always run as the mail recipient, even on local
3001 w Check for an /etc/passwd entry for this user.
3002 5 Pass addresses through ruleset 5.
3003 : Check for :include: on this address.
3004 | Check for |program on this address.
3005 / Check for /file on this address.
3006 @ Look up sender header addresses in the user
3007 database. Applies to the mailer flags for the
3008 mailer corresponding to the envelope sender
3009 address, rather than to recipient mailer flags.
3010 Pre-level 6 configuration files set A, w, 5, :, |, /, and @
3011 on the "local" mailer, the o flag on the "prog" and "*file*"
3012 mailers, and the ColonOkInAddresses option.
3013 Eight-to-seven bit MIME conversions. This borrows ideas from
3014 John Beck of Hewlett-Packard, who generously contributed
3015 their implementation to me, which I then didn't use (see
3016 mime.c for an explanation of why). This adds the
3017 EightBitMode option (a.k.a. `8') and an F=8 mailer flag
3018 to control handling of 8-bit data. These have to cope with
3019 two types of 8-bit data: unlabelled 8-bit data (that is,
3020 8-bit data that is entered without declaring it as 8-bit
3021 MIME -- technically this is illegal according to the
3022 specs) and labelled 8-bit data (that is, it was declared
3023 as 8BITMIME in the ESMTP session or by using the
3024 -B8BITMIME command line flag). If the F=8 mailer flag is
3025 set then 8-bit data is sent to non-8BITMIME machines
3026 instead of converting to 7 bit (essentially using
3027 just-send-8 semantics). The values for EightBitMode are:
3028 m convert unlabelled 8-bit input to 8BITMIME, and do
3029 any necessary conversion of 8BITMIME to 7BIT
3030 (essentially, the full MIME option).
3031 p pass unlabelled 8-bit input, but convert labelled
3032 8BITMIME input to 7BIT as required (default).
3033 s strict adherence: reject unlabelled 8-bit input,
3034 convert 8BITMIME to 7BIT as required. The F=8
3036 Unlabelled 8-bit data is rejected in mode `s' regardless of
3038 Add new internal class 'n', which is the set of MIME Content-Types
3039 which can not be 8 to 7 bit encoded because of other
3040 considerations. Types "multipart/*" and "message/*" are
3041 never directly encoded (although their components can be).
3042 Add new internal class 's', which is the set of subtypes of the
3043 MIME message/* content type that can be treated as though
3044 they are an RFC822 message. It is predefined to have
3045 "rfc822". Suggested By Kari Hurtta.
3046 Add new internal class 'e'. This is the set of MIME
3047 Content-Transfer-Encodings that can be converted to
3048 a seven bit format (Quoted-Printable or Base64). It is
3049 preinitialized to contain "7bit", "8bit", and "binary".
3050 Add C=charset mailer parameter and the the DefaultCharSet option (no
3051 short name) to set the default character set to use in the
3052 Content-Type: header when doing encoding of an 8-bit message
3053 which isn't marked as MIME into MIME format. If the C=
3054 parameter is set on the Envelope From address, use that as
3055 the default encoding; else use the DefaultCharSet option.
3056 If neither is set, it defaults to "unknown-8bit" as
3057 suggested by RFC 1428 section 3.
3058 Allow ``U=user:group'' field in mailer definition to set a default
3059 user and group that a mailer will be executed as. This
3060 overrides the 'u' and 'g' options, and if the `F=S' flag is
3061 also set, it is the uid/gid that will always be used (that
3062 is, the controlling address is ignored). The values may be
3063 numeric or symbolic; if only a symbolic user is given (no
3064 group) that user's default group in the passwd file is used
3065 as the group. Based on code donated by Chip Rosenthal of
3067 Allow `u' option to also accept user:group as a value, in the same
3068 fashion as the U= mailer option.
3069 Add the symbolic time zone name in the Arpanet format dates (as
3070 a comment). This adds a new compile-time configuration
3071 flag: TZ_TYPE can be set to TZ_TM_NAME (use the value
3072 of (struct tm *)->tm_name), TZ_TM_ZONE (use the value
3073 of (struct tm *)->tm_zone), TZ_TZNAME (use extern char
3074 *tzname[(struct tm *)->tm_isdst]), TZ_TIMEZONE (use
3075 timezone()), or TZ_NONE (don't include the comment). Code
3076 from Chip Rosenthal.
3077 The "Timeout" option (formerly "r") is extended to allow suboptions.
3080 There are also two new suboptions "queuereturn" and
3081 "queuewarn"; these subsume the old T option. Thus, to
3082 set them both the preferred new syntax is
3083 O Timeout.queuereturn = 5d
3084 O Timeout.queuewarn = 4h
3085 Sort queue by host name instead of by message priority if the
3086 QueueSortOrder option (no short name) is set is set to
3087 ``host''. This makes better use of the connection cache,
3088 but may delay more ``interactive'' messages behind large
3089 backlogs under some circumstances. This is probably a
3090 good option if you have high speed links or don't do lots
3091 of ``batch'' messages, but less good if you are using
3092 something like PPP on a 14.4 modem. Based on code
3093 contributed by Roy Mongiovi of Georgia Tech (my main
3094 contribution was to make it configurable).
3095 Save i-number of df file in qf file to simplify rebuilding of queue
3096 after disastrous disk crash. Suggested by Kyle Jones of
3097 UUNET; closely based on code from KJS DECWRL code written
3098 by Paul Vixie. NOTA BENE: The qf files produced by 8.7
3099 are NOT back compatible with 8.6 -- that is, you can convert
3100 from 8.6 to 8.7, but not the other direction.
3101 Add ``F=d'' mailer flag to disable all use of angle brackets in
3102 route-addrs in envelopes; this is because in some cases
3103 they can be sent to the shell, which interprets them as
3105 Don't include error file (option E) with return-receipts; this
3107 Don't send "Warning: cannot send" messages to owner-* or
3108 *-request addresses. Suggested by Christophe Wolfhugel
3109 of the Institut Pasteur, Paris.
3110 Allow -O command line flag to set long form options.
3111 Add "MinQueueAge" option to set the minimum time between attempts
3112 to run the queue. For example, if the queue interval
3113 (-q value) is five minutes, but the minimum queue age
3114 is fifteen minutes, jobs won't be tried more often than
3115 once every fifteen minutes. This can be used to give
3116 you more responsiveness if your delivery mode is set to
3118 Allow "fileopen" timeout (default: 60 seconds) for opening
3119 :include: and .forward files.
3120 Add "-k", "-v", and "-z" flags to map definitions; these set the
3121 key field name, the value field name, and the field
3122 delimiter. The field delimiter can be a single character
3123 or the sequence "\t" or "\n" for tab or newline.
3124 These are for use by NIS+ and similar access methods.
3125 Change maps to always strip quotes before lookups; the -q flag
3126 turns off this behavior. Suggested by Motonori Nakamura.
3127 Add "nisplus" map class. Takes -k and -v flags to choose the
3128 key and value field names respectively. Code donated by
3130 Add "hesiod" map class. The "file name" is used as the
3131 "HesiodNameType" parameter to hes_resolve(3). Returns the
3132 first value found for the match. Code donated by Scott
3133 Hutton of Indiana University.
3134 Add "netinfo" (NeXT NetInfo) map class. Maps can have a -k flag to
3135 specify the name of the property that is searched as the
3136 key and a -v flag to specify the name of the property that
3137 is returned as the value (defaults to "members"). The
3138 default map is "/aliases". Some code based on code
3139 contributed by Robert La Ferla of Hot Software.
3140 Add "text" map class. This does slow, linear searches through
3141 text files. The -z flag specifies a column delimiter
3142 (defaults to any sequence of white space), the -k flag
3143 sets the key column number, and the -v flag sets the
3144 value column number. Lines beginning with `#' are treated
3146 Add "program" map class to execute arbitrary programs. The search
3147 key is presented as the last argument; the output is one
3148 line read from the programs standard output. Exit statuses
3149 are from sysexits.h.
3150 Add "sequence" map class -- searches maps in sequence until it
3151 finds a match. For example, the declarations:
3154 Kmapseq sequence map1 map2
3155 defines a map "mapseq" that first searches map1; if the
3156 value is found it is returned immediately, otherwise
3157 map2 is searched and the value returned.
3158 Add "switch" map class. This is much like "sequence" except that
3159 the ordering is fetched from an external file, usually
3160 the system service switch. The parameter is the name of
3161 the service to switch on, and the maps that it will use
3162 are the name of the switch map followed by ".service_type".
3163 For example, if the declaration of the map is
3164 Ksample switch hosts
3165 and the system service switch specifies that hosts are
3166 looked up using dns and nis in that order, then this is
3168 Ksample sequence sample.dns sample.nis
3169 The subordinate maps (sample.*) must already be defined.
3170 Add "user" map class -- looks up users using getpwnam. Takes a
3171 "-v field" flag on the definition that tells what passwd
3172 entry to return -- legal values are name, passwd, uid, gid,
3173 gecos, dir, and shell. Generally expected to be used with
3174 the -m (matchonly) flag.
3175 Add "bestmx" map class -- returns the best MX value for the host
3176 listed as the value. If there are several "best" MX records
3177 for this host, one will be chosen at random.
3178 Add "userdb" map class -- looks up entries in the user database.
3179 The "file name" is actually the tag that will be used,
3180 typically "mailname". If there are multiple entries
3181 matching the name, the one chosen is undefined.
3182 Add multiple queue timeouts (both return and warning). These are
3183 set by the Precedence: or Priority: header fields to one of
3184 three values. If a Priority: is set and has value "normal",
3185 "urgent", or "non-urgent" the corresponding timeouts are
3186 used. If no priority is set, the Precedence: is consulted;
3187 if negative, non-urgent timeouts are used; if greater than
3188 zero, urgent timeouts are used. Otherwise, normal timeouts
3189 are used. The timeouts are set by setting the six timeouts
3190 queue{warn,return}.{urgent,normal,non-urgent}.
3191 Fix problem when a mail address is resolved to a $#error mailer
3192 with a temporary failure indication; it works in SMTP,
3193 but when delivering locally the mail is silently discarded.
3194 This patch, from Kyle Jones of UUNET, bounces it instead
3195 of queueing it (queueing is very hard).
3196 When using /etc/hosts or NIS-style lookups, don't assume that
3197 the first name in the list is the best one -- instead,
3198 search for the first one with a dot. For example, if
3199 an /etc/hosts entry reads
3200 128.32.149.68 mammoth mammoth.CS.Berkeley.EDU
3201 this change will use the second name as the canonical
3202 machine name instead of the initial, unqualified name.
3203 Change dequote map to replace spaces in quoted text with a value
3204 indicated by the -s flag on the dequote map definition.
3205 For example, ``Mdequote dequote -s_'' will change
3206 "Foo Bar" into an unquoted Foo_Bar instead of leaving it
3207 quoted (because of the space character). Suggested by Dan
3208 Oscarsson for use in X.400 addresses.
3209 Implement long macro names as ${name}; long class names can
3210 be similarly referenced as $={name} and $~{name}.
3211 Definitions are (e.g.) ``D{name}value''. Names that have
3212 a leading lower case letter or punctuation characters are
3213 reserved for internal use by sendmail; i.e., config files
3214 should use names that begin with a capital letter. Based
3215 on code contributed by Dan Oscarsson.
3216 Fix core dump if getgrgid returns a null group list (as opposed
3217 to an empty group list, that is, a pointer to a list
3218 with no members). Fix from Andrew Chang of Sun Microsystems.
3219 Fix possible core dump if malloc fails -- if the malloc in xalloc
3220 failed, it called syserr which called newstr which called
3221 xalloc.... The newstr is now avoided for "panic" messages.
3222 Reported by Stuart Kemp of James Cook University.
3223 Improve connection cache timeouts; previously, they were not even
3224 checked if you were delivering to anything other than an
3225 IPC-connected host, so a series of (say) local mail
3226 deliveries could cause cached connections to be open
3227 much longer than the specified timeout.
3228 If an incoming message exceeds the maximum message size, stop
3229 writing the incoming bytes to the queue data file, since
3230 this can fill your mqueue partition -- this is a possible
3231 denial-of-service attack.
3232 Don't reject all numeric local user names unless HESIOD is
3233 defined. It turns out that Posix allows all-numeric
3234 user names. Fix from Tony Sanders of BSDI.
3235 Add service switch support. If the local OS has a service
3236 switch (e.g., /etc/nsswitch.conf on Solaris or /etc/svc.conf
3237 on DEC systems) that will be used; otherwise, it falls back
3238 to using a local mechanism based on the ServiceSwitchFile
3239 option (default: /etc/service.switch). For example, if the
3240 service switch lists "files" and "nis" for the aliases
3241 service, that will be the default lookup order. the "files"
3242 ("local" on DEC) service type expands to any alias files
3243 you listed in the configuration file, even if they aren't
3244 actually file lookups.
3245 Option I (NameServerOptions) no longer sets the "UseNameServer"
3246 variable which tells whether or not DNS should be considered
3247 canonical. This is now determined based on whether or not
3248 "dns" is in the service list for "hosts".
3249 Add preliminary support for the ESMTP "DSN" extension (Delivery
3250 Status Notifications). DSN notifications override
3251 Return-Receipt-To: headers, which are bogus anyhow --
3252 support for them has been removed.
3253 Add T=mts-name-type/address-type/diagnostic-type keyletter to mailer
3254 definitions to define the types used in DSN returns for
3255 MTA names, addresses, and diagnostics respectively.
3256 Extend heuristic to force running in ESMTP mode to look for the
3257 five-character string "ESMTP" anywhere in the 220 greeting
3258 message (not just the second line). This is to provide
3259 better compatibility with other ESMTP servers.
3260 Print sequence number of job when running the queue so you can
3261 easily see how much progress you have made. Suggested
3262 by Peter Wemm of DIALix.
3263 Map newlines to spaces in logged message-ids; some versions of
3264 syslog truncate the rest of the line after newlines.
3265 Suggested by Fletcher Mattox of U. Texas.
3266 Move up forking for job runs so that if a message is split into
3267 multiple envelopes you don't get "fork storms" -- this
3268 also improves the connection cache utilization.
3269 Accept "<<>>", "<<<>>>", and so forth as equivalent to "<>" for
3270 the purposes of refusing to send error returns. Suggested
3271 by Motonori Nakamura of Ritsumeikan University.
3272 Relax rules on when a file can be written when referenced from
3273 the aliases file: use the default uid/gid instead of the
3274 real uid/gid. This allows you to create a file owned by
3275 and writable only by the default uid/gid that will work
3276 all the time (without having the setuid bit set). Change
3277 suggested by Shau-Ping Lo and Andrew Cheng of Sun
3279 Add "DialDelay" option (no short name) to provide an "extra"
3280 delay for dial on demand systems. If this is non-zero
3281 and a connect fails, sendmail will wait this long and
3282 then try again. If it takes longer than the kernel
3283 timeout interval to establish the connection, this
3284 option can give the network software time to establish
3285 the link. The default units are seconds.
3286 Move logging of sender information to be as early as possible;
3287 previously, it could be delayed a while for SMTP mail
3288 sent to aliases. Suggested by Brad Knowles of the
3289 Defense Information Systems Agency.
3290 Call res_init() before setting RES_DEBUG; this is required by
3291 BIND 4.9.3, or so I'm told. From Douglas Anderson of
3292 the National Computer Security Center.
3293 Add xdelay= field in logs -- this is a transaction delay, telling
3294 you how long it took to deliver to this address on the
3295 last try. It is intended to be used for sorting mailing
3296 lists to favor "quick" addresses. Provided for use by
3297 the mailprio scripts (see below).
3298 If a map cannot be opened, and that map is non-optional, and
3299 an address requires that map for resolution, queue the
3300 map instead of bouncing it. This involves creating a
3301 pseudo-class of maps called "bogus-map" -- if a required
3302 map cannot be opened, the class is changed to bogus-map;
3303 all queries against bogus-map return "tempfail". The
3304 bogus-map class is not directly accessible. A sample
3305 implementation was donated by Jem Taylor of Glasgow
3306 University Computing Service.
3307 Fix a possible core dump when mailing to a program that talks
3308 SMTP on its standard input. Fix from Keith Moore of
3309 the University of Kentucky.
3310 Make it possible to resolve filenames to $#local $: @ /filename;
3311 previously, the "@" would cause it to not be recognized
3312 as a file. Problem noted by Brian Hill of U.C. Davis.
3313 Accept a -1 signal to re-exec the daemon. This only works if
3314 argv[0] is a full path to sendmail.
3315 Fix bug in "addr=..." field in O option on little-endian machines
3316 -- the network number wasn't being converted to network
3317 byte order. Patch from Kurt Lidl of Pix Technologies
3319 Pre-initialize the resolver early on; this is to avoid a bug with
3320 BIND 4.9.3 that can cause the _res.retry field to get
3321 reset to zero, causing all name server lookups to time
3322 out. Fix from Matt Day of Artisoft.
3323 Restore T line (trusted users) in config file -- but instead of
3324 locking out the -f flag, they just tell whether or not
3325 an X-Authentication-Warning: will be added. This really
3326 just creates new entries in class 't', so "Ft/file/name"
3327 can be used to read trusted user names from a file.
3328 Trusted users are also allowed to execute programs even
3329 if they have a shell that isn't in /etc/shells.
3330 Improve NEWDB alias file rebuilding so it will create them
3331 properly if they do not already exist. This had been
3332 a MAYBENEXTRELEASE feature in 8.6.9.
3333 Check for @:@ entry in NIS maps before starting up to avoid
3334 (but not prevent, sigh) race conditions. This ought to
3335 be handled properly in ypserv, but isn't. Suggested by
3336 Michael Beirne of Motorola.
3337 Refuse connections if there isn't enough space on the filesystem
3338 holding the queue. Contributed by Robert Dana of Wolf
3340 Skip checking for directory permissions in the path to a file
3341 when checking for file permissions iff setreuid()
3342 succeeded -- it is unnecessary in that case. This avoids
3343 significant performance problems when looking for .forward
3344 files. Based on a suggestion by Win Bent of USC.
3345 Allow symbolic ruleset names. Syntax can be "Sname" to get an
3346 arbitrary ruleset number assigned or "Sname = integer"
3347 to assign a specific ruleset number. Reference is
3348 $>name_or_number. Names can be composed of alphas, digits,
3349 underscore, or hyphen (first character must be non-numeric).
3350 Allow -o flag on AliasFile lines to make the alias file optional.
3351 From Bryan Costales of ICSI.
3352 Add NoRecipientAction option to handle the case where there is
3353 no legal recipient header in the message. It can take
3355 None Leave the message as is. The
3356 message will be passed on even
3357 though it is in technically
3359 Add-To Add a To: header with any
3360 recipients that it can find from
3361 the envelope. This risks exposing
3363 Add-Apparently-To Add an Apparently-To: header. This
3364 has almost no redeeming social value,
3365 and is provided only for back
3367 Add-To-Undisclosed Add a header reading
3368 To: undisclosed-recipients:;
3369 which will have the effect of
3370 making the message legal without
3371 exposing Bcc: recipients.
3372 Add-Bcc To add an empty Bcc: header.
3373 There is a chance that mailers down
3374 the line will delete this header,
3375 which could cause exposure of Bcc:
3377 The default is NoRecipientAction=None.
3378 Truncate (rather than delete) Bcc: lines in the header. This
3379 should prevent later sendmails (at least, those that don't
3380 themselves delete Bcc:) from considering this message to
3381 be non-conforming -- although it does imply that non-blind
3382 recipients can see that a Bcc: was sent, albeit not to whom.
3383 Add SafeFileEnvironment option. If declared, files named as delivery
3384 targets must be regular files in addition to the regular
3385 checks. Also, if the option is non-null then it is used as
3386 the name of a directory that is used as a chroot(2)
3387 environment for the delivery; the file names listed in an
3388 alias or forward should include the name of this root.
3389 For example, if you run with
3390 O SafeFileEnvironment=/arch
3391 then aliases should reference "/arch/rest/of/path". If a
3392 value is given, sendmail also won't try to save to
3393 /usr/tmp/dead.letter (instead it just leaves the job in the
3394 queue as Qfxxxxxx). Inspired by *Hobbit*'s sendmail patch kit.
3395 Support -A flag for alias files; this will comma concatenate like
3396 entries. For example, given the aliases:
3399 and an alias file declared as:
3400 OAhash:-A /etc/aliases
3401 the final alias inserted will be "list: member1,member2";
3402 without -A you will get an error on the second and subsequent
3403 alias for "list". Contributed by Bryan Costales of ICSI.
3404 Line-buffer transcript file. Suggested by Liudvikas Bukys.
3405 Fix a problem that could cause very long addresses to core dump in
3406 some special circumstances. Problem pointed out by Allan
3408 (Internal change.) Change interface to expand() (macro expansion)
3409 to be simpler and more consistent.
3410 Delete check for funny qf file names. This didn't really give
3411 any extra security and caused some people some problems.
3412 (If you -really- want this, define PICKY_QF_NAME_CHECK
3413 at compile time.) Suggested by Kyle Jones of UUNET.
3414 (Internal change.) Change EF_NORETURN to EF_NO_BODY_RETN and
3415 merge with DSN code; this is simpler and more consistent.
3416 This may affect some people who have written their own
3417 checkcompat() routine.
3418 (Internal change.) Eliminate `D' line in qf file. The df file
3419 is now assumed to be the same name as the qf file (with
3420 the `q' changed to a `d', of course).
3421 Avoid forking for delivery if all recipient mailers are marked as
3422 "expensive" -- this can be a major cost on some systems.
3423 Essentially, this forces sendmail into "queue only" mode
3424 if all it is going to do is queue anyway.
3425 Avoid sending a null message in some rather unusual circumstances
3426 (specifically, the RCPT command returns a temporary
3427 failure but the connection is lost before the DATA
3428 command). Fix from Scott Hammond of Secure Computing
3430 Change makesendmail to use a somewhat more rational naming scheme:
3431 Makefiles and obj directories are named $os.$rel.$arch,
3432 where $os is the operating system (e.g., SunOS), $rel is
3433 the release number (e.g., 5.3), and $arch is the machine
3434 architecture (e.g., sun4). Any of these can be omitted,
3435 and anything after the first dot in a release number can
3436 be replaced with "x" (e.g., SunOS.4.x.sun4). The previous
3437 version used $os.$arch.$rel and was rather less general.
3438 Change makesendmail to do a "make depend" in the target directory
3439 when it is being created. This involves adding an empty
3440 "depend:" entry in most Makefiles.
3441 Ignore IDENT return value if the OSTYPE field returns "OTHER",
3442 as indicated by RFC 1413. Pointed out by Kari Hurtta
3443 of the Finnish Meteorological Institute.
3444 Fix problem that could cause multiple responses to DATA command
3445 on header syntax errors (e.g., lines beginning with colons).
3446 Problem noted by Jens Thomassen of the University of Oslo.
3447 Don't let null bytes in headers cause truncation of the rest of
3449 Log Authentication-Warning:s. Suggested by Motonori Nakamura.
3450 Increase timeouts on message data puts to allow time for receivers
3451 to canonify addresses in headers on the fly. This is still
3452 a rather ugly heuristic. From Motonori Nakamura.
3453 Add "HasWildcardMX" suboption to ResolverOptions; if set, MX
3454 records are not used when canonifying names, and when MX
3455 lookups are done for addressing they must be fully
3456 qualified. This is useful if you have a wildcard MX record,
3457 although it may cause other problems. In general, don't use
3458 wildcard MX records. Patch from Motonori Nakamura.
3459 Eliminate default two-line SMTP greeting message. Instead of
3460 adding an extra "ESMTP spoken here" line, the word "ESMTP"
3461 is added between the first and second word of the first
3462 line of the greeting message (i.e., immediately after the
3463 host name). This eliminates the need for the BROKEN_SMTP_PEERS
3464 compile flag. Old sendmails won't see the ESMTP, but that's
3465 acceptable because SIZE was the only useful extension that
3466 old sendmails understand.
3467 Avoid gethostbyname calls on UNIX domain sockets during SIGUSR1
3468 invoked state dumps. From Masaharu Onishi.
3469 Allow on-line comments in .forward and :include: files; they are
3470 introduced by the string "<LWSP>#@#<LWSP>", where <LWSP>
3471 is a space or a tab. This is intended for native
3472 representation of non-ASCII sets such as Japanese, where
3473 existing encodings would be unreadable or would lose
3474 data -- for example,
3475 <motonori@cs.ritsumei.ac.jp> NAKAMURA Motonori
3476 (romanized/less information)
3477 <motonori@cs.ritsumei.ac.jp> =?ISO-2022-JP?B?GyRCQ2ZCPBsoQg==?=
3478 =?ISO-2022-JP?B?GyRCQUdFNRsoQg==?=
3479 (with MIME encoding, not human readable)
3480 <motonori@cs.ritsumei.ac.jp> #@# ^[$BCfB<^[(B ^[$BAGE5^[(B
3481 (native encoding with ISO-2022-JP)
3482 The last form is human readable in the Japanese environment.
3483 Based on a fix from (surprise!) Motonori Nakamura.
3484 Don't make SMTP error returns on MAIL FROM: line be "sticky" for all
3485 messages to that host; these are most frequently associated
3486 with addresses rather than the host, with the exception of
3487 421 (service shutting down). The effect was to cause queues
3488 to sometimes take an excessive time to flush. Reported by
3489 Robert Sargent of Southern Geographics Technologies and
3490 Eric Prestemon of American University.
3491 Add Nice=N mailer option to set the niceness at which a mailer will
3492 run. This is actually a relative niceness (that is, an
3493 increment on the background value).
3494 Log queue runs that are skipped due to high loads. They are logged
3495 at LOG_INFO priority iff the log level is > 8. Contributed
3496 by Bruce Nagel of Data General.
3497 Allow the error mailer to accept a DSN-style error status code
3498 instead of an sysexits status code in the host part.
3499 Anything with a dot will be interpreted as a DSN-style code.
3500 Add new mailer flag: F=3 will tell translations to Quoted-Printable
3501 to encode characters that might be munged by an EBCDIC system
3502 in addition to the set required by RFC 1521. The additional
3503 characters are !, ", #, $, @, [, \, ], ^, `, {, |, }, and ~.
3504 (Think of "IBM 360" as the mnemonic for this flag.)
3505 Change check for mailing to files to look for a pathname of [FILE]
3506 rather than looking for the mailer named *file*. The mapping
3507 of leading slashes still goes to the *file* mailer. This
3508 allows you to implement the *file* mailer as a separate
3509 program, for example, to insert a Content-Length: header
3510 or do special security policy. However, note that the usual
3511 initial checking for the file permissions is still done, and
3512 the program in question needs to be very careful about how
3513 it does the file write to avoid security problems.
3514 Be able to read ~root/.forward even if the path isn't accessible to
3515 regular users. This is disrecommended because sendmail
3516 sometimes does not run as root (e.g., when an unsafe option
3517 is specified on the command line), but should otherwise be
3518 safe because .forward files must be owned by the user for
3519 whom mail is being forwarded, and cannot be a symbolic link.
3520 Suggested by Forrest Aldrich of Wang Laboratories.
3521 Add new "HostsFile" option that is the pathname to the /etc/hosts
3522 file. This is used for canonifying hostnames when the
3523 service type is "files".
3524 Implement programs on F (read class from file) line. The syntax is
3525 Fc|/path/to/program to read the output from the program
3527 Probe the network interfaces to find alternate names for this
3528 host. Requires the SIOCGIFCONF ioctl call. Code
3529 contributed by SunSoft.
3530 Add "E" configuration line to set or propagate environment
3531 variables into children. "E<envar>" will propagate
3532 the named variable from the environment when sendmail
3533 was invoked into any children it calls; "E<envar>=<value>"
3534 sets the named variable to the indicated value. Any
3535 variables not explicitly named will not be in the child
3536 environment. However, sendmail still forces an
3537 "AGENT=sendmail" environment variable, in part to enforce
3538 at least one environment variable, since many programs and
3539 libraries die horribly if this is not guaranteed.
3540 Change heuristic for rebuilding both NEWDB and NDBM versions of
3541 alias databases -- new algorithm looks for the substring
3542 "/yp/" in the file name. This is more portable and involves
3543 less overhead. Suggested by Motonori Nakamura.
3544 Dynamically allocate the queue work list so that you don't lose
3545 jobs in large queue runs. The old QUEUESIZE compile parameter
3546 is replaced by QUEUESEGSIZE (the unit of allocation, which
3547 should not need to be changed) and the MaxQueueRunSize option,
3548 which is the absolute maximum number of jobs that will ever
3549 be handled in a single queue run. Based on code contributed
3550 by Brian Coan of the Institute for Global Communications.
3551 Log message when a message is dropped because it exceeds the maximum
3552 message size. Suggested by Leo Bicknell of Virginia Tech.
3553 Allow trusted users (those on a T line or in $=t) to use -bs without
3554 an X-Authentication-Warning: added. Suggested by Mark Thomas
3555 of Mark G. Thomas Consulting.
3556 Announce state of compile flags on -d0.1 (-d0.10 throws in the
3557 OS-dependent defines). The old semantic of -d0.1 to not
3558 run the daemon in background has been moved to -d99.100,
3559 and the old 52.5 flag (to avoid disconnect() from closing
3560 all output files) has been moved to 52.100. This makes
3561 things more consistent (flags below .100 don't change
3562 semantics) and separates out the backgrounding so that
3563 it doesn't happen automatically on other unrelated debugging
3565 If -t is used but no addresses are found in the header, give an
3566 error message rather than just doing nothing. Fix from
3568 On systems (like SunOS) where the effective gid is not necessarily
3569 included in the group list returned by getgroups(), the
3570 `restrictmailq' option could sometimes cause an authorized
3571 user to not be able to use `mailq'. Fix from Charles Hannum
3573 Allow symbolic service names for [IPC] mailers. Suggested by
3574 Gerry Magennis of Logica International.
3575 Add DontExpandCnames option to prevent $[ ... $] from expanding CNAMEs
3576 when running DNS. For example, if the name FTP.Foo.ORG is
3577 a CNAME for Cruft.Foo.ORG, then when sitting on a machine in
3578 the Foo.ORG domain a lookup of "FTP" returns "Cruft.Foo.ORG"
3579 if this option is not set, or "FTP.Foo.ORG" if it is set.
3580 This is technically illegal under RFC 822 and 1123, but the
3581 IETF is moving toward legalizing it. Note that turning on
3582 this option is not sufficient to guarantee that a downstream
3583 neighbor won't rewrite the address for you.
3584 Add "-m" flag to makesendmail script -- this tells you what object
3585 directory and Makefile it will use, but doesn't actually do
3587 Do some additional checking on the contents of the qf file to try
3588 to detect attacks against the qf file. In particular,
3589 abort on any line beginning "From ", and add an "end of
3590 file" line -- any data after that line is prohibited.
3591 Always use /etc/sendmail.cf, regardless of the arbitrary vendor
3592 choices. This can be overridden in the Makefile by using
3593 either -DUSE_VENDOR_CF_PATH to get the vendor location
3594 (to the extent that we know it) or by defining
3595 _PATH_SENDMAILCF (which is a "hard override"). This allows
3596 sendmail 8 to have more consistent installation instructions.
3597 Allow macros on `K' line in config file. Suggested by Andrew Chang
3598 of Sun Microsystems.
3599 Improved symbol table hash function from Eric Wassenaar. This one
3600 is at least 50% faster.
3601 Fix problem that didn't notice that timeout on file open was a
3602 transient error. Fix from Larry Parmelee of Cornell
3604 Allow comments (lines beginning with a `#') in files read for
3605 classes. Suggested by Motonori Nakamura.
3606 Make SIGINT (usually ^C) in test mode return to the prompt instead
3607 of dropping out entirely. This makes testing some of the
3608 name server lookups easier to deal with when there are
3609 hung servers. From Motonori Nakamura.
3610 Add new ${opMode} macro that is set to the current operation mode
3611 (e.g., `s' for -bs, `t' for -bt, etc.). Suggested by
3612 Claude Marinier <MARINIER@emp.ewd.dreo.dnd.ca>.
3613 Add new delivery mode (Odd) that defers all map lookups to queue runs.
3614 Kind of like queue-only mode (Odq) except it tries to avoid
3615 any external service requests; for dial-on-demand hosts that
3616 want to minimize DNS lookups when mail is being queued. For
3617 this to work you will also have to make sure that gethostbyname
3618 of your local host name does not do a DNS lookup.
3619 Improved handling of "out of space" conditions from John Myers of
3621 Improved security for mailing to files on systems that have fchmod(2)
3623 Improve "cannot send message for N days" message -- now says "could
3624 not send for past N days". Suggested by Tom Moore of AT&T
3625 Global Information Solutions.
3626 Less misleading Subject: line on messages sent to postmaster only.
3627 From Motonori Nakamura.
3628 Avoid duplicate error messages on bad command line flags. From
3630 Better error message for case where ruleset 0 falls off the end
3631 or otherwise does not resolve to a canonical triple.
3632 Fix a problem that could cause multiple bounce messages if a bad
3633 address was sent along with a good address to an SMTP
3634 site where that SMTP site returned a 4yz code in response
3635 to the final dot of the data. Problem reported by David
3636 James of British Telecom.
3637 Add "volatile" declarations so that gcc -O2 will work. Patches
3638 from Alexander Dupuy of System Management ARTS.
3639 Delete duplicates in MX lists -- believe it or not, there are sites
3640 that list the same host twice in an MX list. This deletion
3641 only works on adjacent preferences, so an MX list that
3642 had A=5, B=10, A=15 would leave both As, but one that had
3643 A=5, A=10, B=15 would reduce to A, B. This is intentional,
3644 just in case there is something weird I haven't thought of.
3645 Suggested by Barry Shein of Software Tool & Die.
3646 SECURITY: .forward files cannot be symbolic links. If they are,
3647 a bad guy can read your private files.
3649 Solaris 2 from Rob McMahon <cudcv@csv.warwick.ac.uk>.
3650 System V Release 4 from Motonori Nakamura of Ritsumeikan
3651 University. This expands the disk size
3652 checking to include all (?) SVR4 configurations.
3653 System V Release 4 from Kimmo Suominen -- initgroups(3)
3654 and setrlimit(2) are both available.
3655 System V Release 4 from sob@sculley.ffg.com -- some versions
3656 apparently "have EX_OK defined in other headerfiles."
3657 Linux Makefile typo.
3658 Linux getusershell(3) is broken in Slackware 2.0 --
3659 from Andrew Pam of Xanadu Australia.
3660 More Linux tweaking from John Kennedy of California State
3662 Cray changes from Eric Wassenaar: ``On Cray, shorts,
3663 ints, and longs are all 64 bits, and all structs
3664 are multiples of 64 bits. This means that the
3665 sizeof operator returns only multiples of 8.
3666 This requires adaptation of code that really
3667 deals with 32 bit or 16 bit fields, such as IP
3668 addresses or nameserver fields.''
3669 DG/UX 5.4.3 from Mark T. Robinson <mtr@ornl.gov>. To
3670 get the old behavior, use -DDGUX_5_4_2.
3671 DG/UX hack: add _FORCE_MAIL_LOCAL_=yes environment
3672 variable to fix bogus /bin/mail behavior.
3673 Tandem NonStop-UX from Rick McCarty <mccarty@mpd.tandem.com>.
3674 This also cleans up some System V Release 4 compile
3676 Solaris 2: sendmail.cw file should be in /etc/mail to
3677 match all the other configuration files. Fix
3678 from Glenn Barry of Emory University.
3679 Solaris 2.3: compile problem in conf.c. Fix from Alain
3680 Nissen of the University of Liege, Belgium.
3681 Ultrix: freespace calculation was incorrect. Fix from
3682 Takashi Kizu of Osaka University.
3683 SVR4: running in background gets a SIGTTOU because the
3684 emulation code doesn't realize that "getpeername"
3685 doesn't require reading the file. Fix from Peter
3687 Solaris 2.3: due to an apparent bug in the socket emulation
3688 library, sockets can get into a "wedged" state where
3689 they just return EPROTO; closing and re-opening the
3690 socket clears the problem. Fix from Bob Manson
3691 of Ohio State University.
3692 Hitachi 3050R & 3050RX running HI-UX/WE2: portability
3693 fixes from Akihiro Hashimoto ("Hash") of Chiba
3695 AIX changes to allow setproctitle to work from Rainer Schöpf
3696 of Zentrum für Datenverarbeitung der Universität
3698 AIX changes for load average from Ed Ravin of NASA/Goddard.
3699 SCO Unix from Chip Rosenthal of Unicom (code was using the
3701 ANSI C fixes from Adam Glass (NetBSD project).
3702 Stardent Titan/ANSI C fixes from Kate Hedstrom of Rutgers
3704 DG-UX fixes from Bruce Nagel of Data General.
3705 IRIX64 updates from Mark Levinson of the University of
3706 Rochester Medical Center.
3707 Altos System V (``the first UNIX/XENIX merge the Altos
3708 did for their Series 1000 & Series 2000 line;
3709 their merged code was licensed back to AT&T and
3710 Microsoft and became System V release 3.2'') from
3711 Tim Rice <timr@crl.com>.
3712 OSF/1 running on Intel Paragon from Jeff A. Earickson
3713 <jeff@ssd.intel.com> of Intel Scalable Systems
3715 Amdahl UTS System V 2.1.5 (SVr3-based) from Janet Jackson
3716 <janet@dialix.oz.au>.
3717 System V Release 4 (statvfs semantic fix) from Alain
3719 HP-UX 10.x multiprocessor load average changes from
3720 Scott Hutton and Jeff Sumler of Indiana University.
3721 Cray CSOS from Scott Bolte of Cray Computer Corporation.
3722 Unicos 8.0 from Douglas K. Rand of the University of North
3723 Dakota, Scientific Computing Center.
3724 Solaris 2.4 fixes from Sanjay Dani of Dani Communications.
3725 ConvexOS 11.0 from Christophe Wolfhugel.
3726 IRIX 4.0.5 from David Ashton-Reader of CADcentre.
3727 ISC UNIX from J. J. Bailey.
3728 HP-UX 9.xx on the 8xx series machines from Remy Giraud
3730 HP-UX configuration from Tom Lane <tgl@sss.pgh.pa.us>.
3731 IRIX 5.2 and 5.3 from Kari E. Hurtta.
3732 FreeBSD 2.0 from Mike Hickey of Federal Data Corporation.
3733 Sony NEWS-OS 4.2.1R and 6.0.3 from Motonori Nakamura.
3734 Omron LUNA unios-b, mach from Motonori Nakamura.
3735 NEC EWS-UX/V 4.2 from Motonori Nakamura.
3736 NeXT 2.1 from Bryan Costales.
3737 AUX patch thanks to Mike Erwin of Apple Computer.
3738 HP-UX 10.0 from John Beck of Hewlett-Packard.
3739 Ultrix: allow -DBROKEN_RES_SEARCH=0 if you are using a
3740 non-DEC resolver. Suggested by Allan Johannesen.
3741 UnixWare 2.0 fixes from Petr Lampa of the Technical
3742 University of Brno (Czech Republic).
3743 KSR OS 1.2.2 support from Todd Miller of the University
3745 UX4800 support from Kazuhisa Shimizu of NEC.
3746 MAKEMAP: allow -d flag to allow insertion of duplicate aliases
3747 in type ``btree'' maps. The semantics of this are undefined
3748 for regular maps, but it can be useful for the user database.
3749 MAKEMAP: lock database file while rebuilding to avoid sendmail
3750 lookups while the rebuild is going on. There is a race
3751 condition between the open(... O_TRUNC ...) and the lock
3752 on the file, but it should be quite small.
3753 SMRSH: sendmail restricted shell added to the release. This can
3754 be used as an alternative to /bin/sh for the "prog" mailer,
3755 giving the local administrator more control over what
3756 programs can be run from sendmail.
3757 MAIL.LOCAL: add this local mailer to the tape. It is not really
3758 part of the release proper, and isn't fully supported; in
3759 particular, it does not run on System V based systems and
3761 CONTRIB: a patch to rmail.c from Bill Gianopoulos of Raytheon
3762 to allow rmail to compile on systems that don't have
3763 function prototypes and systems that don't have snprintf.
3764 CONTRIB: add the "mailprio" scripts that will help you sort mailing
3765 lists by transaction delay times so that addresses that
3766 respond quickly get sent first. This is to prevent very
3767 sluggish servers from delaying other peoples' mail.
3768 Contributed by Tony Sanders of BSDI.
3769 CONTRIB: add the "bsdi.mc" file as contributed by Tony Sanders
3770 of BSDI. This has a lot of comments to help people out.
3771 CONFIG: Don't have .mc files include(../m4/cf.m4) -- instead,
3772 put this on the m4 command line. On GNU m4 (which
3773 supports the __file__ primitive) you can run m4 in an
3774 arbitrary directory -- use either:
3775 m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf
3777 m4 -I${CFDIR} m4/cf.m4 config.mc > config.cf
3778 On other versions of m4 that don't support __file__, you
3780 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 ...
3781 (Note the trailing slash on the _CF_DIR_ definition.)
3782 Old versions of m4 will default to _CF_DIR_=.. for back
3784 CONFIG: fix mail from <> so it will properly convert to
3785 MAILER-DAEMON on local addresses.
3786 CONFIG: fix code that was supposed to catch colons in host
3787 names. Problem noted by John Gardiner Myers of CMU.
3788 CONFIG: allow use of SMTP_MAILER_MAX in nullclient configuration.
3789 From Paul Riddle of the University of Maryland, Baltimore
3791 CONFIG: Catch and reject "." as a host address.
3792 CONFIG: Generalize domaintable to look up all domains, not
3793 just unqualified ones.
3794 CONFIG: Delete OLD_SENDMAIL support -- as near as I can tell, it
3795 was never used and didn't work anyway.
3796 CONFIG: Set flags A, w, 5, :, /, |, and @ on the "local" mailer
3797 and d on all mailers in the UUCP class.
3798 CONFIG: Allow "user+detail" to be aliased specially: it will first
3799 look for an alias for "user+detail", then for "user+*", and
3800 finally for "user". This is intended for forwarding mail
3801 for system aliases such as root and postmaster to a
3803 CONFIG: add confEIGHT_BIT_HANDLING to set option 8 (see above).
3804 CONFIG: add smtp8 mailer; this has the F=8 (just-send-8) flag set.
3805 The F=8 flag is also set on the "relay" mailer, since
3806 this is expected to be another sendmail.
3807 CONFIG: avoid qualifying all UUCP addresses sent via SMTP with
3808 the name of the UUCP_RELAY -- in some cases, this is the
3809 wrong value (e.g., when we have local UUCP connections),
3810 and this can create unreplyable addresses. From Chip
3811 Rosenthal of Unicom.
3812 CONFIG: add confRECEIVED_HEADER to change the format of the
3813 Received: header inserted into all messages. Suggested by
3814 Gary Mills of the University of Manitoba.
3815 CONFIG: Make "notsticky" the default; use FEATURE(stickyhost)
3816 to get the old behavior. I did this upon observing
3817 that almost everyone needed this feature, and that the
3818 concept I was trying to make happen didn't work with
3819 some user agents anyway. FEATURE(notsticky) still works,
3821 CONFIG: Add LUSER_RELAY -- the host to which unrecognized user
3822 names are sent, rather than immediately diagnosing them
3824 CONFIG: Add SMTP_MAILER_ARGS, ESMTP_MAILER_ARGS, SMTP8_MAILER_ARGS,
3825 and RELAY_MAILER_ARGS to set the arguments for the
3826 indicated mailers. All default to "IPC $h". Patch from
3827 Larry Parmelee of Cornell University.
3828 CONFIG: pop mailer needs F=n flag to avoid "annoying side effects
3829 on the client side" and F=P to get an appropriate
3830 return-path. From Kimmo Suominen.
3831 CONFIG: add FEATURE(local_procmail) to use the procmail program
3832 as the local mailer. For addresses of the form "user+detail"
3833 the "detail" part is passed to procmail via the -a flag.
3834 Contributed by Kimmo Suominen.
3835 CONFIG: add MAILER(procmail) to add an interface to procmail for
3836 use from mailertables. This lets you execute arbitrary
3837 procmail scripts. Contributed by Kimmo Suominen.
3838 CONFIG: add T= fields (MTS type) to local, smtp, and uucp mailers.
3839 CONFIG: add OSTYPE(ptx2) for DYNIX/ptx 2.x from Sequent. From
3840 Paul Southworth of CICNet Systems Support.
3841 CONFIG: use -a$g as default to UUCP mailers, instead of -a$f.
3842 This causes the null return path to be rewritten as
3843 MAILER-DAEMON; otherwise UUCP gets horribly confused.
3844 From Michael Hohmuth of Technische Universitat Dresden.
3845 CONFIG: Add FEATURE(bestmx_is_local) to cause any hosts that
3846 list us as the best possible MX record to be treated as
3847 though they were local (essentially, assume that they
3848 are included in $=w). This can cause additional DNS
3849 traffic, but is easier to administer if this fits your
3850 local model. It does not work reliably if there are
3851 multiple hosts that share the best MX preference.
3852 Code contributed by John Oleynick of Rutgers.
3853 CONFIG: Add FEATURE(smrsh) to use smrsh (the SendMail Restricted
3854 SHell) instead of /bin/sh as the program used for delivery
3855 to programs. If an argument is included, it is used as
3856 the path to smrsh; otherwise, /usr/local/etc/smrsh is
3858 CONFIG: Add LOCAL_MAILER_MAX and PROCMAILER_MAILER_MAX to limit the
3859 size of messages to the local and procmail mailers
3860 respectively. Contributed by Brad Knowles of the Defense
3861 Information Systems Agency.
3862 CONFIG: Handle leading ``phrase:'' and trailing ``;'' as comments
3863 (just like text outside of angle brackets) in order to
3864 properly deal with ``group: addr1, ... addrN;'' syntax.
3865 CONFIG: Require OSTYPE macro (the defaults really don't apply to
3866 any real systems any more) and tweak the DOMAIN macro
3867 so that it is less likely that users will accidentally use
3868 the Berkeley defaults. Also, create some generic files
3869 that really can be used in the real world.
3870 CONFIG: Add new configuration macros to set character sets for
3871 messages _arriving from_ various mailers: LOCAL_MAILER_CHARSET,
3872 SMTP_MAILER_CHARSET, and UUCP_MAILER_CHARSET.
3873 CONFIG: Change UUCP_MAX_SIZE to UUCP_MAILER_MAX for consistency.
3874 The old name will still be accepted for a while at least.
3875 CONFIG: Implement DECNET_RELAY as spec for host to which DECNET
3876 mail (.DECNET pseudo-domain or node::user) will be sent.
3877 As with all relays, it can be ``mailer:hostname''. Suggested
3879 CONFIG: Add MAILER(mail11) to get DECnet support. Code contributed
3880 by Barb Dijker of Labyrinth Computer Services.
3881 CONFIG: change confCHECK_ALIASES to default to False -- it has poor
3882 performance for large alias files, and this confused many
3884 CONFIG: Add confCF_VERSION to append local information to the
3885 configuration version number displayed during SMTP startup.
3886 CONFIG: fix some.newsgroup.usenet@local.host syntax (previously it
3887 would only work when locally addressed. Fix from
3888 Edvard Tuinder of Cistron Internet Services.
3889 CONFIG: use ${opMode} to avoid error on .REDIRECT addresses if option
3890 "n" (CheckAliases) is set when rebuilding alias database.
3891 Based on code contributed by Claude Marinier.
3892 CONFIG: Allow mailertable to have values of the form
3893 ``error:code message''. The ``code'' is a status code
3894 derived from the sysexits codes -- e.g., NOHOST or UNAVAILABLE.
3895 Contributed by David James <dwj@agw.bt.co.uk>.
3896 CONFIG: add MASQUERADE_DOMAIN(domain list) to extend the list of
3897 sender domains that will be replaced with the masquerade name.
3898 These domains will not be treated as local, but if mail passes
3899 through with sender addresses in those domains they will be
3900 replaced by the masquerade name. These can also be specified
3901 in a file using MASQUERADE_DOMAIN_FILE(filename).
3902 CONFIG: add FEATURE(masquerade_envelope) to masquerade the envelope
3903 as well as the header. Substantial improvements to this
3904 code were contributed by Per Hedeland.
3905 CONFIG: add MAILER(phquery) to define a new "ph" mailer; this can be
3906 accessed from a mailertable to do CCSO ph lookups. Contributed
3908 CONFIG: add MAILER(cyrus) to define a new Cyrus mailer; this can be
3909 used to define cyrus and cyrusbb mailers (for IMAP support).
3910 Contributed by John Gardiner Myers of Carnegie Mellon.
3911 CONFIG: add confUUCP_MAILER to select default mailer to use for
3912 UUCP addressing. Suggested by Tom Moore of AT&T GIS.
3915 cf/cf/cs-solaris2.mc
3917 cf/cf/generic-bsd4.4.mc
3918 cf/cf/generic-hpux10.mc
3919 cf/cf/generic-hpux9.mc
3920 cf/cf/generic-osf1.mc
3921 cf/cf/generic-solaris2.mc
3922 cf/cf/generic-sunos4.1.mc
3923 cf/cf/generic-ultrix4.mc
3925 cf/domain/berkeley-only.m4
3926 cf/domain/generic.m4
3927 cf/feature/bestmx_is_local.m4
3928 cf/feature/local_procmail.m4
3929 cf/feature/masquerade_envelope.m4
3931 cf/feature/stickyhost.m4
3932 cf/feature/use_ct_file.m4
3936 cf/mailer/phquery.m4
3937 cf/mailer/procmail.m4
3938 cf/ostype/amdahl-uts.m4
3939 cf/ostype/bsdi2.0.m4
3944 cf/ostype/unknown.m4
3947 contrib/rmail.oldsys.patch
3948 mail.local/mail.local.0
3954 src/Makefiles/Makefile.CSOS
3955 src/Makefiles/Makefile.EWS-UX_V
3956 src/Makefiles/Makefile.HP-UX.10
3957 src/Makefiles/Makefile.IRIX.5.x
3958 src/Makefiles/Makefile.IRIX64
3959 src/Makefiles/Makefile.ISC
3960 src/Makefiles/Makefile.KSR
3961 src/Makefiles/Makefile.NEWS-OS.4.x
3962 src/Makefiles/Makefile.NEWS-OS.6.x
3963 src/Makefiles/Makefile.NEXTSTEP
3964 src/Makefiles/Makefile.NonStop-UX
3965 src/Makefiles/Makefile.Paragon
3966 src/Makefiles/Makefile.SCO.3.2v4.2
3967 src/Makefiles/Makefile.SunOS.5.3
3968 src/Makefiles/Makefile.SunOS.5.4
3969 src/Makefiles/Makefile.SunOS.5.5
3970 src/Makefiles/Makefile.UNIX_SV.4.x.i386
3971 src/Makefiles/Makefile.uts.systemV
3972 src/Makefiles/Makefile.UX4800
3980 cf/cf/alpha.mc => cf/cf/s2k-osf1.mc
3981 cf/cf/chez.mc => cf/cf/chez.cs.mc
3982 cf/cf/hpux-cs-exposed.mc => cf/cf/cs-hpux9.mc
3983 cf/cf/osf1-cs-exposed.mc => cf/cf/cs-osf1.mc
3984 cf/cf/s2k.mc => cf/cf/s2k-ultrix4.mc
3985 cf/cf/sunos4.1-cs-exposed.mc => cf/cf/cs-sunos4.1.mc
3986 cf/cf/ultrix4.1-cs-exposed.mc => cf/cf/cs-ultrix4.mc
3987 cf/cf/vangogh.mc => cf/cf/vangogh.cs.mc
3988 cf/domain/Berkeley.m4 => cf/domain/Berkeley.EDU.m4
3989 cf/domain/cs-exposed.m4 => cf/domain/CS.Berkeley.EDU.m4
3990 cf/domain/eecs-hidden.m4 => cf/domain/EECS.Berkeley.EDU.m4
3991 cf/domain/s2k.m4 => cf/domain/S2K.Berkeley.EDU.m4
3992 cf/ostype/hpux.m4 => cf/ostype/hpux9.m4
3993 cf/ostype/irix.m4 => cf/ostype/irix4.m4
3994 cf/ostype/ultrix4.1.m4 => cf/ostype/ultrix4.m4
3995 src/Makefile.* => src/Makefiles/Makefile.*
3996 src/Makefile.AUX => src/Makefiles/Makefile.A-UX
3997 src/Makefile.BSDI => src/Makefiles/Makefile.BSD-OS
3998 src/Makefile.DGUX => src/Makefiles/Makefile.dgux
3999 src/Makefile.RISCos => src/Makefiles/Makefile.UMIPS
4000 src/Makefile.SunOS.4.0.3 => src/Makefiles/Makefile.SunOS.4.0
4005 cf/cf/hpux-cs-hidden.mc
4007 cf/cf/osf1-cs-hidden.mc
4008 cf/cf/sunos3.5-cs-exposed.mc
4009 cf/cf/sunos3.5-cs-hidden.mc
4010 cf/cf/sunos4.1-cs-hidden.mc
4011 cf/cf/ultrix4.1-cs-hidden.mc
4012 cf/domain/cs-hidden.m4
4013 contrib/rcpt-streaming
4014 src/Makefiles/Makefile.SunOS.5.x
4016 8.6.13/8.6.12 96/01/25
4017 SECURITY: In some cases it was still possible for an attacker to
4018 insert newlines into a queue file, thus allowing access to
4019 any user (except root).
4020 CONFIG: no changes -- it is not a bug that the configuration
4021 version number is unchanged.
4023 8.6.12/8.6.12 95/03/28
4024 Fix to IDENT code (it was getting the size of the reply buffer
4025 too small, so nothing was ever accepted). Fix from several
4026 people, including Allan Johannesen, Shane Castle of the
4027 Boulder County Information Services, and Jeff Smith of
4028 Warwick University (all arrived within a few hours of
4030 Fix a problem that could cause large jobs to run out of
4031 file descriptors on systems that use vfork() rather
4034 8.6.11/8.6.11 95/03/08
4035 The ``possible attack'' message would be logged more often
4036 than necessary if you are using Pine as a user agent.
4037 The wrong host would be reported in the ``possible attack''
4038 message when attempted from IDENT.
4039 In some cases the syslog buffer could be overflowed when
4040 reporting the ``possible attack'' message. This can
4041 cause denial of service attacks. Truncate the message
4042 to 80 characters to prevent this problem.
4043 When reading the IDENT response a loop is needed around the
4044 read from the network to ensure that you don't get
4046 Password entries without any shell listed (that is, a null
4047 shell) wouldn't match as "ok". Problem noted by
4049 When running BIND 4.9.x a problem could occur because the
4050 _res.options field is initialized differently than it
4051 was historically -- this requires that sendmail call
4052 res_init before it tweaks any bits.
4053 Fix an incompatibility in openxscript() between the file open mode
4054 and the stdio mode passed to fdopen. This caused UnixWare
4055 2.0 to have conniptions. Fix from Martin Sohnius of
4057 Fix problem with static linking of local getopt routine when
4058 using GNU's ld command. Fix from John Kennedy of
4060 It was possible to turn off privacy flags. Problem noted by
4062 Be more paranoid about writing files. Suggestions by *Hobbit*
4063 and Liudvikas Bukys.
4064 MAKEMAP: fixes for 64 bit machines (DEC Alphas in particular)
4065 from Spider Boardman.
4066 CONFIG: No changes (version number only, to keep it in sync
4069 8.6.10/8.6.10 95/02/10
4070 SECURITY: Diagnose bogus values to some command line flags that
4071 could allow trash to get into headers and qf files.
4072 Validate the name of the user returned by the IDENT protocol.
4073 Some systems that really dislike IDENT send intentionally
4074 bogus information. Problem pointed out by Michael Bushnell
4075 of the Free Software Foundation. Has some security
4077 Fix a problem causing error messages about DNS problems when
4078 the host name contained a percent sign to act oddly
4079 because it was passed as a printf-style format string.
4080 In some cases this could cause core dumps.
4081 Avoid possible buffer overrun in returntosender() if error
4082 message is quite long. From Fletcher Mattox of the
4083 University of Texas.
4084 Fix a problem that would silently drop "too many hops" error
4085 messages if and only if you were sending to an alias.
4086 From Jon Giltner of the University of Colorado and
4087 Dan Harton of Oak Ridge National Laboratory.
4088 Fix a bug that caused core dumps on some systems if -d11.2 was
4089 set and e->e_message was null. Fix from Bruce Nagel of
4091 Fix problem that can still cause df files to be left around
4092 after "hop count exceeded" messages. Fix from Andrew
4093 Chang and Shau-Ping Lo of SunSoft.
4094 Fix a problem that can cause buffer overflows on very long
4095 user names (as might occur if you piped to a program
4096 with a lot of arguments).
4097 Avoid returning an error and re-queueing if the host signature
4098 is null; this can occur on addresses like ``user@.''.
4099 Problem noted by Wesley Craig and the University of
4101 Avoid possible calls to malloc(0) if MCI caching is turned
4102 off. Bug fix from Pierre David of the Laboratoire
4103 Parallelisme, Reseaux, Systemes et Modelisation (PRiSM),
4104 Universite de Versailles - St Quentin, and Jacky
4106 Make a local copy of the line being sent via senttolist() -- in
4107 some cases, buffers could get trashed by map lookups
4108 causing it to do unexpected things. This also simplifies
4109 some of the map code.
4110 CONFIG: No changes (version number only, to keep it in sync
4113 8.6.9/8.6.9 94/04/19
4114 Do all mail delivery completely disconnected from any terminal.
4115 This provides consistency with daemon delivery and
4116 may have some security implications.
4117 Make sure that malloc doesn't get called with zero size,
4118 since that fails on some systems. Reported by Ed
4119 Hill of the University of Iowa.
4120 Fix multi-line values for $e (SMTP greeting message). Reported
4121 by Mike O'Connor of Ford Motor Company.
4122 Avoid syserr if no NIS domain name is defined, but the map it
4123 is trying to open is optional. From Win Bent of USC.
4124 Changes for picky compilers from Ed Gould of Digital Equipment.
4125 Hesiod support for UDB from Todd Miller of the University of
4126 Colorado. Use "hesiod" as the service name in the U
4128 Fix a problem that failed to set the "authentic" host name (that
4129 is, the one derived from the socket info) if you called
4130 sendmail -bs from inetd. Based on code contributed by
4131 Todd Miller (this problem was also reported by Guy Helmer
4132 of Dakota State University). This also fixes a related
4133 problem reported by Liudvikas Bukys of the University of
4135 Parameterize "nroff -h" in all the Makefiles so people with
4136 variant versions can use them easily. Suggested by
4137 Peter Collinson of Hillside Systems.
4138 SMTP "MAIL" commands with multiple ESMTP parameters required two
4139 spaces between parameters instead of one. Reported by
4140 Valdis Kletnieks of Virginia Tech.
4141 Reduce the number of system calls during message collection by
4142 using global timeouts around the collect() loop. This
4143 code was contributed by Eric Wassenaar.
4144 If the initial hostname name gathering results in a name
4145 without a dot (usually caused by NIS misconfiguration)
4146 and BIND is compiled in, directly access DNS to get
4147 the canonical name. This should make life easier for
4148 Solaris systems. If it still can't be resolved, and
4149 if the name server is listed as "required", try again
4150 in 30 seconds. If that also fails, exit immediately to
4151 avoid bogus "config error: mail loops back to myself"
4153 Improve the "MAIL DELETED BECAUSE OF LACK OF DISK SPACE" error
4154 message to explain how much space was available and
4155 sound a bit less threatening. Suggested by Stan Janet
4156 of the National Institute of Standards and Technology.
4157 If mail is delivered to an alias that has an owner, deliver any
4158 requested return-receipt immediately, and strip the
4159 Return-Receipt-To: header from the subsequent message.
4160 This prevents a certain class of denial of service
4161 attack, arguably gives more reasonable semantics, and
4162 moves things more towards what will probably become a
4163 network standard. Suggested by Christopher Davis of
4165 Add a "noreceipts" privacy flag to turn off all return receipts
4166 without recompiling.
4167 Avoid printing ESMTP parameters as part of the error message
4168 if there are errors during parsing. This change is
4170 Avoid sending out error messages during the collect phase of
4171 SMTP; there is an MVS mailer from UCLA that gets
4172 confused by this. Of course, I think it's their bug....
4173 Check for the $j macro getting undefined, losing a dot, or getting
4174 lost from $=w in the daemon before accepting a connection;
4175 if it is, it dumps state, prints a LOG_ALERT message,
4176 and drops core for debugging. This is an attempt to
4177 track down a bug that I thought was long since gone.
4178 If you see this, please forward the log fragment to
4179 sendmail@sendmail.ORG.
4180 Change OLD_NEWDB from a #ifdef to a #if so it can be turned off
4181 with -DOLD_NEWDB=0 on the command line. From Christophe
4183 Instead of trying to truncate the listen queue for the server
4184 SMTP port when the load average is too high, just close
4185 the port completely and reopen it later as needed.
4186 This ensures that the other end gets a quick "connection
4187 refused" response, and that the connection can be
4188 recovered later. In particular, some socket emulations
4189 seem to get confused if you tweak the listen queue
4190 size around and can never start listening to connections
4191 again. The down side is that someone could start up
4192 another daemon process in the interim, so you could
4193 have multiple daemons all not listening to connections;
4194 this could in turn cause the sendmail.pid file to be
4195 incorrect. A better approach might be to accept the
4196 connection and give a 421 code, but that could break
4197 other mailers in mysterious ways and have paging behavior
4199 Fix a glitch in TCP-level debugging that caused flag 16.101 to
4200 set debugging on the wrong socket. From Eric Wassenaar.
4201 When creating a df* temporary file, be sure you truncate any
4202 existing data in the file -- otherwise system crashes
4203 and the like could result in extra data being sent.
4204 DOC: Replace the CHANGES-R5-R8 readme file with a paper in the
4205 doc directory. This includes some additional
4207 CONFIG: change UUCP rules to never add $U! or $k! on the front
4208 of recipient envelope addresses. This should have been
4209 handled by the $&h trick, but broke if people were
4210 mixing domainized and UUCP addresses. They should
4211 probably have converted all the way over to uucp-uudom
4212 instead of uucp-{new,old}, but the failure mode was to
4213 loop the mail, which was bad news.
4215 Newer BSDI systems (several people).
4216 Older BSDI systems from Christophe Wolfhugel.
4217 Intergraph CLIX, from Paul Southworth of CICNet.
4218 UnixWare, from Evan Champion.
4219 NetBSD from Adam Glass.
4220 Solaris from Quentin Campbell of the University of
4221 Newcastle upon Tyne.
4222 IRIX from Dean Cookson and Bill Driscoll of Mitre
4224 NCR 3000 from Kevin Darcy of Chrysler Financial Corporation.
4225 SunOS (it has setsid() and setvbuf() calls) from
4226 Jonathan Kamens of OpenVision Technologies.
4227 HP-UX from Tor Lillqvist.
4230 src/Makefile.NCR3000
4231 doc/changes/Makefile
4232 doc/changes/changes.me
4233 doc/changes/changes.ps
4235 8.6.8/8.6.6 94/03/21
4236 SECURITY: it was possible to read any file as root using the
4237 E (error message) option. Reported by Richard Jones;
4238 fixed by Michael Corrigan and Christophe Wolfhugel.
4240 8.6.7/8.6.6 94/03/14
4241 SECURITY: it was possible to get root access by using weird
4242 values to the -d flag. Thanks to Alain Durand of
4243 INRIA for forwarding me the notice from the bugtraq
4246 8.6.6/8.6.6 94/03/13
4247 SECURITY: the ability to give files away on System V-based
4248 systems proved dangerous -- don't run as the owner
4249 of a :include: file on a system that allows giveaways.
4250 Unfortunately, this also applies to determining a
4252 IMPORTANT: Previous versions weren't expiring old connections
4253 in the connection cache for a long time under some
4254 circumstances. This could result in resource exhaustion,
4255 both at your end and at the other end. This checks the
4256 connections for timeouts much more frequently. From
4257 Doug Anderson of NCSC.
4258 Fix a glitch that snuck in that caused programs to be run as
4259 the sender instead of the recipient if the mail was
4260 from a local user to another local user. From
4261 Motonori Nakamura of Kyoto University.
4262 Fix "wildcard" on /etc/shells matching -- instead of looking
4263 for "*", look for "/SENDMAIL/ANY/SHELL/". From
4264 Bryan Costales of ICSI.
4265 Change the method used to declare the "statfs" availability;
4266 instead of HASSTATFS and/or HASUSTAT with a ton of
4267 tweaking in conf.c, there is a single #define called
4268 SFS_TYPE which takes on one of six values (SFS_NONE
4269 for no statfs availability, SFS_USTAT for the ustat(2)
4270 syscall, SFS_4ARGS for a four argument statfs(2) call,
4271 and SFS_VFS, SFS_MOUNT, or SFS_STATFS for a two argument
4272 statfs(2) call with the declarations in <sys/vfs.h>,
4273 <sys/mount.h>, or <sys/statfs.h> respectively).
4274 Fix glitch in NetInfo support that could return garbage if
4275 there was no "/locations/sendmail" property. From
4276 David Meyer of the University of Virginia.
4277 Change HASFLOCK from defined/not-defined to a 0/1 definition
4278 to allow Linux to turn it off even though it is a
4280 Allow setting of "ident" timeout to zero to turn off the ident
4282 Make 7-bit stripping local to a connection (instead of to a
4283 mailer); this allows you to specify that SMTP is a
4284 7-bit channel, but revert to 8-bit should it advertise
4285 that it supports 8BITMIME. You still have to specify
4286 mailer flag 7 to get this stripping at all.
4287 Improve makesendmail script so it handles more cases automatically.
4288 Tighten up restrictions on taking ownership of :include: files
4289 to avoid problems on systems that allow you to give away
4291 Fix a problem that made it impossible to rebuild the alias
4292 file if it was on a read-only file system. From
4293 Harry Edmon of the University of Washington.
4294 Improve MX randomization function. From John Gardiner Myers
4296 Fix a minor glitch causing a bogus message to be printed (used
4297 %s instead of %d in a printf string for the line number)
4298 when a bad queue file was read. From Harry Edmon.
4299 Allow $s to remain NULL on locally generated mail. I'm not
4300 sure this is necessary, but a lot of people have complained
4301 about it, and there is a legitimate question as to whether
4302 "localhost" is legal as an 822-style domain.
4303 Fix a problem with very short line lengths (mailer L= flag) in
4304 headers. This causes a leading space to be added onto
4305 continuation lines (including in the body!), and also
4306 tries to wrap headers containing addresses (From:, To:,
4307 etc) intelligently at the shorter line lengths. Problem
4308 Reported by Lars-Johan Liman of SUNET Operations Center.
4309 Log the real user name when logging syserrs, since these can have
4310 security implications. Suggested by several people.
4311 Fix address logging of cached connections -- it used to always
4312 log the numeric address as zero. This is a somewhat
4313 bogus implementation in that it does an extra system
4314 call, but it should be an inexpensive one. Fix from
4316 Tighten up handling of short syslog buffers even more -- there
4317 were cases where the outgoing relay= name was too long
4318 to share a line with delay= and mailer= logging.
4319 Limit the overhead on split envelopes to one open file descriptor
4320 per envelope -- previously the overhead was three
4321 descriptors. This was in response to a problem reported
4322 by P{r (Pell) Emanuelsson.
4323 Fixes to better handle the case of unexpected connection closes;
4324 this redirects the output to the transcript so the info
4325 is not lost. From Eric Wassenaar.
4326 Fix potential string overrun if you macro evaluate a string that
4327 has a naked $ at the end. Problem noted by James Matheson
4328 <jmrm@eng.cam.ac.uk>.
4329 Make default error number on $#error messages 553 (``Requested
4330 action not taken: mailbox name not allowed'') instead of
4331 501 (``Syntax error in parameters or arguments'') to
4332 avoid bogus "protocol error" messages.
4333 Strip off any existing trailing dot on names during $[ ... $]
4334 lookup. This prevents it from ending up with two dots
4335 on the end of dot terminated names. From Wesley Craig
4336 of the University of Michigan and Bryan Costales of ICSI.
4337 Clean up file class reading so that the debugging information is
4338 more informative. It hadn't been using setclass, so you
4339 didn't see the class items being added.
4340 Avoid core dump if you are running a version of sendmail where
4341 NIS is compiled in, and you specify an NIS map, but
4342 NIS is not running. Fix from John Oleynick of
4344 Diagnose bizarre case where res_search returns a failure value,
4345 but sets h_errno to a success value.
4346 Make sure that "too many hops" messages are considered important
4347 enough to send an error to the Postmaster (that is, the
4348 address specified in the P option). This fix should
4349 help problems that cause the df file to be left around
4350 sometimes -- unfortunately, I can't seem to reproduce
4352 Avoid core dump (null pointer reference) on EXPN command; this
4353 only occurred if your log level was set to 10 or higher
4354 and the target account was an alias or had a .forward file.
4355 Problem noted by Janne Himanka.
4356 Avoid "denial of service" attacks by someone who is flooding your
4357 SMTP port with bad commands by shutting the connection
4358 after 25 bad commands are issued. From Kyle Jones of
4360 Fix core dump on error messages with very long "to" buffers;
4361 fmtmsg overflows the message buffer. Fixed by trimming
4362 the to address to 203 characters. Problem reported by
4364 Fix configuration for HASFLOCK -- there were some spots where
4365 a #ifndef was incorrectly #ifdef. Pointed out by
4366 George Baltz of the University of Maryland.
4367 Fix a typo in savemail() that could cause the error message To:
4368 lists to be incorrect in some places. From Motonori
4370 Fix a glitch that can cause duplicate error messages on split
4371 envelopes where an address on one of the lists has a
4372 name server failure. Fix from Voradesh Yenbut of the
4373 University of Washington.
4374 Fix possible bogus pointer reference on ESMTP parameters that
4375 don't have an ``=value'' part.
4376 CNAME loops caused an error message to be generated, but also
4377 re-queued the message. Changed to just re-queue the
4378 message (it's really hard to just bounce it because
4379 of the weird way the name server works in the presence
4380 of CNAME loops). Problem noted by James M.R.Matheson
4381 of Cambridge University.
4382 Avoid giving ``warning: foo owned process doing -bs'' messages
4383 if they use ``MAIL FROM:<foo>'' where foo is their true
4384 user name. Suggested by Andreas Stolcke of ICSI.
4385 Change the NAMED_BIND compile flag to be a 0/1 flag so you can
4386 override it easily in the Makefile -- that is, you can
4387 turn it off using -DNAMED_BIND=0.
4388 If a gethostbyname(...) of an address with a trailing dot fails,
4389 try it without the trailing dot. This is because if
4390 you have a version of gethostbyname() that falls back
4391 to NIS or the /etc/hosts file it will fail to find
4392 perfectly reasonable names that just don't happen to
4393 be dot terminated in the hosts file. You don't want to
4394 strip the dot first though because we're trying to ensure
4395 that country names that match one of your subdomains get
4397 PRALIASES: fix bogus output on non-null-terminated strings.
4398 From Bill Gianopoulos of Raytheon.
4399 CONFIG: Avoid rewriting anything that matches $w to be $j.
4400 This was in code intended to only catch the self-literal
4401 address (that is, [1.2.3.4], where 1.2.3.4 is your
4402 IP address), but the code was broken. However, it will
4403 still do this if $M is defined; this is necessary to
4404 get client configurations to work (sigh). Note that this
4405 means that $M overrides :mailname entries in the user
4406 database! Problem noted by Paul Southworth.
4407 CONFIG: Fix definition of Solaris help file location. From
4408 Steve Cliffe <steve@gorgon.cs.uow.edu.au>.
4409 CONFIG: Fix bug that broke news.group.USENET mappings.
4410 CONFIG: Allow declaration of SMTP_MAILER_MAX, FAX_MAILER_MAX,
4411 and USENET_MAILER_MAX to tweak the maximum message
4412 size for various mailers.
4413 CONFIG: Change definition of USENET_MAILER_ARGS to include argv[0]
4414 instead of assuming that it is "inews" for consistency
4415 with other mailers. From Michael Corrigan of UC San Diego.
4416 CONFIG: When mail is forwarded to a LOCAL_RELAY or a MAIL_HUB,
4417 qualify the address in the SMTP envelope as user@{relay|hub}
4418 instead of user@$j. From Bill Wisner of The Well.
4419 CONFIG: Fix route-addr syntax in nullrelay configuration set.
4420 CONFIG: Don't turn off case mapping of user names in the local
4421 mailer for IRIX. This was different than most every other
4423 CONFIG: Avoid infinite loops on certainly list:; syntaxes in
4424 envelope. Noted by Thierry Besancon
4425 <besancon@excalibur.ens.fr>.
4426 CONFIG: Don't include -z by default on uux line -- most systems
4427 don't want it set by default. Pointed out by Philippe
4428 Michel of Thomson CSF.
4429 CONFIG: Fix some bugs with mailertables -- for example, if your
4430 host name was foo.bar.ray.com and you matched against
4431 ".ray.com", the old implementation bound %1 to "bar"
4432 instead of "foo.bar". Also, allow "." in the mailertable
4433 to match anything -- essentially, take over SMART_HOST.
4434 This also moves matching of explicit local host names
4435 before the mailertable so they don't have to be special
4436 cased in the mailertable data. Reported by Bill
4437 Gianopoulos of Raytheon; the fix for the %1 binding
4438 problem was contributed by Nicholas Comanos of the
4439 University of Sydney.
4440 CONFIG: Don't include "root" in class $=L (users to deliver
4441 locally, even if a hub or relay exists) by default.
4442 This is because of the known bug where definition of
4443 both a LOCAL_RELAY and a MAIL_HUB causes $=L to ignore
4444 both and deliver into the local mailbox.
4445 CONFIG: Move up bitdomain and uudomain handling so that they
4446 are done before .UUCP class matching; uudomain was
4447 reported as ineffective before. This also frees up
4448 diversion 8 for future use. Problem reported by Kimmo
4450 CONFIG: Don't try to convert dotted IP address (e.g., [1.2.3.4])
4451 into host names. As pointed out by Jonathan Kamens,
4452 these are often used because either the forward or reverse
4453 mapping is broken; this translation makes it broken again.
4454 DOC: Clarify $@ and $: in the Install & Op Guide. From Kimmo
4457 Unicos from David L. Kensiski of Sterling Software.
4458 DomainOS from Don Lewis of Silicon Systems.
4459 GNU m4 1.0.3 from Karst Koymans of Utrecht University.
4460 Convex from Kimmo Suominen <kim@tac.nyc.ny.us>.
4461 NetBSD from Adam Glass <glass@sun-lamp.cs.berkeley.edu>.
4462 BSD/386 from Tony Sanders of BSDI.
4463 Apollo from Eric Wassenaar.
4464 DGUX from Doug Anderson.
4465 Sequent DYNIX/ptx 2.0 from Tim Wright of Sequent.
4467 src/Makefile.DomainOS
4469 src/Makefile.SunOS.5.1
4470 src/Makefile.SunOS.5.2
4471 src/Makefile.SunOS.5.x
4473 cf/ostype/domainos.m4
4478 8.6.5/8.6.5 94/01/13
4479 Security fix: /.forward could be owned by anyone (the test
4480 to allow root to own any file was backwards). From
4481 Bob Campbell at U.C. Berkeley.
4482 Security fix: group ids were not completely set when programs
4483 were invoked. This caused programs to have group
4484 permissions they should not have had (usually group
4485 daemon instead of their own group). In particular,
4486 Perl scripts would refuse to run.
4487 Security: check to make sure files that are written are not
4488 symbolic links (at least under some circumstances).
4489 Although this does not respond to a specific known
4490 attack, it's just a good idea. Suggested by
4491 Christian Wettergren.
4492 Security fix: if a user had an NFS mounted home directory on
4493 a system with a restricted shell listed in their
4494 /etc/passwd entry, they could still execute any
4495 program by putting that in their .forward file.
4496 This fix prevents that by insisting that their shell
4497 appear in /etc/shells before allowing a .forward to
4498 execute a program or write a file. You can disable
4499 this by putting "*" in /etc/shells. It also won't
4500 permit world-writable :include: files to reference
4501 programs or files (there's no way to disable this).
4502 These behaviors are only one level deep -- for
4503 example, it is legal for a world-writable :include:
4504 file to reference an alias that writes a file, on
4505 the assumption that the alias file is well controlled.
4506 Security fix: root was not treated suspiciously enough when
4507 looking into subdirectories. This would potentially
4508 allow a cracker to examine files that were publicly
4509 readable but in a non-publicly searchable directory.
4510 Fix a problem that causes an error on QUIT on a cached
4511 connection to create problems on the current job.
4512 These are typically unrelated, so errors occur in
4514 Reset CurrentLA in sendall() -- this makes sendmail queue
4515 runs more responsive to load average, and fixes a
4516 problem that ignored the load average in locally
4517 generated mail. From Eric Wassenaar.
4518 Fix possible core dump on aliases with null LHS. From
4519 John Orthoefer of BB&N.
4520 Revert to using flock() whenever possible -- there are just
4521 too many bugs in fcntl() locking, particularly over
4522 NFS, that cause sendmail to fail in perverse ways.
4523 Fix a bug that causes the connection cache to get confused
4524 when sending error messages. This resulted in
4525 "unexpected close" messages. It should fix itself
4526 on the following queue run. Problem noted by
4527 Liudvikas Bukys of the University of Rochester.
4528 Include $k in $=k as documented in the Install & Op Guide.
4529 This seems odd, but it was documented.... From
4530 Michael Corrigan of UCSD.
4531 Fix problem that caused :include:s from alias files to be
4532 forced to be owned by root instead of daemon
4533 (actually DefUid). From Tim Irvin.
4534 Diagnose unrecognized I option values -- from Mortin Forssen
4535 of the Chalmers University of Technology.
4536 Make "error" mailer work consistently when there is no error
4537 code associated with it -- previously it returned OK
4538 even though there was a real problem. Now it assumes
4540 Fix bug that caused the last header line of messages that had
4541 no body and which were terminated with EOF instead of
4542 "." to be discarded. Problem noted by Liudvikas Bukys.
4543 Fix core dump on SMTP mail to programs that failed -- it tried
4544 to go to a "next MX host" when none existed, causing
4545 a core dump. From der Mouse at McGill University.
4546 Change IDENTPROTO from a defined/not defined to a 0/1 switch;
4547 this makes it easier to turn it off (using
4548 -DIDENTPROTO=0 in the Makefile). From der Mouse.
4549 Fix YP_MASTER_NAME store to use the unupdated result of
4550 gethostname() (instead of myhostname(), which tries
4551 to fully qualify the name) to be consistent with
4552 SunOS. If your hostname is unqualified, this fixes
4553 transfers to slave servers. Bug noted by Keith
4554 McMillan of Ameritech Services, Inc.
4555 Fix Ultrix problem: gethostbyname() can return a very large
4556 (> 500) h_length field, which causes the sockaddr
4557 to be trashed. Use the size of the sockaddr instead.
4558 Fix from Bob Manson of Ohio State.
4559 Don't assume "-a." on host lookups if NAMED_BIND is not
4560 defined -- this confuses gethostbyname on hosts
4561 file lookups, which doesn't understand the trailing
4563 Log SMTP server subprocesses that die with a signal instead
4564 of from a clean exit.
4565 If you don't have option "I" set, don't assume that a DNS
4566 "host unknown" message is authoritative -- it
4567 might still be found in /etc/hosts.
4568 Fix a problem that would cause Deferred: messages to be sent
4569 as the subject of an error message, even though the
4570 actual cause of a message was more severe than that.
4571 Problem noted by Chris Seabrook of OSSI.
4572 Fix race condition in DBM alias file locking. From Kyle
4574 Limit delivery syslog line length to avoid bugs in some
4575 versions of syslog(3). This adds a new compile time
4576 variable SYSLOG_BUFSIZE. From Jay Plett of Princeton
4577 University, which is in turn derived from IDA.
4578 Fix quotes inside of comments in addresses -- previously
4579 it insisted that they be balanced, but the 822 spec
4580 says that they should be ignored.
4581 Dump open file state to syslog upon receiving SIGUSR1 (for
4582 debugging). This also evaluates ruleset 89, if set
4583 (with the null input), and logs the result. This
4584 should be used sparingly, since the rewrite process
4586 Change -qI, -qR, and -qS flags to be case-insensitive as
4587 documented in the Bat Book.
4588 If the mailer returned EX_IOERR or EX_OSERR, sendmail did not
4589 return an error message and did not requeue the message.
4590 Fix based on code from Roland Dirlewanger of
4591 Reseau Regional Aquarel, Bordeaux, France.
4592 Fix a problem that caused a seg fault if you got a 421 error
4593 code during some parts of connection initialization.
4594 I've only seen this when talking to buggy mailers on
4595 the other end, but it shouldn't give a seg fault in
4596 any case. From Amir Plivatsky.
4597 Fix core dump caused by a ruleset call that returns null.
4598 Fix from Bryan Costales of ICSI.
4599 Full-Name: field was being ignored. Fix from Motonori Nakamura
4600 of Kyoto University.
4601 Fix a possible problem with very long input lines in setproctitle.
4602 From P{r Emanuelsson.
4603 Avoid putting "This is a warning message" out on return receipts.
4604 Suggested by Douglas Anderson.
4605 Detect loops caused by recursive ruleset calls. Suggested by
4607 Initialize non-alias maps during alias rebuilds -- they may be
4608 needed for parsing. Problem noted by Douglas Anderson.
4609 Log sender address even if no message was collected in SMTP
4610 (e.g., if all RCPTs failed). Suggested by Motonori
4612 Don't reflect the owner-list contents into the envelope sender
4613 address if the value contains ", :, /, or | (to avoid
4614 illegal addresses appearing there).
4615 Efficiency hack for toktype macro -- from Craig Partridge of
4617 Clean up DNS error printing so that a host name is always
4619 Remember to set $i during queue runs. Reported by Stephen
4620 Campbell of Dartmouth University.
4621 If the environment variable HOSTALIASES is set, use it during
4622 canonification as the name of a file with per-user host
4623 translations so that headers are properly mapped. Reported
4624 by Anne Bennett of Concordia University.
4625 Avoid printing misleading error message if SMTP mailer (not
4626 using [IPC]) should die on a core dump.
4627 Avoid incorrect diagnosis of "file 1 closed" when it is caused
4628 by the other end closing the connection. From
4629 Dave Morrison of Oracle.
4630 Improve several of the error messages printed by "mailq"
4631 to include a host name or other useful information.
4632 Add NetInfo preliminary support for NeXT systems. From Vince
4634 Fix a glitch that sometimes caused :include:s that pointed to
4635 NFS filesystems that were down to give an "aliasing/
4636 forwarding loop broken" message instead of queueing
4637 the message for retry. Noted by William C Fenner of
4638 the NRL Connection Machine Facility.
4639 Fix a problem that could cause a core dump if the input sequence
4640 had (or somehow acquired) a \231 character.
4641 Make sure that route-addrs always have <angle brackets> around
4642 them in non-SMTP envelopes (SMTP envelopes already do
4644 Avoid weird headers on unbalanced punctuation of the form:
4645 ``Joe User <user)'' -- this caused reference to the
4646 null macro. Fix from Rick McCarty of IO.COM.
4647 Fix a problem that caused an alias "user: user@local.host" to
4648 not have the QNOTREMOTE bit set; this caused configs
4649 to act as if FEATURE(notsticky) was defined even when
4650 it was not. The effect of the problem was to make it
4651 very hard to to set up satellite sites that had a few
4652 local accounts, with everything else forwarded to a
4653 corporate hub. Reported by Detlef Drewanz of the
4654 University of Rostock and Mark Frost of NCD.
4655 Change queuing to not call rulesets 3, {1 or 2}, 4 on header
4656 addresses. This is more efficient (fewer name server
4657 calls) and fixes certain unusual configurations, such
4658 as those that have ruleset 4 do something that is
4659 non-idempotent unless a mailer-specific ruleset did
4660 something else. Problem reported by Brian J. Coan
4661 of the Institute for Global Communications.
4662 Fix the "obsolete argument" routine in main to better understand
4663 new arguments. For example, if you used ``sendmail
4664 -C config -v -q'' it would choke on the -q because
4665 the -C would stop looking for old-format arguments.
4666 Fix the code that was intended to allow two users to forward their
4667 mail to the same program and have them appear unique.
4668 Portability fixes for:
4669 SCO UNIX from Murray Kucherawy.
4670 SCO Open Server 3.2v4 from Philippe Brand.
4671 System V Release 4 from Rick Ellis and others.
4672 OSF/1 from Steve Campbell.
4673 DG/UX from Ben Mesander of the USGS and Bryan Curnutt
4674 of Stoner Associates.
4675 Motorola SysV88 from Kevin Johnson of Motorola.
4676 Solaris 2.3 from Casper H.S. Dik of the University
4677 of Amsterdam and John Caruso of University
4679 FreeBSD from Ollivier Robert.
4680 NetBSD from Adam Glass.
4681 TitanOS from Kate Hedstrom of Rutgers University.
4682 Irix from Bryan Curnutt.
4683 Dynix from Jim Davis of the University of Arizona.
4685 Linux from John Kennedy of California State University
4687 Solaris 2.x from Tony Boner of the U.S. Air Force.
4688 NEXTSTEP 3.x from Vince DeMarco.
4689 HP-UX from various people. NOTA BENE: the location
4690 of the config file has moved to /usr/lib
4691 to match the HP-UX version of sendmail.
4692 CONFIG: Don't do any recipient rewriting on relay mailer;
4693 since this is intended only for internal use, the
4694 usual RFC 821/822/1123 rules can be relaxed. The
4695 main point of this is to avoid munging (ugh) UUCP
4696 addresses when relaying internally.
4697 CONFIG: fix typo in mailer/uucp.m4 that mutilates list:;
4698 syntax addresses delivered via UUCP. Solution
4699 provided by Peter Wemm.
4700 CONFIG: fix thumb-fumble in default UUCP relaying in ruleset
4701 zero; it caused double @ signs in addresses. From
4702 Irving Reid of the University of Toronto.
4703 CONFIG: Portability fixes for SCO Unix 3.2 with TCP/IP 1.2.1
4704 from Markku Toijala of ICL Personal Systems Oy.
4705 CONFIG: Add trailing "." on pseudo-domains for consistency;
4706 this fixes a problem (noted by Al Whaley of Sunnyside)
4707 that made it hard to recognize your own pseudodomain
4709 CONFIG: catch "@host" syntax errors (i.e., null local-parts)
4710 rather than letting them get "local configuration
4711 error"s. Problem noted by John Gardiner Myers.
4712 CONFIG: add uucp-uudom mailer variant, based on code posted
4713 by Spider Boardman <spider@Orb.Nashua.NH.US>; this
4714 has uucp-dom semantics but old UUCP syntax. This
4715 also permits "uucp-old" as an alias for "uucp" and
4716 "uucp-new" as a synonym for "suucp" for consistency.
4717 CONFIG: add POP mailer support (from Kimmo Suominen
4718 <kim@grendel.lut.fi>).
4719 CONFIG: drop CSNET_RELAY support -- CSNET is long gone.
4720 CONFIG: fix bug caused with domain literal addresses (e.g.,
4721 ``[128.32.131.12]'') when FEATURE(allmasquerade)
4722 was set; it would get an additional @masquerade.host
4723 added to the address. Problem noted by Peter Wan
4725 CONFIG: make sure that the local UUCP name is in $=w. From
4726 Jim Murray of Stratus.
4727 CONFIG: changes to UUCP rewriting to simulate IDA-style "V"
4728 mailer flag. Briefly, if you are sending to host
4729 "foo", then it rewrites "foo!...!baz" to "...!baz",
4730 "foo!baz" remains "foo!baz", and anything else has
4731 the local name prepended.
4732 CONFIG: portability fixes for HP-UX.
4733 DOC: several minor problems fixed in the Install & Op Guide.
4734 MAKEMAP: fix core dump problem on lines that are too long or
4735 which lack newline. From Mark Delany.
4736 MAILSTATS: print sums of columns (total messages & kbytes
4737 in and out of the system). From Tom Ferrin of UC
4738 San Francisco Computer Graphics Lab.
4739 SIGNIFICANT USER- OR SYSAD-VISIBLE CHANGES:
4740 On HP-UX, /etc/sendmail.cf has been moved to
4741 /usr/lib/sendmail.cf to match HP sendmail.
4742 Permissions have been tightened up on world-writable
4743 :include: files and accounts that have shells
4744 that are not listed in /etc/shells. This may
4745 cause some .forward files that have worked
4746 before to start failing.
4747 SIGUSR1 dumps some state to the log.
4751 src/Makefile.FreeBSD
4752 src/Makefile.Mach386
4759 cf/ostype/bsdi1.0.m4
4761 cf/ostype/dynix3.2.m4
4763 makemap/Makefile.dist
4764 praliases/Makefile.dist
4766 8.6.4/8.6.4 93/10/31
4767 Repair core-dump problem (write to read-only memory segment)
4768 if you fall back to the return-to-Postmaster case in
4769 savemail. Problem reported by Richard Liu.
4770 Immediately diagnose bogus sender addresses in SMTP. This
4771 makes quite certain that crackers can't use this
4773 Reliability Fix: check return value from fclose() and fsync()
4774 in a few critical places.
4775 Minor problem in initsys() that reversed a condition for
4776 redirecting the output channel on queue runs. It's
4777 not clear this code even does anything. From Eric
4778 Wassenaar of the Dutch National Institute for Nuclear
4779 and High-Energy Physics.
4780 Fix some problems that caused queue runs to do "too much work",
4781 such as double-reading the Errors-To: header. From
4783 Error messages on writing the temporary file (including the
4784 data file) were getting suppressed in SMTP -- this
4785 fix causes them to be properly reported. From Eric
4787 Some changes to support AF_UNIX sockets -- this will only
4788 really become relevant in the next release, but some
4789 people need it for local patches. From Michael
4790 Corrigan of UC San Diego.
4791 Use dynamically allocated memory (instead of static buffers)
4792 for macros defined in initsys() and settime(); since
4793 these can have different values depending on which
4794 envelope they are in. From Eric Wassenaar.
4795 Improve logging to show ctladdr on to= logging; this tells you
4796 what uid/gid processes ran as.
4797 Fix a problem that caused error messages to be discarded if
4798 the sender address was unparseable for some reason;
4799 this was supposed to fall back to the "return to
4801 Improve aliaswait backoff algorithm.
4802 Portability patches for Linux (8.6.3 required another header
4803 file) (from Karl London) and SCO UNIX.
4804 CONFIG: patch prog mailer to not strip host name off of envelope
4805 addresses (so that it matches local again). From
4807 CONFIG: change uucp-dom mailer so that "<>" translates to $n;
4808 this prevents uux from seeing lines with null names like
4809 ``From Sat Oct 30 14:55:31 1993''. From Motonori
4810 Nakamura of Kyoto University.
4811 CONFIG: handle <list:;> syntax correctly. This isn't legal, but
4812 it shouldn't fail miserably. From Motonori Nakamura.
4814 8.6.2/8.6.2 93/10/15
4815 Put a "successful delivery" message in the transcript for
4816 addresses that get return-receipts.
4817 Put a prominent "this is only a warning" message in warning
4818 messages -- some people don't read carefully enough
4819 and end up sending the message several times.
4820 Include reason for temporary failure in the "warning" return
4821 message. Currently, it just says "cannot send for
4823 Fix the "Original message received" time generated for
4824 returntosender messages. It was previously listed as
4825 the current time. Bug reported by Eric Hagberg of
4826 Cornell University Medical College.
4827 If there is an error when writing the body of a message,
4828 don't send the trailing dot and wait for a response
4829 in sender SMTP, as this could cause the connection to
4830 hang up under some bizarre circumstances. From Eric
4832 Fix some server SMTP synchronization problems caused when
4833 connections fail during message collection. From
4835 Fix a problem that can cause srvrsmtp to reject mail if the
4836 name server is down -- it accepts the RCPT but rejects
4837 the DATA command. Problem reported by Jim Murray of
4839 Fix a problem that can cause core dumps if the config file
4840 incorrectly resolves to a null hostname. Reported by
4841 Allan Johannesen of WPI.
4842 Non-root use of -C flag, dangerous -f flags, and use of -oQ
4843 by non-root users were not put into
4844 X-Authentication-Warning:s as intended because the
4845 config file hadn't set the PrivacyOptions yet. Fix
4846 from Sven-Ove Westberg of the University of Lulea.
4847 Under very odd circumstances, the alias file rebuild code
4848 could get confused as to whether a database was
4850 Check "vendor code" on the end of V lines -- this is
4851 intended to provide a hook for vendor-specific
4852 configuration syntax. (This is a "new feature",
4853 but I've made an exception to my rule in a belief
4854 that this is a highly exceptional case.)
4855 Portability fixes for DG/UX (from Douglas Anderson of NCSC),
4856 SCO Unix (from Murray Kucherawy), A/UX, and OSF/1
4857 (from Jon Forrest of UC Berkeley)
4858 CONFIG: fix ``mailer:host'' form of UUCP relay naming.
4861 Portability fixes for A/UX and Encore UMAX V.
4862 Fix error message handling -- if you had a name server down
4863 causing an error during parsing, that message was never
4864 propagated to the queue file.
4867 Configuration cleanup: make it easier to undo IDENTPROTO in
4868 conf.h (other systems have the same bug).
4869 If HASGETDTABLESIZE and _SC_OPEN_MAX are both defined, assume
4870 getdtablesize() instead of sysconf(); a disturbingly
4871 large number of systems defined _SC_OPEN_MAX in the
4872 header files but don't have the syscall.
4873 Another patch to really truly ignore MX records in getcanonname
4875 Fix problem that caused the "250 IAA25499 Message accepted for
4876 delivery" message to be omitted if there was an error
4877 in the header of the message (e.g., a bad Errors-To:
4878 line). Pointed out by Michael Corrigan of UCSD.
4879 Announce name of host we are chatting when we get errors; this
4880 is an IDA-ism suggested by Christophe Wolfhugel.
4881 Portability fixes for Alpha OSF/1 (from Anthony Baxter of the
4882 Australian Artificial Intelligence Institute), SCO Unix
4883 (from Murray Kucherawy of Hookup Communication Corp.),
4884 NeXT (from Vince DeMarco and myself), Linux (from
4885 Karl London <karl@borg.demon.co.uk>), BSDI (from
4886 Christophe Wolfhugel, and SVR4 on Dell (from Kimmo
4887 Suominen), AUX 3.0 on Macintosh, and ANSI C compilers.
4888 Some changes to get around gcc optimizer bugs. From Takahiro
4890 Fix error recovery in queueup if another tf file of the same
4891 name already exists. Problem stumbled over by Bill
4893 Output YP_MASTER_NAME and YP_LAST_MODIFIED without null bytes.
4894 Problem noted by Keith McMillan of Ameritech Services.
4895 Deal with group permissions properly when opening .forward and
4896 :include: files. This relaxes the 8.1C restrictions
4897 slightly more. This includes proper setting of groups
4898 when reading :include: files, allowing you to read some
4899 files that you should be able to read but have previously
4900 been denied unless you owned them or they had "other"
4902 Make certain that $j is in $=w (after the .cf is read) so that
4903 if the user is forced to override some silly system,
4904 MX suppression will still work.
4905 Fix a couple of efficiency problems where newstr was double-
4906 calling expensive routines. In at least one case, it
4907 wasn't guaranteed that they would always return the
4908 same result. Problem noted by Christophe Wolfhugel.
4909 Fix null pointer dereference in putoutmsg -- only on an error
4910 condition from a non-SMTP mailer. From Motonori
4912 Macro expand "C" line class definitions before scanning so that
4914 Fix problem that caused error message to be sent while still
4915 trying to send the original message if the connection
4916 is closed during a DATA command after getting an error
4917 on an RCPT command (pretty obscure). Problem reported
4918 by John Myers of CMU.
4919 Fix reply to NOOP to be 250 instead of 200 -- this is a long
4921 Fix a nasty bug causing core dumps when returning the "warning:
4922 cannot deliver for N hours -- will keep trying" message;
4923 it only occurred if you had PostmasterCopy set and
4924 only on some architectures. Although sendmail would
4925 keep trying, it would send error messages on each
4926 queue interval. This is an important fix.
4927 Allow u and g options to take user and group names respectively.
4928 Don't do a chdir into the queue directory in -bt mode to make
4929 ruleset testing a bit easier.
4930 Don't allow users to turn off logging (using -oL) on the command
4931 line -- command line can only raise, not lower, logging
4933 Set $u to the original recipient on the SMTP transaction or on
4934 the command line. This is only done if there is exactly
4935 one recipient. Technically, this does not meet the
4936 specs, because it does not guarantee a domain on the
4938 Fix a problem that dumped error messages on bad addresses if
4939 you used the -t flag. Problem noted by Josh Smith of
4940 Harvey Mudd College.
4941 Given an address such as ``<foo> <bar>'', auto-quote the first
4942 ``<foo>'' part, giving ``"<foo>" <bar>''. This is to
4943 avoid the problem of people who use angle brackets in
4944 their full name information.
4945 Fix a null pointer dereference if you set option "l", have
4946 an Errors-To: header in the message, and have Errors-To:
4947 defined in the config file H lines. From J.R. Oldroyd.
4948 Put YPCOMPAT on #ifdef NIS instead -- it's one less thing to get
4949 wrong when compiling. Suggested by Rick McCarty of TI.
4950 Fix a problem that could pass negative SIZE parameter if the
4951 df file got lost; this would cause servers to always
4952 give a temporary failure, making the problem even worse.
4953 Problem noted by Allan Johannesen of WPI.
4954 Add "ident" timeout (one of the "r" option selectors) for IDENT
4955 protocol timeouts (30s default). Requested by Murray
4956 Kucherawy of HookUp Communication Corp. to handle bogus
4957 PC TCP/IP implementations.
4958 Change $w default definition to be just the first component of
4959 the domain name on config level 5. The $j macro defaults
4960 to the FQDN; $m remains as before. This lets well-behaved
4961 config files use any of the short, long, or subdomain
4963 Add makesendmail script in src to try to automate multi-architecture
4964 builds. I know, this is sub-optimal, but it is still
4966 Fix very obscure race condition that can cause a queue run to
4967 get a queue file for an already completed job. This
4968 problem has existed for years. Problem noted by the
4969 long suffering Allan Johannesen of WPI.
4970 Fix a problem that caused the raw sender name to be passed to
4971 udbsender instead of the canonified name -- this caused
4972 it to sometimes miss records that it should have found.
4973 Relax check of name on HELO packet so that a program using -bs
4974 that claims to be itself works properly.
4975 Restore rewriting of $: part of address through 2, R, 4 in
4976 buildaddr -- this requires passing a lot of flags to get
4977 it right. Unlike old versions, this ONLY rewrites
4978 recipient addresses, not sender addresses.
4979 Fix a bug that caused core dumps in config files that cannot
4980 resolve /file/name style addresses. Fix from Jonathan
4981 Kamens of OpenVision Technologies.
4982 Fix problem with fcntl locking that can cause error returns to
4983 be lost if the lock is lost; this required fully
4984 queueing everything, dropping the envelope (so errors
4985 would get returned), and then re-reading the queue from
4987 Fix a problem that caused aliases that redefine an otherwise
4988 true address to still send to the original address
4989 if and only if the alias failed in certain bizarre
4990 ways (e.g, if they pointed at a list:; syntax address).
4991 Problem pointed out by Jonathan Kamens.
4992 Remove support for frozen configuration files. They caused
4993 more trouble than it was worth.
4994 Fix problem that can cause error messages to get ignored when
4995 using both -odb and -t flags. Problem noted by Rob
4996 McNicholas at U.C. Berkeley.
4997 Include all "normal" variations on hostname in $=w. For example,
4998 if the host name is vangogh.cs.berkeley.edu, $=w will
4999 contain vangogh, vangogh.cs, and vangogh.cs.berkeley.edu.
5000 Add "restrictqrun" privacy flag -- without this, anyone can run
5002 Reset SmtpPhase global on initial connection creation so that
5003 messages don't come out with stale information.
5004 Pass an "ext" argument to lockfile so that error/log messages
5005 will properly reflect the true filename being locked.
5006 Put all [...] address forms into $=w -- this eliminates the need
5007 for MAXIPADDR in conf.h. Suggested by John Gardiner
5009 Fix a bug that can cause qf files to be left around even after
5010 an SMTP RSET command. Problem and fix from Michael
5012 Don't send a PostmasterCopy to errors when the Precedence: is
5013 negative. Error reports still go to the envelope
5015 Add LA_SHORT for load averages.
5016 Lock sendmail.st file when posting statistics.
5017 Add "SendBufSize" and "RcvBufSize" suboptions to "O" option to
5018 set the size of the TCP send and receive buffers; if you
5019 run over a slow slip line you may need to set these down
5020 (although it would be better to fix the SLIP implementation
5021 so that it's not necessary to recompile every program
5022 that does bulk data transfer).
5023 Allow null defaults on $( ... $) lookups. Problem reported by
5025 Diagnose crufty S and V config lines. This resulted from an
5026 observation that some people were using the SITE macro
5027 without the SITECONFIG macro first, which was causing
5028 bogus config files that were not caught.
5029 Fix makemap -f flag to turn off case folding (it was turning it
5030 on instead). THIS IS A USER VISIBLE CHANGE!!!
5031 Fix a problem that caused multiple error messages to be sent if
5032 you used "sendmail -t -oem -odb", your system uses fcntl
5033 locking, and one of the recipient addresses is unknown.
5034 Reset uid earlier in include() so that recursive .forwards or
5035 :include:s don't use the wrong uid.
5036 If file descriptor 0, 1, or 2 was closed when sendmail was
5037 called, the code to recover the descriptor was broken.
5038 This sometimes (only sometimes) caused problems with the
5039 alias file. Fix from Motonori Nakamura.
5040 Fix a problem that caused aliaswait to go into infinite recursion
5041 if the @:@ metasymbol wasn't found in the alias file.
5042 Improve error message on newaliases if database files cannot be
5043 opened or if running with no database format defined.
5044 Do a better estimation of the size of error messages when NoReturn
5045 is set. Problem noted by P{r (Pell) Emanuelsson.
5046 Fix a problem causing the "c" option (don't connect to expensive
5047 mailers) to be ignored in SMTP. Problem noted and the
5048 solution suggested by Robert Elz of The University of
5050 Improve connection caching algorithm by passing "[host]" to
5051 hostsignature, which strips the square brackets and
5052 returns the real name. This allows mailertable entries
5053 to match regular entries.
5054 Re-enable Return-Receipt-To: -- people seem to want this stupid
5055 feature, even if it doesn't work right.
5056 Catch and log attempts to try the "wiz" command in server SMTP.
5057 This also ups the log level from LOG_NOTICE to LOG_CRIT.
5058 Be more generous at assigning $z to the home directory -- do this
5059 for programs that are specified through a .forward file.
5060 Fix from Andrew Chang of Sun Microsystems.
5061 Always save a fatal error message in preference to a non-fatal
5062 error message so that the "subject" line of return
5063 messages is the best possible.
5064 CONFIG: reduce the number of quotes needed to quote configuration
5065 parameters with commas: two quotes should work now, e.g.,
5066 define(ALIAS_FILE, ``/etc/aliases,/etc/aliases.local'').
5067 CONFIG: class $=Z is a set of UUCP hosts that use uucp-dom
5068 connections (domain-ized UUCP).
5069 CONFIG: fix bug in default maps (-o must be before database file
5070 name). Pointed out by Christophe Wolfhugel.
5071 CONFIG: add FEATURE(nodns) to state that we are not relying on
5072 DNS. This would presumably be used in UUCP islands.
5073 CONFIG: add OSTYPE(nextstep) and OSTYPE(linux).
5074 CONFIG: log $u in Received: line. This is in technical violation
5075 of the standards, since it doesn't guarantee a domain
5077 CONFIG: don't assume "m" in local mailer flags -- this means that
5078 if you redefine LOCAL_MAILER_FLAGS you will have to include
5079 the "m" flag should you want it. Apparently some Solaris 2.2
5080 installations can't handle multiple local recipients.
5081 Problem noted by Josh Smith.
5082 CONFIG: add confDOMAIN_NAME to set $j (if undefined, $j defaults).
5083 CONFIG: change default version level from 4 to 5.
5084 CONFIG: add FEATURE(nullclient) to create a config file that
5085 forwards all mail to a hub without ever looking at the
5086 addresses in any detail.
5087 CONFIG: properly strip mailer: information off of relays when
5088 used to change .BITNET form into %-hack form.
5089 CONFIG: fix a problem that caused infinite loops if presented
5090 with an address such as "!foo".
5091 CONFIG: check for self literal (e.g., [128.32.131.12]) even if
5092 the reverse "PTR" mapping is broken. There's a better
5093 way to do this, but the change is fairly major and I
5094 want to hold it for another release. Problem noted by
5098 Serious bug: if you used a command line recipient that was unknown
5099 sendmail would not send a return message (it was treating
5100 everything as though it had an SMTP-style client that
5101 would do the return itself). Problem noted by Josh Smith.
5102 Change "trymx" option in getcanonname() to ignore all MX data,
5103 even during a T_ANY query. This actually didn't break
5104 anything, because the only time you called getcanonname
5105 with !trymx was if you already knew there were no MX
5106 records, but it is somewhat cleaner. From Motonori
5108 Don't call getcanonname from getmxrr if you already know there
5109 are no DNS records matching the name.
5110 Fix a problem causing error messages to always include "The
5111 original message was received ... from localhost".
5112 The correct original host information is now included.
5113 Previous change to cf/sh/makeinfo.sh doesn't port to Ultrix (their
5114 version of "test" doesn't have the -x flag). Change it
5115 to use -f instead. From John Myers.
5116 CONFIG: 8.4 mistakenly set the default SMTP-style mailer to
5117 esmtp -- it should be smtp.
5118 CONFIG: send all relayed mail using confRELAY_MAILER (defaults
5119 to "relay" (a variant of "smtp") if MAILER(smtp) is used,
5120 else "suucp" if MAILER(uucp) is used, else "unknown");
5121 this cleans up the configs somewhat. This fixes a serious
5122 problem that caused route-addrs to get mistaken as relays,
5123 pointed out by John Myers. WARNING: this also causes
5124 the default on SMART_HOST to change from "suucp" to
5125 "relay" if you have MAILER(smtp) specified.
5128 Add option `w'. If you receive a message that comes to you because
5129 you are the best (lowest preference) target of an MX, and
5130 you haven't explicitly recognized the source MX host in
5131 your .cf file, this option will cause you to try the target
5132 host directly (as if there were no MX for it at all). If
5133 `w' is not set, this case is a configuration error.
5134 Beware: if `w' is set, senders may get bogus errors like
5135 "message timed out" or "host unknown" for problems that
5136 are really configuration errors. This option is
5137 disrecommended, provided only for compatibility with
5139 Fix a problem that caused the incoming socket to be left open
5140 when sendmail forks after the DATA command. This caused
5141 calling systems to wait in FIN_WAIT_2 state until the
5142 entire list was processed and the child closed -- a
5143 potentially prodigious amount of time. Problem noted
5145 Fix problem (created in 6.64) that caused mail sent to multiple
5146 addresses, one of which was a bad address, to completely
5147 suppress the sending of the message. This changes
5148 handling of EF_FATALERRS somewhat, and adds an
5149 EF_GLOBALERRS flag. This also fixes a potential problem
5150 with duplicate error messages if there is a syntax error
5151 in the header of a message that isn't noticed until late
5152 in processing. Original problem pointed out by Josh Smith
5153 of Harvey Mudd College. This release includes quite a bit
5154 of dickering with error handling (see below).
5155 Back out SMTP transaction if MAIL gets nested 501 error. This
5156 will only hurt already-broken software and should help
5158 Fix a problem that broke aliases when neither NDBM nor NEWDB were
5159 compiled in. It would never read the alias file.
5160 Repair unbalanced `)' and `>' (the "open" versions are already
5162 Logging of "done" in dropenvelope() was incorrect: it would
5163 log this even when the queue file still existed. Change
5164 this to only log "done" (at log level 11) when the
5165 queue file is actually removed. From John Myers.
5166 Log "lost connection" in server SMTP at log level 20 if there
5167 is no pending transaction. Some senders just close the
5168 connection rather than sending QUIT.
5169 Fix a bug causing getmxrr to add a dot to the end of unqualified
5170 domains that do not have MX records -- this would cause
5171 the subsequent host name lookup to fail. The problem
5172 only occurred if you had FEATURE(nocanonify) set.
5173 Problem noted by Rick McCarty of Texas Instruments.
5174 Fix invocation of setvbuf when passed a -X flag -- I had
5175 unwittingly used an ANSI C extension, and this caused
5176 core dumps on some machines.
5177 Diagnose self-destructive alias loops on RCPT as well as EXPN.
5178 Previously it just gave an empty send queue, which
5179 then gave either "Need RCPT (recipient)" at the DATA
5180 (confusing, since you had given an RCPT command which
5181 returned 250) or just dropped the email, depending on
5182 whether you were running VERBose mode. Now it usually
5183 diagnoses this case as "aliasing/forwarding loop broken".
5184 Unfortunately, it still doesn't adequately diagnose
5185 some true error conditions.
5186 Add internal concept of "warning messages" using 6xx codes.
5187 These are not reported only to Postmaster. Unbalanced
5188 parens, brackets, and quotes are printed as 653 codes.
5189 They are always mapped to 5xx codes before use in SMTP.
5190 Clean up error messages to tell both the actual address that
5191 failed and the alias they arose from. This makes it
5192 somewhat easier to diagnose problems. Difficulty noted
5193 by Motonori Nakamura.
5194 Fix a problem that inappropriately added a ctladdr to addresses
5195 that shouldn't have had one during a queue run. This
5196 caused error messages to be handled differently during
5197 a queue run than a direct run.
5198 Don't print the qf name and line number if you get errors during
5199 the direct run of the queue from srvrsmtp -- this was
5200 just extra stuff for users to crawl through.
5201 Put command line flags on second line of pid file so you can
5202 auto-restart the daemon with all appropriate arguments.
5203 Use "kill `head -1 /etc/sendmail.pid`" to stop the
5204 daemon, and "eval `tail -1 /etc/sendmail.pid`" to
5206 Remove the ``setuid(getuid())'' in main -- this caused the
5207 IDENT daemon to screw up. This required that I change
5208 HASSETEUID to HASSETREUID and complicate the mode
5209 changing somewhat because both Ultrix and SunOS seem
5210 to have a bug causing seteuid() to set the saved uid
5211 as well as the effective. The program test/t_setreuid.c
5212 will test to see if your implementation of setreuid(2)
5213 is appropriately functional.
5214 The FallBackMX (option V) handling failed to properly identify
5215 fallback to yourself -- most of the code was there,
5216 but it wasn't being enabled. Problem noted by Murray
5217 Kucherawy of the University of Waterloo.
5218 Change :include: open timeout from ETIMEDOUT to an internal
5219 code EOPENTIMEOUT; this avoids adding "during SmtpPhase
5220 with CurHostName" in error messages, which can be
5221 confusing. Reported by Jonathan Kamens of OpenVision
5223 Back out setpgrp (setpgid on POSIX systems) call to reset the
5224 process group id. The original fix was to get around
5225 some problems with recalcitrant MUAs, but it breaks
5226 any call from a shell that creates a process group id
5227 different from the process id. I could try to fix
5228 this by diddling the tty owner (using tcsetpgrp or
5229 equivalent) but this is too likely to break other
5231 Portability changes:
5232 Support -M as equivalent to -oM on Ultrix -- apparently
5233 DECnet calls sendmail with -MrDECnet -Ms<HOST> -bs
5234 instead of using standard flags. Oh joy. This
5235 behavior reported by Jon Giltner of University
5237 SGI IRIX -- this includes several changes that should
5238 help other strict ANSI compilers.
5239 SCO Unix -- from Murray Kucherawy of HookUp Communication
5241 Solaris running the Sun C compiler (which despite the
5242 documentation apparently doesn't define
5243 __STDC__ by default).
5244 ConvexOS from Eric Schnoebelen of Convex.
5245 Sony NEWS workstations and Omron LUNA workstations from
5247 CONFIG: add confTRY_NULL_MX_LIST to set option `w'.
5248 CONFIG: delete `C' and `e' from default SMTP mailers flags;
5249 several people have made a good argument that this
5250 creates more problems than it solves (although this
5251 may prove painful in the short run).
5252 CONFIG: generalize all the relays to accept a "mailer:host"
5254 CONFIG: move local processing in ruleset 0 into a new ruleset
5255 98 (8 on old sendmail). Domain literal [a.b.c.d]
5256 addresses are also passed through this ruleset.
5257 CONFIG: if neither SMART_HOST nor MAILER(smtp) were defined,
5258 internet-style addresses would "fall off the end" of
5259 ruleset zero and be interpreted as local -- however,
5260 the angle brackets confused the recursive call.
5261 These are now diagnosed as "Unrecognized host name".
5262 CONFIG: USENET rules weren't included in S0 because of a mistaken
5263 ifdef(`_MAILER_USENET_') instead of
5264 ifdef(`_MAILER_usenet_'). Problem found by Rein Tollevik
5265 of SINTEF RUNIT, Oslo.
5266 CONFIG: move up LOCAL_RULE_0 processing so that it happens very
5267 early in ruleset 0; this allows .mc authors to bypass
5268 things like the "short circuit" code for local addresses.
5269 Prompted by a comment by Bill Wisner of The Well.
5270 CONFIG: add confSMTP_MAILER to define the mailer used (smtp or
5271 esmtp) to send SMTP mail. This allows you to default
5272 to esmtp but use a mailertable or other override to
5273 deal with broken servers. This logic was pointed out
5274 to me by Bill Wisner. Ditto for confLOCAL_MAILER.
5275 Changes to cf/sh/makeinfo.sh to make it portable to SVR4
5276 environments. Ugly as sin.
5279 Fix setuid problems introduced in 8.2 that caused messages
5280 like "Cannot create qfXXXXXX: Invalid argument"
5281 or "Cannot reopen dfXXXXXX: Permission denied". This
5282 involved a new compile flag "HASSETEUID" that takes
5283 the place of the old _POSIX_SAVED_IDS -- it turns out
5284 that the POSIX interface is broken enough to break
5285 some systems badly. This includes some fixes for
5286 HP-UX. Also fixes problems where the real uid is
5287 not reset properly on startup (from Neil Rickert).
5288 Fix a problem that caused timed out messages to not report the
5289 addresses that timed out. Error messages are also more
5291 Drop required bandwidth on connections from 64 bytes/sec to
5293 Further Solaris portability changes -- doesn't require the BSD
5294 compatibility library. This also adds a new
5295 "HASGETDTABLESIZE" compile flag which can be used if
5296 you want to use getdtablesize(2) instead of sysconf(2).
5297 These are loosely based on changes from David Meyer at
5298 University of Oregon. This now seems to work, at least
5299 for quick test cases.
5300 Fix a problem that can cause duplicate error messages to be
5301 sent if you are in SMTP, you send to multiple addresses,
5302 and at least one of those addresses is good and points
5303 to an account that has a .forward file (whew!).
5304 Fix a problem causing messages to be discarded if checkcompat()
5305 returned EX_TEMPFAIL (because it didn't properly mark
5306 the "to" address). Problem noted by John Myers.
5307 Fix dfopen to return NULL if the open failed; I was depending
5308 on fdopen(-1) returning NULL, which isn't the case. This
5309 isn't serious, but does result in weird error diagnoses.
5310 From Michael Corrigan.
5311 CONFIG: add UUCP_MAX_SIZE M4 macro to set the maximum size of
5312 messages sent through UUCP-family mailers. Suggested
5313 by Bill Wisner of The Well.
5314 CONFIG: if both MAILER(uucp) and MAILER(smtp) are specified,
5315 include a "uucp-dom" mailer that uses domain-style
5316 addressing. Suggested by Bill Wisner.
5317 CONFIG: Add LOCAL_SHELL_FLAGS and LOCAL_SHELL_ARGS to match
5318 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS. Suggested by
5319 Christophe Wolfhugel.
5320 CONFIG: Add OSTYPE(aix3). From Christophe Wolfhugel.
5323 Don't drop out on config file parse errors in -bt mode.
5324 On older configuration files, assume option "l" (use Errors-To
5325 header) for back compatibility. NOTE: this DOES NOT
5326 imply an endorsement of the Errors-To: header in any way.
5327 Accept -x flag on AIX-3 as well as OSF/1. Why, why, why???
5328 Don't log errors on EHLO -- it isn't a "real" error for an old
5329 SMTP server to give an error on this command, and
5330 logging it in the transcript can be confusing. Fix
5332 IRIX compatibility changes provided by Dan Rich
5333 <drich@sandman.lerc.nasa.gov>.
5334 Solaris 2 compatibility changes. Provided by Bob Cunningham
5335 <bob@kahala.soest.hawaii.edu>, John Oleynick
5336 <juo@klinzhai.rutgers.edu>
5337 Debugging: -d17 was overloaded (hostsignature and usersmtp.c);
5338 move usersmtp (smtpinit and smtpmailfrom) to -d18 to
5339 match the other flags in that file.
5340 Flush transcript before fork in mailfile(). From Eric Wassenaar.
5341 Save h_errno in mci struct and improve error message display.
5342 Changes from Eric Wassenaar.
5343 Open /dev/null for the transcript if the create of the xf file
5344 failed; this avoids at least one possible null pointer
5345 reference in very weird cases. From Eric Wassenaar.
5346 Clean up statistics gathering; it was over-reporting because of
5347 forks. From Eric Wassenaar.
5348 Fix problem that causes old Return-Path: line to override new
5349 Return-Path: line (conf.c needs H_FORCE to avoid
5350 re-using old value). From Motonori Nakamura.
5351 Fix broken -m flag in K definition -- even if -m (match only)
5352 was specified, it would still replace the key with the
5353 value. Noted by Rick McCarty of Texas Instruments.
5354 If the name server timed out over several days, no "timed out"
5355 message would ever be sent back. The timeout code
5356 has been moved from markfailure() to dropenvelope()
5357 so that all such failures should be diagnosed. Pointed
5358 out by Christophe Wolfhugel and others.
5359 Relax safefile() constraints: directories in an include or
5360 forward path must be readable by self if the controlling
5361 user owns the entry, readable by all otherwise (e.g.,
5362 when reading your .forward file, you have to own and
5363 have X permission in it; everyone needs X permission in
5364 the root and directories leading up to your home);
5365 include files must be readable by anyone, but need not
5367 If _POSIX_SAVED_IDS is defined, setuid to the owner before
5368 reading a .forward file; this gets around some problems
5369 on NFS mounts if root permission is not exported and
5370 the user's home directory isn't x'able.
5371 Additional NeXT portability enhancements from Axel Zinser.
5372 Additional HP-UX portability enhancements from Brian Bullen.
5373 Add a timeout around SMTP message writes; this assumes you can
5374 get throughput of at least 64 bytes/second. Note that
5375 this does not impact the "datafinal" default, which
5376 is separate; this is just intended to work around
5377 network clogs that will occur before the final dot
5378 is sent. From Eric Wassenaar.
5379 Change map code to set the "include null" flag adaptively --
5380 it initially tries both, but if it finds anything
5381 matching without a null it never tries again with a
5382 null and vice versa. If -N is specified, it never
5383 tries without the null and creates new maps with a
5384 null byte. If -O is specified, it never tries with
5385 the null (for efficiency). If -N and -O are specified,
5386 you get -NO (get it?) lookup at all, so this would
5387 be a bad idea. If you don't specify either -N or -O,
5389 Fix recognition of "same from address" so that MH submissions
5390 will insert the appropriate full name information;
5391 this used to work and got broken somewhere along the
5393 Some changes to eliminate some unnecessary SYSERRs in the
5394 log. For example, if you lost a connection, don't
5395 bother reporting that fact on the connection you lost.
5396 Add some "extended debugging" flags to try to track down
5397 why we get occasional problems with file descriptor
5398 one being closed when execing a mailer; it seems to
5399 only happen when there has been another error in the
5400 same transaction. This requires XDEBUG, defined
5401 by default in conf.h.
5402 Add "-X filename" command line flag, which logs both sides of
5403 all SMTP transactions. This is intended ONLY for
5404 debugging bad implementations of other mailers; start
5405 it up, send a message from a mailer that is failing,
5406 and then kill it off and examine the indicated log.
5407 This output is not intended to be particularly human
5408 readable. This also adds the HASSETVBUF compile
5409 flag, defaulted on if your compiler defines __STDC__.
5410 CONFIG: change SMART_HOST to override an SMTP mailer. If you
5411 have a local net that should get direct connects, you
5412 will need to use LOCAL_NET_CONFIG to catch these hosts.
5413 See cf/README for an example.
5414 CONFIG: add LOCAL_MAILER_ARGS (default: `mail -d $u') to handle
5415 sites that don't use the -d flag.
5416 CONFIG: hide recipient addresses as well as sender addresses
5417 behind $M if FEATURE(allmasquerade) is specified; this
5418 has been requested by several people, but can break
5419 local aliases. For example, if you mail to "localalias"
5420 this will be rewritten as "localalias@masqueradehost";
5421 although initial delivery will work, replies will be
5422 broken. Use it sparingly.
5423 CONFIG: add FEATURE(domaintable). This maps unqualified domains
5424 to qualified domains in headers. I believe this is
5425 largely equivalent to the IDA feature of the same name.
5426 CONFIG: use $U as UUCP name instead of $k. This permits you
5427 to override the "system name" as your UUCP name --
5428 in particular, to use domain-ized UUCP names. From
5429 Bill Wisner of The Well.
5430 CONFIG: create new mailer "esmtp" that always tries EHLO
5431 first. This is currently unused in the config files,
5432 but could be used in a mailertable entry.
5435 Serious security bug fix: it was possible to read any file on
5436 the system, regardless of ownership and permissions.
5437 If a subroutine returns a fully qualified address, return it
5438 immediately instead of feeding it back into rewriting.
5439 This fixes a problem with mailertable lookups.
5440 CONFIG: fix some M4 frotz (concat => CONCAT)
5443 Serious bug fix: pattern matching backup algorithm stepped by
5444 two tokens in classes instead of one. Found by Claus
5445 Assmann at University of Kiel, Germany.
5448 Another mailertable fix....
5451 4.4BSD freeze. No semantic changes.
5454 Fix some lintish problems.
5455 Fix some cases where server SMTP behaved poorly when handed bogus
5456 input, pointed out by Eric Wassenaar.
5457 CONFIG: fix some more (sigh) mailertable bugs -- thanks to
5458 Motonori Nakamura of Kyoto University (again).
5461 Don't send 050 (-v) information after the 250 response to a QUIT
5462 command in srvrsmtp -- clients usually close the connection
5463 at this point, and it causes bogus error messages.
5464 Don't send messages that have errors on input (such as unbalanced
5465 parentheses) during SMTP transactions, since a return
5466 message has (probably) already been sent.
5467 Give better diagnostics on timeouts during network reads, including
5468 information similar to the SMTP phase.
5469 Fix bug that caused SMTP messages to deliver synchronously; this
5470 happened after the DATA 250, and hence caused reading the
5471 next command to be delayed.
5472 Ignore Errors-To: header unless 'l' (lower case el) header is
5473 specified. The Errors-To: header violates RFC 1123.
5474 Errors-To: was only needed to take the place of the
5475 envelope sender in the days when most Unix mailers
5476 didn't understand about the two kinds of senders.
5477 Don't send warning messages in response to automatically generated
5478 messages (that is, those From:<>).
5479 CONFIG: fix some rather stupid typos in the mailertable code
5480 pointed out by Motonori Nakamura of Kyoto University.
5481 CONFIG: add confUSE_ERRORS_TO configuration option.
5482 CONFIG: if ALWAYS_ADD_DOMAIN is selected, try to use $M
5483 (masquerade name) instead of $j.
5484 CONFIG: don't add dots to relay names (added in 6.29); it breaks
5485 several things, and can be simulated by dot terminating
5486 the names of relays. For example, use:
5488 (note the trailing dot).
5491 Fix prototypes to eliminate chars in argument lists -- some
5492 compilers are pissy about this.
5493 Log protocol ($r) and body type if set so we can determine if
5494 the adaptive algorithms are working.
5495 Pessimize on locking of database files (particularly for NEWDB
5496 databases) during opens. There were problems with
5497 processes opening the file while it was rebuilt; since
5498 NEWDB caches heavily, the reader opened an empty file,
5499 which is an error. If your system has the ability to
5500 lock atomically on open, this works properly; otherwise,
5501 there are race conditions.
5502 Check mod time on .pag file instead of .dir in NDBM aliases
5503 because the .dir file doesn't get updated for small
5504 alias files. From John Gardiner Myers of CMU.
5505 More Solaris portability -- it now compiles on Solaris, but
5506 hangs up in gethostbyname().
5507 Move setting of RES_DEBUG flag before first myhostname() call
5508 so we can see name server traffic on that call.
5509 Fsync() queue files.
5510 Fix a problem that causes -bi to try to rebuild maps other than
5512 Fix a problem that caused udb to reject entries from any but
5513 the first database listed.
5514 Rearrange doc subdirectory for 4.4BSD release tape.
5515 CONFIG: put $r into the Received line. This was an oversight.
5516 CONFIG: fix typo (call to ruleset 99 should have been ruleset 90).
5517 CONFIG: move "auxiliary" subroutines to be in ruleset 90-99
5518 range -- in the long run, single digit rulesets may
5519 become reserved for builtin use by sendmail.
5520 CONFIG: fix major problem that causes host aliases (that is,
5521 anything in $=w != $j) to not be recognized. This has
5522 been around since 6.30.
5526 Fix recursive syserr (if there is an error printing a syserr
5527 message). This makes the code much less eager to consider
5528 a write error as serious. This also includes some
5529 heuristics to be clever about closed connections.
5530 Lock NEWDB files during gets. This requires version 1.5 or later
5531 of the db library. If you have an older version, you
5532 can use -DOLD_NEWDB. This will go away in a few weeks.
5533 Fix problem causing aliases that use host maps to get overwritten.
5534 Do appropriate byte swapping on port numbers in ident protocol
5535 code. Fix from Allan Johannesen of WPI.
5536 Defer opening of map files to the same time as alias files so that
5537 the daemon will tend to pick up new versions more promptly.
5538 Prototype a bunch more functions.
5539 Some Solaris 2.1 changes (still doesn't link though).
5540 Try to simplify Makefiles by including more subordinate #defines
5541 in conf.h (based on OS type).
5542 CONFIG: check for domains if FEATURE(mailertable) is defined.
5543 For example, if the host name is "knecht.cs.berkeley.edu"
5544 it will search the following mailertable keys:
5545 knecht.cs.berkeley.edu
5549 This could be used to replace the special relays for bitnet
5553 Fix problem that prevented appending dots on canonified host
5554 names. This breaks tons of config files -- very
5556 Fix improper pointer dereference in response to HELO command.
5557 Fix core dump if debugging set in map_rewrite.
5558 CONFIG: add FEATURE(always_add_domain) to always attach the
5559 local domain (only impacts local mail).
5560 CONFIG: try to avoid turning names into $j -- although
5561 technically a host can only have one "canonical name",
5562 it seems to be common practice to have several.
5565 Major change: merge alias databases with maps. This expands and
5566 changes the map class interface but fixes a bunch of bugs.
5567 The important user-visible change is that the file name
5568 in a K line now does not include the ".db" extension; this
5569 is added automatically. Also, the -d (NIS domain) flag is
5570 missing from the K config line; use @domain instead.
5571 When compiling, the *_MAP names are gone -- just compile
5572 in NDBM, NEWDB, and/or NIS support.
5573 Announce mailer/host/user triple on -bv flag -- from Brian
5574 Bullen of Stirling University.
5575 Don't send more than one line in response to HELO -- it confuses
5576 Pony Express, which then behaves very badly. However,
5577 this change does send two line 220 greetings, with the
5578 second line reading "ESMTP spoken here". The usersmtp
5579 module recognizes this and goes into ESMTP mode regardless
5580 of the setting of the "a" mailer flag. Thus, "a" means
5582 AIX portability changes (thanks to Christophe Wolfhugel of
5583 Herve Schauer Consultants (Paris) for providing me with
5584 an INSA account for this purpose). Lightly tested. Use
5585 -D_AIX3. This probably breaks compatibility with some
5586 older systems (e.g., 4.2bsd) but still works on SunOS
5587 4.1.2, Ultrix 4.2A, HP-UX 8.07, OSF/1 T1.3, and AIX 3.2.3.
5588 Fix a problem causing an error message loop if the output channel
5590 Add the Makefiles that I use for various environments -- some are
5591 Berkeley make versions and some are old make versions.
5592 My makefile for the NeXT box has gotten lost, alas!
5593 PRALIASES: support for printing NEWDB databases. From
5594 Michael J. Corrigan of U.C. San Diego.
5595 CONFIG: don't pass pseudo-domains to $[ ... $] (if you have
5596 a wildcard MX it can have weird results). From
5597 Christophe Wolfhugel.
5598 CONFIG: dot terminate relay hostnames in S0. From Christophe
5602 Log version with SMTP daemon startup message.
5603 Adjust setproctitle to work on NetBSD and BSD/386.
5604 Fix null pointer reference in MX fallback code.
5605 A bunch of minor fixes from Eric Wassenaar:
5606 If deliver cannot execv the mailer, return EX_OSERR
5607 instead of EX_TEMPFAIL (to give better
5609 Consistently malloc e_message.
5610 Catch degenerate case of calling returntosender()
5611 with an empty returnq.
5615 Fix bug that can cause incorrect verbose display of user smtp
5617 Disable SMTP VERB command if PRIV_NOEXPN is set (since this
5618 could reveal the same information.
5619 Allow failure when reading SMTP greeting message to go on to
5621 Add "MIME-Version: 1.0" header if using MIME (this was NOT
5622 included in RFC 1344, but Bill King of Allan-Bradley
5623 Company forwarded me email from Nathaniel Borenstein
5624 claiming that it was an inadvertent omission).
5625 Don't use Content-Type: X-message-header. According to John
5626 Myers of CMU, many MIME readers will completely ignore
5627 the data if they don't recognize it. Instead, just
5628 add a blank line to make it a legal (empty) message.
5629 Fix problem causing dots to keep getting appended to cached
5630 hostnames. This can cause buffer overrun conditions.
5631 The problem was found by Erik Forsberg of Retix,
5632 although I used a different bug fix than he provided.
5633 Fix parsing of split header/envelope rewriting specs -- from
5635 Fix from Eric Wassenaar to correct To: lists in error messages.
5638 Fix minor glitch causing extra ctladdrs to be output to queue
5639 file. Just an annoyance.
5640 Cache results of name server canonification lookups to avoid
5641 backed up queue runs.
5642 Major rewrite of alias.c: considerable cleanup, plus sample
5643 (untested) support for NIS aliases. The "A" option
5644 can now be a comma separated list (or be repeated) --
5645 that is, you can have multiple alias databases. Each
5646 database can have the syntax ``class:file''; if no class
5647 is specified, the "implicit" class is assumed. Implicit
5648 searches through a list of compiled in types -- hash,
5649 dbm, nis, and stab. Alias files are searched in the
5650 order they are listed. For example:
5651 OAhash:/etc/aliases.local,/etc/aliases
5652 OAnis:mail.aliases@my.nis.domain
5653 first searches the hash database /etc/aliases.local,
5654 then the regular /etc/aliases database, then the NIS
5655 map "mail.aliases" in the NIS domain "my.nis.domain".
5656 If in Verbose mode (probably from VERB command) run SMTP job
5657 in foreground and don't do RCPT optimizations.
5658 Add udb :mailsender as equivalent to owner- for regular aliases.
5659 Delete option 8; add option 7 that means the opposite. That is,
5660 default to 8-bit mode; a special option is needed to
5661 force sendmail into 7 bit mode.
5662 Send error messages in encapsulated MIME format.
5663 New compile flag "NIS" that turns on NIS alias and NIS map
5665 Add "j" option to send error messages in MIME (RFC 1341)
5666 encapsulated message format per RFC 1344. The
5667 syntax is pretty ugly if you don't have MIME-aware
5669 Clean up message handling (for display in mailq output).
5670 New setproctitle implementation for 4.4bsd.
5671 Create files (such as ~/dead.letter) using mode FileMode (the
5672 F option value) instead of 0666.
5673 Fix bug causing output of EXPN command to not be fully qualified.
5674 This may cause some problems with UUCP addresses that
5675 will require some config file assistance -- specifically,
5676 the $: part has to include the host name for this output
5678 Fix a problem that sometimes diagnosed errors and still sent the
5679 message if the header syntax was bad.
5680 Fix a bug that caused an error message to be emailed when sendmail
5681 was operating in -bv mode.
5682 Add "ListenQueueSize" keyword to daemon options option (OO) to
5683 set the queue size parameter passed to listen(). You
5684 will normally have to tweak your kernel to up this.
5685 Strip spaces off of beginning of message-id before logging (in
5686 case it was folded across lines).
5687 Tweak compile flags in daemon.c -- there were some cases where
5688 it wouldn't work without NETINET.
5689 Change *file* mailer to output all the usual default headers
5690 (From, Date, Message-Id). It gets used when sending
5691 back error messages.
5692 CONFIG: explicitly catch and diagnose list:; syntax in ruleset
5693 zero -- this is not a valid recipient syntax according
5695 CONFIG: add confMIME_FORMAT_ERRORS to send error messages in
5696 MIME format. Defaults to on.
5697 CONFIG: add SMTP_MAILER_FLAGS and UUCP_MAILER_FLAGS to augment
5698 the flags for those mailers.
5701 Fix problem that causes the fallback mail to postmaster
5702 (case ESM_POSTMASTER in savemail()) to not look at
5704 Some more HPUX tweaking (compile flag hpux => __hpux so it
5705 still works in ANSI mode).
5706 Don't try to flock non-regular files when mailing to a file.
5707 In particular, this was a problem if you tried to
5709 Fix a weird bug that can cause senders to be queued as
5710 recipients if the name server is down when the mail
5711 is initially sent. This hack just ignores sender
5712 deletion (essentially, it sets the MeToo flag) if there
5713 is a TEMPFAIL during processing of the sender address.
5715 Fix a dangling else problem -- from Brian Bullen from University
5717 Add the "b" mailer flag to force a blank line on the end of
5718 messages. Some brilliant versions of /bin/mail insist
5719 on this but do not add it themselves.
5720 Add the "g" mailer flag to prevent user SMTP from sending
5721 "MAIL From:<>". This is only intended to be a
5722 transitional gesture, and should not be used if at
5723 all possible. It appears that Berkeley and IDA
5724 config files have always handled this properly; the
5725 UK config kit apparently does not.
5726 Don't lowercase and then capitalize header field names -- leave
5727 them with original capitalization. Fixes from Bill
5728 King of Allen-Bradley Company.
5729 Further cleanup and improved reporting of error messages,
5730 particularly conditions that cause messages to be
5731 requeued for future delivery.
5732 Tweak syslog priorities in some cases.
5733 CONFIG: clean up route-addr on UUCP addresses.
5736 HPUX 8.07 compatibility changes in getla() -- I had to make
5737 these changes to get it to work at Berkeley, although
5738 others seem to have been working before (???).
5739 Various patches to XLA code.
5740 Fix problem that causes setuid bit on files to be ignored from
5741 SMTP or in queue runs. Problem noted by Jason Ornstein
5742 of Under The Wire, Inc.
5743 Fix problem that can cause CNAMEs to be ignored.
5744 Generalize getmxrr to match local host in $=w instead of a
5745 single name passed in.
5746 Some cleanup from Eric Wassenaar:
5747 Use FileMailer instead of ProgMailer in two places.
5748 Eliminate duplicate 8th-bit stripping in commaize.
5749 Fix a problem with mis-parsing of backslash escapes
5750 under some circumstances.
5751 NIS map fix (was always including trailing null character)
5752 from Mike Glendinning of Ingres UK.
5753 Add "a" mailer flag to try using ESMTP. It tries the EHLO
5754 command and if that fails falls back to regular SMTP.
5755 Also parses EHLO option keywords. If host supports
5756 SIZE extension, this is added to the MAIL FROM:
5758 Extend "b" option to include a second value which is the
5759 maximum message size this server is willing to accept.
5760 For example, a value of "10/1000000" says that there
5761 must be ten blocks free, and sendmail will reject
5762 any message larger than one megabyte.
5763 Some portability hooks for NeXT (this could be applicable
5764 to Mach in general). You have to create an empty
5765 file called "unistd.h" to get it to compile.
5766 Adjust config values (MAXLINE, MAXATOM, and PSBUFSIZE) to
5768 Add X400-Received: to the list of headers tagged with H_TRACE
5769 in conf.c. From Bill King, Allen-Bradley Co.
5772 Fix problem that caused redefinition of SMTP and QUEUE compile
5773 flags. Pointed out by Jon Forrest of the Sequoia 2000
5774 project at Berkeley.
5775 Properly handle \! hack -- it was treating host\!user as one
5776 token (host!user) instead of three (host, !, user).
5777 Fix from Eric Wassenaar of NIKHEF-H.
5778 Fix compilation problem in getauthinfo() if IDENTPROTO is off.
5779 Turn off DEFNAMES and DNSRCH when getting the hostsignature
5780 (i.e., MX records) in level 1 configuration files; this
5781 matches the old behavior. From Motonori Nakamura of
5783 Improve error message printing -- if sent through an alias,
5784 error messages include the name of the alias in the
5785 message. Unfortunately, in order to make this work
5786 properly in queue runs, this changes the format of the
5787 C line in the qf file. The relatively uselessness of
5788 the previous information was pointed out to me by
5789 Allan E Johannesen of WPI.
5790 Add XLA compile flag to add hooks to Christophe Wolfhugel's
5791 extended load average code. This is still in very early
5792 form. For information regarding the guts of the xla
5793 code, contact Christophe.Wolfhugel@grasp.insa-lyon.fr.
5794 Additional hooks for detecting tempfails in rewriting rules
5795 (that is, in map lookups).
5798 Properly diagnose ruleset zero returning null (instead of a mailer
5799 triple). From Motonori Nakamura of Kyoto University.
5800 More generalization of socket code for other protocols.
5801 Shorten timeouts on reverse name lookups -- since they are done
5802 during connection establishment, long timeouts here can
5803 cause higher level timeouts. This mainly serves to accept
5804 mail from hosts that do not have proper reverse (PTR) DNS
5806 Reset e_statmsg before each mailer invocation to avoid bogus
5807 messages in the log.
5808 Redefine $r, $s, and $_ in error envelopes so you don't get
5809 incorrect cruft in the error message. Problem noted by
5810 Motonori Nakamura of Kyoto University.
5811 Fix a problem that can cause failure to return errors to Postmaster
5812 in certain cases. From Motonori Nakamura.
5813 Fix a problem that can cause some systems to give duplicate error
5814 messages when a bad syntax address such as "<a" is presented
5815 to an SMTP server. It doesn't seem to occur on all
5816 machines. From Motonori Nakamura.
5817 Default IDENTPROTO off for Ultrix and HPUX, which apparently have
5818 the interesting "feature" that when they receive a "Host
5819 unreachable" message they closes all open connections to
5820 that host. However, some firewall gateways send this message
5821 if you try to connect to an unauthorized port, such as the
5822 IDENT port (113). Thus, no email can be received from such
5823 hosts. There is some evidence that versions of Ultrix before
5824 4.3 do not have this problem. Thanks to Tom Ivar Helbekkmo
5825 for pointing out this behavior to me and to Michael Corrigan
5826 of U.C. San Diego for informing me about the HPUX problem.
5827 Allow IPC mailers to return a colon-separated list of hosts in the
5828 $@ clause; these are searched in order as though they were
5830 When sending an error report, print the list of addresses tagged
5831 as bad. Requested by Allan E Johannesen of WPI.
5832 Change map function calls to return a status code. This gets
5833 passed back as the result of rewrite. Parseaddr marks
5834 the address as a QUEUEUP address if the return code is
5835 EX_TEMPFAIL. All this to queue properly if the name
5836 server is down. This code is not well tested. This code
5837 changes the interface to map lookup functions (a fifth
5838 parameter, int *statp, is added). Feature requested by
5840 Don't delete quotes (in the dequote map) if there are spaces in
5841 the string, since this would cause them to be replaced by
5842 the SpaceSub character.
5843 Accept BODY=8BITMIME on SMTP MAIL command. This isn't advertised
5844 because the 8BIT to 7BIT translation doesn't exist yet.
5845 This does add a "bodytype" field to both envelope and
5846 queue file and a -B command line flag to pass the type in
5847 during direct invocations.
5848 Discard return error messages only on responses to responses to
5849 responses, not on responses to responses. That is, the
5850 algorithm is to try return to sender, then return to
5851 postmaster, then discard. Previously it discarded
5852 immediately if the return to sender pass failed.
5853 CONFIG: back out change to hide unqualified hostnames behind %-hack.
5854 This screws up local aliases and .forward files.
5855 CONFIG: add FEATURE(nocanonify) to turn off calls to $[ ... $];
5856 some sites only handle completely canonified names.
5857 Requested by John Gardiner Myers of CMU.
5858 CONFIG: some UUCP code was still included even if FEATURE(nouucp)
5862 Clean up some minor glitches on error return messages pointed out
5863 by Motonori Nakamura of Kyoto University.
5864 Fix reply() to not reset SmtpReplyBuffer on fatal errors; this
5865 was supposed to reset SmtpMsg Buffer. This makes the
5866 client side code virtually useless. Reported by Allan
5867 E Johannesen of WPI and Phil Brandenberger of Swarthmore.
5868 Better debug messages if fuzzy is disabled, suggested by Allan
5869 E Johannesen of WPI.
5870 Offset SmtpReplyBuffer by four in usersmtp when checking for
5871 loopback. From Eric Wassenaar.
5872 Don't set $s until after runinchild in srvrsmtp -- otherwise
5873 it gets cleared. From Eric Wassenaar.
5874 Implement IDA-style $&x for deferred macro expansion.
5875 More POSIX compatibility.
5876 CONFIG: Hide unqualified hostnames behind %-hack using $s as the
5877 actual sender. This is only done if $r is non-null, that
5878 is, if this is not locally submitted mail.
5879 CONFIG: Add FEATURE(bitdomain) allowing mapping of BITNET host
5880 names to internet domains. A program contributed by
5881 John Gardiner Myers of CMU to create the maps is included
5882 in the contrib directory (in the "misc" tar file).
5883 CONFIG: Add FEATURE(uucpdomain) for a similar mapping for UUCP
5884 hosts. There is currently no tool to create this map.
5887 Add D= mailer flag to specify a path of possible working directories
5888 in which to execute the mailer. This is intended for the
5889 prog mailer; some shells can get upset if they don't have
5890 access to the current directory.
5891 Add RFC 1413 (IDENT) protocol support. This is only very loosely
5892 tested. This adds a $_ macro to be the authenticated
5893 info (in ``user@domain [address]'' form) and debug flag
5894 9 to trace the protocol.
5895 Check for loopbacks in usersmtp instead of srvrsmtp -- there is no
5896 reason for a local agent to not be talking to the localhost
5897 (although the inverse is not true).
5898 Add a few hooks for automated map rebuilding. This is certainly
5900 CONFIG: Have prog mailer specify a path of ``D=$z:/'' -- that is,
5901 user's home directory then the root.
5902 CONFIG: Log RFC 1413 identification in Received: line.
5905 Fixes to requeueing code to make it compute priority, nrcpts,
5906 and the like properly.
5909 Diagnose incorrect privacy flags. Suggested by Bryan Costales
5912 Arrange to quote backslashes as well as other special characters
5913 in the phrase part of a route-addr.
5914 Some fixes to FallBackMX code suggested by Motonori Nakamura of
5916 More vigorous zeroing of CurHostAddr to avoid logging of bogus
5917 host addresses when you are actually just printing
5918 information from the MCI structure; problem noted by
5919 Michael Corrigan of U.C. San Diego.
5920 Don't ignore rest of queue if any job is not runnable. This can
5921 also cause an incorrect job to be lost. Fix from
5923 Always respond "quickly" to RCPT command; do alias expansion and
5924 the like later. This also means that mail for lists that
5925 have errors will be accepted, and an error sent back
5926 later. This is done by instantiating the queue file
5927 and then immediately running and requeueing it.
5930 Fix incorrect diagnosis of infinite loop in ruleset. Problem noted
5932 Improve information printed when infinite loops are discovered.
5933 Zero CurHostAddr to fix erroneous internet addresses in log when no
5934 addresses can be bound. Pointed out by Motonori Nakamura
5935 of Kyoto University.
5936 "Probe" SMTP connections using RSET instead of NOOP "just in case".
5937 Suggested by John Gardiner Myers of CMU.
5938 Don't warn about -f if you are setting sender to yourself.
5941 Fix incompatible call to endmailer in smtpquit which causes core
5942 dumps. Noted by Allan E Johannesen of WPI.
5943 HPUX portability changes from Michael J. Corrigan of UC San Diego.
5944 Require MAIL before RCPT command in srvrsmtp.c. This had been
5945 intentional from the 821 draft days when the order wasn't
5946 clear, but is silly now.
5947 Fix bug in nis_magic routine that was initializing parameters
5948 incorrectly. Fix from Takahiro Kanbe of Fuji Xerox
5949 Information Systems Co., Ltd.
5950 Change default for PrivacyFlags in conf.c to 0 -- since it always
5951 "or"s in new values, there was no way to turn off the
5953 Add O option to set SMTP daemon options.
5954 Add V option to set fallback MX host. This always sorts at lower
5955 priority than anything it gets from the name server. It
5956 should only be used for environments with very bad network
5957 connectivity. Requested by several people.
5958 Log sending info. It's not clear this is a good idea.
5959 CONFIG: fix typo in mailertable code. Noted by Phil Brandenberger
5961 CONFIG: add confDAEMON_OPTIONS and confFALLBACK_MX to set options
5962 O and V, respectively.
5965 Fix botch in server SMTP that broke transactions that did not
5966 use HELO first (like MH). Fix from Michael Corrigan
5968 Fall back to other MX records if there is an error anywhere
5969 in delivery (actually on MAIL or DATA -- RCPT is harder).
5970 Suggested by John Gardiner Myers and Motonori Nakamura.
5971 Revert to non-prototypes -- it turns out that our ANSI C
5972 compiler is more forgiving than most others about
5973 mixing prototyped extern declarations with non-prototyped
5974 function definitions.
5975 Fix a problem with multi-word class matching pointed out by
5976 Neil Rickert. Given:
5978 R$+ $=X $+ $: $1 < $2 > $3
5979 the input "user@a.b.c" failed instead of being properly
5980 rewritten as "user@a.<b>.c".
5981 Neil also convinced me that it was correct that $~ should match
5982 only one token -- the problem is that it's always possible
5983 to add another token, so $~ matches far too eagerly.
5986 Implement multi-word classes (properly!).
5989 Add X-Authentication-Warning: headers to clue users into possible
5990 attempts to forge mail. This is on the authwarnings
5991 privacy flag, but is the default. Suggested by Bryan
5993 Pass default units for convtime in so they can be more reasonable.
5994 Allow config files to always add a new Comments: header (i.e.,
5995 they will be added even if an old one already exists).
5996 Suggested by Bryan Costales of ICSI.
5997 Allow config files to delete an existing Return-Path: header.
5998 These should only be added at final delivery. Suggested
5999 by Bryan Costales of ICSI.
6000 Some debugging additions. Suggested by Bryan Costales of ICSI.
6001 Clean up logging of Family 0 addresses. Noted by David Muir
6002 Sharnoff and others.
6003 Add a "dequote" map class. This allows config files to strip
6004 quotes off of addresses. Note that this is not a builtin
6005 map, just a class -- so you have to define the map
6007 Fix a bug in the queueup() loop getting a locked tf where in
6008 very odd cases it can fall off the bottom and core dump.
6009 Of course, it was P{r Emanuelsson who found it....
6010 Open a new transcript when splitting an envelope. Problem found
6011 by Allan E Johannesen of WPI.
6012 Improved error output in endmailer if the mailer core dumps.
6013 CONFIG: Fix typo in UUCP mailer definition.
6014 CONFIG: Default several of the new options on: eight bit input,
6015 privacy flags set to "authwarnings", and message warning
6017 CONFIG: Use dequote map.
6020 Fix problem with assumption of an sa_len field in a generic
6021 sockaddr -- it turns out that most vendors haven't
6022 picked up this (very important) fix.
6023 Change compilation flags for daemon code -- select one or both
6024 of NETINET or NETISO, but don't ever set DAEMON manually.
6025 CONFIG: add FEATURE(mailertable) to do IDA-style mailertables.
6028 Use Postmaster as default fallback return address, not root.
6029 POSIX changes for file descriptor handling.
6030 Diagnose errors writing new queue file.
6031 If you change the owner using an owner- alias, also change the
6032 error mode to EM_MAIL so that errors don't get dropped
6033 into an inappropriate directory. Problem noted by
6034 Allan E Johannesen of WPI.
6035 If you are su'ed to root, send email as who you really are, not
6036 as root. From Brian Kantor of U.C. San Diego.
6037 Allow warning messages to be sent after a configurable interval
6038 has passed without delivery. The message is sent only
6039 once per envelope. This changes the format of the qf
6040 file to have an F line, and the format of the T option
6041 to accept take the format "return/warn" (both intervals).
6042 Don't force all local names to lower case -- this was left over
6043 from the weird handling of case mapping on aliases. It
6044 is now driven (as expected) by the "u" mailer flag.
6045 Problem noted by P{r Emanuelsson.
6046 Fix problem that caused headers on returned email to be trashed;
6047 they were getting freed, but are still accessible via
6049 Fix problem that caused bogus ids to be created on returned
6051 Add support for ISO and other non-INET networking. This is by
6052 no means finished yet. This does assume a lot of other
6053 system support, like a version of gethostbyname that
6054 returns non-AF_INET addresses.
6055 CONFIG: change default on prog mailer to keep upper case in
6056 user names (i.e., in the program command line).
6057 CONFIG: strip trailing dots off of hosts in uucp mailer before
6058 convert to bang format.
6059 CONFIG: create new "relay" mailer for $R (LOCAL_RELAY) and $H
6060 (MAIL_HUB) delivery that doesn't add local domain. Note
6061 that this violates 821, but is probably "more correct"
6062 for what we are trying to do. Problem pointed out by
6063 Michael Graff of Iowa State.
6066 Clean up unnecessary creates of queue ids (i.e., empty qf files)
6067 when not needed, such as when starting up an SMTP
6069 Fix problem where split envelopes aren't instantiated in the queue.
6070 This is quite a serious bug.
6071 Owner- aliases had problems with leading spaces causing a
6072 premature delimitation.
6075 Have ending 250 (after DATA) include the id; suggested by
6076 Brian Kantor of UC San Diego.
6077 Add logging on envelope splitting.
6078 Change queue ids to have one more letter encoding the hour of
6079 the day so that during a single day there is a greater
6080 likelihood of uniqueness; requested by Brian Kantor.
6083 Fix minor compile problem if LOCKF is defined.
6084 Define size of tobuf in conf.h. Observed by Toshinari Takahashi
6086 Restore e_sender -- this is equivalent to e_from.q_paddr without
6087 decorations such as angle brackets and comments.
6088 OSF/1 on Alpha changes from Allan E Johannesen of WPI.
6089 CONFIG: fix typo in S3 for list syntax (;: => :;). Thanks to
6090 Christopher Hoover for noting the problem.
6093 Pass envelope to disconnect to avoid another use of CurEnv, which
6094 can apparently end up being null at inopportune times.
6095 Log "received from" as "relay=" for consistency (suggested by
6096 John Gardiner Myers).
6097 Fix major bug in header handling: if no From: line existed in
6098 the header (so sendmail inserts one), and the sender is
6099 an alias that has an owner, the From: line shows the
6100 owner (as well as the envelope). Fixed by early binding
6101 the headers (which will change debugging output).
6102 HPUX portability patches from Michael J. Corrigan of UC San Diego.
6103 Some attempts to adapt better to out of open file conditions.
6104 Some changes to ctladdr handling in queue files.
6107 MAJOR CHANGE: delete e_sender and e_returnpath (why are these
6108 different from e_from?) and $< macro.
6109 Log correct IP address in relay= field even if the connection
6111 Log "received from [RESPONSE]" on EF_RESPONSE messages (from
6112 John Gardiner Myers).
6113 Fixes to SysExMsg logging (sometimes just got "message: %s"
6114 instead of "message: error message"), noted by Eric
6115 Wassenaar. Also reported by Motonori Nakamura.
6116 Improvements to MX piggybacking code, from Motonori Nakamura.
6117 Fix case where CurHostName points to an auto variable that has
6118 been deallocated (from Motonori Nakamura).
6119 Fix bug causing newlines to be included in aliases if option
6120 "n" (check alias RHS) is set; bug noted by David Muir
6122 Fix problem causing user names that should be mapped to lower
6123 case to not be mapped if they are sent during a queue
6124 run. This greatly simplifies the case mapping code.
6125 Problem noted by Allan E Johannesen of WPI.
6126 Don't do recipient address rewriting in buildaddr. This
6127 improperly did recipient rewriting on sender addresses,
6128 and just seems bogus in general -- but the change could
6129 break some .cf files.
6130 Pass TZ envariable to child processes for System V.
6131 CONFIG: allow LOCAL_RULE_1 and LOCAL_RULE_2 if you want to
6132 define those rulesets.
6133 KNOWN PROBLEM: I have seen some problems on SunOS that causes
6134 the User Data Base to give errors on some addresses. I
6135 have tracked the problem back at least as far as 93.02.15
6136 (version 6.22). Running with debugging on makes it
6137 go away, so I conclude that it is referencing uninitialized
6138 stack data. I haven't been able to track this down yet.
6141 Allow local mailer to specify $@host -- this lets you assign the
6142 "foo" part of jgm+foo to $h for passing in to the local
6144 Additional debug printing in getcanonname (show query type).
6145 Don't add the e_fromdomain on sender addresses -- this interacts
6146 weirdly with the owner- code.
6147 Improve delivery logging to not log obvious or meaningless stuff.
6148 Include numeric IP address in Received: lines per RFC 1123 section
6150 Fixed a bug in checking stat() return value if restrictmailq is
6151 set. Also, check the entire group set instead of just the
6152 primary group. Both from John Gardiner Myers.
6153 Don't have usrerr automatically print errno, since this is often
6155 Use transienterror() in makeconnection after connect() fails and
6156 in openmailer after execve() fails (from Eric Wassenaar).
6157 Also moved transienterror() from util.c to conf.c.
6158 Clean up from= logging on response messages.
6159 Undo patch allowing prescan to return a null vector -- it breaks
6161 Config: FEATURE(notsticky) lets you use UDB for everything coming
6162 in to the machine, even if it is specifically targetted
6163 to this machine. Without it, UDB is bypassed if the user
6164 name is fully qualified.
6165 Config: fix another minor botch with <> (local mailer wasn't
6166 mapping them properly).
6169 Fix getrealhostname to return null if sinlen <= 0 -- this can
6170 occur if stdin is a pipe.
6171 Avoid infinite loop in getcanonname if name server return
6172 NO_DATA (for example).
6173 Config: avoid having C flag qualify list syntax and error syntax.
6176 Fix logging in deliver to not pass too many parameters to Ultrix
6178 Don't write the pid file until after the daemon has actually
6179 opened and conditioned the connection.
6180 Consider addresses "different" if their q_uids differ (so that
6181 two users forwarding to the same program will be seen
6182 as different, rather than the same).
6183 Fix problem with bad parameters in main() -- they set ExitStat
6185 Fix null pointer references through RealHostName -- painfully
6186 discovered by Allan E Johannesen of WPI.
6187 Fix bug causing user@@localhost to core dump (yuch).
6188 Config: don't put two @host.dom.ain on users in $=E in SMTP
6189 mailer. Also, catch user@ (no host) in ruleset 0.
6192 Config: add confCW_FILE as the name of the cw configuration file
6193 (defaults to /etc/sendmail.cw). From P{r Emanuelsson.
6194 Allow prescan to return a pointer to an empty list -- this is
6195 not an error. Also, clean up error reporting to avoid
6196 double errors (prescan reports once, then the caller
6198 Changes to avoid trusting T_ANY queries -- run them, but if you
6199 don't get the info you expected, do T_A and T_MX queries
6200 anyhow. This also fixes an oversight where _res.options
6201 bits were being ignored.
6202 If PRIV_NOVRFY is set, use 252 response code instead of 502 per
6203 RFC 1123 section 5.2.3. It's not 100% clear that this
6204 is correct, but it probably works better with stupid
6205 mailers that do a VRFY and only check the first digit.
6208 Fix uninitialized variable "protocol" in smtp code.
6209 Include <unistd.h> in sendmail.h -- move towards POSIX/ANSI.
6210 Additional hooks for RFC 1427 (ESMTP SIZE extension). This
6211 includes requiring that enoughspace() know the system
6212 block size, which will undoubtedly break most ports.
6213 Trace flag 19 in use for srvrsmtp.c.
6214 Additional logging -- notably the sending mailer name. This
6215 also changes the delivery logging to strict field=value
6217 Fix some problems with messages getting sent even to addresses
6218 that had been marked bad -- from Eric Wassenaar.
6219 More WIDE changes: accept host name inside [...] as non-MXed
6220 host. This is intended ONLY for use inside firewalled
6221 environments, where the MX points at the gateway.
6222 Change .cf file conventions so that mapping for <> addresses
6223 don't have an @ in them (to avoid confusing the C mailer
6224 flag). Pointed out by Neil Rickert.
6225 Config extensions for Sam Leffler's FlexFAX software.
6228 Fix some more bugs in alias owner code -- there were some weird
6229 cases where an error in a non-aliased name would override
6230 the return info in an aliased name with an owner.
6231 Changes from WIDE Project, forwarded to me by Motonori Nakamura:
6232 Log actual delivery host (after MX et al); from
6235 Deliver Postmaster copies without a body.
6236 Better logging of SMTP senders.
6237 Send all program email as daemon even when local.
6238 As requested in various forms from many people, accept -qIstring
6239 to limit queue runs to jobs with queue-id matching string.
6240 Similarly for -qRstring for recipients, -qSstring for
6242 Initial hooks for ESMTP support (see RFC 1425).
6243 Fixed a syntax error in the UUCP mailer specification that caused
6244 core dumps on startup.
6245 Check for missing A= or P= arguments in mailer definitions.
6248 Require FROZENCONFIG compilation flag to include frozen
6249 configuration code. Frozen configuration is really
6250 not a very good idea any more, particularly in shared
6251 library environments.
6252 Do better checking of errno after opens of :include: and .forward
6253 files to defer delivery on network and other transient
6254 errors. Suggestion from Craig Everhart.
6255 Fix minor botch in read timeout macro processing.
6256 Add FEATURE(nouucp) to config files for sites that know absolutely
6258 Add built cf files to distribution tape and clarify how to build
6259 them if you don't have the Berkeley make.
6260 Some sizeof(long) portability changes for the Alpha, from Allan
6262 Add "restrictmailq" privacy flag -- if set, only people in the same
6263 group as your queue directory can print the queue. If you
6264 set this, be sure you also restrict access to log files....
6265 Fix another bug in owner-list stuff that can cause data files to
6267 Fix a bug with queue runs that cause forwards to yourself to go
6268 into alias/forwarding loops. I'm still iffy about this
6270 Fix from Eric Wassenaar for suppression of return message code.
6273 Fix yet another problem in alias owner code -- put the wrong return
6274 address on the enclosed return-to-sender letter.
6277 Fix botch in alias owner code that caused it to not operate if the
6278 error was detected locally.
6281 M_LOCAL => M_LOCALMAILER to avoid conflict with Ultrix include
6283 Miscellaneous bug fixes from Eric Wassenaar:
6284 sendmail -bv -t logs the from line even though in verify
6286 sendmail -v can go into queue mode if shouldqueue returns
6288 Add route-addr pruning per RFC 1123 section 5.3.3. This can be
6289 disabled using the "R" option.
6290 Delete (always undocumented) -R flag (save original recipients);
6291 there are ways to syslog(3) these now.
6292 Clean up SMTP reply codes -- specify them as needed in the code,
6293 instead of in conf.c -- this was needed during the NCP to
6294 TCP transition, but seems silly now. This also changes
6295 parameters to message and nmessage.
6296 Have mailstats read the .cf file to find the sendmail.st file and
6297 get text versions of mailer names. An initial version of
6298 this code was provided by Tuominen Keijo (although the
6299 comments indicate the good bits were written by "E.V.").
6300 Add yet more System V compatibility hacks.
6301 Fix bug in VRFY code (assumes everything must be a local user).
6302 Allow specification of any of the hard-wired pathnames in the
6304 Delete concept of "trusted users" -- this really didn't provide
6305 any security anyway, and caused some problems.
6306 Delete last vestige of support for the word "at" as an equivalent
6307 to the character "@".
6308 Propagate owner-foo alias information into the envelope sender.
6309 Based on code from John Gardiner Myers. This is a major
6310 semantic change -- beware!
6311 Allow $@ on LHS to indicate "match zero" -- this is used to match
6312 the null expression.
6315 Don't "lose" queue runs. Very important fix from (who else?)
6317 Completely reset state on RSET command -- from Eric Wassenaar.
6318 Send error messages and return receipts using an envelope sender
6319 of <> regardless of the setting of $n. Rewriting rules
6320 can undo this if they feel the necessity, as might be
6321 needed for networks that don't understand the syntax.
6322 This is permitted by RFC 821 section 3.6 and required by
6323 RFC 1123 section 5.3.3. THIS REQUIRES VERSION 4 CONFIG
6324 FILES because the rulesets must be able to parse <>
6326 Don't ever send error messages to "<>" -- they will get sent to
6327 the local postmaster or dumped in /usr/tmp/dead.letter
6328 instead. Per RFC 1123 section 5.3.3.
6329 Explicitly check for email to yourself as a dotted quad. You
6330 have to call $[ [ ... ] $] to get this.
6331 Up the message timeout to five days per RFC 1123 section 5.3.1.1.
6332 Make all read timeouts individually configurable, as strongly
6333 recommended by RFC 1123 section 5.3.2.
6334 Use f_bavail (blocks available to regular users) instead of f_bfree
6335 (blocks available to superuser) in free block checks.
6336 Change $d macro to be the current time, not the origination time,
6337 since this is consistent with how it is used now.
6338 Generalization of enoughspace from Eric Wassenaar covering
6339 SGI, Apollo, HPUX, Ultrix, and SunOS.
6340 Ignore process group signals -- some front ends can do this if
6341 you kill a window too quickly. From Eric Wassenaar.
6342 Change umask to 022.
6345 Close all cached connections before calling mailers and after
6346 forking for delivery (caused double closes which resulted
6348 Add FEATURE(redirect) in config files -- this allows you to alias
6349 old addresses to a pointer to the new address that will
6350 give a 551 error message, but not deliver the mail.
6351 Some code changes to make the 551 errors look pretty.
6352 Names of M4 program paths in config files have changed -- they
6353 are all XXX_MAILER_PATH now, to match XXX_MAILER_FLAGS.
6354 Fix a bug in the QSELFREF code having to do with empty .forward
6355 files, reported by Eric Wassenaar.
6356 Add option "p" (privacy flags); this allows you to tune how
6357 picky the SMTP server will be. This also adds the
6358 confPRIVACY_FLAGS M4 macro in the config files.
6359 Add option "b" (minimum blocks free). If there are fewer than
6360 this number of blocks free on the filesystem containing
6361 the queue directory, the SMTP MAIL command will return
6362 a 452 response and ask you to try again later. This
6363 also adds the confMIN_FREE_BLOCKS M4 macro in the config
6365 Made VRFY just verify (doesn't expand aliases and .forward files);
6366 EXPN does full expansion. RCPT in queue-only mode also
6367 doesn't chase aliases and .forward.
6370 Increase the number of domain search entries in domain.c to allow
6371 for the extra "" entry indicating the root domain.
6372 Reported by Motonori Nakamura of Kyoto U.
6373 Add a "SMART_HOST" in the configs for UUCP-connected sites that
6374 want to forward all mail with extra "@"s to that site.
6375 Also allows SMART_HOST, LOCAL_RELAY, and MAIL_HUB to
6376 be specified as ``mailer:hostname'' to use an alternate
6378 Clarified and updated some wording in the Operations Guide.
6379 Add the "c" mailer flag -- this suppresses all comment parts of
6380 addresses (requested by John Curran of NEARnet).
6381 Have -v print prompts in -bt mode even if stdin is not a terminal
6382 (default behavior is to be silent if not reading from
6383 a terminal). Suggested by Bryan Costales, ICSI.
6384 Move the metacharacters from C0 space (\001-\037) into C1 space
6385 (\201-\237). This also fixes a bunch of potential bugs
6386 with G1 characters (\240-\276) in headers relating to
6387 negative numbers passed to isspace() et al.
6388 Add YP_LAST_MODIFIED and YP_MASTER_NAME to DBM version of alias
6389 database if YPCOMPAT is #defined. Enhancement from
6390 Takahiro Kanbe of Fuji Xerox Information Systems Co., Ltd.
6391 Add "list" Precedence (-30); this can be used with old sendmails
6392 which will map to precedence 0 (which will return error
6393 messages). Suggested by Stephen R. van den Berg.
6394 Many bug fixes from Eric Wassenaar of the National Institute for
6395 Nuclear and High-Energy Physics, Amsterdam:
6396 Clear timeouts properly on open failures in include().
6397 Don't dereference through NULL if no home directory found.
6398 Re-establish SIGCHLD signal on System 5 in reapchild().
6399 Avoid NULL pointer reference on -pFOO flag.
6400 Properly handle backslash escapes in comments.
6401 Correctly check reply status on SMTP NOOP command.
6402 Properly save SMTP error message if peer gives
6403 "Service Shutting Down" message.
6404 Avoid writing to the transcript if it couldn't be opened.
6405 Signal errors in SMTP children to parent properly.
6406 Handle self references in a list more globally (include a
6407 QSELFREF bit in the address flags). This enhancement
6408 was suggested by Eric Wassenaar.
6409 Use initgroups() in hpux, even though it's System-V based. The
6410 HASINITGROUPS compile flag can set this on other systems.
6411 This HPUX behavior was pointed out by Eric Wassenaar.
6414 Clean up handling of LogLevel to make it easier to figure out
6415 what's on what level.
6416 Change log levels to have some consistency:
6417 1 serious system failures, security problems
6418 2 lost communications, protocol failures
6419 3 other serious failures
6421 5 message collection
6422 6 vrfy logging, creation of return-to-sender
6424 8 delivery successes
6425 9 delivery tempfails (queue ups)
6426 10 database expansion
6428 Allow IDA-style separated processing on S= and R= in Mailer
6429 definition lines. Note that rulesets 1 and 2 are
6430 still used for both addresses as before. Bruce Lilly
6431 gave a convincing argument that RFC976 insists on
6433 Added some time zones to arpatounix -- they may not be in the
6434 standards, but they are in use. However, I may delete
6435 arpatounix entirely -- there appears to be no reason
6437 Change to UUCP mailer (in cf directory) to try to do a saner job.
6438 I'm still not certain about this mailer in general.
6441 Fix bug that prevents saving letters in ~/dead.letter.
6442 Don't add angle brackets in VRFY command if angle brackets already
6443 exist in the address.
6444 Fix bogus error message in udbexpand.
6445 Null terminate host buffers in buildaddr (broken in 6.21) --
6449 Fix another incorrect error message in alias.c, found by Azuma
6451 Fix a couple of problems in the more-configurable config files,
6452 found by Tom Ivar Helbekkmo.
6453 Fix problem with quoted :include: entries.
6454 Don't duplicate the filename on verbose printing of .forward and
6456 Extend size of prescan buffer (to allow bigger addresses). Also,
6457 detect some buffer overflows.
6458 Log user SMTP protocol errors (log level 4).
6461 Fix another problem in the MCI state machine caused when there
6462 were errors generated from the other end to commands
6466 Include load average support for DEC Alpha running OSF/1.
6467 Fix multiple-response problem with errors in MAIL From: line.
6468 Fix SMTP reply codes for invalid address syntaxes (give 501;
6469 never give multiple error messages for a single message).
6470 Fix problem where a cached connection timeout rejects all
6471 later connects to that host.
6472 Fix incorrect error message if alias.c is compiled with DBM only.
6473 Additional changes to fix nested conditionals (from Bruce Lilly).
6474 Recover more gracefully from operating system failures, particularly
6475 NULL returns from openmailer (from Noritoshi Demizu,
6477 Log forward, alias, and userdb expand operations on log level 10;
6478 concept suggested by P{r (Pell) Emanuelsson.
6479 Changes for HPUX 8.07 compatibility.
6482 Allow any config option to be set using an M4 define.
6483 Change UNAME compile flag to HASUNAME for IDA compatibility
6484 (besides, it's a better name).
6485 Note in README that on SunOS it must be linked -Bstatic.
6486 Fairly major change in domain.c to handle wildcard MX records
6487 more rationally. NOTE: the "w" option (no wildcard MX
6488 records match local domain) has been eliminated.
6489 Fix some unset variable references pointed out by Bruce Lilly.
6490 Fix host name in process titles when using cached connection.
6493 Fix System 5 compatibility changes to be compatible with the rest
6497 Experimental fix for problem handling errors in the SMTP
6498 protocol in conjunction with connection caching.
6499 System 5 compatibility changes.
6502 Fix a bug that causes local mail delivered using -odq to be
6503 eliminated as a duplicate (because it matched the
6504 ctladdr, now passed in as a C line). These changes
6505 are pretty tricky......
6508 Add debugging for some MCI errors.
6511 Fix -e compatibility flag to take a value.
6512 Fix a couple of minor compilation warnings on Sun cc.
6513 Improve error messages in a few cases to be more self-explanatory.
6516 Fix yet-another problem with environment handling, pointed out
6517 by Yoshitaka Tokugawa and Tom Ivar Helbekkmo.
6518 Some heuristics to try to limit resource exhaustion problems
6519 if a downstream host has been down for a long time.
6520 Fix problem with incorrect host name being logged in "Connection
6521 timed out" messages (from Tom Ivar Helbekkmo).
6522 Fix some ANSI C problems (from Takahiro Kanbe).
6523 Properly log message sender on returned mail during queue run.
6524 Count number of recipients properly.
6525 Fix a problem in yp map code.
6526 Diagnose "message timed out" (from Motonori Nakamura).
6529 Fix problem with address delimitor inside quotes.
6530 Define $k and $=k to be the UUCP name (from the uname call)
6531 based on code from Bruce Lilly.
6534 Implement arpatounix (largely code from Bruce Lilly).
6535 Log more info (suggested by John Myers).
6536 Allow nested $?...$|...$. (inspired by code from Bruce Lilly of
6538 POSIX compatibility (noted by Keith Bostic).
6539 Handle SMTP MAIL command errors properly (urged by several people,
6540 notably John Myers of CMU).
6541 Do early diagnosis of .cf errors (notably referencing a RHS
6542 substitution that isn't on the LHS).
6543 Adjust checkpointing to better handle batched recipients, suggested
6545 Fix miscellaneous bugs.
6546 (config files:) Implement MAIL_HUB for all local mail (to handle
6547 NFS-mounted directories) as urged by Tom Ivar Helbekkmo
6548 of the Norwegian School of Economics.
6551 Environment handling simplification/bug fix -- child processes
6552 get a minimal, fixed environment. This avoids different
6553 behavior in queue runs.
6554 Handle commas inside comments properly.
6555 Properly limit large messages submitted in -obq mode.
6558 Check mtime of thaw file against .cf and sendmail binary, based on
6559 code from John Myers.
6562 MX piggybacking, based on code from John Myers@CMU.
6563 Allow checkcompat to return -1 to mean tempfail.
6564 Bug fix in m_mno computation.
6567 Tuning of queueing functions as recommended by John Gardiner Myers.
6568 Return mail headers (no body) on messages with negative precedence.
6569 Minor other bug fixes.
6572 Fix botch causing queued headers to have ?XX? prefixes.
6575 Changes to recognize special mailer types (e.g., file) early.
6578 Pass timeouts to sfgets.
6579 Check for control characters in addresses.
6580 Fixed deferred error reporting.
6581 Report duplicate aliases.
6582 Handle mixed case recursive aliases.
6586 Put return-receipt-to on a conf.c flag (but don't set it).
6587 Fix minor syslog problem.