4 This listing shows the version of the sendmail binary, the version
5 of the sendmail configuration files, the date of release, and a
6 summary of the changes in that release.
8 8.17.1/8.17.1 2021/08/17
9 Deprecation notice: due to compatibility problems with some
10 third party code, we plan to finally switch from K&R
11 to ANSI C. If you are using sendmail on a system
12 which does not have a compiler for ANSI C contact us
13 with details as soon as possible so we can determine
15 Experimental support for SMTPUTF8 (EAI, see RFC 6530-6533)
16 is available when using the compile time option USE_EAI
17 (see also devtools/Site/site.config.m4.sample for other
18 required settings) and the cf option SMTPUTF8.
19 If a mail submission via the command line requires
20 the use of SMTPUTF8, e.g., because a header uses UTF-8
21 encoding, but the addresses on the command line are all
22 ASCII, then the new option -U must be used, and
23 the cf option SMTPUTF8 must be set in submit.cf.
24 Please test and provide feedback.
25 Experimental support for SMTP MTA Strict Transport Security
26 (MTA-STS, see RFC 8461) is available when using
27 - the compile time option _FFR_MTA_STS (which requires
28 STARTTLS, MAP_REGEX, SOCKETMAP, and _FFR_TLS_ALTNAMES),
29 - FEATURE(sts), which implicitly sets the cf option
30 StrictTransportSecurity,
31 - postfix-mta-sts-resolver, see
32 https://github.com/Snawoot/postfix-mta-sts-resolver.git
33 New ruleset check_other which is called for all unknown SMTP
34 commands in the server and for commands which do not
35 have specific rulesets, e.g., NOOP and VERB.
36 New ruleset clt_features which can be used to select features
37 in the SMTP client per server. Currently only two
38 flags are available: D/M to disable DANE/MTA-STS,
40 Avoid leaking session macros for an envelope between
41 delivery attempts to different servers. This problem
42 could have affected check_compat.
43 Avoid leaking actual SMTP replies between delivery attempts
44 to different servers which could cause bogus logging
46 Change default SMTP reply code for STARTTLS related problems
47 from 403 to 454 to better match the RFCs.
48 Fix a theoretical buffer overflow when encountering an
49 unknown/unsupported socket address family on an
50 operating system where sa_data is larger than 30
51 (the standard is 14). Based on patch by Toomas Soome.
52 Several potential memory leaks and other similar problems
53 (mostly in error handling code) have been fixed.
54 Problems reported by Tomas Korbar of RedHat.
55 Previously the commands GET, POST, CONNECT, or USER terminate
56 a connection immediately only if sent as first command.
57 Now this is also done if any of these is sent directly
58 after STARTTLS or if the 'h' option is set via
60 CDB map locking has been changed so a sendmail process which
61 does have a CDB map open does not block an in-place
62 update of the map by makemap. The simple workaround
63 for that problem in earlier versions is to create
64 the map under a different name and then move it
66 On some systems the rejection of a RCPT by a milter could
68 CONFIG: New FEATURE(`check_other') to provide a default
70 CONFIG: FEATURE(`tls_failures') is deprecated and will be
71 removed in future versions because it has a fundamental
72 problem: it is message oriented but STARTTLS is
73 session oriented. For example, having multiple
74 RCPTs in one envelope for different destinations,
75 with different temporary errors, does not work
76 properly, as the persistent macro applies to all
77 RCPTs and hence implicitly to all destinations (servers).
78 The option TLSFallbacktoClear should be used if needed.
79 MAIL.LOCAL: Enhance some error messages to simplify
82 Add support for Darwin 19 & 20.
83 NOTE: File locking using fcntl() does not interoperate
84 with Berkeley DB 5.x (and probably later). Use
85 CDB, flock() (-DHASFLOCK), or an earlier Berkeley
86 DB version. Problem noted by Harald Hannelius.
88 cf/feature/check_other.m4
90 devtools/OS/Darwin.19.x
91 devtools/OS/Darwin.20.x
101 libsm/uxtext_unquote.c
103 libsmutil/t-lockfile.c
104 libsmutil/t-lockfile-0.sh
105 libsmutil/t-maplock-0.sh
107 8.16.2/8.16.2 202X/XX/XX
108 New compile time option NO_EOH_FIELDS to disable the special
109 meaning of the headers Message: and Text: to denote the
110 end of the message header.
111 CONTRIB: AuthRealm.p0 has been modified for 8.16.1 by Anne Bennett.
112 CONTRIB: Added cidrexpand -O option for suppressing duplicates from
113 a CIDR expansion that overlaps a later entry and -S option
114 for skipping comments exactly like makemap does.
116 Add support for Darwin 19 (Mac OS X 10.15).
117 Use proper FreeBSD version define to allow for cross
118 compiling. Fix from Brooks Davis of the FreeBSD
121 devtools/OS/Darwin.19.x
123 8.16.1/8.16.1 2020/07/05
124 SECURITY: If sendmail tried to reuse an SMTP session which had
125 already been closed by the server, then the connection
126 cache could have invalid information about the session.
127 One possible consequence was that STARTTLS was not
128 used even if offered. This problem has been fixed
129 by clearing out all relevant status information
130 when a closed session is encountered.
131 OpenSSL versions before 0.9.8 are no longer supported.
132 OpenSSL version 1.1.0 and 1.1.1 are supported.
133 Initial support for DANE (see RFC 7672 et.al.) is available if
134 the compile time option DANE is set. Only TLSA RR 3-1-x
135 is currently implemented.
136 New options SSLEngine and SSLEnginePath to support OpenSSL engines.
137 Note: this feature has so far only been tested with the
138 "chil" engine; please report problems with other engines
139 if you encounter any.
140 New option CRLPath to specify a directory which contains
141 hashes pointing to certificate revocations files.
142 Based on patch from Al Smith.
143 New rulesets tls_srv_features and tls_clt_features which
144 can return a (semicolon separated) list of TLS related
145 options, e.g., CipherList, CertFile, KeyFile,
146 see doc/op/op.me for details.
147 To automatically handle TLS interoperability problems for outgoing
148 mail, sendmail can now immediately try a connection again
149 without STARTTLS after a TLS handshake failure.
150 This can be configured globally via the option
151 TLSFallbacktoClear or per session via the 'C' flag
153 This also adds the new value "CLEAR" for the macro
154 {verify}: STARTTLS has been disabled internally for
155 a clear text delivery attempt.
156 Apply Timeout.starttls also to the server waiting for the TLS
157 handshake to begin. Based on patch from Simon Hradecky.
158 New compile time option TLS_EC to enable the use of elliptic
159 curve cryptography in STARTTLS (previously available as
161 Handle MIME boundaries specified in headers which contain CRLF.
162 Fix detection of loopback net (it was broken when compiled
163 with NETINET6) and only set the macros {if_addr_out}
164 and {if_family_out} if the interface of the outgoing
165 connection does not belong to the loopback net.
166 Fix logic to enable a milter to delete a recipient in
167 DeliveryMode=interactive even if it might be subject
169 Log name of a milter making changes (this was missing for
171 Log the actual reply of a server when an SMTP delivery problem
172 occurs in a "reply=" field if possible.
173 Log user= for failed AUTH attempts if possible. Based on
174 patch from Packet Hack, Jim Hranicky, Kevin A. McGrail,
176 Add CDB as map type. Note: CDB is a "Constant DataBase", i.e.,
177 no changes can be made after it is created, hence it
178 does not work with vacation(1) nor editmap(8) (except
180 Fix some memory leaks (mostly in error cases) and properly handle
181 copied varargs in sm_io_vfprintf(). The issues were found
182 using Coverity Scan and reported (including patches) by
183 Ondřej Lysoněk of Red Hat.
184 Do not override ServerSSLOptions and ClientSSLOptions when they
185 are specified on the command line. Based on patch from
187 Add RFC7505 Null MX support for domains that declare they do not
189 New compile time option LDAP_NETWORK_TIMEOUT which is set
190 automatically when LDAPMAP is used and
191 LDAP_OPT_NETWORK_TIMEOUT is available to enable the
192 new -c option for LDAP maps to specify the network timeout.
193 CONFIG: New FEATURE(`tls_session_features') to enable standard
194 rules for tls_srv_features and tls_clt_features; for
195 details see cf/README.
196 CONFIG: New options confSSL_ENGINE and confSSL_ENGINE_PATH
197 for SSLEngine and SSLEnginePath, respectively.
198 CONFIG: New options confDANE to enable DANE support.
199 CONFIG: New option confTLS_FALLBACK_TO_CLEAR for TLSFallbacktoClear.
200 CONFIG: New extension CITag: for TLS restrictions, see cf/README
202 CONFIG: FEATURE(`blacklist_recipients') renamed to
203 FEATURE(`blocklist_recipients').
204 CONTRIB: cidrexpand updated to support IPv6 CIDR ranges and to
205 canonicalize IPv6 addresses; if cidrexpand is used with IPv6
206 addresses then UseCompressedIPv6Addresses must be disabled.
207 DOC: The dns map can return multiple values in a single result
208 if the -z option is used.
209 DOC: Note to set MustQuoteChars=. due to DKIM signatures.
210 LIBMILTER: Fix typo in a macro. Patch from Ignacio Goyret
212 LIBMILTER: Fix reference in xxfi_negotiate documentation.
213 Patch from Sven Neuhaus.
214 LIBMILTER: Fix function name in smfi_addrcpt_par documentation.
215 Patch from G.W. Haywood.
216 LIBMILTER: Fix a potential memory leak in smfi_setsymlist().
217 Patch from Martin Svec.
218 MAKEMAP: New map type "implicit" refers to the first available type,
219 i.e., it depends on the compile time options NEWDB, DBM,
220 and CDB. This can be used in conjunction with the
221 "implicit" map type in sendmail.cf.
222 Note: makemap, libsmdb, and sendmail must be compiled
223 with the same options (and library versions of course).
225 Add support for Darwin 14-18 (Mac OS X 10.x).
226 New option HAS_GETHOSTBYNAME2: set if your system
227 supports gethostbyname2(2).
228 Set SM_CONF_SEM=2 for FreeBSD 12 and later due to
230 On Linux set MAXHOSTNAMELEN (the maximum length
231 of a FQHN) to 256 if it is less than that value.
233 cf/feature/blocklist_recipients.m4
234 cf/feature/check_cert_altnames.m4
235 cf/feature/tls_failures.m4
236 devtools/OS/Darwin.14.x
237 devtools/OS/Darwin.15.x
238 devtools/OS/Darwin.16.x
239 devtools/OS/Darwin.17.x
240 devtools/OS/Darwin.18.x
249 8.15.2/8.15.2 2015/07/03
250 If FEATURE(`nopercenthack') is used then some bogus input triggered
251 a recursion which was caught and logged as
252 SYSERR: rewrite: excessive recursion (max 50) ...
253 Fix based on patch from Ondrej Holas.
254 DHParameters now by default uses an included 2048 bit prime.
255 The value 'none' previously caused a log entry claiming
256 there was an error "cannot read or set DH parameters".
257 Also note that this option applies to the server side only.
258 The U= mailer field didn't accept group names containing hyphens,
259 underbars, or periods. Based on patch from David Gwynne
260 of the University of Queensland.
261 CONFIG: Allow connections from IPv6:0:0:0:0:0:0:0:1 to relay again.
262 Patch from Lars-Johan Liman of Netnod Internet Exchange.
263 CONFIG: New option UseCompressedIPv6Addresses to select between
264 compressed and uncompressed IPv6 addresses. The default
265 value depends on the compile-time option IPV6_FULL:
266 For 1 the default is False, for 0 it is True, thus
267 preserving the current behaviour. Based on patch from
269 CONFIG: Account for IPv6 localhost addresses in
270 FEATURE(`block_bad_helo'). Suggested by Andrey Chernov
271 from FreeBSD and Robert Scheck from the Fedora Project.
272 CONFIG: Account for IPv6 localhost addresses in check_mail ruleset.
273 LIBMILTER: Deal with more invalid protocol data to avoid potential
274 crashes. Problem noted by Dimitri Kirchner.
275 LIBMILTER: Allow a milter to specify an empty macro list ("", not
276 NULL) in smfi_setsymlist() so no macro is sent for the
278 MAKEMAP: A change to check TrustedUser in fewer cases which was
279 made in 2013 caused a potential regression when makemap
280 was run as root (which should not be done anyway).
281 Note: sendmail often contains options "For Future Releases"
282 (prefix _FFR_) which might be enabled in a subsequent
283 version or might simply be removed as they turned out not
284 to be really useful. These features are usually not
285 documented but if they are, then the required (FFR)
286 options are listed in
287 - doc/op/op.* for rulesets and macros,
288 - cf/README for mc/cf options.
290 8.15.1/8.15.1 2014/12/06
291 SECURITY: Properly set the close-on-exec flag for file descriptors
292 (except stdin, stdout, and stderr) before executing mailers.
293 If header rewriting fails due to a temporary map lookup failure,
294 queue the mail for later retry instead of sending it
295 without rewriting the header. Note: this is done
296 while the mail is being sent and hence the transaction
297 is aborted, which only works for SMTP/LMTP mailers
298 hence the handling of temporary map failures is
299 suppressed for other mailers. SMTP/LMTP servers may
300 complain about aborted transactions when this problem
302 See also "DNS Lookups" in sendmail/TUNING.
303 Incompatible Change: Use uncompressed IPv6 addresses by default,
304 i.e., they will not contain "::". For example,
305 instead of ::1 it will be 0:0:0:0:0:0:0:1. This
306 permits a zero subnet to have a more specific match,
307 such as different map entries for IPv6:0:0 vs IPv6:0.
308 This change requires that configuration data
309 (including maps, files, classes, custom ruleset,
310 etc) must use the same format, so make certain such
311 configuration data is updated before using 8.15.
312 As a very simple check search for patterns like
313 'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. If necessary,
314 the prior format can be retained by compiling with:
315 APPENDDEF(`conf_sendmail_ENVDEF', `-DIPV6_FULL=0')
316 in your devtools/Site/site.config.m4 file.
317 If debugging is turned on (-d0.14) also print the OpenSSL
318 versions, both build time and run time
319 (provided STARTTLS is compiled in).
320 If a connection to the MTA is dropped by the client before its
321 hostname can be validated, treat it as "may be forged",
322 so that the unvalidated hostname is not passed to a
323 milter in xxfi_connect().
324 Add a timeout for communication with socket map servers
325 which can be specified using the -d option.
326 Add a compile time option HESIOD_ALLOW_NUMERIC_LOGIN to allow
327 numeric logins even if HESIOD is enabled.
328 The new option CertFingerprintAlgorithm specifies the finger-
329 print algorithm (digest) to use for the presented cert.
330 If the option is not set, md5 is used and the macro
331 {cert_md5} contains the cert fingerprint.
332 However, if the option is set, the specified algorithm
333 (e.g., sha1) is used and the macro {cert_fp} contains
334 the cert fingerprint.
335 That is, as long as the option is not set, the behaviour
336 does not change, but otherwise, {cert_md5} is superseded
337 by {cert_fp} even if you set CertFingerprintAlgorithm
339 The options ServerSSLOptions and ClientSSLOptions can be used
340 to set SSL options for the server and client side
341 respectively. See SSL_CTX_set_options(3) for a list.
342 Note: this change turns on SSL_OP_NO_SSLv2 and
343 SSL_OP_NO_TICKET for the client. See doc/op/op.me
345 The option CipherList sets the list of ciphers for STARTTLS.
346 See ciphers(1) for possible values.
347 Do not log "STARTTLS: internal error: tls_verify_cb: ssl == NULL"
348 if a CRLFile is in use (and LogLevel is 14 or higher.)
349 Store a more specific TLS protocol version in ${tls_version}
350 instead of a generic one, e.g., TLSv1 instead of
352 Properly set {client_port} value on little endian machines.
353 Patch from Kelsey Cummings of Sonic.net.
354 Per RFC 3848, indicate in the Received: header whether SSL or
355 SMTP AUTH was negotiated by setting the protocol clause
356 to ESMTPS, ESMTPA, or ESMTPSA instead of ESMTP.
357 If the 'C' flag is listed as TLSSrvOptions the requirement for the
358 TLS server to have a cert is removed. This only works
359 under very specific circumstances and should only be used
360 if the consequences are understood, e.g., clients
361 may not work with a server using this.
362 The options ClientCertFile, ClientKeyFile, ServerCertFile, and
363 ServerKeyFile can take a second file name, which must be
364 separated from the first with a comma (note: do not use
365 any spaces) to set up a second cert/key pair. This can
366 be used to have certs of different types, e.g., RSA
368 A new map type "arpa" is available to reverse an IP (IPv4 or IPv6)
369 address. It returns the string for the PTR lookup, but
370 without trailing {ip6,in-addr}.arpa.
371 New operation mode 'C' just checks the configuration file, e.g.,
372 sendmail -C new.cf -bC
373 will perform a basic syntax/consistency check of new.cf.
374 The mailer flag 'I' is deprecated and will be removed in a
376 Allow local (not just TCP) socket connections to the server, e.g.,
377 O DaemonPortOptions=Family=local, Addr=/var/mta/server.sock
379 If the new option MaxQueueAge is set to a value greater than zero,
380 entries in the queue will be retried during a queue run
381 only if the individual retry time has been reached which
382 is doubled for each attempt. The maximum retry time is
383 limited by the specified value.
384 New DontBlameSendmail option GroupReadableDefaultAuthInfoFile
385 to relax requirement for DefaultAuthInfo file.
386 Reset timeout after receiving a message to appropriate value if
387 STARTTLS is in use. Based on patch by Kelsey Cummings
389 Report correct error messages from the LDAP library for a range of
390 small negative return values covering those used by OpenLDAP.
391 Fix compilation with Berkeley DB 5.0 and 6.0. Patch from
392 Allan E Johannesen of Worcester Polytechnic Institute.
393 CONFIG: FEATURE(`nopercenthack') takes one parameter: reject or
394 nospecial which describes whether to disallow "%" in the
395 local part of an address.
396 DEVTOOLS: Fix regression in auto-detection of libraries when only
397 shared libraries are available. Problem reported by
399 LIBMILTER: Mark communication socket as close-on-exec in case
400 a user's filter starts other applications.
401 Based on patch from Paul Howarth.
403 SunOS 5.12 has changed the API for sigwait(2) to conform
404 with XPG7. Based on patch from Roger Faulkner of Oracle.
408 8.14.9/8.14.9 2014/05/21
409 SECURITY: Properly set the close-on-exec flag for file descriptors
410 (except stdin, stdout, and stderr) before executing mailers.
411 Fix a misformed comment in conf.c: "/*" within comment
412 which may cause a compilation error on some systems.
413 Problem reported by John Beck of Oracle.
414 DEVTOOLS: Fix regression in auto-detection of libraries when only
415 shared libraries are available. Problem reported by
418 8.14.8/8.14.8 2014/01/26
419 Properly initialize all OpenSSL algorithms for versions before
420 OpenSSL 0.9.8o. Without this SHA2 algorithms may not
421 work properly, causing for example failures for certs
422 that use sha256WithRSAEncryption as signature algorithm.
423 When looking up hostnames, ensure only to return those records
424 for the requested family (AF_INET or AF_INET6).
425 On system that have NEEDSGETIPNODE and NETINET6
426 this may have failed and cause delivery problems.
427 Problem noted by Kees Cook.
428 A new mailer flag '!' is available to suppress an MH hack
429 that drops an explicit From: header if it is the
430 same as what sendmail would generate.
431 Add an FFR (for future release) to use uncompressed IPv6 addresses,
432 i.e., they will not contain "::". For example, instead
433 of ::1 it will be 0:0:0:0:0:0:0:1. This means that
434 configuration data (including maps, files, classes,
435 custom ruleset, etc) have to use the same format.
436 This will be turned on in 8.15. It can be enabled in 8.14
438 APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_IPV6_FULL')
439 in your devtools/Site/site.config.m4 file.
440 Add an additional case for the WorkAroundBrokenAAAA check when
441 dealing with broken nameservers by ignoring SERVFAIL
442 errors returned on T_AAAA (IPv6) lookups at delivery time.
443 Problem noted by Pavel Timofeev of OCS.
444 If available, pass LOGIN_SETCPUMASK and LOGIN_SETLOGINCLASS to
445 setusercontext() on deliveries as a different user.
446 Patch from Edward Tomasz Napierala from FreeBSD.
447 Avoid compiler warnings from a change in Cyrus-SASL 2.1.25.
448 Patch from Hajimu UMEMOTO from FreeBSD.
449 Add support for DHParameters 2048-bit primes.
450 CONFIG: Accept IPv6 literals when evaluating the HELO/EHLO argument
451 in FEATURE(`block_bad_helo'). Suggested by Andrey Chernov.
452 LIBSMDB: Add a missing check for malloc() in libsmdb/smndbm.c.
453 Patch from Bill Parker.
454 LIBSMDB: Fix minor memory leaks in libsmdb/ if allocations
455 fail. Patch from John Beck of Oracle.
457 Add support for Darwin 12.x and 13.x (Mac OS X 10.8 and 10.9).
458 On Linux use socklen_t as the type for the 3rd argument
459 for getsockname/getpeername if the glibc version is at
462 devtools/OS/Darwin.12.x
463 devtools/OS/Darwin.13.x
465 8.14.7/8.14.7 2013/04/21
466 Drop support for IPv4-mapped IPv6 addresses to prevent the MTA
467 from using a mapped address over a legitimate IPv6 address
468 and to enforce the proper semantics over the IPv6
469 connection. Problem noted by Ulrich Sporlein.
470 Fix a regression introduced in 8.14.6: the wrong list of
471 macros was sent to a milter in the EHLO stage.
472 Problem found by Fabrice Bellet, reported via RedHat
474 Fix handling of ORCPT parameter for DSNs: xtext decoding
475 was not performed and a wrong syntax check was applied
476 to the "addr-type" field. Problem noted by Dan Lukes
478 Fix handling of NUL characters in the MIME conversion functions
479 so that message bodies containing them will be sent
480 on properly. Note: this usually also affects mails
481 that are not converted as those functions are used
482 for other purposes too. Problem noted by Elchonon
483 Edelson of Lockheed Martin.
484 Do not perform "duplicate" elimination of recipients if they
485 resolve to the error mailer using a temporary failure
486 (4xy) via ruleset 0. Problem noted by Akira Takahashi
488 CONTRIB: Updated version of etrn.pl script from John Beck
491 Unlike gcc, clang doesn't apply full prototypes to K&R
494 8.14.6/8.14.6 2012/12/23
495 Fix a regression introduced in 8.14.5: if a server offers
496 two AUTH lines, the MTA would not read them after
497 STARTTLS has been used and hence SMTP AUTH for
498 the client side would fail. Problem noted by Lena.
499 Do not cache hostnames internally in a non case sensitive way
500 as that may cause addresses to change from lower case
501 to upper case or vice versa. These header modifications
502 can cause problems with milters that rely on receiving
503 headers in the same way as they are being sent out such
504 as a DKIM signing milter.
505 If MaxQueueChildren is set then it was possible that new queue
506 runners could not be started anymore because an
507 internal counter was subject to a race condition.
508 If a milter decreases the timeout it waits for a communication
509 with the MTA, the MTA might experience a write() timeout.
510 In some situations, the resulting error might have been
511 ignored. Problem noted by Werner Wiethege.
512 Note: decreasing the communication timeout in a milter
513 should not be done without considering the potential
515 smfi_setsymlist() now properly sets the list of macros for
516 the milter which invoked it, instead of a global
517 list for all milters. Problem reported by
518 David Shrimpton of the University of Queensland.
519 If Timeout.resolver.retrans is set to a value larger than 20,
520 then resolver.retry was temporarily set to 0 for
521 gethostbyaddr() lookups. Now it is set to 1 instead.
523 If sendmail could not lock the statistics file due to a system
524 error, and sendmail later sends a DSN for a mail that
525 triggered such an error, then sendmail tried to access
526 memory that was freed before (causing a crash on some
527 systems). Problem reported by Ryan Stone.
528 Do not log negative values for size= nor pri= to avoid confusing
529 log parsers, instead limit the values to LONG_MAX.
530 Account for an API change in newer versions of Cyrus-SASL.
531 Patch from Hajimu UMEMOTO from FreeBSD.
532 Do not try to resolve link-local addresses for IPv4 (just as it
533 is done for IPv6). Patch from John Beck of Oracle.
534 Improve logging of client and server STARTTLS connection failures
535 that may be due to incompatible cipher lists by including
536 the reason for the failure in a single log line. Suggested
537 by James Carey of Boeing.
539 Add support for Darwin 11.x (Mac OS X 10.7).
540 Add support for SunOS 5.12 (aka Solaris 12). Patch from
543 devtools/OS/Darwin.11.x
544 devtools/OS/SunOS.5.12
546 8.14.5/8.14.5 2011/05/17
547 Do not cache SMTP extensions across connections as the cache
548 is based on hostname which may not be a unique identifier
549 for a server, i.e., different machines may have the
550 same hostname but provide different SMTP extensions.
551 Problem noted by Jim Hermann.
552 Avoid an out-of-bounds access in case a resolver reply for a DNS
553 map lookup returns a size larger than 1K. Based on a
554 patch from Dr. Werner Fink of SuSE.
555 If a job is aborted using the interrupt signal (e.g., control-C from
556 the keyboard), perform minimal cleanup to avoid invoking
557 functions that are not signal-safe. Note: in previous
558 versions the mail might have been queued up already
559 and would be delivered subsequently, now an interrupt
560 will always remove the queue files and thus prevent
562 Per RFC 6176, when operating as a TLS client, do not offer SSLv2.
563 Since TLS session resumption is never used as a client, disable
564 use of RFC 4507-style session tickets.
565 Work around gcc4 versions which reverse 25 years of history and
566 no longer align char buffers on the stack, breaking calls
567 to resolver functions on strict alignment platforms.
568 Found by Stuart Henderson of OpenBSD.
569 Read at most two AUTH lines from a server greeting (up to two
570 lines are read because servers may use "AUTH mechs" and
571 "AUTH=mechs"). Otherwise a malicious server may exhaust
572 the memory of the client. Bug report by Nils of MWR
574 Avoid triggering an assertion in the OpenLDAP code when the
575 connection to an LDAP server is lost while making a query.
576 Problem noted and patch provided by Andy Fiddaman.
577 If ConnectOnlyTo is set and sendmail is compiled with NETINET6
578 it would try to use an IPv6 address if an IPv4 (or
579 unparseable) address is specified.
580 If SASLv2 is used, make sure that the macro {auth_authen} is
581 stored in xtext format to avoid problems with parsing
582 it. Problem noted by Christophe Wolfhugel.
583 CONFIG: FEATURE(`ldap_routing') in 8.14.4 tried to add a missing
584 -T<TMPF> that is required, but failed for some cases
585 that did not use LDAP. This change has been undone
586 until a better solution can be implemented. Problem
587 found by Andy Fiddaman.
588 CONFIG: Add cf/ostype/solaris11.m4 for Solaris11 support.
589 Contributed by Casper Dik of Oracle.
590 CONTRIB: qtool.pl: Deal with H entries that do not have a
591 letter between the question marks. Patch from
593 DOC: Use a better description for the -i option in sendmail.
594 Patch from Mitchell Berger.
596 Add support for Darwin 10.x (Mac OS X 10.6).
597 Enable HAVE_NANOSLEEP for FreeBSD 3 and later. Patch
599 Enable HAVE_NANOSLEEP for OpenBSD 4.3 and later.
600 Use new directory "/system/volatile" for PidFile on
601 Solaris 11. Patch from Casper Dik of Oracle.
602 Fix compilation on Solaris 11 (and maybe some other
603 OSs) when using OpenSSL 1.0. Based on patch from
604 Jan Pechanec of Oracle.
605 Set SOCKADDR_LEN_T and SOCKOPT_LEN_T to socklen_t
606 for Solaris 11. Patch from Roger Faulkner of Oracle.
608 cf/ostype/solaris11.m4
610 8.14.4/8.14.4 2009/12/30
611 SECURITY: Handle bogus certificates containing NUL characters
612 in CNs by placing a string indicating a bad certificate
613 in the {cn_subject} or {cn_issuer} macro. Patch inspired
614 by Matthias Andree's changes for fetchmail.
615 During the generation of a queue identifier an integer overflow
616 could occur which might result in bogus characters
617 being used. Based on patch from John Vannoy of
618 Pepperdine University.
619 The value of headers, e.g., Precedence, Content-Type, et.al.,
620 was not processed correctly. Patch from Per Hedeland.
621 Between 8.11.7 and 8.12.0 the length limitation on a return
622 path was erroneously reduced from MAXNAME (256) to
623 MAXSHORTSTR (203). Patch from John Gardiner Myers
624 of Proofpoint; the problem was also noted by Steve
625 Hubert of University of Washington.
626 Prevent a crash when a hostname lookup returns a seemingly
627 valid result which contains a NULL pointer (this seems
628 to be happening on some Linux versions).
629 The process title was missing the current load average when
630 the MTA was delaying connections due to DelayLA.
631 Patch from Dick St.Peters of NetHeaven.
632 Do not reset the number of queue entries in shared memory if
633 only some of them are processed.
634 Fix overflow of an internal array when parsing some replies
635 from a milter. Problem found by Scott Rotondo
637 If STARTTLS is turned off in the server (via M=S) then it
638 would not be initialized for use in the client either.
639 Patch from Kazuteru Okahashi of IIJ.
640 If a Diffie-Hellman cipher is selected for STARTTLS, the
641 handshake could fail with some TLS implementations
642 because the prime used by the server is not long enough.
643 Note: the initialization of the DSA/DH parameters for
644 the server can take a significant amount of time on slow
645 machines. This can be turned off by setting DHParameters
646 to none or a file (see doc/op/op.me). Patch from
647 Petr Lampa of the Brno University of Technology.
648 Fix handling of `b' modifier for DaemonPortOptions on little
649 endian machines for loopback address. Patch from
650 John Beck of Sun Microsystems.
651 Fix a potential memory leak in libsmdb/smdb1.c found by parfait.
652 Based on patch from Jonathan Gray of OpenBSD.
653 If a milter sets the reply code to "421" during the transfer
654 of the body, the SMTP server will terminate the SMTP session
655 with that error to match the behavior of the other callbacks.
656 Return EX_IOERR (instead of 0) if a mail submission fails due to
657 missing disk space in the mail queue. Based on patch
658 from Martin Poole of RedHat.
659 CONFIG: Using FEATURE(`ldap_routing')'s `nodomain' argument would
660 cause addresses not found in LDAP to be misparsed.
661 CONFIG: Using a CN restriction did not work for TLS_Clt as it
662 referred to a wrong macro. Patch from John Gardiner
664 CONFIG: The option relaytofulladdress of FEATURE(`access_db')
665 did not work if FEATURE(`relay_hosts_only') is used too.
666 Problem noted by Kristian Shaw.
667 CONFIG: The internal function lower() was broken and hence
668 strcasecmp() did not work either, which could cause
669 problems for some FEATURE()s if upper case arguments
670 were used. Patch from Vesa-Matti J Kari of the
671 University of Helsinki.
672 LIBMILTER: Fix internal check whether a milter application
673 is compiled against the same version of libmilter as
674 it is linked against (especially useful for dynamic
676 LIBMILTER: Fix memory leak that occurred when smfi_setsymlist()
677 was used. Based on patch by Dan Lukes.
678 LIBMILTER: Document the effect of SMFIP_HDR_LEADSPC for filters
679 which add, insert, or replace headers. From Benjamin
681 LIBMILTER: Fix error messages which refer to "select()" to be
682 correct if SM_CONF_POLL is used. Based on patch from
684 LIBSM: Fix handling of LDAP search failures where the error is
685 carried in the search result itself, such as seen with
686 OpenLDAP proxy servers.
687 VACATION: Do not refer to a local variable outside its scope.
688 Based on patch from Mark Costlow of Southwest Cyberport.
690 Enable HAVE_NANOSLEEP for SunOS 5.11. Patch from
691 John Beck of Sun Microsystems.
692 Drop NISPLUS from default SunOS 5.11 map definitions.
693 Patch from John Beck of Sun Microsystems.
695 8.14.3/8.14.3 2008/05/03
696 During ruleset processing the generation of a key for a map
697 lookup and the parsing of the default value was broken
698 for some macros, e.g., $|, which caused the BlankSub
699 character to be inserted into the workspace and thus
700 failures, e.g., rules that should have matched did not.
701 8.14.2 caused a regression: it accessed (macro) storage which was
702 freed before. First instance of the problem reported by
703 Matthew Dillon of DragonFlyBSD; variations of the same
704 bug reported by Todd C. Miller of OpenBSD, Moritz
705 Jodeit, and Dave Hayes.
706 Improve pathname length checks for persistent host status. Patch
707 from Joerg Sonnenberger of DragonFlyBSD.
708 Reword misleading SMTP reply text for FEATURE(`badmx'). Problem
709 noted by Beth Halsema.
710 The read timeout was fixed to be Timeout.datablock if STARTTLS
711 was activated. This may cause problems if that value
712 is lowered from its default. Problem noted by Jens Elkner.
713 CONFIG: Using LOCAL_TLS_CLIENT caused the tls_client ruleset
714 to operate incorrectly. Problem found by Werner Wiethege.
715 LIBMILTER: Omitting some protocol steps via the xxfi_negotiate()
716 callback did not work properly. The patchlevel of
717 libmilter has been set to 1 so a milter can determine
718 whether libmilter contains this fix.
719 MAKEMAP: If a delimiter is specified (-t) use that also when
720 dumping a map. Patch from Todd C. Miller of OpenBSD.
722 Add support for Darwin 9.x (Mac OS X 10.5).
723 Support shared libraries in Darwin 8 and 9. Patch from
724 Chris Behrens of Concentric.
725 Add support for SCO OpenServer 6, patch from Boyd Gerber.
726 DEVTOOLS: Clarify that confSHAREDLIBDIR requires a trailing slash.
728 devtools/OS/Darwin.9.x
731 8.14.2/8.14.2 2007/11/01
732 If a message was queued and it contained 8 bit characters in
733 a From: or To: header, then those characters could be
734 "mistaken" for internal control characters during a queue
735 run and trigger various consistency checks. Problem
736 noted by Neil Rickert of Northern Illinois University.
737 If MaxMimeHeaderLength is set to a value greater than 0 (which
738 it is by default) then even if the Linelimit parameter
739 is 0, sendmail corrupted in the non-transfer-encoding
740 case every MAXLINE-1 characters. Patch from John Gardiner
742 Setting the suboption DeliveryMode for DaemonPortOptions did not
743 work in earlier 8.14 versions.
744 Note: DeliveryMode=interactive is silently converted to
745 background if a milter can reject or delete a recipient.
746 Prior to 8.14 this happened only if milter could delete
748 ClientRate should trigger when the limit was exceeded (as
749 documented), not when it was reached. Patch from
750 John Beck of Sun Microsystems.
751 Force a queue run for -qGqueuegroup even if no runners are
752 specified (R=0) and forking (F=f) is requested.
753 When multiple results are requested for a DNS map lookup
754 (-z and -Z), return only those that are relevant for
755 the query (not also those in the "additional section".)
756 If the message transfer time to sendmail (when acting as server)
757 exceeds Timeout.queuewarn or Timeout.queuereturn and
758 the message is refused (by a milter), sendmail previously
759 created a delivery status notification (DSN). Patch
760 from Doug Heath of The Hertz Corporation.
761 A code change in Cyrus-SASL 2.1.22 for sasl_decode64() requires
762 the MTA to deal with some input (i.e., "=") itself.
763 Problem noted by Eliot Lear.
764 sendmail counted a delivery as successful if PIPELINING is
765 compiled in but not offered by the server and the
766 delivery failed temporarily. Patch from Werner Wiethege.
767 If getting the result of an LDAP query times out then close the
768 map so it will be reopened on the next lookup. This
769 should help "failover" configurations that specify more
770 than one LDAP server.
771 If check_compat returns $#discard then a "savemail panic" could
772 be triggered under some circumstances (e.g., requiring
773 a system which does not have the compile time flag
774 HASFLOCK set). Based on patch by Motonori Nakamura
775 of National Institute of Informatics, Japan.
776 If a milter rejected a recipient, the count for nrcpts= in the
777 logfile entry might have been wrong. Problem found by
778 Petra Humann of TU Dresden.
779 If a milter invoked smfi_chgfrom() where ESMTP arguments are not
780 NULL, the message body was lost. Patch from Motonori
781 Nakamura of National Institute of Informatics, Japan.
782 sendmail(8) had a bogus space in -qGname. Patch from Peng Haitao.
783 CONTRIB: buildvirtuser: Preserve ownership and permissions when
785 CONTRIB: buildvirtuser: Skip dot-files (e.g., .cvsignore) when
786 reading the /etc/mail/virtusers/ directory.
787 CONTRIB: buildvirtuser: Emit warnings instead of exiting where
789 LIBMILTER: Fix ABI backwards compatibility so milters compiled
790 against an older libmilter.so shared library can use an
791 8.14 libmilter.so shared library.
792 LIBMILTER: smfi_version() did not properly extract the patchlevel
793 from the version number, however, the returned value was
794 correct for the current libmilter version.
796 8.14.1/8.14.1 2007/04/03
797 Even though a milter rejects a recipient the MTA will still keep
798 it in its list of recipients and deliver to it if the
799 transaction is accepted. This is a regression introduced
800 in 8.14.0 due to the change for SMFIP_RCPT_REJ. Bug
801 found by Andy Fiddaman.
802 The new DaemonPortOptions which begin with a lower case character
803 could not be set in 8.14.0.
804 If a server shut down the connection in response to a STARTTLS
805 command, sendmail would log a misleading error message
806 due to an internal inconsistency. Problem found by
808 Document how some sendmail.cf options change the behavior of mailq.
809 Noted by Paul Menchini of the North Carolina School of
810 Science and Mathematics.
811 CONFIG: Add confSOFT_BOUNCE m4 option for setting SoftBounce.
812 CONFIG: 8.14.0's RELEASE_NOTES failed to mention the addition
813 of the confMAX_NOOP_COMMANDS and confSHARED_MEMORY_KEY_FILE
814 m4 options for setting MaxNOOPCommands and
816 CONFIG: Add confMILTER_MACROS_EOH and confMILTER_MACROS_DATA m4
817 options for setting Milter.macros.eoh and Milter.macros.data.
818 CONTRIB: Use flock() and fcntl() in qtool.pl if necessary.
819 Patch from Daniel Carroll of Mesa State College.
820 LIBMILTER: Make sure an unknown command does not affect the
821 currently available macros. Problem found by Andy Fiddaman.
822 LIBMILTER: The MTA did not offer SMFIF_SETSYMLIST during option
823 negotiation. Problem reported by Bryan Costales.
824 LIBMILTER: Fix several minor errors in the documentation.
825 Patches from Bryan Costales.
827 AIX 5.{1,2}: libsm/util.c failed to compile due to
828 redefinition of several macros, e.g., SIG_ERR.
829 Patch from Jim Pirzyk with assistance by Bob
830 Booth, University of Illinois at Urbana-Champaign.
831 Add support for QNX.6. Patch from Sean Boudreau of QNX
834 devtools/M4/depend/QNX6.m4
836 include/sm/os/sm_os_qnx.h
838 New Files added in 8.14.0, but not shown in the release notes entry:
839 libmilter/docs/smfi_chgfrom.html
840 libmilter/docs/smfi_version.html
842 8.14.0/8.14.0 2007/01/31
843 Header field values are now 8 bit clean. Notes:
844 - header field names are still restricted to 7 bit.
845 - RFC 2822 allows only 7 bit (US-ASCII) characters in
847 Preserve spaces after the colon in a header. Previously, any
848 number of spaces after the colon would be changed to
850 In some cases of deeply nested aliases/forwarding, mail can
851 be silently lost. Moreover, the MaxAliasRecursion
852 limit may be reached too early, e.g., the counter
853 may be off by a factor of 4 in case of a sequence of
854 .forward files that refer to others. Patch from
855 Motonori Nakamura of Kyoto University.
856 Fix a regression in 8.13.8: if InputMailFilters is set then
857 "sendmail -bs" can trigger an assertion because the
858 hostname of the client is undefined. It is now set
859 to "localhost" for the xxfi_connect() callback.
860 Avoid referencing a freed variable during cleanup when terminating.
861 Problem reported and diagnosed by Joe Maimon.
862 New option HeloName to set the name for the HELO/EHLO command.
863 Patch from Nik Clayton.
864 New option SoftBounce to issue temporary errors (4xy) instead of
865 permanent errors (5xy). This can be useful for testing.
866 New suboptions for DaemonPortOptions to set them individually
868 DeliveryMode DeliveryMode
872 children MaxDaemonChildren
873 New option -K for LDAP maps to replace %1 through %9 in the
874 lookup key with the LDAP escaped contents of the
875 arguments specified in the map lookup. Loosely based
876 on patch from Wolfgang Hottgenroth.
877 Log the time after which a greet_pause delay triggered. Patch
879 If a client is rejected via TCP wrapper or some other check
880 performed by validate_connection() (in conf.c) then do
881 not also invoke greet_pause. Problem noted by Jim Pirzyk
882 of the University of Illinois at Urbana-Champaign.
883 If a client terminates the SMTP connection during a pause
884 introduced by greet_pause, then a misleading message
885 was logged previously. Problem noted by Vernon Schryver
886 et.al., patch from Matej Vela.
887 New command "mstat" for control socket to provide "machine
889 New named config file rule check_eom which is called at the end
890 of a message, its parameter is the size of the message.
891 If the macro {addr_type} indicates that the current address
892 is a header address it also distinguishes between
893 recipient and sender addresses (as it is done for
895 When a macro is set in check_relay, then its value is accessible
896 by all transactions in the same SMTP session.
897 Increase size of key for ldap lookups to 1024 (MAXKEY).
898 New option MaxNOOPCommands to override default of 20 for the
899 number of "useless" commands before the SMTP server will
900 slow down responding.
901 New option SharedMemoryKeyFile: if shared memory support is
902 enabled, the MTA can be asked to select a shared memory
903 key itself by setting SharedMemoryKey to -1 and specifying
904 a file where to store the selected key.
905 Try to deal with open HTTP proxies that are used to send spam
906 by recognizing some commands from them. If the first command
907 from the client is GET, POST, CONNECT, or USER, then the
908 connection is terminated immediately.
909 New PrivacyOptions noactualrecipient to avoid putting
910 X-Actual-Recipient lines in DSNs revealing the actual
911 account that addresses map to. Patch from Dan Harkless.
912 New options B, z, and Z for DNS maps:
913 -B: specify a domain that is always appended to queries.
914 -z: specify the delimiter at which to cut off the result of
915 a query if it is too long.
916 -Z: specify the maximum number of entries to be concatenated
917 to form the result of a lookup.
918 New target "check" in the Makefile of libsm: instead of running tests
919 implicitly while building libsm, they must be explicitly
920 started by using "make check".
921 Fixed some inconsistent checks for NULL pointers that have been
922 reported by the SATURN tool which has been developed by
923 Isil Dillig and Thomas Dillig of Stanford University.
924 Fix a potential race condition caused by a signal handler for
925 terminated child processes. Problem noted by David F. Skoll.
926 When a milter deleted a recipient, that recipient could cause a
927 queue group selection. This has been disabled as it was not
929 New operator 'r' for the arith map to return a random number.
930 Patch from Motonori Nakamura of Kyoto University.
931 New compile time option MILTER_NO_NAGLE to turn off the Nagle
932 algorithm for communication with libmilter ("cork" on Linux),
933 which may improve the communication performance on some
934 operating systems. Patch from John Gardiner Myers of
936 If sendmail received input that contained a CR without subsequent LF
937 (thus violating RFC 2821 (2.3.7)), it could previously
938 generate an additional blank line in the output as the last
940 Restarting persistent queue runners by sending a HUP signal to
941 the "queue control process" (QCP) works now.
942 Increase the length of an input line to 12288 to deal with
943 really long lines during SMTP AUTH negotiations.
944 Problem noted by Werner Wiethege.
945 If ARPANET mode (-ba) was selected STARTTLS would fail (due to
946 a missing initialization call for that case). Problem
947 noted by Neil Rickert of Northern Illinois University.
948 If sendmail is linked against a library that initializes Cyrus-SASL
949 before sendmail did it (such as libnss-ldap), then SMTP AUTH
950 could fail for the sendmail client. A patch by Moritz Both
951 works around the API design flaw of Cyrus-SASLv2.
952 CONFIG: Make it possible to unset the StatusFile option by
953 undefining STATUS_FILE. By not setting StatusFile,
954 the MTA will not attempt to open a statistics file on
956 CONFIG: New FEATURE(`require_rdns') to reject messages from SMTP
957 clients whose IP address does not have proper reverse DNS.
958 Contributed by Neil Rickert of Northern Illinois University
959 and John Beck of Sun Microsystems.
960 CONFIG: New FEATURE(`block_bad_helo') to reject messages from SMTP
961 clients which provide a HELO/EHLO argument which is either
962 unqualified, or is one of our own names (i.e., the server
963 name instead of the client name). Contributed by Neil
964 Rickert of Northern Illinois University and John Beck of
966 CONFIG: New FEATURE(`badmx') to reject envelope sender addresses
967 (MAIL) whose domain part resolves to a "bad" MX record.
968 Based on contribution from William Dell Wisner.
969 CONFIG: New macros SMTP_MAILER_LL and RELAY_MAILER_LL to override
970 the maximum line length of the smtp mailers.
971 CONFIG: New option `relaytofulladdress' for FEATURE(`access_db')
972 to allow entries in the access map to be of the form
973 To:user@example.com RELAY
974 CONFIG: New subsuboptions eoh and data to specify the list of
975 macros a milter should receive at those stages in the
977 CONFIG: New option confHELO_NAME for HeloName to set the name
978 for the HELO/EHLO command.
979 CONFIG: dnsbl and enhdnsbl can now also discard or quarantine
980 messages by using those values as second argument.
981 Patches from Nelson Fung.
982 CONTRIB: cidrexpand uses a hash symbol as comment character and
983 ignores everything after it unless it is in quotes or
984 preceded by a backslash.
985 DEVTOOLS: New macro confMKDIR: if set to a program that creates
986 directories, then it used for "make install" to create
987 the required installation directories.
988 DEVTOOLS: New macro confCCLINK to specify the linker to use for
989 executables (defaults to confCC).
990 LIBMILTER: A new version of the milter API has been created that
991 has several changes which are listed below and documented
992 in the webpages reachable via libmilter/docs/index.html.
993 LIBMILTER: The meaning of the version macro SMFI_VERSION has been
994 changed. It now refers only to the version of libmilter,
995 not to the protocol version (which is used only internally,
996 it is not user/milter-programmer visible). Additionally,
997 a version function smfi_version() has been introduced such
998 that a milter program can check the libmilter version also
999 at runtime which is useful if a shared library is used.
1000 LIBMILTER: A new callback xxfi_negotiate() can be used to
1001 dynamically (i.e., at runtime) determine the available
1002 protocol actions and features of the MTA and also to
1003 specify which of these a milter wants to use. This allows
1004 for more flexibility than hardcoding these flags in the
1005 xxfi_flags field of the smfiDesc structure.
1006 LIBMILTER: A new callback xxfi_data() is available so milters
1007 can act on the DATA command.
1008 LIBMILTER: A new callback xxfi_unknown() is available so milters
1009 can receive also unknown SMTP commands.
1010 LIBMILTER: A new return code SMFIS_NOREPLY has been added which
1011 can be used by the xxfi_header() callback provided the
1012 milter requested the SMFIP_NOHREPL protocol action.
1013 LIBMILTER: The new return code SMFIS_SKIP can be used in the
1014 xxfi_body() callback to skip over further body chunks
1015 and directly advance to the xxfi_eom() callback. This
1016 is useful if a milter can make a decision based on the
1017 body chunks it already received without reading the entire
1018 rest of the body and the milter wants to invoke functions
1019 that are only available from the xxfi_eom() callback.
1020 LIBMILTER: A new function smfi_addrcpt_par() can be used to add
1021 new recipients including ESMTP parameters.
1022 LIBMILTER: A new function smfi_chgfrom() can be used to change the
1023 envelope sender including ESMTP parameters.
1024 LIBMILTER: A milter can now request to be informed about rejected
1025 recipients (RCPT) too. This requires to set the protocol
1026 flag SMFIP_RCPT_REJ during option negotiation. Whether
1027 a RCPT has been rejected can be checked by comparing the
1028 value of the macro {rcpt_mailer} with "error".
1029 LIBMILTER: A milter can now override the list of macros that it
1030 wants to receive from the MTA for each protocol step
1031 by invoking the function smfi_setsymlist() during option
1033 LIBMILTER: A milter can receive header field values with all
1034 leading spaces by requesting the SMFIP_HDR_LEADSPC
1035 protocol action. Also, if the flag is set then the MTA
1036 does not add a leading space to headers that are added,
1037 inserted, or replaced.
1038 LIBMILTER: If a milter sets the reply code to "421" for the HELO
1039 callback, the SMTP server will terminate the SMTP session
1040 with that error to match the behavior of all other callbacks.
1043 cf/feature/block_bad_helo.m4
1044 cf/feature/require_rdns.m4
1045 devtools/M4/UNIX/check.m4
1047 include/sm/sendmail.h
1049 libmilter/docs/smfi_addrcpt_par.html
1050 libmilter/docs/smfi_setsymlist.html
1051 libmilter/docs/xxfi_data.html
1052 libmilter/docs/xxfi_negotiate.html
1053 libmilter/docs/xxfi_unknown.html
1064 8.13.8/8.13.8 2006/08/09
1065 Fix a regression in 8.13.7: if shared memory is activated, then
1066 the server can erroneously report that there is
1067 insufficient disk space. Additionally make sure that
1068 an internal variable is set properly to avoid those
1069 misleading errors. Based on patch from Steve Hubert
1070 of University of Washington.
1071 Fix a regression in 8.13.7: the PidFile could be removed after
1072 the process that forks the daemon exited, i.e., if
1073 sendmail -bd is invoked. Problem reported by Kan Sasaki
1074 of Fusion Communications Corp. and Werner Wiethege.
1075 Avoid opening qf files if QueueSortOrder is "none". Patch from
1077 Avoid a crash when finishing due to referencing a freed variable.
1078 Problem reported and diagnosed by Moritz Jodeit.
1079 CONTRIB: cidrexpand now deals with /0 by issuing the entire IPv4
1081 LIBMILTER: The "hostname" argument of the xxfi_connect() callback
1082 previously was the equivalent of {client_ptr}. However,
1083 this did not match the documentation of the function, hence
1084 it has been changed to {client_name}. See doc/op/op.me
1087 8.13.7/8.13.7 2006/06/14
1088 A malformed MIME structure with many parts can cause sendmail to
1089 crash while trying to send a mail due to a stack overflow,
1090 e.g., if the stack size is limited (ulimit -s). This
1091 happens because the recursion of the function mime8to7()
1092 was not restricted. The function is called for MIME 8 to
1093 7 bit conversion and also to enforce MaxMimeHeaderLength.
1094 To work around this problem, recursive calls are limited to
1095 a depth of MAXMIMENESTING (20); message content after this
1096 limit is treated as opaque and is not checked further.
1097 Problem noted by Frank Sheiness.
1098 The changes to the I/O layer in 8.13.6 caused a regression for
1099 SASL mechanisms that use the security layer, e.g.,
1100 DIGEST-MD5. Problem noted by Robert Stampfli.
1101 If a timeout occurs while reading a message (during the DATA phase)
1102 a df file might have been left behind in the queue.
1103 This was another side effect of the changes to the I/O
1104 layer made in 8.13.6.
1105 Several minor problems have been fixed that were found by a
1106 Coverity scan of sendmail 8 as part of the NetBSD
1107 distribution. See http://scan.coverity.com/
1108 Note: the scan generated also a lot of "false positives",
1109 e.g., "error" reports about situations that cannot happen.
1110 Most of those code places are marked with lint(1) comments
1111 like NOTREACHED, but Coverity does not understand those.
1112 Hence an explicit assertion has been added in some cases
1113 to avoid those false positives.
1114 If the start of the sendmail daemon fails due to a configuration
1115 error then in some cases shared memory segments or pid
1116 files were not removed.
1117 If DSN support is disabled via access_db, then related ESMTP
1118 parameters for MAIL and RCPT should be rejected. Problem
1119 reported by Akihiro Sagawa.
1120 Enabling zlib compression in OpenSSL 0.9.8[ab] breaks the padding
1121 bug work-around. Hence if sendmail is linked against
1122 either of these versions and compression is available,
1123 the padding bug work-around is turned off. Based on
1124 patch from Victor Duchovni of Morgan Stanley.
1125 CONFIG: FEATURE(`dnsbl') and FEATURE(`enhdnsbl') used
1126 blackholes.mail-abuse.org as default domain for lookups,
1127 however, that list is no longer available. To avoid
1128 further problems, no default value is available anymore,
1129 but an argument must be specified.
1131 Fix compilation on OSF/1 for sfsasl.c. Patch from
1132 Pieter Bowman of the University of Utah.
1134 8.13.6/8.13.6 2006/03/22
1135 SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
1136 and client side of sendmail with timeouts in the libsm I/O
1137 layer and fix problems in that code. Also fix handling of
1138 a buffer in sm_syslog() which could have been used as an
1139 attack vector to exploit the unsafe handling of
1140 setjmp(3)/longjmp(3) in combination with signals.
1141 Problem detected by Mark Dowd of ISS X-Force.
1142 Handle theoretical integer overflows that could triggered if
1143 the server accepted headers larger than the maximum
1144 (signed) integer value. This is prevented in the default
1145 configuration by restricting the size of a header, and on
1146 most machines memory allocations would fail before reaching
1147 those values. Problems found by Phil Brass of ISS.
1148 If a server returns 421 for an RSET command when trying to start
1149 another transaction in a session while sending mail, do
1150 not trigger an internal consistency check. Problem found
1151 by Allan E Johannesen of Worcester Polytechnic Institute.
1152 If a server returns a 5xy error code (other than 501) in response
1153 to a STARTTLS command despite the fact that it advertised
1154 STARTTLS and that the code is not valid according to RFC
1155 2487 treat it nevertheless as a permanent failure instead
1156 of a protocol error (which has been changed to a
1157 temporary error in 8.13.5). Problem reported by Jeff
1158 A. Earickson of Colby College.
1159 Clear SMTP state after a HELO/EHLO command. Patch from John
1160 Myers of Proofpoint.
1161 Observe MinQueueAge option when gathering entries from the queue
1162 for sorting etc instead of waiting until the entries are
1163 processed. Patch from Brian Fundakowski Feldman.
1164 Set up TLS session cache to properly handle clients that try to
1165 resume a stored TLS session.
1166 Properly count the number of (direct) child processes such that
1167 a configured value (MaxDaemonChildren) is not exceeded.
1168 Based on patch from Attila Bruncsak.
1169 LIBMILTER: Remove superfluous backslash in macro definition
1170 (libmilter.h). Based on patch from Mike Kupfer of
1172 LIBMILTER: Don't try to set SO_REUSEADDR on UNIX domain sockets.
1173 This generates an error message from libmilter on
1174 Solaris, though other systems appear to just discard the
1176 LIBMILTER: Deal with sigwait(2) implementations that return
1177 -1 and set errno instead of returning an error code
1178 directly. Patch from Chris Adams of HiWAAY Informations
1181 Fix compilation checks for closefrom(3) and statvfs(2)
1182 in NetBSD. Problem noted by S. Moonesamy, patch from
1185 8.13.5/8.13.5 2005/09/16
1186 Store the filesystem identifier of the df/ subdirectory (if it
1187 exists) in an internal structure instead of the base
1188 directory. This structure is used decide whether there
1189 is enough free disk space when selecting a queue, hence
1190 without this change queue selection could fail if a df/
1191 subdirectory exists and is on a different filesystem
1192 than the base directory.
1193 Use the queue index of the df file (instead of the qf file) for
1194 checking whether a link(2) operation can be used to split
1195 an envelope across queue groups. Problem found by
1197 If the list of items in the queue is larger than the maximum
1198 number of items to process, sort the queue first and
1199 then cut the list off instead of the other way around.
1200 Patch from Matej Vela of Rudjer Boskovic Institute.
1201 Fix helpfile to show full entry for ETRN. Problem noted by
1202 Penelope Fudd, patch from Neil Rickert of Northern Illinois
1204 FallbackSmartHost should also be tried on temporary errors.
1205 From John Beck of Sun Microsystems.
1206 When a server responds with 421 to the STARTTLS command then treat
1207 it as a temporary error, not as protocol error. Problem
1208 noted by Andrey J. Melnikoff.
1209 Properly define two functions in libsm as static because their
1210 prototype used static too. Patch from Peter Klein.
1211 Fix syntax errors in helpfile for MAIL and RCPT commands.
1212 LIBMILTER: When smfi_replacebody() is called with bodylen equals
1213 zero then do not silently ignore that call. Patch from
1214 Gurusamy Sarathy of Active State.
1215 LIBMILTER: Recognize "421" also in a multi-line reply to terminate
1216 the SMTP session with that error. Fix from Brian Kantor.
1217 Portability: New option HASSNPRINTF which can be set if the OS
1218 has a properly working snprintf(3) to get rid
1219 of the last two (safe) sprintf(3) calls in the
1221 Add support for AIX 5.3.
1222 Add support for SunOS 5.11 (aka Solaris 11).
1223 Add support for Darwin 8.x. Patch from Lyndon Nerenberg.
1224 OpenBSD 3.7 has removed support for NETISO.
1225 CONFIG: Add OSTYPE(freebsd6) for FreeBSD 6.X.
1226 Set DontBlameSendmail to AssumeSafeChown and
1227 GroupWritableDirPathSafe for OSTYPE(darwin).
1228 Patch from Lyndon Nerenberg.
1229 Some features still used 4.7.1 as enhanced status code which
1230 was supposed to be eliminated in 8.13.0 because some
1231 broken systems misinterpret it as a permanent error.
1232 Patch from Matej Vela of Rudjer Boskovic Institute.
1233 Some default values in a generated cf file did not match
1234 the defaults in the sendmail binary. Problem noted
1237 cf/ostype/freebsd6.m4
1239 devtools/OS/Darwin.8.x
1240 devtools/OS/SunOS.5.11
1243 8.13.4/8.13.4 2005/03/27
1244 The bug fixes in 8.13.3 for connection handling uncovered a
1245 different error which could result in connections that
1246 stay in CLOSE_WAIT state due to a variable that was not
1247 properly initialized. Problem noted by Michael Sims.
1248 Deal with empty hostnames in hostsignature(). This bug could lead
1249 to an endless loop when doing LMTP deliveries to another
1250 host. Problem first reported by Martin Lathoud and
1251 tracked down by Gael Roualland.
1252 Make sure return parameters are initialized in getmxrr(). Problem
1253 found by Gael Roualland using valgrind.
1254 If shared memory is used and the RunAsUser option is set, then the
1255 owner and group of the shared memory segment is set to
1256 the ids specified RunAsUser and the access mode is set
1257 to 0660 to allow for updates by sendmail processes.
1258 The number of queue entries that is (optionally) kept in shared
1259 memory was wrong in some cases, e.g., envelope splitting
1260 and bounce generation.
1261 Undo a change made in 8.13.0 to silently truncate long strings
1262 in address rewriting because the message can be triggered
1263 for header checks where long strings are legitimate.
1264 Problem reported by Mary Verge DeSisto, and tracked
1265 down with the help of John Beck of Sun Microsystems.
1266 The internal stab map did not obey the -m flag. Patch from
1267 Rob McMahon of Warwick University, England.
1268 The socket map did not obey the -f flag. Problem noted by
1269 Dan Ringdahl, forwarded by Andrzej Filip.
1270 The addition of LDAP recursion in 8.13.0 broke enforcement of
1271 the LDAP map -1 argument which tells the MTA to only
1272 return success if and only if a single LDAP match is found.
1273 Add additional error checks in the MTA for milter communication
1274 to avoid a possible segmentation fault. Based on patch
1276 Do not trigger an assertion if X509_digest() returns success but
1277 does not assign a value to its output parameter. Based
1278 on patch by Brian Kantor.
1279 Add more checks when resetting internal AUTH data (applies only
1280 to Cyrus SASL version 2). Otherwise an SMTP session might
1281 be dropped after an AUTH failure.
1283 Add LA_LONGLONG as valid LA_TYPE type for systems that use
1284 "long long" to read load average data, e.g.,
1285 AIX 5.1 in 32 bit mode. Note: this has to be set
1286 "by hand", it is not (yet) automatically detected.
1287 Problem noted by Burak Bilen.
1288 Use socklen_t for accept(), etc. on AIX 5.x. This should
1289 fix problems when compiling in 64 bit mode.
1290 Problem first reported by Harry Meiert of
1291 University of Bremen.
1297 8.13.3/8.13.3 2005/01/11
1298 Enhance handling of I/O errors, especially EOF, when STARTTLS
1300 Make sure a connection is not reused after it has been closed
1301 due to a 421 error. Problem found by Allan E Johannesen
1302 of Worcester Polytechnic Institute.
1303 Avoid triggering an assertion when sendmail is interrupted while
1304 closing a connection. Problem found by Allan E Johannesen
1305 of Worcester Polytechnic Institute.
1306 Regression: a change in 8.13.2 caused sendmail not to try the
1307 next MX host (or FallbackMXhost if configured) when, at
1308 connection open, the current server returns a 4xy or 5xy
1309 SMTP reply code. Problem noted by Mark Tranchant.
1311 8.13.2/8.13.2 2004/12/15
1312 Do not split the first header even if it exceeds the internal
1313 buffer size. Previously a part of such a header would
1314 end up in the body of the message. Problem noted by
1315 Simple Nomad of BindView.
1316 Do not complain about "cataddr: string too long" when checking
1317 headers that do not contain RFC 2822 addresses.
1318 Problem noted by Rich Graves of Brandeis University.
1319 If a server returns a 421 reply to the RSET command between
1320 message deliveries, do not attempt to deliver any more
1321 messages on that connection. This prevents bogus "Bad
1322 file number" recipient status. Problem noted by
1323 Allan E Johannesen of Worcester Polytechnic Institute.
1324 Allow trailing white space in EHLO command as recommended by RFC
1325 2821. Problem noted by Ralph Santagato of SBC Services.
1326 Deal with clients which use AUTH but negotiate a smaller buffer size
1327 for data exchanges than the value used by sendmail, e.g.,
1328 Cyrus IMAP lmtp server. Based on patch by Jamie Clark.
1329 When passing ESMTP arguments for RCPT to a milter, do not cut
1330 them off at a comma. Problem noted by Krzysztof Oledzki.
1331 Add more logging to milter change header functions to
1332 complement existing logging. Based on patch from
1333 Gurusamy Sarathy of Active State.
1334 Include <lber.h> in include/sm/config.h when LDAPMAP is defined.
1335 Patch from Edgar Hoch of the University of Stuttgart.
1336 Fix DNS lookup if IPv6 is enabled when converting an IP address
1337 to a hostname for use with SASL. Problem noted by Ken Jones;
1338 patch from Hajimu UMEMOTO.
1339 CONFIG: For consistency enable MODIFY_MAILER_FLAGS for the prog
1340 mailer. Patch from John Beck of Sun Microsystems.
1341 LIBMILTER: It was possible that xxfi_abort() was called after
1342 xxfi_eom() for a message if some timeouts were triggered.
1343 Patch from Alexey Kravchuk.
1344 LIBMILTER: Slightly rearrange mutex use in listener.c to allow
1345 different threads to call smfi_opensocket() and smfi_main().
1346 Patch from Jordan Ritter of Cloudmark.
1347 MAIL.LOCAL: Properly terminate MBDB before exiting. Problem
1348 noted by Nelson Fung.
1349 MAIL.LOCAL: make strip-mail.local used a wrong path to access
1350 mail.local. Problem noted by William Park.
1351 VACATION: Properly terminate MBDB before exiting. Problem noted
1354 Add support for DragonFly BSD.
1356 cf/ostype/dragonfly.m4
1357 devtools/OS/DragonFly
1358 include/sm/os/sm_os_dragonfly.h
1362 8.13.1/8.13.1 2004/07/30
1363 Using the default AliasFile ldap: specification would cause the
1364 objectClasses of the LDAP response to be included in the
1365 alias expansion. Problem noted by Brenden Conte of
1366 Rensselaer Polytechnic Institute.
1367 Fix support for a fallback smart host for system where DNS is
1368 (partially) available. From John Beck of Sun Microsystems.
1369 Fix SuperSafe=PostMilter behavior when a milter replaces a body
1370 but the data file is not yet stored on disk because it is
1371 smaller than the size of the memory buffer. Problem noted
1373 Fix certificate revocation list support; if a CRL was specified
1374 but the other side presented a cert that was signed by
1375 a different (trusted) CA than the one which issued the CRL,
1376 verification would always fail. Problem noted by Al Smith.
1377 Run mailer programs as the RunAsUser when RunAsUser is set and
1378 the F=S mailer flag is set without a U= mailer equate.
1379 Problem noted by John Gardiner Myers of Proofpoint.
1380 ${nbadrcpts} was off by one if BadRcptThrottle is zero.
1381 Patch from Sung-hoon Choi of DreamWiz Inc.
1382 CONFIG: Emit a warning if FEATURE(`access_db') is used after
1383 FEATURE(`greet_pause') because then the latter will not
1384 use the access map. Note: if no default value is given
1385 for FEATURE(`greet_pause') then it issues an error if
1386 FEATURE(`access_db') is not specified before it.
1387 Problem noted by Alexander Dalloz of University of
1389 CONFIG: Invoke ruleset Local_greet_pause if FEATURE(`greet_pause')
1390 is used to give more flexibility for local changes.
1392 Fix a 64 bit problem in the socket map code. Problem
1393 noted by Geoff Adams.
1394 NetBSD 2.0F has closefrom(3). Patch from Andrew Brown.
1395 NetBSD can use sysctl(3) to get the number of CPUs in
1396 a system. Patch from Andrew Brown.
1397 Add a README file in doc/op/ to explain potential
1398 incompatibilities with various *roff related
1399 tools. Problem tracked down by Per Hedeland.
1403 8.13.0/8.13.0 2004/06/20
1404 Do not include AUTH data in a bounce to avoid leaking confidential
1405 information. See also cf/README about MSP and the section
1406 "Providing SMTP AUTH Data when sendmail acts as Client".
1407 Problem noted by Neil Rickert of Northern Illinois
1409 Fix compilation error in libsm/clock.c for -D_FFR_SLEEP_USE_SELECT=n
1410 and -DSM_CONF_SETITIMER=0. Problem noted by Juergen Georgi
1411 of RUS University of Stuttgart.
1412 Fix bug in conversion from 8bit to quoted-printable. Problem found
1413 by Christof Haerens, patch from Per Hedeland.
1414 Add support for LDAP recursion based on types given to attribute
1415 specifications in an LDAP map definition. This allows
1416 LDAP queries to return a new query, a DN, or an LDAP
1417 URL which will in turn be queried. See the ``LDAP
1418 Recursion'' section of doc/op/op.me for more information.
1419 Based on patch from Andrew Baucom.
1420 Extend the default LDAP specifications for AliasFile
1421 (O AliasFile=ldap:) and file classes (F{X}@LDAP) to
1422 include support for LDAP recursion via new attributes.
1423 See ``USING LDAP FOR ALIASES, MAPS, and CLASSES'' section
1424 of cf/README for more information.
1425 New option for LDAP maps: the -w option allows you to specify the
1426 LDAP API/protocol version to use. The default depends on
1428 New option for LDAP maps: the -H option allows you to specify an
1429 LDAP URI instead of specifying the LDAP server via -h host
1430 and -p port. This also allows for the use of LDAP over
1431 SSL and connections via named sockets if your LDAP
1432 library supports it.
1433 New compile time flag SM_CONF_LDAP_INITIALIZE: set this if
1434 ldap_initialize(3) is available (and LDAPMAP is set).
1435 If MaxDaemonChildren is set and a command is repeated too often
1436 during a SMTP session then terminate it just like it is
1437 done for too many bad SMTP commands.
1438 Basic connection rate control support has been added: the daemon
1439 maintains the number of incoming connections per client
1440 IP address and total in the macros {client_rate} and
1441 {total_rate}, respectively. These macros can be used
1442 in the cf file to impose connection rate limits.
1443 A new option ConnectionRateWindowSize (default: 60s)
1444 determines the length of the interval for which the
1445 number of connections is stored. Based on patch from
1446 Jose Marcio Martins da Cruz, Ecole des Mines de Paris.
1447 Add optional protection from open proxies and SMTP slammers which
1448 send SMTP traffic without waiting for the SMTP greeting.
1449 If enabled by the new ruleset greet_pause (see
1450 FEATURE(`greet_pause')), sendmail will wait the specified
1451 amount of time before sending the initial 220 SMTP
1452 greeting. If any traffic is received before then, a 554
1453 SMTP response is sent and all SMTP commands are rejected
1454 during that connection.
1455 If 32 NOOP (or unknown/bad) commands are issued by a client the SMTP
1456 server could sleep for a very long time. Fix based on
1457 patch from Tadashi Kobayashi of IIJ.
1458 Fix a potential memory leak in persistent queue runners if the
1459 number of entries in the queue exceeds the limit of jobs.
1460 Problem noted by Steve Hubert of University of Washington.
1461 Do not use 4.7.1 as enhanced status code because some broken systems
1462 misinterpret it as a permanent error.
1463 New value for SuperSafe: PostMilter which will delay fsync() until
1464 all milters accepted the mail. This can increase
1465 performance if many mails are rejected by milters due to
1466 body scans. Based on patch from David F. Skoll.
1467 New macro {msg_id} which contains the value of the Message-Id:
1468 header, whether provided by the client or generated by
1470 New macro {client_connections} which contains the number of open
1471 connections in the SMTP server for the client IP address.
1472 Based on patch from Jose Marcio Martins da Cruz, Ecole des
1474 sendmail will now remove its pidfile when it exits. This was done
1475 to prevent confusion caused by running sendmail stop
1476 scripts two or more times, where the second and subsequent
1477 runs would report misleading error messages about sendmail's
1478 pid no longer existing. See section 1.3.15 of doc/op/op.me
1479 for a discussion of the implications of this, including
1480 how to correct broken scripts which may have depended on
1481 the old behavior. From John Beck of Sun Microsystems.
1482 Support per-daemon input filter lists which override the default
1483 filter list specified in InputMailFilters. The filters
1484 can be listed in the I= equate of DaemonPortOptions.
1485 Do not add all domain prefixes of the hostname to class 'w'. If
1486 your configuration relies on this behavior, you have to
1487 add those names to class 'w' yourself. Problem noted
1489 Support message quarantining in the mail queue. Quarantined
1490 messages are not run on normal queue displays or runs
1491 unless specifically requested with -qQ. Quarantined queue
1492 files are named with an hf prefix instead of a qf prefix.
1493 The -q command line option now can specify which queue to display
1494 or run. -qQ operates on quarantined queue items. -qL
1495 operates on lost queue items.
1496 Restricted mail queue runs and displays can be done based on the
1497 quarantined reason using -qQtext to run or display
1498 quarantined items if the quarantine reason contains the
1499 given text. Similarly, -q!Qtext will run or display
1500 quarantined items which do not have the given text in the
1502 Items in the queue can be quarantined or unquarantined using the
1503 new -Q option. See doc/op/op.me for more information.
1504 When displaying the quarantine mailq with 'mailq -qQ', the
1505 quarantine reason is shown in a new line prefixed by
1507 A new error code for the $#error mailer, $@ quarantine, can be used
1508 to quarantine messages in check_* (except check_compat) and
1509 header check rulesets. The $: of the mailer triplet will
1510 be used for the quarantine reason.
1511 Add a new quarantine count to the mailstats collected.
1512 Add a new macro ${quarantine} which is the quarantine reason for a
1513 message if it is quarantined.
1514 New map type "socket" for a trivial query protocol over UNIX domain
1515 or TCP sockets (requires compile time option SOCKETMAP).
1516 See sendmail/README and doc/op/op.me for details as well as
1517 socketmapServer.pl and socketmapClient.pl in contrib.
1518 Code donated by Bastiaan Bakker of LifeLine Networks.
1519 Define new macro ${client_ptr} which holds the result of the PTR
1520 lookup for the client IP address. Note: this is the same
1521 as ${client_name} if and only if ${client_resolve} is OK.
1522 Add a new macro ${nbadrcpts} which contains the number of bad
1523 recipients received so far in a transaction.
1524 Call check_relay with the value of ${client_name} to deal with bogus
1525 DNS entries. See also FEATURE(`use_client_ptr'). Problem
1526 noted by Kai Schlichting.
1527 Treat Delivery-Receipt-To: headers the same as Return-Receipt-To:
1528 headers (turn them into DSNs). Delivery-Receipt-To: is
1529 apparently used by SIMS (Sun Internet Mail System).
1530 Enable connection caching for LPC mailers. Patch from Christophe
1531 Wolfhugel of France Telecom Oleane.
1532 Do not silently truncate long strings in address rewriting.
1533 Add support for Cyrus SASL version 2. From Kenneth Murchison of
1535 Add a new AuthOption=m flag to require the use of mechanisms which
1536 support mutual authentication. From Kenneth Murchison of
1538 Fix logging of TLS related problems (introduced in 8.12.11).
1539 The macros {auth_author} and {auth_authen} are stored in xtext
1540 format just like the STARTTLS related macros to avoid
1541 problems with parsing them. Problem noted by Pierangelo
1542 Masarati of SysNet s.n.c.
1543 New option AuthRealm to set the authentication realm that is
1544 passed to the Cyrus SASL library. Patch from Gary Mills
1545 of the University of Manitoba.
1546 Enable AUTH mechanism EXTERNAL if STARTTLS verification was
1547 successful, otherwise relaying would be allowed if
1548 EXTERNAL is listed in TRUST_AUTH_MECH() and STARTTLS
1550 Add basic support for certificate revocation lists. Note: if a
1551 CRLFile is specified but the file is unusable, STARTTLS
1552 is disabled. Based on patch by Ralf Hornik.
1553 Enable workaround for inconsistent Cyrus SASLv1 API for mechanisms
1554 DIGEST-MD5 and LOGIN.
1555 Write pid to file also if sendmail only acts as persistent queue
1556 runner. Proposed by Gary Mills of the University of Manitoba.
1557 Keep daemon pid file(s) locked so other daemons don't try to
1558 overwrite each other's pid files.
1559 Increase maximum length of logfile fields for {cert_subject} and
1560 {cert_issuer} from 128 to 256. Requested by Christophe
1561 Wolfhugel of France Telecom.
1562 Log the TLS verification message on the STARTTLS= log line at
1563 LogLevel 12 or higher.
1564 If the MSP is invoked with the verbose option (-v) then it will
1565 try to use the SMTP command VERB to propagate this option
1566 to the MTA which in turn will show the delivery just like
1567 it was done before the default 8.12 separation of MSP and
1568 MTA. Based on patch by Per Hedeland.
1569 If a daemon is refusing connections for longer than the time specified
1570 by the new option RejectLogInterval (default: 3 hours) due
1571 to high load, log this information. Patch from John Beck
1572 of Sun Microsystems.
1573 Remove the ability for non-trusted users to raise the value of
1574 CheckpointInterval on the command line.
1575 New mailer flag 'B' to strip leading backslashes, which is a
1576 subset of the functionality of the 's' flag.
1577 New mailer flag 'W' to ignore long term host status information.
1578 Patch from Juergen Georgi of RUS University of Stuttgart.
1579 Enable generic mail filter API (milter) by default. To turn
1580 it off, add -DMILTER=0 to the compile time options.
1581 An internal SMTP session discard flag was lost after an RSET/HELO/EHLO
1582 causing subsequent messages to be sent instead of being
1583 discarded. This also caused milter callbacks to be called
1584 out of order after the SMTP session was reset.
1585 New option RequiresDirfsync to turn off the compile time flag
1586 REQUIRES_DIR_FSYNC at runtime. See sendmail/README for
1587 further information.
1588 New command line option -D logfile to send debug output to
1589 the indicated log file instead of stdout.
1590 Add Timeout.queuereturn.dsn and Timeout.queuewarn.dsn to control
1591 queue return and warning times for delivery status
1593 New queue sort order option: 'n'one for not sorting the queue entries
1595 Several more return values for ruleset srv_features have been added
1596 to enable/disable certain features in the server per
1597 connection. See doc/op/op.me for details.
1598 Support for SMTP over SSL (smtps), activated by Modifier=s
1599 for DaemonPortOptions.
1600 Continue with DNS lookups on ECONNREFUSED and TRY_AGAIN when
1601 trying to canonify hostnames. Suggested by Neil Rickert
1602 of Northern Illinois University.
1603 Add support for a fallback smart host (option FallbackSmartHost) to
1604 be tried as a last resort after all other fallbacks. This
1605 is designed for sites with partial DNS (e.g., an accurate
1606 view of inside the company, but an incomplete view of
1607 outside). From John Beck of Sun Microsystems.
1608 Enable timeout for STARTTLS even if client does not start the TLS
1609 handshake. Based on patch by Andrey J. Melnikoff.
1610 Remove deprecated -v option for PH map, use -k instead. Patch from
1611 Mark Roth of the University of Illinois at Urbana-Champaign.
1612 libphclient is version 1.2.x by default, if version 1.1.x is required
1613 then compile with -DNPH_VERSION=10100. Patch from Mark Roth
1614 of the University of Illinois at Urbana-Champaign.
1615 Add Milter.macros.eom, allowing macros to be sent to milter
1616 applications for use in the xxfi_eom() callback.
1617 New macro {time} which contains the output of the time(3) function,
1618 i.e., the number of seconds since 0 hours, 0 minutes,
1619 0 seconds, January 1, 1970, Coordinated Universal Time (UTC).
1620 If check_relay sets the reply code to "421" the SMTP server will
1621 terminate the SMTP session with a 421 error message.
1622 Get rid of dead code that tried to access the environment variable
1624 Deprecate the use of ErrorMode=write. To enable this in 8.13
1625 compile with -DUSE_TTYPATH=1.
1626 Header check rulesets using $>+ (do not strip comments) will get
1627 the header value passed in without balancing quotes,
1628 parentheses, and angle brackets. Based on patch from
1630 Do not complain and fix up unbalanced quotes, parentheses, and
1631 angle brackets when reading in rulesets. This allows
1632 rules to be written for header checks to catch strings
1633 that contain quotes, parentheses, and/or angle brackets.
1634 Based on patch from Oleg Bulyzhin.
1635 Do not close socket when accept(2) in the daemon encounters
1636 some temporary errors like ECONNABORTED.
1637 Added list of CA certificates that are used by members of the
1638 sendmail consortium, see CACerts.
1640 Two new compile options have been added:
1641 HASCLOSEFROM System has closefrom(3).
1642 HASFDWALK System has fdwalk(3).
1643 Based on patch from John Beck of Sun Microsystems.
1644 The Linux kernel version 2.4 series has a broken flock() so
1645 change to using fcntl() locking until they can fix
1646 it. Be sure to update other sendmail related
1647 programs to match locking techniques.
1648 New compile time option NEEDINTERRNO which should be set
1649 if <errno.h> does not declare errno itself.
1650 Support for UNICOS/mk and UNICOS/mp added, some changes for
1651 UNICOS. Patches contributed by Aaron Davis and
1652 Brian Ginsbach, Cray Inc., and Manu Mahonen of
1653 Center for Scientific Computing.
1654 Add support for Darwin 7.0/Mac OS X 10.3 (a.k.a. Panther).
1655 Extend support to Darwin 7.x/Mac OS X 10.3 (a.k.a. Panther).
1656 Remove path from compiler definition for Interix because
1657 Interix 3.0 and 3.5 put gcc in different locations.
1658 Also use <sys/mkdev.h> to get the correct
1659 major()/minor() definitions. Based on feedback
1660 from Mark Funkenhauser.
1661 CONFIG: Add support for LDAP recursion to the default LDAP searches
1662 for maps via new attributes. See the ``USING LDAP FOR
1663 ALIASES, MAPS, and CLASSES'' section of cf/README and
1664 cf/sendmail.schema for more information.
1665 CONFIG: Make sure confTRUSTED_USER is valid even if confRUN_AS_USER
1666 is of the form "user:group" when used for submit.mc.
1667 Problem noted by Carsten P. Gehrke, patch from Neil Rickert
1668 of Northern Illinois University.
1669 CONFIG: Add a new access DB value of QUARANTINE:reason which
1670 instructs the check_* (except check_compat) to quarantine
1671 the message using the given reason.
1672 CONFIG: Use "dns -R A" as map type for dnsbl (just as for enhdnsbl)
1673 instead of "host" to avoid problem with looking up other
1674 DNS records than just A.
1675 CONFIG: New option confCONNECTION_RATE_WINDOW_SIZE to define the
1676 length of the interval for which the number of incoming
1677 connections is maintained.
1678 CONFIG: New FEATURE(`ratecontrol') to set the limits for connection
1679 rate control for individual hosts or nets.
1680 CONFIG: New FEATURE(`conncontrol') to set the limits for the
1681 number of open SMTP connections for individual hosts or nets.
1682 CONFIG: New FEATURE(`greet_pause') enables open proxy and SMTP
1683 slamming protection described above. The feature can
1684 take an argument specifying the milliseconds to wait and/or
1685 use the access database to look the pause time based on
1686 client hostname, domain, IP address, or subnet.
1687 CONFIG: New FEATURE(`use_client_ptr') to have check_relay use
1688 $&{client_ptr} as its first argument. This is useful for
1689 rejections based on the unverified hostname of client,
1690 which turns on the same behavior as in earlier sendmail
1691 versions when delay_checks was not in use. See also entry
1692 above about check_relay being invoked with ${client_name}.
1693 CONFIG: New option confREJECT_LOG_INTERVAL to specify the log
1694 interval when refusing connections for this long.
1695 CONFIG: Remove quotes around usage of confREJECT_MSG; in some cases
1696 this requires a change in a mc file. Requested by
1697 Ted Roberts of Electronic Data Systems.
1698 CONFIG: New option confAUTH_REALM to set the authentication realm
1699 that is passed to the Cyrus SASL library. Patch from
1700 Gary Mills of the University of Manitoba.
1701 CONFIG: Rename the (internal) classes {tls}/{src} to {Tls}/{Src}
1702 to follow the naming conventions.
1703 CONFIG: Add a third optional argument to local_lmtp to specify
1705 CONFIG: Remove the f flag from the default mailer flags of
1707 CONFIG: New option confREQUIRES_DIR_FSYNC to turn off the compile
1708 time flag REQUIRES_DIR_FSYNC at runtime.
1709 CONFIG: New LOCAL_UUCP macro to insert rules into the generated
1710 cf file at the same place where MAILER(`uucp') inserts
1712 CONFIG: New options confTO_QUEUERETURN_DSN and confTO_QUEUEWARN_DSN
1713 to control queue return and warning times for delivery
1714 status notifications.
1715 CONFIG: New option confFALLBACK_SMARTHOST to define FallbackSmartHost.
1716 CONFIG: Add the mc file which has been used to create the cf
1717 file to the end of the cf file when using make in cf/cf/.
1718 Patch from Richard Rognlie.
1719 CONFIG: FEATURE(nodns) has been removed, it was a no-op since 8.9.
1720 Use ServiceSwitchFile to turn off DNS lookups, see
1722 CONFIG: New option confMILTER_MACROS_EOM (sendmail Milter.macros.eom
1723 option) defines macros to be sent to milter applications for
1724 use in the xxfi_eom() callback.
1725 CONFIG: New option confCRL to specify file which contains
1726 certificate revocations lists.
1727 CONFIG: Add a new value (sendertoo) for the third argument to
1728 FEATURE(`ldap_routing') which will reject the SMTP
1729 MAIL From: command if the sender address doesn't exist
1730 in LDAP. See cf/README for more information.
1731 CONFIG: Add a fifth argument to FEATURE(`ldap_routing') which
1732 instructs the rulesets on whether or not to do a domain
1733 lookup if a full address lookup doesn't match. See cf/README
1734 for more information.
1735 CONFIG: Add a sixth argument to FEATURE(`ldap_routing') which
1736 instructs the rulesets on whether or not to queue the mail
1737 or give an SMTP temporary error if the LDAP server can't be
1738 reached. See cf/README for more information. Based on
1739 patch from Billy Ray Miller of Caterpillar.
1740 CONFIG: Experimental support for MTAMark, see cf/README for details.
1741 CONFIG: New option confMESSAGEID_HEADER to define a different
1742 Message-Id: header format. Patch from Bastiaan Bakker
1743 of LifeLine Networks.
1744 CONTRIB: New version of cidrexpand which uses Net::CIDR. From
1746 CONTRIB: oldbind.compat.c has been removed due to security problems.
1747 Found by code inspection done by Reasoning, Inc.
1748 DEVTOOLS: Add an example file for devtools/Site/, contributed
1749 by Neil Rickert of Northern Illinois University.
1750 LIBMILTER: Add new function smfi_quarantine() which allows the
1751 filter's EOM routine to quarantine the current message.
1752 Filters which use this function must include the
1753 SMFIF_QUARANTINE flag in the registered smfiDesc structure.
1754 LIBMILTER: If a milter sets the reply code to "421", the SMTP server
1755 will terminate the SMTP session with that error.
1756 LIBMILTER: Upon filter shutdown, libmilter will not remove a
1757 named socket in the file system if it is running as root.
1758 LIBMILTER: Add new function smfi_progress() which allows the filter
1759 to notify the MTA that an EOM operation is still in progress,
1760 resetting the timeout.
1761 LIBMILTER: Add new function smfi_opensocket() which allows the filter
1762 to attempt to establish the interface socket, and detect
1763 failure to do so before calling smfi_main().
1764 LIBMILTER: Add new function smfi_setmlreply() which allows the
1765 filter to return a multi-line SMTP reply.
1766 LIBMILTER: Deal with more temporary errors in accept() by ignoring
1767 them instead of stopping after too many occurred.
1768 Suggested by James Carlson of Sun Microsystems.
1769 LIBMILTER: Fix a descriptor leak in the sample program found in
1770 docs/sample.html. Reported by Dmitry Adamushko.
1771 LIBMILTER: The sample program also needs to use SMFIF_ADDRCPT.
1772 Reported by Carl Byington of 510 Software Group.
1773 LIBMILTER: Document smfi_stop() and smfi_setdbg(). Patches
1774 from Bryan Costales.
1775 LIBMILTER: New compile time option SM_CONF_POLL; define this if
1776 poll(2) should be used instead of select(2).
1777 LIBMILTER: New function smfi_insheader() and related protocol
1778 amendments to support header insertion operations.
1779 MAIL.LOCAL: Add support for hashed mail directories, see
1780 mail.local/README. Contributed by Chris Adams of HiWAAY
1781 Informations Services.
1782 MAILSTATS: Display quarantine message counts.
1783 MAKEMAP: Add new flag -D to specify the comment character to use
1785 VACATION: Add new flag -j to auto-respond to messages regardless of
1786 whether or not the recipient is listed in the To: or Cc:
1788 VACATION: Add new flag -R to specify the envelope sender address
1789 for the auto-response message.
1792 cf/feature/conncontrol.m4
1793 cf/feature/greet_pause.m4
1794 cf/feature/mtamark.m4
1795 cf/feature/ratecontrol.m4
1796 cf/feature/use_client_ptr.m4
1798 cf/ostype/unicosmk.m4
1799 cf/ostype/unicosmp.m4
1800 contrib/socketmapClient.pl
1801 contrib/socketmapServer.pl
1802 devtools/OS/Darwin.7.0
1803 devtools/OS/UNICOS-mk
1804 devtools/OS/UNICOS-mp
1805 devtools/Site/site.config.m4.sample
1806 include/sm/os/sm_os_unicos.h
1807 include/sm/os/sm_os_unicosmk.h
1808 include/sm/os/sm_os_unicosmp.h
1809 libmilter/docs/smfi_insheader.html
1810 libmilter/docs/smfi_progress.html
1811 libmilter/docs/smfi_quarantine.html
1812 libmilter/docs/smfi_setdbg.html
1813 libmilter/docs/smfi_setmlreply.html
1814 libmilter/docs/smfi_stop.html
1818 contrib/oldbind.compat.c
1819 devtools/OS/CRAYT3E.2.0.x
1820 devtools/OS/CRAYTS.10.0.x
1823 devtools/OS/Darwin.7.0 => devtools/OS/Darwin.7.x
1825 8.12.11/8.12.11 2004/01/18
1826 Use QueueFileMode when opening qf files. This error was a
1827 regression in 8.12.10. Problem detected and diagnosed
1828 Lech Szychowski of the Polish Power Grid Company.
1829 Properly count the number of queue runners in a work group and
1830 make sure the total limit of MaxQueueChildren is not
1831 exceeded. Based on patch from Takayuki Yoshizawa of
1833 Take care of systems that can generate time values where the
1834 seconds can exceed the usual range of 0 to 59.
1835 Problem noted by Randy Diffenderfer of EDS.
1836 Avoid regeneration of identical queue identifiers by processes
1837 whose process id is the same as that of the initial
1838 sendmail process that was used to start the daemon.
1839 Problem noted by Randy Diffenderfer of EDS.
1840 When a milter invokes smfi_delrcpt() compare the supplied
1841 recipient address also against the printable addresses
1842 of the current list to deal with rewritten addresses.
1843 Based on patch from Sean Hanson of The Asylum.
1844 BadRcptThrottle now also works for addresses which return the
1845 error mailer, e.g., virtusertable entries with the
1846 right hand side error:. Patch from Per Hedeland.
1847 Fix printing of 8 bit characters as octals in log messages.
1848 Based on patch by Andrey J. Melnikoff.
1849 Undo change of algorithm for MIME 7-bit base64 encoding to 8-bit
1850 text that has been introduced in 8.12.3. There are some
1851 examples where the new code fails, but the old code works.
1852 To get the 8.12.3-8.12.10 version, compile sendmail with
1853 -DMIME7TO8_OLD=0. If you have an example of improper
1854 7 to 8 bit conversion please send it to us.
1855 Return normal error code for unknown SMTP commands instead of
1856 the one specified by check_relay or a milter for a
1857 connection. Problem noted by Andrzej Filip.
1858 Some ident responses contain data after the terminating CRLF which
1859 causes sendmail to log "POSSIBLE ATTACK...newline in string".
1860 To avoid this everything after LF is ignored.
1861 If the operating system supports O_EXLOCK and HASFLOCK is set
1862 then a possible race condition for creating qf files
1863 can be avoided. Note: the race condition does not
1864 exist within sendmail, but between sendmail and an
1865 external application that accesses qf files.
1866 Log the proper options name for TLS related mising files for
1867 the CACertPath, CACertFile, and DHParameters options.
1868 Do not split an envelope if it will be discarded, otherwise df
1869 files could be left behind. Problem found by Wolfgang
1871 The use of the environment variables HOME and HOSTALIASES has been
1872 deprecated and will be removed in version 8.13. This only
1873 effects configuration which preserve those variable via the
1874 'E' command in the cf file as sendmail clears out its entire
1877 Add support for Darwin 7.0/Mac OS X 10.3 (a.k.a. Panther).
1878 Solaris 10 has unsetenv(), patch from Craig Mohrman of
1880 LIBMILTER: Add extra checks in case a broken MTA sends bogus data
1881 to libmilter. Based on code review by Rob Grzywinski.
1882 SMRSH: Properly assemble commands that contain '&&' or '||'.
1883 Problem noted by Eric Lee of Talking Heads.
1885 devtools/OS/Darwin.7.0
1887 8.12.10/8.12.10 2003/09/24 (Released: 2003/09/17)
1888 SECURITY: Fix a buffer overflow in address parsing. Problem
1889 detected by Michal Zalewski, patch from Todd C. Miller
1890 of Courtesan Consulting.
1891 Fix a potential buffer overflow in ruleset parsing. This problem
1892 is not exploitable in the default sendmail configuration;
1893 only if non-standard rulesets recipient (2), final (4), or
1894 mailer-specific envelope recipients rulesets are used then
1895 a problem may occur. Problem noted by Timo Sirainen.
1896 Accept 0 (and 0/0) as valid input for set MaxMimeHeaderLength.
1897 Problem noted by Thomas Schulz.
1898 Add several checks to avoid (theoretical) buffer over/underflows.
1899 Properly count message size when performing 7->8 or 8->7 bit MIME
1900 conversions. Problem noted by Werner Wiethege.
1901 Properly compute message priority based on size of entire message,
1902 not just header. Problem noted by Axel Holscher.
1903 Reset SevenBitInput to its configured value between SMTP
1904 transactions for broken clients which do not properly
1905 announce 8 bit data. Problem noted by Stefan Roehrich.
1906 Set {addr_type} during queue runs when processing recipients.
1907 Based on patch from Arne Jansen.
1908 Better error handling in case of (very unlikely) queue-id conflicts.
1909 Perform better error recovery for address parsing, e.g., when
1910 encountering a comment that is too long. Problem noted by
1911 Tanel Kokk, Union Bank of Estonia.
1912 Add ':' to the allowed character list for bogus HELO/EHLO
1913 checking. It is used for IPv6 domain literals. Patch from
1914 Iwaizako Takahiro of FreeBit Co., Ltd.
1915 Reset SASL connection context after a failed authentication attempt.
1916 Based on patch from Rob Siemborski of CMU.
1917 Check Berkeley DB compile time version against run time version
1918 to make sure they match.
1919 Do not attempt AAAA (IPv6) DNS lookups if IPv6 is not enabled
1921 When a milter adds recipients and one of them causes an error,
1922 do not ignore the other recipients. Problem noted by
1924 CONFIG: Use specified SMTP error code in mailertable entries which
1925 lack a DSN, i.e., "error:### Text". Problem noted by
1927 CONFIG: Call Local_trust_auth with the correct argument. Patch
1928 from Jerome Borsboom.
1929 CONTRIB: Better handling of temporary filenames for doublebounce.pl
1930 and expn.pl to avoid file overwrites, etc. Patches from
1931 Richard A. Nelson of Debian and Paul Szabo.
1932 MAIL.LOCAL: Fix obscure race condition that could lead to an
1933 improper mailbox truncation if close() fails after the
1934 mailbox is fsync()'ed and a new message is delivered
1935 after the close() and before the truncate().
1936 MAIL.LOCAL: If mail delivery fails, do not leave behind a
1937 stale lockfile (which is ignored after the lock timeout).
1938 Patch from Oleg Bulyzhin of Cronyx Plus LLC.
1940 Port for AIX 5.2. Thanks to Steve Hubert of University
1941 of Washington for providing access to a computer
1943 setreuid(2) works on OpenBSD 3.3. Patch from
1944 Todd C. Miller of Courtesan Consulting.
1945 Allow for custom definition of SMRSH_CMDDIR and SMRSH_PATH
1946 on all operating systems. Patch from Robert Harker
1948 Use strerror(3) on Linux. If this causes a problem on
1949 your Linux distribution, compile with
1950 -DHASSTRERROR=0 and tell sendmail.org about it.
1954 8.12.9/8.12.9 2003/03/29
1955 SECURITY: Fix a buffer overflow in address parsing due to
1956 a char to int conversion problem which is potentially
1957 remotely exploitable. Problem found by Michal Zalewski.
1958 Note: an MTA that is not patched might be vulnerable to
1959 data that it receives from untrusted sources, which
1961 To provide partial protection to internal, unpatched sendmail MTAs,
1962 8.12.9 changes by default (char)0xff to (char)0x7f in
1963 headers etc. To turn off this conversion compile with
1964 -DALLOW_255 or use the command line option -d82.101.
1965 To provide partial protection for internal, unpatched MTAs that may be
1966 performing 7->8 or 8->7 bit MIME conversions, the default
1967 for MaxMimeHeaderLength has been changed to 2048/1024.
1968 Note: this does have a performance impact, and it only
1969 protects against frontal attacks from the outside.
1970 To disable the checks and return to pre-8.12.9 defaults,
1971 set MaxMimeHeaderLength to 0/0.
1972 Do not complain about -ba when submitting mail. Problem noted
1973 by Derek Wueppelmann.
1974 Fix compilation with Berkeley DB 1.85 on systems that do not
1975 have flock(2). Problem noted by Andy Harper of Kings
1977 Properly initialize data structure for dns maps to avoid various
1978 errors, e.g., looping processes. Problem noted by
1979 Maurice Makaay of InterNLnet B.V.
1980 CONFIG: Prevent multiple application of rule to add smart host.
1981 Patch from Andrzej Filip.
1982 CONFIG: Fix queue group declaration in MAILER(`usenet').
1983 CONTRIB: buildvirtuser: New option -t builds the virtusertable
1984 text file instead of the database map.
1986 Revert wrong change made in 8.12.7 and actually use the
1987 builtin getopt() version in sendmail on Linux.
1988 This can be overridden by using -DSM_CONF_GETOPT=0
1989 in which case the OS supplied version will be used.
1991 8.12.8/8.12.8 2003/02/11
1992 SECURITY: Fix a remote buffer overflow in header parsing by
1993 dropping sender and recipient header comments if the
1994 comments are too long. Problem noted by Mark Dowd
1996 Fix a potential non-exploitable buffer overflow in parsing the
1997 .cf queue settings and potential buffer underflow in
1998 parsing ident responses. Problem noted by Yichen Xie of
1999 Stanford University Compilation Group.
2000 Fix ETRN #queuegroup command: actually start a queue run for
2001 the selected queue group. Problem noted by Jos Vos.
2002 If MaxMimeHeaderLength is set and a malformed MIME header is fixed,
2003 log the fixup as "Fixed MIME header" instead of "Truncated
2004 MIME header". Problem noted by Ian J Hart.
2005 CONFIG: Fix regression bug in proto.m4 that caused a bogus
2006 error message: "FEATURE() should be before MAILER()".
2007 MAIL.LOCAL: Be more explicit in some error cases, i.e., whether
2008 a mailbox has more than one link or whether it is not
2009 a regular file. Patch from John Beck of Sun Microsystems.
2011 8.12.7/8.12.7 2002/12/29
2012 Properly clean up macros to avoid persistence of session data
2013 across various connections. This could cause session
2014 oriented restrictions, e.g., STARTTLS requirements,
2015 to erroneously allow a connection. Problem noted
2016 by Tim Maletic of Priority Health.
2017 Do not lookup MX records when sorting the MSP queue. The MSP
2018 only needs to relay all mail to the MTA. Problem found
2019 by Gary Mills of the University of Manitoba.
2020 Do not restrict the length of connection information to 100
2021 characters in some logging statements. Problem noted by
2023 When converting an enhanced status code to an exit status, use
2024 EX_CONFIG if the first digit is not 2, 4, or 5 or if *.1.5
2026 Reset macro $x when receiving another MAIL command. Problem
2027 noted by Vlado Potisk of Wigro s.r.o.
2028 Don't bother setting the permissions on the build area statistics
2029 file, the proper permissions will be put on the file at
2030 install time. This fixes installation over NFS for some
2031 users. Problem noted by Martin J. Dellwo of 3-Dimensional
2032 Pharmaceuticals, Inc.
2033 Fix problem of decoding SASLv2 encrypted data. Problem noted by
2034 Alex Deiter of Mobile TeleSystems, Komi Republic.
2035 Log milter socket open errors at MilterLogLevel 1 or higher instead
2037 Print early system errors to the console instead of silently
2038 exiting. Problem noted by James Jong of IBM.
2039 Do not process a queue group if Runners is set to 0, regardless
2040 of whether F=f or sendmail is run in verbose mode (-v).
2041 The use of -qGname will still force queue group "name"
2042 to be run even if Runners=0.
2043 Change the level for logging the fact that a daemon is refusing
2044 connections due to high load from LOG_INFO to LOG_NOTICE.
2045 Patch from John Beck of Sun Microsystems.
2046 Use location information for submit.cf from NetInfo
2047 (/locations/sendmail/submit.cf) if available.
2048 Re-enable ForkEachJob which was lost in 8.12.0. Problem noted by
2049 Neil Rickert of Northern Illinois University.
2050 Make behavior of /canon in debug mode consistent with usage in
2051 rulesets. Patch from Shigeno Kazutaka of IIJ.
2052 Fix a potential memory leak in envelope splitting. Problem noted
2053 by John Majikes of IBM.
2054 Do not try to share an mailbox database LDAP connection across
2055 different processes. Problem noted by Randy Kunkee.
2056 Fix logging for undelivered recipients when the SMTP connection
2057 times out during message collection. Problem noted by Neil
2058 Rickert of Northern Illinois University.
2059 Avoid problems with QueueSortOrder=random due to problems with
2060 qsort() on Solaris (and maybe some other operating systems).
2061 Problem noted by Stephan Schulz of Gruner+Jahr..
2062 If -f "" is specified, set the sender address to "<>". Problem
2063 noted by Matthias Andree.
2064 Fix formatting problem of footnotes for plain text output on some
2065 versions of tmac. Patch from Per Hedeland.
2067 Berkeley DB 4.1 support (requires at least 4.1.25).
2068 Some getopt(3) implementations in GNU/Linux are broken
2069 and pass a NULL pointer to an option which requires
2070 an argument, hence the builtin version of
2071 sendmail is used instead. This can be overridden
2072 by using -DSM_CONF_GETOPT=0. Problem noted by
2073 Vlado Potisk of Wigro s.r.o.
2074 Support for nph-1.2.0 from Mark D. Roth of the University
2075 of Illinois at Urbana-Champaign.
2076 Support for FreeBSD 5.0's MAC labeling from Robert Watson
2077 of the TrustedBSD Project.
2078 Support for reading the number of processors on an IRIX
2079 system from Michel Bourget of SGI.
2080 Support for UnixWare 7.1 based on input from Larry Rosenman.
2081 Interix support from Nedelcho Stanev of Atlantic Sky
2083 Update Mac OS X/Darwin portability from Wilfredo Sanchez.
2084 CONFIG: Enforce tls_client restrictions even if delay_checks
2085 is used. Problem noted by Malte Starostik.
2086 CONFIG: Deal with an empty hostname created via bogus
2087 DNS entries to get around access restrictions.
2088 Problem noted by Kai Schlichting.
2089 CONFIG: Use FEATURE(`msp', `[127.0.0.1]') in submit.mc by default
2090 to avoid problems with hostname resolution for localhost
2091 which on many systems does not resolve to 127.0.0.1 (or
2092 ::1 for IPv6). If you do not use IPv4 but only IPv6 then
2093 you need to change submit.mc accordingly, see the comment
2095 CONFIG: Set confDONT_INIT_GROUPS to True in submit.mc to avoid
2096 error messages from initgroups(3) on AIX 4.3 when sending
2097 mail to non-existing users. Problem noted by Mark Roth of
2098 the University of Illinois at Urbana-Champaign.
2099 CONFIG: Allow local_procmail to override local_lmtp settings.
2100 CONFIG: Always allow connections from 127.0.0.1 or IPv6:::1 to
2102 CONTRIB: cidrexpand: Deal with the prefix tags that may be included
2104 CONTRIB: New version of doublebounce.pl contributed by Leo Bicknell.
2105 LIBMILTER: On Solaris libmilter may get into an endless loop if
2106 an error in the communication from/to the MTA occurs.
2107 Patch from Gurusamy Sarathy of Active State.
2108 LIBMILTER: Ignore EINTR from sigwait(3) which may happen on Tru64.
2109 Patch from from Jose Marcio Martins da Cruz of Ecole
2110 Nationale Superieure des Mines de Paris.
2111 MAIL.LOCAL: Fix a truncation race condition if the close() on
2112 the mailbox fails. Problem noted by Tomoko Fukuzawa of
2114 MAIL.LOCAL: Fix a potential file descriptor leak if mkstemp(3)
2115 fails. Patch from John Beck of Sun Microsystems.
2116 SMRSH: SECURITY: Only allow regular files or symbolic links to be
2117 used for a command. Problem noted by David Endler of
2123 8.12.6/8.12.6 2002/08/26
2124 Do not add the FallbackMXhost (or its MX records) to the list
2125 returned by the bestmx map when -z is used as option.
2126 Otherwise sendmail may act as an open relay if FallbackMXhost
2127 and FEATURE(`relay_based_on_MX') are used together.
2128 Problem noted by Alexander Ignatyev.
2129 Properly split owner- mailing list messages when SuperSafe is set
2130 to interactive. Problem noted by Todd C. Miller of
2131 Courtesan Consulting.
2132 Make sure that an envelope is queued in the selected queue group
2133 even if some recipients are deleted or invalid. Problem
2134 found by Chris Adams of HiWAAY Informations Services.
2135 Do not send a bounce message if a message is completely collected
2136 from the SMTP client. Problem noted by Kari Hurtta of the
2137 Finnish Meteorological Institute.
2138 Provide an 'install-submit-st' target for sendmail/Makefile to
2139 install the MSP statistics file using the file named in the
2140 confMSP_STFILE devtools variable. Requested by Jeff
2141 Earickson of Colby College.
2142 Queue up mail with a temporary error if setusercontext() fails
2143 during a delivery attempt. Patch from Todd C. Miller of
2144 Courtesan Consulting.
2145 Fix handling of base64 encoded client authentication data for
2146 SMTP AUTH. Patch from Elena Slobodnik of life medien GmbH.
2147 Set the OpenLDAP option LDAP_OPT_RESTART so the client libraries
2148 restart interrupted system calls. Problem noted by Luiz
2149 Henrique Duma of BSIOne.
2150 Prevent a segmentation fault if a program passed a NULL envp using
2152 Document a problem with the counting of queue runners that may
2153 cause delays if MaxQueueChildren is set too low. Problem
2154 noted by Ian Duplisse of Cable Television Laboratories, Inc.
2155 If discarding a message based on a recipient, don't try to look up
2156 the recipient in the mailbox database if F=w is set. This
2157 allows users to discard bogus recipients when dealing with
2158 spammers without tipping them off. Problem noted by Neil
2159 Rickert of Northern Illinois University.
2160 If applying a header check to a header with unstructured data,
2161 e.g., Subject:, then do not run syntax checks that are
2162 supposed for addresses on the header content.
2163 Count messages rejected/discarded via the check_data ruleset.
2165 Fix compilation on systems which do not allow simple
2166 copying of the variable argument va_list. Based on
2167 fix from Scott Walters.
2168 Fix NSD map open bug. From Michel Bourget of SGI.
2169 Add some additional IRIX shells to the default shell
2170 list. From Michel Bourget of SGI.
2171 Fix compilation issues on Mac OS X 10.2 (Darwin 6.0).
2172 NETISO support has been dropped.
2173 CONFIG: There was a seemingly minor change in 8.12.4 with respect
2174 to handling entries of IP nets/addresses with RHS REJECT.
2175 These would be rejected in check_rcpt instead of only
2176 being activated in check_relay. This change has been made to
2177 avoid potential bogus temporary rejection of relay attempts
2178 "450 4.7.1 Relaying temporarily denied. Cannot resolve PTR
2179 record for ..." if delay_checks is enabled. However, this
2180 modification causes a change of behavior if an IP net/address
2181 is listed in the access map with REJECT and a host/domain
2182 name is listed with OK or RELAY, hence it has been reversed
2183 such that the behavior of 8.12.3 is restored. The original
2184 change was made on request of Neil Rickert of Northern
2185 Illinois University, the side effect has been found by
2186 Stefaan Van Hoornick.
2187 CONFIG: Make sure delay_checks works even for sender addresses
2188 using the local hostname ($j) or domains in class {P}.
2189 Based on patch from Neil Rickert of Northern Illinois
2191 CONFIG: Fix temporary error handling for LDAP Routing lookups.
2192 Fix from Andrzej Filip.
2193 CONTRIB: New version of etrn.pl script and external man page
2194 (etrn.0) from John Beck of Sun Microsystems.
2195 LIBMILTER: Protect a free(3) operation from being called with a
2196 NULL pointer. Problem noted by Andrey J. Melnikoff.
2197 LIBMILTER: Protect against more interrupted select() calls. Based
2198 on patch from Jose Marcio Martins da Cruz of Ecole Nationale
2199 Superieure des Mines de Paris.
2203 8.12.5/8.12.5 2002/06/25
2204 SECURITY: The DNS map can cause a buffer overflow if the user
2205 specifies a dns map using TXT records in the configuration
2206 file and a rogue DNS server is queried. None of the
2207 sendmail supplied configuration files use this option hence
2208 they are not vulnerable. Problem noted independently by
2209 Joost Pol of PINE Internet and Anton Rang of Sun Microsystems.
2210 Unprintable characters in responses from DNS servers for the DNS
2211 map type are changed to 'X' to avoid potential problems
2212 with rogue DNS servers.
2213 Require a suboption when setting the Milter option. Problem noted
2215 Do not silently overwrite command line settings for
2216 DirectSubmissionModifiers. Problem noted by Bryan
2218 Prevent a segmentation fault when clearing the event list by
2219 turning off alarms before checking if event list is
2220 empty. Problem noted by Allan E Johannesen of Worcester
2221 Polytechnic Institute.
2222 Close a potential race condition in transitioning a memory buffered
2223 file onto disk. From Janani Devarajan of Sun Microsystems.
2225 Include paths.h on Linux systems running glibc 2.0 or later
2226 to get the definition for _PATH_SENDMAIL, used by
2227 rmail and vacation. Problem noted by Kevin
2228 A. McGrail of Peregrine Hardware.
2229 NOTE: Linux appears to have broken flock() again. Unless
2230 the bug is fixed before sendmail 8.13 is shipped,
2231 8.13 will change the default locking method to
2232 fcntl() for Linux kernel 2.4 and later. You may
2233 want to do this in 8.12 by compiling with
2234 -DHASFLOCK=0. Be sure to update other sendmail
2235 related programs to match locking techniques.
2237 8.12.4/8.12.4 2002/06/03
2238 SECURITY: Inherent limitations in the UNIX file locking model
2239 can leave systems open to a local denial of service
2240 attack. Be sure to read the "FILE AND MAP PERMISSIONS"
2241 section of the top level README for more information.
2242 Problem noted by lumpy.
2243 Use TempFileMode (defaults to 0600) for the permissions of PidFile
2245 Change the default file permissions for new alias database files
2246 from 0644 to 0640. This can be overridden at compile time
2247 by setting the DBMMODE macro.
2248 Fix a potential core dump problem if the environment variable
2249 NAME is set. Problem noted by Beth A. Chaney of
2251 Expand macros before passing them to libmilter. Problem noted
2252 by Jose Marcio Martins da Cruz of Ecole Nationale
2253 Superieure des Mines de Paris.
2254 Rewind the df (message body) before truncating it when libmilter
2255 replaces the body of a message. Problem noted by Gisle Aas
2257 Change SMTP reply code for AUTH failure from 500 to 535 and the
2258 initial zero-length response to "=" per RFC 2554. Patches
2259 from Kenneth Murchison of Oceana Matrix Ltd.
2260 Do not try to fix broken message/rfc822 MIME attachments by
2261 inserting a MIME-Version: header when MaxMimeHeaderLength
2262 is set and no 8 to 7 bit conversion is needed. Based on
2263 patch from Rehor Petr of ICZ (Czech Republic).
2264 Do not log "did not issue MAIL/EXPN/VRFY/ETRN" if the connection
2265 is rejected anyway. Noted by Chris Loelke.
2266 Mention the submission mail queue in the mailq man page. Requested
2267 by Bill Fenner of AT&T.
2268 Set ${msg_size} macro when reading a message from the command line
2270 Detach from shared memory before dropping privileges back to
2271 user who started sendmail.
2272 If AllowBogusHELO is set to false (default) then also complain if
2273 the argument to HELO/EHLO contains white space. Suggested
2274 by Seva Gluschenko of Cronyx Plus.
2275 Allow symbolicly linked forward files in writable directory paths
2276 if both ForwardFileInUnsafeDirPath and
2277 LinkedForwardFileInWritableDir DontBlameSendmail options
2278 are set. Problem noted by Werner Spirk of
2279 Leibniz-Rechenzentrum Munich.
2281 Operating systems that lack the ftruncate() call will not
2282 be able to use Milter's body replacement feature.
2283 This only affects Altos, Maxion, and MPE/iX.
2284 Digital UNIX 5.0 has changed flock() semantics to be
2285 non-compliant. Problem noted by Martin Mokrejs of
2286 Charles University in Prague.
2287 The sparc64 port of FreeBSD 5.0 now supports shared
2289 CONFIG: FEATURE(`preserve_luser_host') needs the macro map.
2290 Problem noted by Andrzej Filip.
2291 CONFIG: Using 'local:' as a mailertable value with
2292 FEATURE(`preserve_luser_host') and LUSER_RELAY caused mail
2293 to be misaddressed. Problem noted by Andrzej Filip.
2294 CONFIG: Provide a workaround for DNS based rejection lists that
2295 fail for AAAA queries. Problem noted by Chris Boyd.
2296 CONFIG: Accept the machine's hostname as resolvable when checking
2297 the sender address. This allows locally submitted mail to
2298 be accepted if the machine isn't connected to a nameserver
2299 and doesn't have an /etc/hosts entry for itself. Problem
2300 noted by Robert Watson of the TrustedBSD Project.
2301 CONFIG: Use deferred expansion for checking the ${deliveryMode}
2302 macro in case the SMTP VERB command is used. Problem
2303 noted by Bryan Costales.
2304 CONFIG: Avoid a duplicate '@domain' virtusertable lookup if no
2305 matches are found. Fix from Andrzej Filip.
2306 CONFIG: Fix wording in default dnsbl rejection message. Suggested
2307 by Lou Katz of Metron Computerware, Ltd.
2308 CONFIG: Add mailer cyrusv2 for Cyrus V2. Contributed by
2309 Kenneth Murchison of Oceana Matrix Ltd.
2310 CONTRIB: Fix wording in default dnsblaccess rejection message to
2312 DEVTOOLS: Add new option for access mode of statistics file,
2313 confSTMODE, which specifies the permissions when initially
2314 installing the sendmail statistics file.
2315 LIBMILTER: Mark the listening socket as close-on-exec in case
2316 a user's filter starts other applications.
2317 LIBSM: Allow the MBDB initialize, lookup, and/or terminate
2318 functions in SmMbdbTypes to be set to NULL.
2319 MAKEMAP: Change the default file permissions for new databases from
2320 0644 to 0640. This can be overridden at compile time
2321 by setting the DBMMODE macro.
2322 SMRSH: Fix man page bug: replace SMRSH_CMDBIN with SMRSH_CMDDIR.
2323 Problem noted by Dave Alden of Ohio State University.
2324 VACATION: When listing the vacation database (-l), don't show
2325 bogus timestamps for excluded (-x) addresses. Problem
2326 noted by Bryan Costales.
2328 cf/mailer/cyrusv2.m4
2330 8.12.3/8.12.3 2002/04/05
2331 NOTICE: In general queue files should not be moved if queue groups
2332 are used. In previous versions this could cause mail
2333 not to be delivered if a queue file is repeatedly moved
2334 by an external process whenever sendmail moved it back
2335 into the right place. Some precautions have been taken
2336 to avoid moving queue files if not really necessary.
2337 sendmail may use links to refer to queue files and it
2338 may store the path of data files in queue files. Hence
2339 queue files should not be moved unless those internals
2340 are understood and the integrity of the files is not
2341 compromised. Problem noted by Anne Bennett of Concordia
2343 If an error mail is created, and the mail is split across different
2344 queue directories, and SuperSafe is off, then write the mail
2345 to disk before splitting it, otherwise an assertion is
2346 triggered. Problem tracked down by Henning Schmiedehausen
2348 Fix possible race condition that could cause sendmail to forget
2349 running queues. Problem noted by Jeff Wasilko of smoe.org.
2350 Handle bogus qf files better without triggering assertions.
2351 Problem noted by Guy Feltin.
2352 Protect against interrupted select() call when enforcing Milter
2353 read and write timeouts. Patch from Gurusamy Sarathy of
2355 Matching queue IDs with -qI should be case sensitive. Problem
2356 noted by Anne Bennett of Concordia University.
2357 If privileges have been dropped, don't try to change group ID to
2358 the RunAsUser group. Problem noted by Neil Rickert of
2359 Northern Illinois University.
2360 Fix SafeFileEnvironment path munging when the specified path
2361 contains a trailing slash. Based on patch from Dirk Meyer
2363 Do not limit sendmail command line length to SM_ARG_MAX (usually
2364 4096). Problem noted by Allan E Johannesen of Worcester
2365 Polytechnic Institute.
2366 Clear full name of sender for each new envelope to avoid bogus data
2367 if several mails are sent in one session and some of them
2368 do not have a From: header. Problem noted by Bas Haakman.
2369 Change timeout check such that cached information about a connection
2370 will be immediately invalid if ConnectionCacheTimeout is zero.
2371 Based on patch from David Burns of Portland State University.
2372 Properly count message size for mailstats during mail collection.
2373 Problem noted by Werner Wiethege.
2374 Log complete response from LMTP delivery agent on failure. Based on
2375 patch from Motonori Nakamura of Kyoto University.
2376 Provide workaround for getopt() implementations that do not catch
2378 Fix the message size calculation if the message body is replaced by
2379 a milter filter and buffered file I/O is being used.
2380 Problem noted by Sergey Akhapkin of Dr.Web.
2381 Do not honor SIGUSR1 requests if running with extra privileges.
2382 Problem noted by Werner Wiethege.
2383 Prevent a file descriptor leak on mail delivery if the initial
2384 connect fails and DialDelay is set. Patch from Servaas
2385 Vandenberghe of Katholieke Universiteit Leuven.
2386 Properly deal with a case where sendmail is called by root running
2387 a set-user-ID (non-root) program. Problem noted by Jon
2388 Lusky of ISS Atlanta.
2389 Avoid leaving behind stray transcript (xf) files if multiple queue
2390 directories are used and mail is sent to a mailing list
2391 which has an owner- alias. Problem noted by Anne Bennett
2392 of Concordia University.
2393 Fix class map parsing code if optional key is specified. Problem
2394 found by Mario Nigrovic.
2395 The SMTP daemon no longer tries to fix up improperly dot-stuffed
2396 incoming messages. A leading dot is always stripped by the
2397 SMTP receiver regardless of whether or not it is followed by
2398 another dot. Problem noted by Jordan Ritter of darkridge.com.
2399 Fix corruption when doing automatic MIME 7-bit quoted-printable or
2400 base64 encoding to 8-bit text. Problem noted by Mark
2402 Correct the statistics gathered for total number of connections.
2403 Instead of being the exact same number as the total number
2404 of messages (T line in mailstats) it now represents the
2405 total number of TCP connections.
2406 Be more explicit about syntax errors in addresses, especially
2407 non-ASCII characters, and properly create DSNs if necessary.
2408 Problem noted by Leena Heino of the University of Tampere.
2409 Prevent small timeouts from being lost on slow machines if itimers
2410 are used. Problem noted by Suresh Ramasubramanian.
2411 Prevent a race condition on child cleanup for delivery to files.
2412 Problem noted by Fletcher Mattox of the University of
2414 Change the SMTP error code for temporary map failures from 421
2416 Do not assume that realloc(NULL, size) works on all OS (this was
2417 only done in one place: queue group creation). Based on
2418 patch by Bryan Costales.
2419 Initialize Timeout.iconnect in the code to prevent randomly short
2420 timeouts. Problem noted by Bradley Watts of AT&T Canada.
2421 Do not try to send a second SMTP QUIT command if the remote
2422 responds to a MAIL command with a 421 reply or on I/O
2423 errors. By doing so, the host was marked as having a
2424 temporary problem and other mail destined for that host was
2425 queued for the next queue run. Problem noted by Fletcher
2426 Mattox of the University of Texas, Allan E Johannesen of
2427 Worcester Polytechnic Institute, Larry Greenfield of CMU,
2428 and Neil Rickert of Northern Illinois University.
2429 Ignore error replies from the SMTP QUIT command (including servers
2430 which drop the connection instead of responding to the
2433 Check LDAP_API_VERSION to determine if ldap_memfree() is
2435 Define HPUX10 when building on HP-UX 10.X. That platform
2436 now gets the proper _PATH_SENDMAIL and SMRSH_CMDDIR
2437 settings. Patch from Elias Halldor Agustsson of
2439 Fix dependency building on Mac OS X and Darwin. Problem
2441 Preliminary support for the sparc64 port of FreeBSD 5.0.
2442 Add /sbin/sh as an acceptable user shell on HP-UX. From
2443 Rajesh Somasund of Hewlett-Packard.
2444 CONFIG: Add FEATURE(`authinfo') to allow a separate database for
2445 SMTP AUTH information. This feature was actually added in
2446 8.12.0 but a release note was not included.
2447 CONFIG: Do not bounce mail if FEATURE(`ldap_routing')'s bounce
2448 parameter is set and the LDAP lookup returns a temporary
2450 CONFIG: Honor FEATURE(`relay_hosts_only') when using
2451 FEATURE(`relay_mail_from', `domain'). Problem noted by
2453 CONFIG: FEATURE(`msp') now disables any type of alias
2454 initialization as aliases are not needed for the MSP.
2455 CONFIG: Allow users to override RELAY_MAILER_ARGS when FEATURE(`msp')
2456 is in use. Patch from Andrzej Filip.
2457 CONFIG: FEATURE(`msp') uses `[localhost]' as default instead of
2458 `localhost' and turns on MX lookups for the SMTP mailers.
2459 This will only have an effect if a parameter is specified,
2460 i.e., an MX lookup will be performed on the hostname unless
2461 it is embedded in square brackets. Problem noted by
2462 Theo Van Dinter of Collective Technologies.
2463 CONFIG: Set confTIME_ZONE to USE_TZ in submit.mc (TimeZoneSpec= in
2464 submit.cf) to use $TZ for time stamps. This is a compromise
2465 to allow for the proper time zone on systems where the
2466 default results in misleading time stamps. That is, syslog
2467 time stamps and Date headers on submitted mail will use the
2468 user's $TZ setting. Problem noted by Mark Roth of the
2469 University of Illinois at Urbana-Champaign, solution proposed
2470 by Neil Rickert of Northern Illinois University.
2471 CONFIG: Mac OS X (Darwin) ships with mail.local as non-set-user-ID
2472 binary. Adjust local mailer flags accordingly. Problem
2474 CONTRIB: Add a warning to qtool.pl to not move queue files around
2475 if queue groups are used.
2476 CONTRIB: buildvirtuser: Add -f option to force rebuild.
2477 CONTRIB: smcontrol.pl: Add -f option to specify control socket.
2478 CONTRIB: smcontrol.pl: Add support for 'memdump' command.
2479 Suggested by Bryan Costales.
2480 DEVTOOLS: Add dependency generation for test programs.
2481 LIBMILTER: Remove conversion of port number for the socket
2482 structure that is passed to xxfi_connect(). Notice:
2483 this fix requires that sendmail and libmilter both have
2484 this change; mixing versions may lead to wrong port
2485 values depending on the endianness of the involved systems.
2486 Problem noted by Gisle Aas of ActiveState.
2487 LIBMILTER: If smfi_setreply() sets a custom reply code of '4XX' but
2488 SMFI_REJECT is returned, ignore the custom reply. Do the
2489 same if '5XX' is used and SMFI_TEMPFAIL is returned.
2490 LIBMILTER: Install include files in ${INCLUDEDIR}/libmilter/ as
2491 required by mfapi.h. Problem noted by Jose Marcio Martins
2492 da Cruz of Ecole Nationale Superieure des Mines de Paris.
2493 LIBSM: Add SM_CONF_LDAP_MEMFREE as a configuration define. Set
2494 this to 1 if your LDAP client libraries include
2496 LIBSMDB: Avoid a file creation race condition for Berkeley DB 1.X
2497 and NDBM on systems with the O_EXLOCK open(2) flag.
2498 SMRSH: Fix compilation problem on some operating systems. Problem
2499 noted by Christian Krackowizer of schuler technodat GmbH.
2500 VACATION: Allow root to operate on user vacation databases. Based
2501 on patch from Greg Couch of the University of California,
2503 VACATION: Don't ignore -C option. Based on patch by Bryan Costales.
2504 VACATION: Clarify option usage in the man page. Problem noted by
2507 libmilter/docs/smfi_setbacklog.html
2509 8.12.2/8.12.2 2002/01/13
2510 Don't complain too much if stdin, stdout, or stderr are missing
2511 at startup, only log an error message.
2512 Fix potential problem if an unknown operation mode (character
2513 following -b) has been specified.
2514 Prevent purgestat from looping even if someone changes the
2515 permissions or owner of hoststatus files. Problem noted
2516 by Kari Hurtta of the Finnish Meteorological Institute.
2517 Properly record dropped connections in persistent host status.
2518 Problem noted by Ulrich Windl of the Universitat
2520 Remove newlines from recipients read via sendmail -t to prevent
2521 SMTP protocol errors when sending the RCPT command.
2522 Problem noted by William D. Colburn of the New Mexico
2523 Institute of Mining and Technology.
2524 Only log milter body replacements once instead of for each body
2525 chunk sent by a filter. Problem noted by Kari Hurtta of
2526 the Finnish Meteorological Institute.
2527 In 8.12.0 and 8.12.1, the headers were mistakenly not included in
2528 the message size calculation. Problem noted by Kari Hurtta
2529 of the Finnish Meteorological Institute.
2530 Since 8.12 no longer forks at the SMTP MAIL command, the daemon
2531 needs to collect children status to avoid zombie processes.
2532 Problem noted by Chris Adams of HiWAAY Informations Services.
2533 Shut down "nullserver" and ETRN-only connections after 25 bad
2534 commands are issued. This makes it consistent with normal
2536 Avoid duplicate logging of milter rejections. Problem noted by
2537 William D. Colburn of the New Mexico Institute of Mining
2539 Error and delay DSNs were being sent to postmaster instead of the
2540 message sender if the sender had used a deprecated RFC822
2541 source route. Problem noted by Kari Hurtta of the Finnish
2542 Meteorological Institute.
2543 Fix FallbackMXhost behavior for temporary errors during address
2544 parsing. Problem noted by Jorg Bielak from Coastal Web
2546 For systems on which stat(2) does not return a value for st_blksize
2547 that is the "optimal blocksize for I/O" three new compile
2548 time flags are available: SM_IO_MAX_BUF_FILE, SM_IO_MIN_BUF,
2549 and SM_IO_MAX_BUF, which define an upper limit for
2550 regular files, and a lower and upper limit for other file
2551 types, respectively.
2552 Fix a potential deadlock if two events are supposed to occur at
2553 exactly the same time. Problem noted by Valdis Kletnieks
2555 Perform envelope splitting for aliases listed directly in the
2556 alias file, not just for include/.forward files.
2557 Problem noted by John Beck of Sun Microsystems.
2558 Allow selection of queue group for mailq using -qGgroup.
2559 Based on patch by John Beck of Sun Microsystems.
2560 Make sure cached LDAP connections used my multiple maps in the same
2561 process are closed. Patch from Taso N. Devetzis.
2562 If running as root, allow reading of class files in protected
2563 directories. Patch from Alexander Talos of the University
2565 Correct a few LDAP related memory leaks. Patch from David Powell
2566 of Sun Microsystems.
2567 Allow specification of an empty realm via the authinfo ruleset.
2568 This is necessary to interoperate as an SMTP AUTH client
2569 with servers that do not support realms when using
2570 CRAM-MD5. Problem noted by Bjoern Voigt of TU Berlin.
2571 Avoid a potential information leak if AUTH PLAIN is used and the
2572 server gets stuck while processing that command. Problem
2573 noted by Chris Adams from HiWAAY Informations Services.
2574 In addition to printing errors when parsing recipients during
2575 command line invocations log them to make it simpler
2576 to understand possible DSNs to postmaster.
2577 Do not use FallbackMXhost on mailers which have the F=0 flag set.
2578 Allow local mailers (F=l) to specify a host for TCP connections
2579 instead of forcing localhost.
2580 Obey ${DESTDIR} for installation of the client mail queue and
2581 submit.cf. Patch from Peter 'Luna' Runestig.
2582 Re-enable support for -M option which was broken in 8.12.1. Problem
2583 noted by Neil Rickert of Northern Illinois University.
2584 If a remote server violates the SMTP standard by unexpectedly
2585 dropping the connection during an SMTP transaction, stop
2586 sending commands. This prevents bogus "Bad file number"
2587 recipient status. Problem noted by Allan E Johannesen of
2588 Worcester Polytechnic Institute.
2589 Do not use a size estimate of 100 for postmaster bounces, it's
2590 almost always too small; do not guess the size at all.
2591 New VENDOR_DEC for Compaq/DEC. Requested by James Seagraves of
2592 Compaq Computer Corp.
2593 Fix DaemonPortOptions IPv6 address parsing such that ::1 works
2594 properly. Problem noted by Valdis Kletnieks of Virginia
2597 Fix IPv6 network interface probing on HP-UX 11.X. Based on
2598 patch provided by HP.
2599 Mac OS X (aka Darwin) has a broken setreuid() call, but a
2600 working seteuid() call. From Daniel J. Luke.
2601 Use proper type for a 32-bit integer on SINIX. From Ganu
2603 Set SM_IO_MIN_BUF (4K) and SM_IO_MAX_BUF (8K) for HP-UX.
2604 Reduce optimization from +O3 to +O2 on HP-UX 11. This
2605 fixes a problem that caused additional bogus
2606 characters to be written to the qf file. Problem
2607 noted by Tapani Tarvainen.
2608 Set LDA_USE_LOCKF by default for UnixWare. Problem noted
2609 by Boyd Lynn Gerber.
2610 Add support for HP MPE/iX. See sendmail/README for port
2611 information. From Mark Bixby of Hewlett-Packard.
2612 New portability defines HASNICE, HASRRESVPORT, USE_ENVIRON,
2613 USE_DOUBLE_FORK, and NEEDLINK. See sendmail/README
2614 for more information. From Mark Bixby of
2616 If an OS doesn't have a method of finding free disk space
2617 (SFS_NONE), lie and say there is plenty of space.
2618 From Mark Bixby of Hewlett-Packard.
2619 Add support for AIX 5.1. From Valdis Kletnieks of
2621 Fix man page location for NeXTSTEP. From Hisanori Gogota
2622 of the NTT/InterCommunication Center.
2623 Do not assume that strerror() always returns a string.
2624 Problem noted by John Beck of Sun Microsystems.
2625 CONFIG: Add OSTYPE(freebsd5) for FreeBSD 5.X, which has removed
2626 UUCP from the base operating system. From Mark Murray of
2627 FreeBSD Services, Ltd.
2628 CONFIG: Add OSTYPE(mpeix) and a generic .mc file for HP MPE/iX
2629 systems. From Mark Bixby of Hewlett-Packard.
2630 CONFIG: Add support for selecting a queue group for all mailers.
2631 Based on proposal by Stephen L. Ulmer of the University of
2633 CONFIG: Fix error reporting for compat_check.m4. Problem noted by
2635 CONFIG: Do not override user selections for confRUN_AS_USER and
2636 confTRUSTED_USER in FEATURE(msp). From Mark Bixby of
2638 LIBMILTER: Fix bug that prevented the removal of a socket after
2639 libmilter terminated. Problem reported by Andrey V. Pevnev
2641 LIBMILTER: Fix configuration error that required libsm for linking.
2642 Problem noted by Kari Hurtta of the Finnish Meteorological
2644 LIBMILTER: Portability fix for OpenUNIX. Patch from Larry Rosenman.
2645 LIBMILTER: Fix a theoretical memory leak and a possible attempt
2646 to free memory twice.
2647 LIBSM: Fix a potential segmentation violation in the I/O library.
2648 Problem found and analyzed by John Beck and Tim Haley
2649 of Sun Microsystems.
2650 LIBSM: Do not clear the LDAP configuration information when
2651 terminating the mailbox database connection in the LDAP
2652 example code. Problem noted by Nikos Voutsinas of the
2653 University of Athens.
2655 cf/cf/generic-mpeix.cf
2656 cf/cf/generic-mpeix.mc
2657 cf/ostype/freebsd5.m4
2661 include/sm/os/sm_os_mpeix.h
2664 8.12.1/8.12.1 2001/10/01
2665 SECURITY: Check whether dropping group privileges actually succeeded
2666 to avoid possible compromises of the mail system by
2667 supplying bogus data. Add configuration options for
2668 different set*gid() calls to reset saved gid. Problem
2669 found by Michal Zalewski.
2670 PRIVACY: Prevent information leakage when sendmail has extra
2671 privileges by disabling debugging (command line -d flag)
2672 during queue runs and disabling ETRN when sendmail -bs is
2673 used. Suggested by Michal Zalewski.
2674 Avoid memory corruption problems resulting from bogus .cf files.
2675 Problem found by Michal Zalewski.
2676 Set the ${server_addr} macro to name of mailer when doing LMTP
2677 delivery. LMTP systems may offer SMTP Authentication or
2678 STARTTLS causing sendmail to use this macro in rulesets.
2679 If debugging is turned on (-d0.10) print not just the default
2680 values for configuration file and pid file but also the
2681 selected values. Problem noted by Brad Chapman.
2682 Continue dealing with broken nameservers by ignoring SERVFAIL
2683 errors returned on T_AAAA (IPv6) lookups at delivery time
2684 if ResolverOptions=WorkAroundBrokenAAAA is set. Previously
2685 this only applied to hostname canonification. Problem
2686 noted by Bill Fenner of AT&T Research.
2687 Ignore comments in NIS host records when trying to find the
2688 canonical name for a host.
2689 When sendmail has extra privileges, limit mail submission command
2690 line flags (i.e., -G, -h, -F, etc.) to mail submission
2691 operating modes (i.e., -bm, -bs, -bv, etc.). Idea based on
2692 suggestion from Michal Zalewski.
2694 AIX: Use `oslevel` if available to determine OS version.
2695 `uname` does not given complete information.
2696 Problem noted by Keith Neufeld of the Cessna
2698 OpenUNIX: Use lockf() for LDA delivery (affects mail.local).
2699 Problem noticed by Boyd Lynn Gerber of ZENEX.
2700 Avoid compiler warnings by not using pointers to pass
2701 integers. Problem noted by Todd C. Miller of
2702 Courtesan Consulting.
2703 CONFIG: Add restrictqrun to PrivacyOptions for the MSP to minimize
2704 problems with potential misconfigurations.
2705 CONFIG: Fix comment showing default value of MaxHopCount. Problem
2706 noted by Greg Robinson of the Defence Science and
2707 Technology Organisation of Australia.
2708 CONFIG: dnsbl: If an argument specifies an error message in case
2709 of temporary lookup failures for DNS based blocklists
2711 LIBMILTER: Install mfdef.h, required by mfapi.h. Problem noted by
2712 Richard A. Nelson of Debian.
2713 LIBMILTER: Add __P definition for OS that lack it. Problem noted
2714 by Chris Adams from HiWAAY Informations Services.
2715 LIBSMDB: Fix a lock race condition that affects makemap, praliases,
2717 MAKEMAP: Avoid going beyond the end of an input line if it does
2718 not contain a value for a key. Based on patch from
2719 Mark Bixby from Hewlett-Packard.
2729 include/sm/sysstat.h
2731 8.12.0/8.12.0 2001/09/08
2732 *NOTICE*: The default installation of sendmail does not use
2733 set-user-ID root anymore. You need to create a new user and
2734 a new group before installing sendmail (both called smmsp by
2735 default). The installation process tries to install
2736 /etc/mail/submit.cf and creates /var/spool/clientmqueue by
2737 default. Please see sendmail/SECURITY for details.
2738 SECURITY: Check for group and world writable forward and :include:
2739 files. These checks can be turned off if absolutely
2740 necessary using the DontBlameSendmail option and the new
2742 GroupWritableForwardFile
2743 WorldWritableForwardFile
2744 GroupWritableIncludeFile
2745 WorldWritableIncludeFile
2746 Problem noted by Slawek Zak of Politechnika Warszawska,
2747 SECURITY: Drop privileges when using address test mode. Suggested
2748 by Michal Zalewski of the "Internet for Schools" project
2750 Fixed problem of a global variable being used for a timeout jump
2751 point where the variable could become overused for more than
2752 one timeout concurrently. This erroneous behavior resulted in
2753 a corrupted stack causing a core dump. The timeout is now
2754 handled via libsm. Problem noted by Michael Shapiro,
2755 John Beck, and Carl Smith of Sun Microsystems.
2756 If sendmail is set-group-ID then that group ID is used for permission
2757 checks (group ID of RunAsUser). This allows use of a
2758 set-group-ID sendmail binary for initial message submission
2759 and no set-user-ID root sendmail is needed. For details
2760 see sendmail/SECURITY.
2761 Log a warning if a non-trusted user changes the syslog label.
2762 Based on notice from Bryan Costales of SL3D, Inc.
2763 If sendmail is called for initial delivery, try to use submit.cf
2764 with a fallback of sendmail.cf as configuration file. See
2766 New configuration file option UseMSP to allow group writable queue
2767 files if the group is the same as that of a set-group-ID
2768 sendmail binary. See sendmail/SECURITY.
2769 The .cf file is chosen based on the operation mode. For -bm (default),
2770 -bs, and -t it is submit.cf if it exists for all others it
2771 is sendmail.cf (to be backward compatible). This selection
2772 can be changed by the new option -Ac or -Am (alternative .cf
2773 file: client or mta). See sendmail/SECURITY.
2774 The SMTP server no longer forks on each MAIL command. The ONEX
2775 command has been removed.
2776 Implement SMTP PIPELINING per RFC 2920. It can be turned off
2777 at compile time or per host (ruleset).
2778 New option MailboxDatabase specifies the type of mailbox database
2779 used to look up local mail recipients; the default value
2780 is "pw", which means to use getpwnam(). New mailbox database
2781 types can be added by adding custom code to libsm/mbdb.c.
2782 Queue file names are now 15 characters long, rather than 14 characters
2783 long, to accommodate envelope splitting. File systems with
2784 a 14 character file name length limit are no longer
2786 Recipient list used for delivery now gets internally ordered by
2787 hostsignature (character string version of MX RR). This orders
2788 recipients for the same MX RR's together meaning smaller
2789 portions of the list need to be scanned (instead of the whole
2790 list) each delivery() pass to determine piggybacking. The
2791 significance of the change is better the larger the recipient
2792 list. Hostsignature is now created during recipient list
2793 creation rather than just before delivery.
2794 Enhancements for more opportunistic piggybacking. Previous
2795 piggybacking (called coincidental) extended to coattail
2796 piggybacking. Rather than complete MX RR matching
2797 (coincidental) piggybacking is done if just the lowest value
2798 preference matches (coattail).
2799 If sendmail receives a temporary error on a RCPT TO: command, it will
2800 try other MX hosts if available.
2801 DefaultAuthInfo can contain a list of mechanisms to be used for
2802 outgoing (client-side) SMTP Authentication.
2803 New modifier 'A' for DaemonPortOptions/ClientPortOptions to disable
2804 AUTH (overrides 'a' modifier in DaemonPortOptions). Based
2805 on patch from Lyndon Nerenberg of Messaging Direct.
2806 Enable AUTH mechanism EXTERNAL if STARTTLS is used.
2807 A new ruleset authinfo can be used to return client side
2808 authentication information for AUTH instead of DefaultAuthInfo.
2809 Therefore the DefaultAuthInfo option is deprecated and will be
2810 removed in future versions.
2811 Accept any SMTP continuation code 3xy for AUTH even though RFC 2554
2812 requires 334. Mercury 1.48 is a known offender.
2813 Add new option AuthMaxBits to limit the overall encryption strength
2814 for the security layer in SMTP AUTH (SASL). See
2815 doc/op/op.me for details.
2816 Introduce new STARTTLS related macros {cn_issuer}, {cn_subject},
2817 {cert_md5} which hold the CN (common name) of the CA that
2818 signed the presented certificate, the CN and the MD5 hash
2819 of the presented certificate, respectively.
2820 New ruleset try_tls to decide whether to try (as client) STARTTLS.
2821 New ruleset srv_features to enable/disable certain features in the
2822 server per connection. See doc/op/op.me for details.
2823 New ruleset tls_rcpt to decide whether to send e-mail to a particular
2824 recipient; useful to decide whether a connection is secure
2825 enough on a per recipient basis.
2826 New option TLSSrvOptions to modify some aspects of the server
2828 If no certificate has been requested, the macro {verify} has the
2830 New M=S modifier for ClientPortOptions/DaemonPortOptions to turn off
2831 using/offering STARTTLS when delivering/receiving e-mail.
2832 Macro expand filenames/directories for certs and keys in the .cf file.
2833 Proposed by Neil Rickert of Northern Illinois University.
2834 Generate an ephemeral RSA key for a STARTTLS connection only if
2835 really required. This change results in a noticeable
2836 performance gains on most machines. Moreover, if shared
2837 memory is in use, reuse the key several times.
2838 Add queue groups which can be used to group queue directories with
2839 the same behavior together. See doc/op/op.me for details.
2840 If the new option FastSplit (defaults to one) has a value greater
2841 than zero, it suppresses the MX lookups on addresses when they
2842 are initially sorted which may result in faster envelope
2843 splitting. If the mail is submitted directly from the
2844 command line, then the value also limits the number of
2845 processes to deliver the envelopes; if more envelopes are
2846 created they are only queued up and must be taken care of
2848 The check for 'enough disk space' now pays attention to which file
2849 system each queue directory resides in.
2850 All queue runners can be cleanly terminated via SIGTERM to parent.
2851 New option QueueFileMode for the default permissions of queue files.
2852 Add parallel queue runner code. Allows multiple queue runners per work
2853 group (one or more queues in a multi-queue environment
2854 collected together) to process the same work list at the
2856 Option MaxQueueChildren added to limit the number of concurrently
2857 active queue runner processes.
2858 New option MaxRunnersPerQueue to specify the maximum number of queue
2859 runners per queue group.
2860 Queue member selection by substring pattern matching now allows
2861 the pattern to be negated. For -qI, -qR and -qS it is
2862 permissible for -q!I, -q!R and -q!S to mean remove members
2863 of the queue that match during processing.
2864 New -qp[time] option is similar to -qtime, except that instead of
2865 periodically forking a child to process the queue, a single
2866 child is forked for each queue that sleeps between queue
2867 runs. A SIGHUP signal can be sent to restart this
2868 persistent queue runner.
2869 The SIGHUP signal now restarts a timed queue run process (i.e., a
2870 sendmail process which only runs the queue at an interval:
2872 New option NiceQueueRun to set the priority of queue runners.
2873 Proposed by Thom O'Connor.
2874 sendmail will run the queue(s) in the background when invoked with -q
2875 unless the new -qf option or -v is used.
2876 QueueSortOrder=Random sorts the queue randomly, which is useful if
2877 several queue runners are started by hand to avoid contention.
2878 QueueSortOrder=Modification sorts the queue by the modification time
2879 of the qf file (older entries first).
2880 Support Deliver By SMTP Service Extension (RFC 2852) which allows
2881 a client to specify an amount of time within which an e-mail
2882 should be delivered. New option DeliverByMin added to set the
2883 minimum amount of time or disable the extension.
2884 Non-printable characters (ASCII: 0-31, 127) in mailbox addresses are
2885 not allowed unless escaped or quoted.
2886 Add support for a generic DNS map. Based on a patch contributed
2887 by Leif Johansson of Stockholm University, which was based on
2888 work by Assar Westerlund of Swedish Institute of Computer
2889 Science, Kista, and Johan Danielsson of Royal Institute of
2890 Technology, Stockholm, Sweden.
2891 MX records will be looked up for FallBackMXhost. To use the old
2892 behavior (no MX lookups), put the name in square brackets.
2893 Proposed by Thom O'Connor.
2894 Use shared memory to store free space of filesystems that are used
2895 for queues, if shared memory is available and if a key is set
2896 via SharedMemoryKey. This minimizes the number of system
2897 calls to check the available space. See doc/op/op.me for
2899 If shared memory is compiled in the option -bP can be used to print
2900 the number of entries in the queue(s).
2901 Enable generic mail filter API (milter). See libmilter/README
2902 and the usual documentation for details.
2903 Remove AutoRebuildAliases option, deprecated since 8.10.
2904 Remove '-U' (initial user submission) command line option as
2906 Remove support for non-standard SMTP command XUSR. Use an MSA instead.
2907 New macro {addr_type} which contains whether the current address is
2908 an envelope sender or recipient address. Suggested by
2909 Neil Rickert of Northern Illinois University.
2910 Two new options for host maps: -d (retransmission timeout),
2911 -r (number of retries).
2912 New option for LDAP maps: the -V<sep> allows you to specify a
2913 separator such that a lookup can return both an attribute
2914 and value separated by the given separator.
2915 Add new operators '%', '|', '&' (modulo, binary or, binary and)
2917 If DoubleBounceAddress expands to an empty string, ``double bounces''
2918 (errors that occur when sending an error message) are dropped.
2919 New DontBlameSendmail options GroupReadableSASLDBFile and
2920 GroupWritableSASLDBFile to relax requirements for sasldb files.
2921 New DontBlameSendmail options GroupReadableKeyFile to relax
2922 requirements for files containing secret keys. This is
2923 necessary for the MSP if client authentification is used.
2924 Properly handle quoted filenames for class files (to allow for
2925 filenames with spaces).
2926 Honor the resolver option RES_NOALIASES when canonifying hostnames.
2927 Add macros to avoid the reuse of {if_addr} etc:
2928 {if_name_out} hostname of interface of outgoing connection.
2929 {if_addr_out} address of interface of outgoing connection.
2930 {if_family_out} family of interface of outgoing connection.
2931 The latter two are only set if the interface does not belong
2932 to the loopback net.
2933 Add macro {nrcpts} which holds the number of (validated) recipients.
2934 DialDelay option applies only to mailers with flag 'Z'. Patch from
2935 Juergen Georgi of RUS University of Stuttgart.
2936 New Timeout.lhlo,auth,starttls options to limit the time waiting for
2937 an answer to the LMTP LHLO, SMTP AUTH or STARTTLS command.
2938 New Timeout.aconnect option to limit the overall waiting time for
2939 all connections for a single delivery attempt to succeed.
2940 Limit the rate recipients in the SMTP envelope are accepted once
2941 a threshold number of recipients has been rejected (option
2942 BadRcptThrottle). From Gregory A Lundberg of the WU-FTPD
2944 New option DelayLA to delay connections if the load averages
2945 exceeds the specified value. The default of 0 does not
2946 change the previous behavior. A value greater than 0
2947 will cause sendmail to sleep for one second on most
2948 SMTP commands and before accepting connections if that
2949 load average is exceeded.
2950 Use a dynamic (instead of fixed-size) buffer for the list of
2951 recipients that are sent during a connection to a mailer.
2952 This also introduces a new mailer field 'r' which defines
2953 the maximum number of recipients (defaults to 100).
2954 Based on patch by Motonori Nakamura of Kyoto University.
2955 Add new F=1 mailer flag to disable sending of null characters ('\0').
2956 Add new F=2 mailer flag to disable use of ESMTP, using SMTP instead.
2957 The deprecated [TCP] builtin mailer pathname (P=) is gone. Use [IPC]
2959 IPC is no longer available as first mailer argument (A=) for [IPC]
2960 builtin mailer pathnames. Use TCP instead.
2961 PH map code updated to use the new libphclient API instead of the
2962 old libqiapi library. Contributed by Mark Roth of the
2963 University of Illinois at Urbana-Champaign.
2964 New option DirectSubmissionModifiers to define {daemon_flags}
2965 for direct (command line) submissions.
2966 New M=O modifier for DaemonPortOptions to ignore the socket in
2967 case of failures. Based on patch by Jun-ichiro itojun
2968 Hagino of the KAME Project.
2969 Add Disposition-Notification-To: (RFC 2298) to the list of headers
2970 whose content is rewritten similar to Reply-To:.
2971 Proposed by Andrzej Filip.
2972 Use STARTTLS/AUTH=server/client for logging incoming/outgoing
2973 STARTTLS/AUTH connections; log incoming connections at level
2974 9 or higher. Use AUTH/STARTTLS instead of SASL/TLS for SMTP
2975 AUTH/STARTTLS related logfile entries.
2976 Convert unprintable characters (and backslash) into octal or C format
2978 Log recipients if no message is transferred but QUIT/RSET is given
2979 (at LogLevel 9/10 or higher).
2980 Log discarded recipients at LogLevel 10 or higher.
2981 Do not log "did not issue MAIL/EXPN/VRFY/ETRN" for connections
2982 in which most commands are rejected due to check_relay or
2983 TCP Wrappers if the host tries one of those commands anyway.
2984 Change logging format for cloned envelopes to be similar to that for
2985 DSNs ("old id: new id: clone"). Suggested by Ulrich Windl
2986 of the Universitat Regensburg.
2987 Added libsm, a C library of general purpose abstractions including
2988 assertions, tracing and debugging with named debug categories,
2989 exception handling, malloc debugging, resource pools,
2990 portability abstractions, and an extensible buffered I/O
2991 package. It will at some point replace libsmutil.
2992 See libsm/index.html for details.
2993 Fixed most memory leaks in sendmail which were previously taken
2994 care of by fork() and exit().
2995 Use new sm_io*() functions in place of stdio calls. Allows for
2996 more consistent portablity amongst different platforms
2997 new and old (from new libsm).
2998 Common I/O pkg means just one buffering method needed instead of two
2999 ('bf_portable' and 'bf_torek' now just 'bf').
3000 Sfio no longer needed as SASL/TLS code uses sm_io*() API's.
3001 New possible value 'interactive' for SuperSafe which can be used
3002 together with DeliveryMode=interactive is to avoid some disk
3003 synchronizations calls.
3004 Add per-recipient status information to mailq -v output.
3005 T_ANY queries are no longer used by sendmail.
3006 When compiling with "gcc -O -Wall" specify "-DSM_OMIT_BOGUS_WARNINGS"
3007 too (see include/sm/cdefs.h for more info).
3008 sendmail -d now has general support for named debug categories.
3009 See libsm/debug.html and section 3.4 of doc/op/op.me
3011 Eliminate the "postmaster warning" DSNs on address parsing errors
3012 such as unbalanced angle brackets or parentheses. The DSNs
3013 generated by this condition were illegal (not RFC conform).
3014 Problem noted by Ulrich Windl of the Universitaet Regensburg.
3015 Do not issue a DSN if the ruleset localaddr resolves to the $#error
3016 mailer and the recipient has hence been rejected during the
3017 SMTP dialogue. Problem reported by Larry Greenfield of CMU.
3018 Deal with a case of multiple deliveries on misconfigured systems
3019 that do not have postmaster defined. If an email was sent
3020 from an address to which a DSN cannot be returned and
3021 in which at least one recipient address is non-deliverable,
3022 then that email had been delivered in each queue run.
3023 Problem reported by Matteo HCE Valsasna of Universita
3024 degli Studi dell'Insubria.
3025 The compilation options SMTP, DAEMON, and QUEUE have been removed,
3026 i.e., the corresponding code is always compiled in now.
3027 Log the command line in daemon/queue-run mode at LogLevel 10 and
3028 higher. Suggested by Robert Harker of Harker Systems.
3029 New ResolverOptions setting: WorkAroundBrokenAAAA. When
3030 attempting to canonify a hostname, some broken nameservers
3031 will return SERVFAIL (a temporary failure) on T_AAAA (IPv6)
3032 lookups. If you want to excuse this behavior, use this new
3033 flag. Suggested by Chris Foote of SE Network Access and
3034 Mark Roth of the University of Illinois at
3036 Free the memory allocated by getipnodeby{addr,name}(). Problem
3037 noted by Joy Latten of IBM.
3038 ConnectionRateThrottle limits the number of connections per second
3039 to each daemon individually, not the overall number of
3041 Specifying only "ldap:" as an AliasFile specification will force
3042 sendmail to use a default alias schema as outlined in the
3043 ``USING LDAP FOR ALIASES, MAPS, and CLASSES'' section of
3045 Add a new syntax for the 'F' (file class) sendmail.cf command. If
3046 the first character after the class name is not a '/' or a
3047 '|' and it contains an '@' (e.g., F{X}key@class:spec), the
3048 rest of the line will be parsed as a map lookup. This
3049 allows classes to be filled via a map lookup. See op.me
3050 for more syntax information. Specifically, this can be
3051 used for commands such as VIRTUSER_DOMAIN_FILE() to read
3052 the list of domains via LDAP (see the ``USING LDAP FOR
3053 ALIASES, MAPS, and CLASSES'' section of cf/README for an
3055 The new macro ${sendmailMTACluster} determines the LDAP cluster for
3056 the default schema used in the above two items.
3057 Unless DontBlameSendmail=RunProgramInUnsafeDirPath is set, log a
3058 warning if a program being run from a mailer or file class
3059 (e.g., F|/path/to/prog) is in an unsafe directory path.
3060 Unless DontBlameSendmail=RunWritableProgram is set, log a warning
3061 if a program being run from a mailer or file class
3062 (e.g., F|/path/to/prog) is group or world writable.
3063 Loopback interfaces (e.g., "lo0") are now probed for class {w}
3064 hostnames. Setting DontProbeInterfaces to "loopback"
3065 (without quotes) will disable this and return to the
3066 pre-8.12 behavior of only probing non-loopback interfaces.
3067 Suggested by Bryan Stansell of GNAC.
3068 In accordance with RFC 2821 section 4.1.4, accept multiple
3070 Multiple ClientPortOptions settings are now allowed, one for each
3071 possible protocol family which may be used for outgoing
3072 connections. Restrictions placed on one family only affect
3073 outgoing connections on that particular family. Because of
3074 this change, the ${client_flags} macro is not set until the
3075 connection is established. Based on patch from Motonori
3076 Nakamura of Kyoto University.
3077 PrivacyOptions=restrictexpand instructs sendmail to drop privileges
3078 when the -bv option is given by users who are neither root
3079 nor the TrustedUser so users can not read private aliases,
3080 forwards, or :include: files. It also will override the -v
3081 (verbose) command line option.
3082 If the M=b modifier is set in DaemonPortOptions and the interface
3083 address can't be used for the outgoing connection, fall
3084 back to the settings in ClientPortOptions (if set).
3085 Problem noted by John Beck of Sun Microsystems.
3086 New named config file rule check_data for DATA command (input:
3087 number of recipients). Based on patch from Mark Roth of
3088 the University of Illinois at Urbana-Champaign.
3089 Add support for ETRN queue selection per RFC 1985. The queue group
3090 can be specified using the '#' option character. For
3091 example, 'ETRN #queuegroup'.
3092 If an LDAP server times out or becomes unavailable, close the
3093 current connection and reopen to get to one of the fallback
3094 servers. Patch from Paul Hilchey of the University of
3096 Make default error number on $#error messages 550 instead of 501
3097 because 501 is not allowed on all commands.
3098 The .cf file option UnsafeGroupWrites is deprecated, it should be
3099 replaced with the settings GroupWritableForwardFileSafe
3100 and GroupWritableIncludeFileSafe in DontBlameSendmail
3102 The deprecated ldapx map class has been removed. Use the ldap map
3104 Any IPv6 addresses used in configuration should be prefixed by the
3105 "IPv6:" tag to identify the address properly. For example,
3106 if you want to add the IPv6 address [2002:c0a8:51d2::23f4] to
3107 class {w}, you would need to add [IPv6:2002:c0a8:51d2::23f4].
3108 Change the $&{opMode} macro if the operation mode changes while the
3109 MTA is running. For example, during a queue run.
3110 Add "use_inet6" as a new ResolverOptions flag to control the
3111 RES_USE_INET6 resolver option. Based on patch from Rick
3113 The maximum number of commands before the MTA slows down when too
3114 many "light weight" commands have been received are now
3115 configurable during compile time. The current values and
3117 MAXBADCOMMANDS 25 unknown commands
3118 MAXNOOPCOMMANDS 20 NOOP, VERB, ONEX, XUSR
3119 MAXHELOCOMMANDS 3 HELO, EHLO
3120 MAXVRFYCOMMANDS 6 VRFY, EXPN
3121 MAXETRNCOMMANDS 8 ETRN
3122 Setting a value to 0 disables the check. Patch from Bryan
3123 Costales of SL3D, Inc.
3124 The header syntax H?${MyMacro}?X-My-Header: now not only checks if
3125 ${MyMacro} is defined but also that it is not empty.
3126 Properly quote usernames with special characters if they are used
3127 in headers. Problem noted by Kari Hurtta of the Finnish
3128 Meteorological Institute.
3129 Be sure to include the proper Final-Recipient: DSN header in bounce
3130 messages for messages for mailing list expanded addresses
3131 which are not delivered on the initial attempt.
3132 Do not treat errors as sticky when doing delivery via LMTP after
3133 the final dot has been sent to avoid affecting future
3134 deliveries. Problem reported by Larry Greenfield of CMU.
3135 New compile time flag REQUIRES_DIR_FSYNC which turns on support for
3136 file systems that require to call fsync() for a directory
3137 if the meta-data in it has been changed. This should be
3138 set at least for ReiserFS; it is enabled by default for Linux.
3139 See sendmail/README for further information.
3140 Avoid file locking deadlock when updating the statistics file if
3141 sendmail is signaled to terminate. Problem noted by
3142 Christophe Wolfhugel of France Telecom.
3143 Set the $c macro (hop count) as it is being set instead of when the
3144 envelope is initialized. Problem noted by Kari Hurtta of
3145 the Finnish Meteorological Institute.
3146 Properly count recipients for DeliveryMode defer and queue. Fix
3147 from Peter A. Friend of EarthLink.
3148 Treat invalid hesiod lookups as permanent errors instead of
3149 temporary errors. Problem noted by Russell McOrmond of
3152 Remove support for AIX 2, which supports only 14 character
3153 filenames and is outdated anyway. Suggested by
3154 Valdis Kletnieks of Virginia Tech.
3155 Change several settings for Irix 6: remove confSBINDIR,
3156 i.e., use default /usr/sbin, change owner/group
3157 of man pages and user-executable to root/sys, set
3158 optimization limit to 0 (unlimited). Based on patch
3159 from Ayamura Kikuchi, M.D, and proposal from Kari
3160 Hurtta of the Finnish Meteorological Institute.
3161 Do not assume LDAP support is installed by default under
3162 Solaris 8 and later.
3163 Add support for OpenUNIX.
3164 CONFIG: Increment version number of config file to 10.
3165 CONFIG: Add an install target and a README file in cf/cf.
3166 CONFIG: Don't accept addresses of the form a@b@, a@b@c, a@[b]c, etc.
3167 CONFIG: Reject empty recipient addresses (in check_rcpt).
3168 CONFIG: The access map uses an option of -T<TMPF> to deal with
3169 temporary lookup failures.
3170 CONFIG: New value for access map: SKIP, which causes the default
3171 action to be taken by aborting the search for domain names
3173 CONFIG: check_rcpt can deal with TEMPFAIL for either recipient or
3174 relay address as long as the other part allows the email
3176 CONFIG: Entries for virtusertable can make use of a third parameter
3177 "%3" which contains "+detail" of a wildcard match, i.e., an
3178 entry like user+*@domain. This allows handling of details by
3179 using %1%3 as the RHS. Additionally, a "+" wildcard has been
3180 introduced to match only non-empty details of addresses.
3181 CONFIG: Numbers for rulesets used by MAILERs have been removed
3182 and hence there is no required order within the MAILER
3183 section anymore except for MAILER(`uucp') which must come
3184 after MAILER(`smtp') if uucp-dom and uucp-uudom are used.
3185 CONFIG: Hosts listed in the generics domain class {G}
3186 (GENERICS_DOMAIN() and GENERICS_DOMAIN_FILE()) are treated
3187 as canonical. Suggested by Per Hedeland of Ericsson.
3188 CONFIG: If FEATURE(`delay_checks') is used, make sure that a lookup
3189 in the access map which returns OK or RELAY actually
3190 terminates check_* ruleset checking.
3191 CONFIG: New tag TLS_Rcpt: for access map to be used by ruleset
3192 tls_rcpt, see cf/README for details.
3193 CONFIG: Change format of Received: header line which reveals whether
3194 STARTTLS has been used to "(version=${tls_version}
3195 cipher=${cipher} bits=${cipher_bits} verify=${verify})".
3196 CONFIG: Use "Spam:" as tag for lookups for FEATURE(`delay_checks')
3197 options friends/haters instead of "To:" and enable
3198 specification of whole domains instead of just users.
3199 Notice: this change is not backward compatible.
3200 Suggested by Chris Adams from HiWAAY Informations Services.
3201 CONFIG: Allow for local extensions for most new rulesets, see
3202 cf/README for details.
3203 CONFIG: New FEATURE(`lookupdotdomain') to lookup also .domain in
3204 the access map. Proposed by Randall Winchester of the
3205 University of Maryland.
3206 CONFIG: New FEATURE(`local_no_masquerade') to avoid masquerading for
3207 the local mailer. Proposed by Ingo Brueckl of Wupper Online.
3208 CONFIG: confRELAY_MSG/confREJECT_MSG can override the default
3209 messages for an unauthorized relaying attempt/for access
3210 map entries with RHS REJECT, respectively.
3211 CONFIG: FEATURE(`always_add_domain') takes an optional argument
3212 to specify another domain to be added instead of the local one.
3213 Suggested by Richard H. Gumpertz of Computer Problem
3215 CONFIG: confAUTH_OPTIONS allows setting of Cyrus-SASL specific
3216 options, see doc/op/op.me for details.
3217 CONFIG: confAUTH_MAX_BITS sets the maximum encryption strength for
3218 the security layer in SMTP AUTH (SASL).
3219 CONFIG: If Local_localaddr resolves to $#ok, localaddr is terminated
3221 CONFIG: FEATURE(`enhdnsbl') is an enhanced version of dnsbl which
3222 allows checking of the return values of the DNS lookups.
3223 See cf/README for details.
3224 CONFIG: FEATURE(`dnsbl') allows now to specify the behavior for
3225 temporary lookup failures.
3226 CONFIG: New option confDELIVER_BY_MIN to specify minimum time for
3227 Deliver By (RFC 2852) or to turn off the extension.
3228 CONFIG: New option confSHARED_MEMORY_KEY to set the key for shared
3230 CONFIG: New FEATURE(`compat_check') to look up a key consisting
3231 of the sender and the recipient address delimited by the
3232 string "<@>", e.g., sender@sdomain<@>recipient@rdomain,
3233 in the access map. Based on code contributed by Mathias
3234 Koerber of Singapore Telecommunications Ltd.
3235 CONFIG: Add EXPOSED_USER_FILE() command to allow an exposed user
3236 file. Suggested by John Beck of Sun Microsystems.
3237 CONFIG: Don't use MAILER-DAEMON for error messages delivered
3238 via LMTP. Problem reported by Larry Greenfield of CMU.
3239 CONFIG: New FEATURE(`preserve_luser_host') to preserve the name of
3240 the recipient host if LUSER_RELAY is used.
3241 CONFIG: New FEATURE(`preserve_local_plus_detail') to preserve the
3242 +detail portion of the address when passing address to
3243 local delivery agent. Disables alias and .forward +detail
3244 stripping. Only use if LDA supports this.
3245 CONFIG: Removed deprecated FEATURE(`rbl').
3246 CONFIG: Add LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE()
3247 which allow you to specify 'equivalent' hosts for LDAP
3248 Routing lookups. Equivalent hostnames are replaced by the
3249 masquerade domain name for lookups. See cf/README for
3251 CONFIG: Add a fourth argument to FEATURE(`ldap_routing') which
3252 instructs the rulesets on what to do if the address being
3253 looked up has +detail information. See cf/README for more
3255 CONFIG: When chosing a new destination via LDAP Routing, also look
3256 up the new routing address/host in the mailertable. Based
3257 on patch from Don Badrak of the United States Census Bureau.
3258 CONFIG: Do not reject the SMTP Mail from: command if LDAP Routing
3259 is in use and the bounce option is enabled. Only reject
3260 recipients as user unknown.
3261 CONFIG: Provide LDAP support for the remaining database map
3262 features. See the ``USING LDAP FOR ALIASES AND MAPS''
3263 section of cf/README for more information.
3264 CONFIG: Add confLDAP_CLUSTER which defines the ${sendmailMTACluster}
3265 macro used for LDAP searches as described above in ``USING
3266 LDAP FOR ALIASES, MAPS, AND CLASSES''.
3267 CONFIG: confCLIENT_OPTIONS has been replaced by CLIENT_OPTIONS(),
3268 which takes the options as argument and can be used
3269 multiple times; see cf/README for details.
3270 CONFIG: Add configuration macros for new options:
3271 confBAD_RCPT_THROTTLE BadRcptThrottle
3272 confDIRECT_SUBMISSION_MODIFIERS DirectSubmissionModifiers
3273 confMAILBOX_DATABASE MailboxDatabase
3274 confMAX_QUEUE_CHILDREN MaxQueueChildren
3275 confMAX_RUNNERS_PER_QUEUE MaxRunnersPerQueue
3276 confNICE_QUEUE_RUN NiceQueueRun
3277 confQUEUE_FILE_MODE QueueFileMode
3278 confFAST_SPLIT FastSplit
3279 confTLS_SRV_OPTIONS TLSSrvOptions
3280 See above (and related documentation) for further information.
3281 CONFIG: Add configuration variables for new timeout options:
3282 confTO_ACONNECT Timeout.aconnect
3283 confTO_AUTH Timeout.auth
3284 confTO_LHLO Timeout.lhlo
3285 confTO_STARTTLS Timeout.starttls
3286 CONFIG: Add configuration macros for mail filter API:
3287 confINPUT_MAIL_FILTERS InputMailFilters
3288 confMILTER_LOG_LEVEL Milter.LogLevel
3289 confMILTER_MACROS_CONNECT Milter.macros.connect
3290 confMILTER_MACROS_HELO Milter.macros.helo
3291 confMILTER_MACROS_ENVFROM Milter.macros.envfrom
3292 confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt
3293 Mail filters can be defined via INPUT_MAIL_FILTER() and
3294 MAIL_FILTER(). See libmilter/README, cf/README, and
3295 doc/op/op.me for details.
3296 CONFIG: Add support for accepting temporarily unresolvable domains.
3297 See cf/README for details. Based on patch by Motonori
3298 Nakamura of Kyoto University.
3299 CONFIG: confDEQUOTE_OPTS can be used to specify options for the
3301 CONFIG: New macro QUEUE_GROUP() to define queue groups.
3302 CONFIG: New FEATURE(`queuegroup') to select a queue group based
3303 on the full e-mail address or the domain of the recipient.
3304 CONFIG: Any IPv6 addresses used in configuration should be prefixed
3305 by the "IPv6:" tag to identify the address properly. For
3306 example, if you want to use the IPv6 address
3307 2002:c0a8:51d2::23f4 in the access database, you would need
3308 to use IPv6:2002:c0a8:51d2::23f4 on the left hand side.
3309 This affects the access database as well as the
3310 relay-domains and local-host-names files.
3311 CONFIG: OSTYPE(aux) has been renamed to OSTYPE(a-ux).
3312 CONFIG: Avoid expansion of m4 keywords in SMART_HOST.
3313 CONFIG: Add MASQUERADE_EXCEPTION_FILE() for reading masquerading
3314 exceptions from a file. Suggested by Trey Breckenridge of
3315 Mississippi State University.
3316 CONFIG: Add LOCAL_USER_FILE() for reading local users
3317 (LOCAL_USER() -- $={L}) entries from a file.
3318 CONTRIB: dnsblaccess.m4 is a further enhanced version of enhdnsbl.m4
3319 which allows to lookup error codes in the access map.
3320 Contributed by Neil Rickert of Northern Illinois University.
3321 DEVTOOLS: Add new options for installation of include and library
3322 files: confINCGRP, confINCMODE, confINCOWN, confLIBGRP,
3323 confLIBMODE, confLIBOWN.
3324 DEVTOOLS: Add new option confDONT_INSTALL_CATMAN to turn off
3325 installation of the the formatted man pages on operating
3326 systems which don't include cat directories.
3327 EDITMAP: New program for editing maps as supplement to makemap.
3328 MAIL.LOCAL: Mail.local now uses the libsm mbdb package to look up
3329 local mail recipients. New option -D mbdb specifies the
3330 mailbox database type.
3331 MAIL.LOCAL: New option "-h filename" which instructs mail.local to
3332 deliver the mail to the named file in the user's home
3333 directory instead of the system mail spool area. Based on
3334 patch from Doug Hardie of the Los Angeles Free-Net.
3335 MAILSTATS: New command line option -P which acts the same as -p but
3336 doesn't truncate the statistics file.
3337 MAKEMAP: Add new option -t to specify a different delimiter
3338 instead of white space.
3339 RMAIL: Invoke sendmail with '-G' to indicate this is a gateway
3340 submission. Problem noted by Kari Hurtta of the Finnish
3341 Meteorological Institute.
3342 SMRSH: Use the vendor supplied directory on FreeBSD 3.3 and later.
3343 VACATION: Change Auto-Submitted: header value from auto-generated to
3344 auto-replied. From Kenneth Murchison of Oceana Matrix Ltd.
3345 VACATION: New option -d to send error/debug messages to stdout
3347 VACATION: New option -U which prevents the attempt to lookup login
3348 in the password file. The -f and -m options must be used
3349 to specify the database and message file since there is no
3350 home directory for the default settings for these options.
3351 VACATION: Vacation now uses the libsm mbdb package to look up
3352 local mail recipients; it reads the MailboxDatabase option
3353 from the sendmail.cf file. New option -C cffile which
3354 specifies the path of the sendmail.cf file.
3361 cf/feature/authinfo.m4
3362 cf/feature/compat_check.m4
3363 cf/feature/enhdnsbl.m4
3365 cf/feature/local_no_masquerade.m4
3366 cf/feature/lookupdotdomain.m4
3367 cf/feature/preserve_luser_host.m4
3368 cf/feature/preserve_local_plus_detail.m4
3369 cf/feature/queuegroup.m4
3371 contrib/dnsblaccess.m4
3372 devtools/M4/UNIX/sm-test.m4
3373 devtools/OS/OpenUNIX.5.i386
3384 sendmail/sm_resolve.c
3385 sendmail/sm_resolve.h
3391 include/sendmail/cdefs.h
3392 include/sendmail/errstring.h
3393 include/sendmail/useful.h
3394 libsmutil/errstring.c
3395 sendmail/bf_portable.c
3396 sendmail/bf_portable.h
3401 cf/cf/generic-solaris2.mc => cf/cf/generic-solaris.mc
3402 cf/cf/generic-solaris2.cf => cf/cf/generic-solaris.cf
3403 cf/ostype/aux.m4 => cf/ostype/a-ux.m4
3405 8.11.7/8.11.7 2003/03/29
3406 SECURITY: Fix a remote buffer overflow in header parsing by
3407 dropping sender and recipient header comments if the
3408 comments are too long. Problem noted by Mark Dowd
3410 SECURITY: Fix a buffer overflow in address parsing due to
3411 a char to int conversion problem which is potentially
3412 remotely exploitable. Problem found by Michal Zalewski.
3413 Note: an MTA that is not patched might be vulnerable to
3414 data that it receives from untrusted sources, which
3416 To provide partial protection to internal, unpatched sendmail MTAs,
3417 8.11.7 changes by default (char)0xff to (char)0x7f in
3418 headers etc. To turn off this conversion compile with
3419 -DALLOW_255 or use the command line option -d82.101.
3420 To provide partial protection for internal, unpatched MTAs that may be
3421 performing 7->8 or 8->7 bit MIME conversions, the default
3422 for MaxMimeHeaderLength has been changed to 2048/1024.
3423 Note: this does have a performance impact, and it only
3424 protects against frontal attacks from the outside.
3425 To disable the checks and return to pre-8.11.7 defaults,
3426 set MaxMimeHeaderLength to 0/0.
3427 Properly clean up macros to avoid persistence of session data
3428 across various connections. This could cause session
3429 oriented restrictions, e.g., STARTTLS requirements,
3430 to erroneously allow a connection. Problem noted
3431 by Tim Maletic of Priority Health.
3432 Ignore comments in NIS host records when trying to find the
3433 canonical name for a host.
3434 Fix a memory leak when closing Hesiod maps.
3435 Set ${msg_size} macro when reading a message from the command line
3437 Prevent a segmentation fault when clearing the event list by
3438 turning off alarms before checking if event list is
3439 empty. Problem noted by Allan E Johannesen of Worcester
3440 Polytechnic Institute.
3441 Fix a potential core dump problem if the environment variable
3442 NAME is set. Problem noted by Beth A. Chaney of
3444 Prevent a race condition on child cleanup for delivery to files.
3445 Problem noted by Fletcher Mattox of the University of
3447 CONFIG: Do not bounce mail if FEATURE(`ldap_routing')'s bounce
3448 parameter is set and the LDAP lookup returns a temporary
3450 CONFIG: Fix a syntax error in the try_tls ruleset if
3451 FEATURE(`access_db') is not enabled.
3452 LIBSMDB: Fix a lock race condition that affects makemap, praliases,
3454 LIBSMDB: Avoid a file creation race condition for Berkeley DB 1.X
3455 and NDBM on systems with the O_EXLOCK open(2) flag.
3456 MAKEMAP: Avoid going beyond the end of an input line if it does
3457 not contain a value for a key. Based on patch from
3458 Mark Bixby from Hewlett-Packard.
3459 MAIL.LOCAL: Fix a truncation race condition if the close() on
3460 the mailbox fails. Problem noted by Tomoko Fukuzawa of
3462 SMRSH: SECURITY: Only allow regular files or symbolic links to be
3463 used for a command. Problem noted by David Endler of
3466 8.11.6/8.11.6 2001/08/20
3467 SECURITY: Fix a possible memory access violation when specifying
3468 out-of-bounds debug parameters. Problem detected by
3469 Cade Cairns of SecurityFocus.
3470 Avoid leaking recipient information in unrelated DSNs. This could
3471 happen if a connection is aborted, several mails had been
3472 scheduled for delivery via that connection, and the timeout
3473 is reached such that several DSNs are sent next. Problem
3474 noted by Dileepan Moorkanat of Hewlett-Packard.
3475 Fix a possible segmentation violation when specifying too many
3476 wildcard operators in a rule. Problem detected by
3478 Avoid a segmentation fault on non-matching Hesiod lookups. Problem
3479 noted by Russell McOrmond of flora.ca
3481 8.11.5/8.11.5 2001/07/31
3482 Fix a possible race condition when sending a HUP signal to restart
3483 the daemon. This could terminate the current process without
3484 starting a new daemon. Problem reported by Wolfgang Breyha
3485 of SE Netway Communications.
3486 Only apply MaxHeadersLength when receiving a message via SMTP or
3487 the command line. Problem noted by Andrey J. Melnikoff.
3488 When finding the system's local hostname on an IPv6-enabled system
3489 which doesn't have any IPv6 interface addresses, fall back
3490 to looking up only IPv4 addresses. Problem noted by Tim
3491 Bosserman of EarthLink.
3492 When commands were being rejected due to check_relay or TCP
3493 Wrappers, the ETRN command was not giving a response.
3494 Incoming IPv4 connections on a Family=inet6 daemon (using
3495 IPv4-mapped addresses) were incorrectly labeled as "may be
3496 forged". Problem noted by Per Steinar Iversen of Oslo
3498 Shutdown address test mode cleanly on SIGTERM. Problem noted by
3499 Greg King of the OAO Corporation.
3500 Restore the original real uid (changed in main() to prevent
3501 out of band signals) before invoking a delivery agent.
3502 Some delivery agents use this for the "From " envelope
3503 "header". Problem noted by Leslie Carroll of the
3504 University at Albany.
3505 Mark closed file descriptors properly to avoid reuse. Problem
3506 noted by Jeff Bronson of J.D. Bronson, Inc.
3507 Setting Timeout options on the command line will also override
3508 their sub-suboptions in the .cf file, e.g., -O
3509 Timeout.queuereturn=2d will set all queuereturn timeouts
3510 to 2 days. Problem noted by Roger B.A. Klorese.
3512 BSD/OS has a broken setreuid() implementation. Problem
3513 noted by Vernon Schryver of Rhyolite Software.
3514 BSD/OS has /dev/urandom(4) (as of version 4.1/199910 ?).
3515 Noted by Vernon Schryver of Rhyolite Software.
3516 BSD/OS has fchown(2). Noted by Dave Yadallee of Netline
3517 2000 Internet Solutions Inc.
3518 Solaris 2.X and later have strerror(3). From Sebastian
3519 Hagedorn of Cologne University.
3520 CONFIG: Fix parsing for IPv6 domain literals in addresses
3521 (user@[IPv6:address]). Problem noted by Liyuan Zhou.
3523 8.11.4/8.11.4 2001/05/28
3524 Clean up signal handling routines to reduce the chances of heap
3525 corruption and other potential race conditions.
3526 Terminating and restarting the daemon may not be
3527 instantaneous due to this change. Also, non-root users can
3528 no longer send out-of-band signals. Problem reported by
3529 Michal Zalewski of BindView.
3530 If LogLevel is greater than 9 and SASL fails to negotiate an
3531 encryption layer, avoid core dump logging the encryption
3532 strength. Problem noted by Miroslav Zubcic of Crol.
3533 If a server offers "AUTH=" and "AUTH " and the list of mechanisms is
3534 different in those two lines, sendmail might not have
3535 recognized (and used) all of the offered mechanisms.
3536 Fix an IP address lookup problem on Solaris 2.0 - 2.3. Patch
3538 This time, really don't use the .. directory when expanding
3539 QueueDirectory wildcards.
3540 If a process is interrupted while closing a map, don't try to close
3541 the same map again while exiting.
3542 Allow local mailers (F=l) to contact remote hosts (e.g., via
3543 LMTP). Problem noted by Norbert Klasen of the University
3545 If Timeout.QueueReturn was set to a value less the time it took
3546 to write a new queue file (e.g., 0 seconds), the bounce
3547 message would be lost. Problem noted by Lorraine L Goff of
3548 Oklahoma State University.
3549 Pass map argument vector into map rewriting engine for the regex
3550 and prog map types. Problem noted by Stephen Gildea of
3551 InTouch Systems, Inc.
3552 When closing an LDAP map due to a temporary error, close all of the
3553 other LDAP maps which share the original map's connection
3554 to the LDAP server. Patch from Victor Duchovni of
3556 To detect changes of NDBM aliases files check the timestamp of the
3557 .pag file instead of the .dir file. Problem noted by Neil
3558 Rickert of Northern Illinois University.
3559 Don't treat temporary hesiod lookup failures as permanent. Patch
3560 from Werner Wiethege.
3561 If ClientPortOptions is set, make sure to create the outgoing socket
3562 with the family set in that option. Patch from Sean Farley.
3563 Avoid a segmentation fault trying to dereference a NULL pointer
3564 when logging a MaxHopCount exceeded error with an empty
3565 recipient list. Problem noted by Chris Adams of HiWAAY
3567 Fix DSN for "Too many hops" bounces. Problem noticed by Ulrich
3568 Windl of the Universitaet Regensburg.
3569 Fix DSN for "mail loops back to me" bounces. Problem noticed by
3570 Kari Hurtta of the Finnish Meteorological Institute.
3572 OpenBSD has a broken setreuid() implementation.
3573 CONFIG: Undo change from 8.11.1: change 501 SMTP reply code back
3574 to 553 since it is allowed by DRUMS.
3575 CONFIG: Add OSTYPE(freebsd4) for FreeBSD 4.X.
3576 DEVTOOLS: install.sh did not properly handle paths in the source
3577 file name argument. Noted by Kari Hurtta of the Finnish
3578 Meteorological Institute.
3579 DEVTOOLS: Add FAST_PID_RECYCLE to compile time options for OpenBSD
3580 since it generates random process ids.
3581 PRALIASES: Add back adaptive algorithm to deal with different endings
3582 of entries in the database (with/without trailing '\0').
3583 Patch from John Beck of Sun Microsystems.
3585 cf/ostype/freebsd4.m4
3587 8.11.3/8.11.3 2001/02/27
3588 Prevent a segmentation fault when a bogus value was used in the
3589 LDAPDefaultSpec option's -r, -s, or -M flags and if a bogus
3590 option was used. Problem noted by Allan E Johannesen of
3591 Worcester Polytechnic Institute.
3592 Prevent "token too long" message by shortening {currHeader} which
3593 could be too long if the last copied character was a quote.
3594 Problem detected by Jan Krueger of digitalanswers
3595 communications consulting gmbh.
3596 Additional IPv6 check for unspecified addresses. Patch from
3597 Jun-ichiro itojun Hagino of the KAME Project.
3598 Do not ignore the ClientPortOptions setting if DaemonPortOptions
3599 Modifier=b (bind to same interface) is set and the
3600 connection came in from the command line.
3601 Do not bind to the loopback address if DaemonPortOptions
3602 Modifier=b (bind to same interface) is set. Patch from
3603 John Beck of Sun Microsystems.
3604 Properly deal with open failures on non-optional maps used in
3605 check_* rulesets by returning a temporary failure.
3606 Buffered file I/O files were not being properly fsync'ed to disk
3607 when they were committed.
3608 Properly encode '=' for the AUTH= parameter of the MAIL command.
3609 Problem noted by Hadmut Danisch.
3610 Under certain circumstances the macro {server_name} could be set
3611 to the wrong hostname (of a previous connection), which may
3612 cause some rulesets to return wrong results. This would
3613 usually cause mail to be queued up and delivered later on.
3614 Ignore F=z (LMTP) mailer flag if $u is given in the mailer A=
3615 equate. Problem noted by Motonori Nakamura of Kyoto
3617 Work around broken accept() implementations which only partially
3618 fill in the peer address if the socket is closed before
3620 Return an SMTP "421" temporary failure if the data file can't be
3621 opened where the "354" reply would normally be given.
3622 Prevent a CPU loop in trying to expand a macro which doesn't exist
3623 in a queue run. Problem noted by Gordon Lack of Glaxo
3625 If delivering via a program and that program exits with EX_TEMPFAIL,
3626 note that fact for the mailq display instead of just showing
3627 "Deferred". Problem noted by Motonori Nakamura of Kyoto
3629 If doing canonification via /etc/hosts, try both the fully
3630 qualified hostname as well as the first portion of the
3631 hostname. Problem noted by David Bremner of the
3632 University of New Brunswick.
3634 Fix a compilation problem for mail.local and rmail if SFIO
3635 is in use. Problem noted by Auteria Wally
3636 Winzer Jr. of Champion Nutrition.
3637 IPv6 changes for platforms using KAME. Patch from
3638 Jun-ichiro itojun Hagino of the KAME Project.
3639 OpenBSD 2.7 and higher has srandomdev(3). OpenBSD 2.8 and
3640 higher has BSDI-style login classes. Patch from
3641 Todd C. Miller of Courtesan Consulting.
3642 Unixware 7.1.1 doesn't allow h_errno to be set directly if
3643 sendmail is being compiled with -kthread. Problem
3644 noted by Orion Poplawski of CQG, Inc.
3645 CONTRIB: buildvirtuser: Substitute current domain for $DOMAIN and
3646 current left hand side for $LHS in virtuser files.
3647 DEVTOOLS: Do not pass make targets to recursive Build invocations.
3648 Problem noted by Jeff Bronson of J.D. Bronson, Inc.
3649 MAIL.LOCAL: In LMTP mode, do not return errors regarding problems
3650 storing the temporary message file until after the remote
3651 side has sent the final DATA termination dot. Problem
3652 noted by Allan E Johannesen of Worcester Polytechnic
3654 MAIL.LOCAL: If LMTP mode is set, give a temporary error if users
3655 are also specified on the command line. Patch from
3656 Motonori Nakamura of Kyoto University.
3657 PRALIASES: Skip over AliasFile specifications which aren't based on
3658 database files (i.e., only show dbm, hash, and btree).
3660 devtools/OS/OSF1.V5.0 => devtools/OS/OSF1.V5.x
3662 8.11.2/8.11.2 2000/12/29
3663 Prevent a segmentation fault when trying to set a class in
3664 address test mode due to a negative array index. Audit
3665 other array indexing. This bug is not believed to be
3666 exploitable. Noted by Michal Zalewski of the "Internet for
3667 Schools" project (IdS).
3668 Add an FFR (for future release) to drop privileges when using
3669 address test mode. This will be turned on in 8.12. It can
3670 be enabled by compiling with:
3671 APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_TESTMODE_DROP_PRIVS')
3672 in your devtools/Site/site.config.m4 file. Suggested by
3673 Michal Zalewski of the "Internet for Schools" project (IdS).
3674 Fix potential problem with Cyrus-SASL security layer which may have
3675 caused I/O errors, especially for mechanism DIGEST-MD5.
3676 When QueueSortOrder was set to host, sendmail might not read
3677 enough of the queue file to determine the host, making the
3678 sort sub-optimal. Problem noted by Jeff Earickson of
3680 Don't issue DSNs for addresses which use the NOTIFY parameter (per
3681 RFC 1891) but don't have FAILURE as value.
3682 Initialize Cyrus-SASL library before the SMTP daemon is started.
3683 This implies that every change to SASL related files requires
3684 a restart of the daemon, e.g., Sendmail.conf, new SASL
3685 mechanisms (in form of shared libraries).
3686 Properly set the STARTTLS related macros during a queue run for
3687 a cached connection. Bug reported by Michael Kellen of
3689 Log the server name in relay= for ruleset tls_server instead of the
3691 Include original length of bad field/header when reporting
3692 MaxMimeHeaderLength problems. Requested by Ulrich Windl of
3693 the Universitat Regensburg.
3694 Fix delivery to set-user-ID files that are expanded from aliases in
3695 DeliveryMode queue. Problem noted by Ric Anderson of the
3696 University of Arizona.
3697 Fix LDAP map -m (match only) flag. Problem noted by Jeff Giuliano
3698 of Collective Technologies.
3699 Avoid using a negative argument for sleep() calls when delaying answers
3700 to EXPN/VRFY commands on systems which respond very slowly.
3701 Problem noted by Mikolaj J. Habryn of Optus Internet
3703 Make sure the F=u flag is set in the default prog mailer
3704 definition. Problem noted by Kari Hurtta of the Finnish
3705 Meteorological Institute.
3706 Fix IPv6 check for unspecified addresses. Patch from
3707 Jun-ichiro itojun Hagino of the KAME Project.
3708 Fix return values for IRIX nsd map. From Kari Hurtta of the Finnish
3709 Meteorological Institute.
3710 Fix parsing of DaemonPortOptions and ClientPortOptions. Read all
3711 of the parameters to find Family= setting before trying to
3712 interpret Addr= and Port=. Problem noted by Valdis
3713 Kletnieks of Virginia Tech.
3714 When delivering to a file directly from an alias, do not call
3715 initgroups(); instead use the DefaultUser group information.
3716 Problem noted by Marc Schaefer of ALPHANET NF.
3717 RunAsUser now overrides the ownership of the control socket, if
3718 created. Otherwise, sendmail can not remove it upon
3719 close. Problem noted by Werner Wiethege.
3720 Fix ConnectionRateThrottle counting as the option is the number of
3721 overall connections, not the number of connections per
3722 socket. A future version may change this to per socket
3725 Clean up libsmdb so it functions properly on platforms
3726 where sizeof(u_int32_t) != sizeof(size_t). Problem
3727 noted by Rein Tollevik of Basefarm AS.
3728 Fix man page formatting for compatibility with Solaris'
3729 whatis. From Stephen Gildea of InTouch Systems, Inc.
3730 UnixWare 7 includes snprintf() support. From Larry
3732 IPv6 changes for platforms using KAME. Patch from
3733 Jun-ichiro itojun Hagino of the KAME Project.
3734 Avoid a typedef compile conflict with Berkeley DB 3.X and
3735 Solaris 2.5 or earlier. Problem noted by Bob Hughes
3737 Add preliminary support for AIX 5. Contributed by
3738 Valdis Kletnieks of Virginia Tech.
3739 Solaris 9 load average support from Andrew Tucker of Sun
3741 CONFIG: Reject addresses of the form a!b if FEATURE(`nouucp', `r')
3742 is used. Problem noted by Phil Homewood of Asia Online,
3743 patch from Neil Rickert of Northern Illinois University.
3744 CONFIG: Change the default DNS based blocklist server for
3745 FEATURE(`dnsbl') to blackholes.mail-abuse.org.
3746 CONFIG: Deal correctly with the 'C' flag in {daemon_flags}, i.e.,
3747 implicitly assume canonical host names.
3748 CONFIG: Deal with "::" in IPv6 addresses for access_db. Based on
3749 patch by Motonori Nakamura of Kyoto University.
3750 CONFIG: New OSTYPE(`aix5') contributed by Valdis Kletnieks of
3752 CONFIG: Pass the illegal header form <list:;> through untouched
3753 instead of making it worse. Problem noted by Motonori
3754 Nakamura of Kyoto University.
3755 CONTRIB: Added buildvirtuser (see `perldoc contrib/buildvirtuser`).
3756 CONTRIB: qtool.pl: An empty queue is not an error. Problem noted
3757 by Jan Krueger of digitalanswers communications consulting
3759 CONTRIB: domainmap.m4: Handle domains with '-' in them. From Mark
3760 Roth of the University of Illinois at Urbana-Champaign.
3761 DEVTOOLS: Change the internal devtools OS, REL, and ARCH m4
3762 variables into bldOS, bldREL, and bldARCH to prevent
3763 namespace collisions. Problem noted by Motonori Nakamura
3764 of Kyoto University.
3765 RMAIL: Undo the 8.11.1 change to use -G when calling sendmail. It
3766 causes some changes in behavior and may break rmail for
3767 installations where sendmail is actually a wrapper to
3768 another MTA. The change will re-appear in a future
3770 SMRSH: Use the vendor supplied directory on HPUX 10.X, HPUX 11.X,
3771 and SunOS 5.8. Requested by Jeff A. Earickson of Colby
3772 College and John Beck of Sun Microsystems.
3773 VACATION: Fix pattern matching for addresses to ignore.
3774 VACATION: Don't reply to addresses of the form owner-*
3778 contrib/buildvirtuser
3781 8.11.1/8.11.1 2000/09/27
3782 Fix SMTP EXPN command output if the address expands to a single
3783 name. Fix from John Beck of Sun Microsystems.
3784 Don't try STARTTLS in the client if the PRNG has not been properly
3785 seeded. This problem only occurs on systems without
3786 /dev/urandom. Problem detected by Jan Krueger of
3787 digitalanswers communications consulting gmbh and
3788 Neil Rickert of Northern Illinois University.
3789 Don't use the . and .. directories when expanding QueueDirectory
3791 Do not try to cache LDAP connections across processes as a parent
3792 process may close the connection before the child process
3793 has completed. Problem noted by Lai Yiu Fai of the Hong
3794 Kong University of Science and Technology and Wolfgang
3795 Hottgenroth of UUNET.
3796 Use Timeout.fileopen to limit the amount of time spent trying to
3797 read the LDAP secret from a file.
3798 Prevent SIGTERM from removing a command line submitted item after
3799 the user submits the message and before the first delivery
3800 attempt completes. Problem noted by Max France of AlphaNet.
3801 Fix from Neil Rickert of Northern Illinois University.
3802 Deal correctly with MaxMessageSize restriction if message size is
3803 greater than 2^31. Problem noted by Tim "Darth Dice" Bosserman
3805 Turn off queue checkpointing if CheckpointInterval is set to zero.
3806 Treat an empty home directory (from getpw*() or $HOME) as
3807 non-existent instead of treating it as /. Problem noted by
3808 Todd C. Miller of Courtesan Consulting.
3809 Don't drop duplicate headers when reading a queued item. Problem
3810 noted by Motonori Nakamura of Kyoto University.
3811 Avoid bogus error text when logging the savemail panic "cannot
3812 save rejected email anywhere". Problem noted by Marc G.
3813 Fournier of Acadia University.
3814 If an LDAP search fails because the LDAP server went down, close
3815 the map so subsequent searches reopen the map. If there are
3816 multiple LDAP servers, the down server will be skipped and
3817 one of the others may be able to take over.
3818 Set the ${load_avg} macro to the current load average, not the
3819 previous load average query result.
3820 If a non-optional map used in a check_* ruleset can't be opened,
3821 return a temporary failure to the remote SMTP client
3822 instead of ignoring the map. Problem noted by Allan E
3823 Johannesen of Worcester Polytechnic Institute.
3824 Avoid a race condition when queuing up split envelopes by saving
3825 the split envelopes before the original envelope.
3826 Fix a bug in the PH_MAP code which caused mail to bounce instead of
3827 defer if the PH server could not be contacted. From Mark
3828 Roth of the University of Illinois at Urbana-Champaign.
3829 Prevent QueueSortOrder=Filename from interfering with -qR, -qS, and
3830 ETRN. Problem noted by Erik R. Leo of SoVerNet.
3831 Change error code for unrecognized parameters to the SMTP MAIL and
3832 RCPT commands from 501 to 555 per RFC 1869. Problem
3833 reported to Postfix by Robert Norris of Monash University.
3834 Prevent overwriting the argument of -B on certain OS. Problem
3835 noted by Matteo Gelosa of I.NET S.p.A.
3836 Use the proper routine for freeing memory with Netscape's LDAP
3837 client libraries. Patch from Paul Hilchey of the
3838 University of British Columbia.
3840 Move the NETINET6 define to devtools/OS/SunOS.5.{8,9}
3841 instead of defining it in conf.h so users can
3842 override the setting. Suggested by
3843 Henrik Nordstrom of Ericsson.
3844 On HP-UX 10.X and 11.X, use /usr/sbin/sendmail instead of
3845 /usr/lib/sendmail for rmail and vacation. From
3846 Jeff A. Earickson of Colby College.
3847 On HP-UX 11.X, use /usr/sbin instead of /usr/libexec (which
3848 does not exist). From Jeff A. Earickson of Colby
3850 Avoid using the UCB subsystem on NCR MP-RAS 3.x. From
3852 NeXT 3.X and 4.X installs man pages in /usr/man. From
3853 Hisanori Gogota of NTT/InterCommunicationCenter.
3854 Solaris 8 and later include /var/run. The default PID file
3855 location is now /var/run/sendmail.pid. From John
3856 Beck of Sun Microsystems.
3857 SFIO includes snprintf() for those operating systems
3858 which do not. From Todd C. Miller of Courtesan
3860 CONFIG: Use the result of _CERT_REGEX_SUBJECT_ not {cert_subject}.
3861 Problem noted by Kaspar Brand of futureLab AG.
3862 CONFIG: Change 553 SMTP reply code to 501 to avoid problems with
3863 errors in the MAIL address.
3864 CONFIG: Fix FEATURE(nouucp) usage in example .mc files. Problem
3865 noted by Ron Jarrell of Virginia Tech.
3866 CONFIG: Add support for Solaris 8 (and later) as OSTYPE(solaris8).
3867 Contributed by John Beck of Sun Microsystems.
3868 CONFIG: Set confFROM_HEADER such that the mail hub can possibly add
3869 GECOS information for an address. This more closely
3870 matches pre-8.10 nullclient behavior. From Per Hedeland of
3872 CONFIG: Fix MODIFY_MAILER_FLAGS(): apply the flag modifications for
3873 SMTP to all *smtp* mailers and those for RELAY to the relay
3874 mailer as described in cf/README.
3875 MAIL.LOCAL: Open the mailbox as the recipient not root so quotas
3876 are obeyed. Problem noted by Damian Kuczynski of NIK.
3877 MAKEMAP: Do not change a map's owner to the TrustedUser if using
3878 makemap to 'unmake' the map.
3879 RMAIL: Avoid overflowing the list of recipients being passed to
3881 RMAIL: Invoke sendmail with '-G' to indicate this is a gateway
3882 submission. Problem noted by Kari Hurtta of the Finnish
3883 Meteorological Institute.
3884 VACATION: Read the complete message to avoid "broken pipe" signals.
3885 VACATION: Do not cut off vacation.msg files which have a single
3886 dot as the only character on the line.
3888 cf/ostype/solaris8.m4
3890 8.11.0/8.11.0 2000/07/19
3891 SECURITY: If sendmail is installed as a non-root set-user-ID binary
3892 (not the normal case), some operating systems will still
3893 keep a saved-uid of the effective-uid when sendmail tries
3894 to drop all of its privileges. If sendmail needs to drop
3895 these privileges and the operating system doesn't set the
3896 saved-uid as well, exit with an error. Problem noted by
3897 Kari Hurtta of the Finnish Meteorological Institute.
3898 SECURITY: sendmail depends on snprintf() NUL terminating the string
3899 it populates. It is possible that some broken
3900 implementations of snprintf() exist that do not do this.
3901 Systems in this category should compile with
3902 -DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
3903 system and report broken implementations to
3904 sendmail-bugs@sendmail.org and your OS vendor. Problem
3905 noted by Slawomir Piotrowski of TELSAT GP.
3906 Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
3907 Implementation influenced by the example programs of
3908 OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
3909 Add new STARTTLS related options CACERTPath, CACERTFile,
3910 ClientCertFile, ClientKeyFile, DHParameters, RandFile,
3911 ServerCertFile, and ServerKeyFile. These are documented in
3912 cf/README and doc/op/op.me.
3913 New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
3914 ${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
3915 ${server_name}, and ${server_addr}. These are documented
3916 in cf/README and doc/op/op.me.
3917 Add support for the Entropy Gathering Daemon (EGD) for better
3919 New DontBlameSendmail option InsufficientEntropy for systems which
3920 don't properly seed the PRNG for OpenSSL but want to
3921 try to use STARTTLS despite the security problems.
3922 Support the security layer in SMTP AUTH for mechanisms which
3923 support encryption. Based on code contributed by Tim
3925 Add new macro ${auth_ssf} to reflect the SMTP AUTH security
3927 LDAP's -1 (single match only) flag was not honored if the -z
3928 (delimiter) flag was not given. Problem noted by ST Wong of
3929 the Chinese University of Hong Kong. Fix from Mark Adamson
3931 Add more protection from accidentally tripping OpenLDAP 1.X's
3932 ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
3933 Suggested by Kurt Zeilenga of OpenLDAP.
3934 Fix the default family selection for DaemonPortOptions. As
3935 documented, unless a family is specified in a
3936 DaemonPortOptions option, "inet" is the default. It is
3937 also the default if no DaemonPortOptions value is set.
3938 Therefore, IPv6 users should configure additional sockets
3939 by adding DaemonPortOptions settings with Family=inet6 if
3940 they wish to also listen on IPv6 interfaces. Problem noted
3941 by Jun-ichiro itojun Hagino of the KAME Project.
3942 Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
3943 the interface information for an outgoing connection.
3944 Not doing so was creating a mismatch between the socket
3945 family and address used in subsequent connections if the
3946 M=b modifier was set in DaemonPortOptions. Problem noted
3947 by John Beck of Sun Microsystems.
3948 If DaemonPortOptions modifier M=b is used, determine the socket
3949 family based on the IP address. ${if_family} is no longer
3950 persistent (i.e., saved in qf files). Patch from John Beck
3951 of Sun Microsystems.
3952 sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
3953 macros for both the incoming interface address/family and
3954 the outgoing interface address/family. In order for M=b
3955 modifier in DaemonPortOptions to work properly, preserve
3956 the incoming information in the queue file for later
3958 Use SMTP error code and enhanced status code from check_relay in
3959 responses to commands. Problem noted by Jeff Wasilko of
3961 Add more vigilance in checking for putc() errors on output streams
3962 to protect from a bug in Solaris 2.6's putc(). Problem
3963 noted by Graeme Hewson of Oracle.
3964 The LDAP map -n option (return attribute names only) wasn't working.
3965 Problem noted by Ajay Matia.
3966 Under certain circumstances, an address could be listed as deferred
3967 but would be bounced back to the sender as failed to be
3968 delivered when it really should have been queued. Problem
3969 noted by Allan E Johannesen of Worcester Polytechnic Institute.
3970 Prevent a segmentation fault in a child SMTP process from getting
3971 the SMTP transaction out of sync. Problem noted by Per
3972 Hedeland of Ericsson.
3973 Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
3974 is defined to avoid a core dump due to incompatibilities
3975 between sfio and stdio. Problem noted by Neil Rickert
3976 of Northern Illinois University.
3977 Don't log useless envelope ID on initial connection log. Problem
3978 noted by Kari Hurtta of the Finnish Meteorological Institute.
3979 Convert the free disk space shown in a control socket status query
3981 If TryNullMXList is True and there is a temporary DNS failure
3982 looking up the hostname, requeue the message for a later
3983 attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
3985 Under the proper circumstances, failed connections would be recorded
3986 as "Bad file number" instead of "Connection failed" in the
3987 queue file and persistent host status. Problem noted by
3988 Graeme Hewson of Oracle.
3989 Avoid getting into an endless loop if a non-hoststat directory exists
3990 within the hoststatus directory (e.g., lost+found).
3991 Patch from Valdis Kletnieks of Virginia Tech.
3992 Make sure Timeout.queuereturn=now returns a bounce message to the
3993 sender. Problem noted by Per Hedeland of Ericsson.
3994 If a message data file can't be opened at delivery time, panic and
3995 abort the attempt instead of delivering a message that
3996 states "<<< No Message Collected >>>".
3997 Fixup the GID checking code from 8.10.2 as it was overly
3998 restrictive. Problem noted by Mark G. Thomas of Mark
3999 G. Thomas Consulting.
4000 Preserve source port number instead of replacing it with the ident
4002 Document the queue status characters in the mailq man page.
4003 Suggested by Ulrich Windl of the Universitat Regensburg.
4004 Process queued items in which none of the recipient addresses have
4005 host portions (or there are no recipients). Problem noted
4006 by Valdis Kletnieks of Virginia Tech.
4007 If a cached LDAP connection is used for multiple maps, make sure
4008 only the first to open the connection is allowed to close
4009 it so a later map close doesn't break the connection for
4010 other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
4011 Netscape's LDAP libraries do not support Kerberos V4
4012 authentication. Patch from Rainer Schoepf of the
4013 University of Mainz.
4014 Provide workaround for inconsistent handling of data passed
4015 via callbacks to Cyrus SASL prior to version 1.5.23.
4016 Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
4017 noted by Ulrich Windl of the Universitat Regensburg.
4019 Add the ability to read IPv6 interface addresses into class
4020 'w' under FreeBSD (and possibly others). From Jun
4021 Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
4022 Replace code for finding the number of CPUs on HPUX.
4023 NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
4024 work properly causing problems if the accept()
4025 fails and the socket needs to be reopened. Patch
4026 from Tom Moore of NCR.
4027 NetBSD uses a .0 extension of formatted man pages. From
4028 Andrew Brown of Crossbar Security.
4029 Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
4030 for calls to getipnodebyname(). The Linux
4031 implementation is broken so AI_ADDRCONFIG is stripped
4032 under Linux. From John Beck of Sun Microsystems and
4033 John Kennedy of Cal State University, Chico.
4034 CONFIG: Catch invalid addresses containing a ',' at the wrong place.
4035 Patch from Neil Rickert of Northern Illinois University.
4036 CONFIG: New variables for the new sendmail options:
4037 confCACERT_PATH CACERTPath
4038 confCACERT CACERTFile
4039 confCLIENT_CERT ClientCertFile
4040 confCLIENT_KEY ClientKeyFile
4041 confDH_PARAMETERS DHParameters
4042 confRAND_FILE RandFile
4043 confSERVER_CERT ServerCertFile
4044 confSERVER_KEY ServerKeyFile
4045 CONFIG: Provide basic rulesets for TLS policy control and add new
4046 tags to the access database to support these policies. See
4047 cf/README for more information.
4048 CONFIG: Add TLS information to the Received: header.
4049 CONFIG: Call tls_client ruleset from check_mail in case it wasn't
4050 called due to a STARTTLS command.
4051 CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
4052 instead of temporary.
4053 CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
4054 the access map and relaying to a domain without using a To:
4055 tag. Problem noted by Mark G. Thomas of Mark G. Thomas
4057 CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
4058 OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
4060 CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
4061 forwarding to make it as close to the old behavior as
4062 possible. Problem noted by George W. Baltz of the
4063 University of Maryland.
4064 CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
4065 Wilfredo Sanchez of Apple Computer, Inc.
4066 CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
4067 ldap_mailhost and ldap_mailroutingaddress to ldapmh and
4068 ldapmra as underscores in map names cause problems if
4069 underscore is in OperatorChars. Problem noted by Bob Zeitz
4070 of the University of Alberta.
4071 CONFIG: Apply blacklist_recipients also to hosts in class {w}.
4072 Patch from Michael Tratz of Esosoft Corporation.
4073 CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
4074 CONTRIB: Add link_hash.sh to create symbolic links to the hash
4075 of X.509 certificates.
4076 CONTRIB: passwd-to-alias.pl: More protection from special characters;
4077 treat special shells as root aliases; skip entries where the
4078 GECOS full name and username match. From Ulrich Windl of the
4079 Universitat Regensburg.
4080 CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
4081 typo. Patch from Graeme Hewson of Oracle.
4082 CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
4083 and sendmail. Patch from Graeme Hewson of Oracle.
4084 CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
4085 subroutine Patch from Graeme Hewson of Oracle.
4086 CONTRIB: Add movemail.pl (move old mail messages between queues by
4087 calling re-mqueue.pl) and movemail.conf (configuration
4088 script for movemail.pl). From Graeme Hewson of Oracle.
4089 CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
4090 makemap). From Derek J. Balling of Yahoo,Inc.
4091 DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
4092 extension modifications (e.g., MAN8EXT) to the installation
4093 target. Patch from James Ralston of Carnegie Mellon
4095 DEVTOOLS: Add support for SunOS 5.9.
4096 DEVTOOLS: New option confLN contains the command used to create
4098 LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
4100 MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
4101 Denman Tire Corporation.
4102 MAIL.LOCAL: Prevent a possible DoS attack when compiled with
4103 -DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
4104 MAILSTATS: Fix usage statement (-p and -o are optional).
4105 MAKEMAP: Change man page layout as workaround for problem with nroff
4106 and -man on Solaris 7. Patch from Larry Williamson.
4107 RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
4108 Black Diamond Equipment, Limited.
4109 RMAIL: Prevent a segmentation fault if the incoming message does not
4111 VACATION: Read all of the headers before deciding whether or not
4112 to respond instead of stopping after finding recipient.
4116 contrib/link_hash.sh
4117 contrib/movemail.conf
4119 devtools/OS/SunOS.5.9
4122 8.10.2/8.10.2 2000/06/07
4123 SECURITY: Work around broken Linux setuid() implementation.
4124 On Linux, a normal user process has the ability to subvert
4125 the setuid() call such that it is impossible for a root
4126 process to drop its privileges. Problem noted by Wojciech
4127 Purczynski of elzabsoft.pl.
4128 SECURITY: Add more vigilance around set*uid(), setgid(), setgroups(),
4129 initgroups(), and chroot() calls.
4133 8.10.1/8.10.1 2000/04/06
4134 SECURITY: Limit the choice of outgoing (client-side) SMTP
4135 Authentication mechanisms to those specified in
4136 AuthMechanisms to prevent information leakage. We do not
4137 recommend use of PLAIN for outgoing mail as it sends the
4138 password in clear text to possibly untrusted servers. See
4139 cf/README's DefaultAuthInfo section for additional information.
4140 Copy the ident argument for openlog() to avoid problems on some
4141 OSs. Based on patch from Rob Bajorek from Webhelp.com.
4142 Avoid bogus error message when reporting an alias line as too long.
4143 Avoid bogus socket error message if sendmail.cf version level is
4144 greater than sendmail binary supported version. Patch
4145 from John Beck of Sun Microsystems.
4146 Prevent a malformed ruleset (missing right hand side) from causing
4147 a segmentation fault when using address test mode. Based on
4148 patch from John Beck of Sun Microsystems.
4149 Prevent memory leak from use of NIS maps and yp_match(3). Problem
4150 noted by Gil Kloepfer of the University of Texas at Austin.
4151 Fix queue file permission checks to allow for TrustedUser ownership.
4152 Change logging of errors from the trust_auth ruleset to LogLevel 10
4154 Avoid simple password cracking attacks against SMTP AUTH by using
4155 exponential delay after too many tries within one connection.
4156 Encode an initial empty AUTH challenge as '=', not as empty string.
4157 Avoid segmentation fault on EX_SOFTWARE internal error logs.
4158 Problem noted by Allan E Johannesen of Worcester
4159 Polytechnic Institute.
4160 Ensure that a header check which resolves to $#discard actually
4161 discards the message.
4162 Emit missing value warnings for aliases with no right hand side
4163 when newaliases is run instead of only when delivery is
4164 attempted to the alias.
4165 Remove AuthOptions missing value warning for consistency with other
4168 SECURITY: Specify a run-time shared library search path for
4169 AIX 4.X instead of using the dangerous AIX 4.X
4170 linker semantics. AIX 4.X users should consult
4171 sendmail/README for further information. Problem
4172 noted by Valdis Kletnieks of Virginia Tech.
4173 Avoid use of strerror(3) call. Problem noted by Charles
4174 Levert of Ecole Polytechnique de Montreal.
4175 DGUX requires -lsocket -lnsl and has a non-standard install
4176 program. From Tim Boyer of Denman Tire Corporation.
4177 HPUX 11.0 has a broken res_search() function.
4178 Updates to devtools/OS/NeXT.3.X, NeXT.4.X, and NEXTSTEP.4.X
4179 from J. P. McCann of E I A.
4180 Digital UNIX/Compaq Tru64 5.0 now includes snprintf(3).
4181 Problem noted by Michael Long of Info Avenue Internet
4183 Modern (post-199912) OpenBSD versions include working
4184 strlc{at,py}(3) functions. From Todd C. Miller of
4185 Courtesan Consulting.
4186 SINIX doesn't have random(3). From Gerald Rinske of
4187 Siemens Business Services.
4188 CONFIG: Change error message about unresolvable sender domain to
4189 include the sender address. Proposed by Wolfgang Rupprecht
4191 CONFIG: Fix usenet mailer calls.
4192 CONFIG: If RELAY_MAILER_FLAGS is not defined, use SMTP_MAILER_FLAGS
4193 to be backward compatible with 8.9.
4194 CONFIG: Change handling of default case @domain for virtusertable
4195 to allow for +*@domain to deal with +detail.
4196 CONTRIB: Remove converting.sun.configs -- it is obsolete.
4197 DEVTOOLS: confUBINMODE was being ignored. Fix from KITAZIMA, Tuneki
4199 DEVTOOLS: Add to NCR platform list and include the architecture
4200 (i486). From Tom J. Moore of NCR.
4201 DEVTOOLS: SECURITY: Change method of linking with sendmail utility
4202 libraries to work around the AIX 4.X and SunOS 4.X linker's
4203 overloaded -L option. Problem noted by Valdis Kletnieks of
4205 DEVTOOLS: configure.sh was overriding the user's choice for
4206 confNROFF. Problem noted by Glenn A. Malling of Syracuse
4208 DEVTOOLS: New variables conf_prog_LIB_POST and confBLDVARIANT added
4209 for other internal projects but included in the open source
4211 LIBSMDB: Check for ".db" instead of simply "db" at the end of the
4212 map name to determine whether or not to add the extension.
4213 This fixes makemap when building the userdb file. Problem
4214 noted by Andrew J Cole of the University of Leeds.
4215 LIBSMDB: Allow a database to be opened for updating and created if
4216 it doesn't already exist. Problem noted by Rand Wacker of
4218 LIBSMDB: If type is SMDB_TYPE_DEFAULT and both NEWDB and NDBM are
4219 available, fall back to NDBM if NEWDB open fails. This
4220 fixes praliases. Patch from John Beck of Sun Microsystems.
4221 LIBSMUTIL: safefile()'s SFF_NOTEXCL check was being misinterpreted
4223 OP.ME: Clarify some issues regarding mailer flags. Suggested by
4224 Martin Mokrejs of The Charles University and Neil Rickert of
4225 Northern Illinois University.
4226 PRALIASES: Restore 8.9.X functionality of being able to search for
4227 particular keys in a database by specifying the keys on the
4228 command line. Man page updated accordingly. Patch from
4229 John Beck of Sun Microsystems.
4230 VACATION: SunOS 4.X portability from Charles Levert of Ecole
4231 Polytechnique de Montreal.
4232 VACATION: Fix -t option which is ignored but available for
4233 compatibility with Sun's version, based on patch from
4234 Volker Dobler of Infratest Burke.
4236 devtools/M4/UNIX/smlib.m4
4237 devtools/OS/OSF1.V5.0
4239 contrib/converting.sun.configs
4240 Deleted Directories (already done in 8.10.0 but not listed):
4245 8.10.0/8.10.0 2000/03/01
4246 *************************************************************
4247 * The engineering department at Sendmail, Inc. has suffered *
4248 * the tragic loss of a key member of our engineering team. *
4249 * Julie Van Bourg was the Vice President of Engineering *
4250 * at Sendmail, Inc. during the development and deployment *
4251 * of this release. It was her vision, dedication, and *
4252 * support that has made this release a success. Julie died *
4253 * on October 26, 1999 of cancer. We have lost a leader, a *
4254 * coach, and a friend. *
4256 * This release is dedicated to her memory and to the joy, *
4257 * strength, ideals, and hope that she brought to all of us. *
4258 * Julie, we miss you! *
4259 *************************************************************
4260 SECURITY: The safe file checks now back track through symbolic
4261 links to make sure the files can't be compromised due
4262 to poor permissions on the parent directories of the
4263 symbolic link target.
4264 SECURITY: Only root, TrustedUser, and users in class t can rebuild
4265 the alias map. Problem noted by Michal Zalewski of the
4266 "Internet for Schools" project (IdS).
4267 SECURITY: There is a potential for a denial of service attack if
4268 the AutoRebuildAliases option is set as a user can kill the
4269 sendmail process while it is rebuilding the aliases file
4270 (leaving it in an inconsistent state). This option and
4271 its use is deprecated and will be removed from a future
4272 version of sendmail.
4273 SECURITY: Make sure all file descriptors (besides stdin, stdout, and
4274 stderr) are closed before restarting sendmail. Problem noted
4275 by Michal Zalewski of the "Internet for Schools" project
4277 Begin using /etc/mail/ for sendmail related files. This affects
4278 a large number of files. See cf/README for more details.
4279 The directory structure of the distribution has changed slightly
4280 for easier code sharing among the programs.
4281 Support SMTP AUTH (see RFC 2554). New macros for this purpose
4282 are ${auth_authen}, ${auth_type}, and ${auth_author}
4283 which hold the client's authentication credentials,
4284 the mechanism used for authentication, and the
4285 authorization identity (i.e., the AUTH= parameter if
4286 supplied). Based on code contributed by Tim Martin of CMU.
4287 On systems which use the Torek stdio library (all of the BSD
4288 distributions), use memory-buffered files to reduce
4289 file system overhead by not creating temporary files on
4290 disk. Contributed by Exactis.com, Inc.
4291 New option DataFileBufferSize to control the maximum size of a
4292 memory-buffered data (df) file before a disk-based file is
4293 used. Contributed by Exactis.com, Inc.
4294 New option XscriptFileBufferSize to control the maximum size of a
4295 memory-buffered transcript (xf) file before a disk-based
4296 file is used. Contributed by Exactis.com, Inc.
4297 sendmail implements RFC 2476 (Message Submission), e.g., it can
4298 now listen on several different ports. Use:
4299 O DaemonPortOptions=Name=MSA, Port=587, M=E
4300 to run a Message Submission Agent (MSA); this is turned
4301 on by default in m4-generated .cf files; it can be turned
4302 off with FEATURE(`no_default_msa').
4303 The 'XUSR' SMTP command is deprecated. Mail user agents should
4304 begin using RFC 2476 Message Submission for initial user
4305 message submission. XUSR may disappear from a future release.
4306 The new '-G' (relay (gateway) submission) command line option
4307 indicates that the message being submitted from the command
4308 line is for relaying, not initial submission. This means
4309 the message will be rejected if the addresses are not fully
4310 qualified and no canonicalization will be done. Future
4311 releases may even reject improperly formed messages.
4312 The '-U' (initial user submission) command line option is
4313 deprecated and may be removed from a future release.
4314 Mail user agents should begin using '-G' to indicate that
4315 this is a relay submission (the inverse of -U).
4316 The next release of sendmail will assume that any message submitted
4317 from the command line is an initial user submission and act
4319 If sendmail doesn't have enough privileges to run a .forward
4320 program or deliver to file as the owner of that file, the
4321 address is marked as unsafe. This means if RunAsUser is
4322 set, users won't be able to use programs or delivery to
4323 files in their .forward files. Administrators can override
4324 this by setting the DontBlameSendmail option to the new
4325 setting NonRootSafeAddr.
4326 Allow group or world writable directories if the sticky bit is set
4327 on the directory and DontBlameSendmail is set to
4328 TrustStickyBit. Based on patch from Chris Metcalf of
4330 Prevent logging of unsafe directory paths for non-existent forward
4331 files if the new DontWarnForwardFileInUnsafeDirPath bit is
4332 set in the DontBlameSendmail option. Requested by many.
4333 New Timeout.control option to limit the total time spent satisfying
4334 a control socket request.
4335 New Timeout.resolver options for controlling BIND resolver
4337 Timeout.resolver.retrans
4338 Sets the resolver's retransmission time interval (in
4339 seconds). Sets both Timeout.resolver.retrans.first
4340 and Timeout.resolver.retrans.normal.
4341 Timeout.resolver.retrans.first
4342 Sets the resolver's retransmission time interval (in
4343 seconds) for the first attempt to deliver a message.
4344 Timeout.resolver.retrans.normal
4345 Sets the resolver's retransmission time interval (in
4346 seconds) for all resolver lookups except the first
4348 Timeout.resolver.retry
4349 Sets the number of times to retransmit a resolver
4350 query. Sets both Timeout.resolver.retry.first
4351 and Timeout.resolver.retry.normal.
4352 Timeout.resolver.retry.first
4353 Sets the number of times to retransmit a resolver
4354 query for the first attempt to deliver a message.
4355 Timeout.resolver.retry.normal
4356 Sets the number of times to retransmit a resolver
4357 query for all resolver lookups except the first
4359 Contributed by Exactis.com, Inc.
4360 Support multiple queue directories. To use multiple queues, supply
4361 a QueueDirectory option value ending with an asterisk. For
4362 example, /var/spool/mqueue/q* will use all of the
4363 directories or symbolic links to directories beginning with
4364 'q' in /var/spool/mqueue as queue directories. Keep in
4365 mind, the queue directory structure should not be changed
4366 while sendmail is running. Queue runs create a separate
4367 process for running each queue unless the verbose flag is
4368 given on a non-daemon queue run. New items are randomly
4369 assigned to a queue. Contributed by Exactis.com, Inc.
4370 Support different directories for qf, df, and xf queue files; if
4371 subdirectories or symbolic links to directories of those names
4372 exist in the queue directories, they are used for the
4373 corresponding queue files. Keep in mind, the queue
4374 directory structure should not be changed while sendmail is
4375 running. Proposed by Mathias Koerber of Singapore
4376 Telecommunications Ltd.
4377 New queue file naming system which uses a filename guaranteed to be
4378 unique for 60 years. This allows queue IDs to be assigned
4379 without fancy file system locking. Queued items can be
4380 moved between queues easily. Contributed by Exactis.com,
4382 Messages which are undeliverable due to temporary address failures
4383 (e.g., DNS failure) will now go to the FallBackMX host, if
4384 set. Contributed by Exactis.com, Inc.
4385 New command line option '-L tag' which sets the identifier used for
4386 syslog. Contributed by Exactis.com, Inc.
4387 QueueSortOrder=Filename will sort the queue by filename. This
4388 avoids opening and reading each queue file when preparing
4389 to run the queue. Contributed by Exactis.com, Inc.
4390 Shared memory counters and microtimers functionality has been
4391 donated by Exactis.com, Inc.
4392 The SCCS ID tags have been replaced with RCS ID tags.
4393 Allow trusted users (those on a T line or in $=t) to set the
4394 QueueDirectory (Q) option without an X-Authentication-Warning:
4395 being added. Suggested by Michael K. Sanders.
4396 IPv6 support based on patches from John Kennedy of Cal State
4397 University, Chico, Motonori Nakamura of Kyoto University,
4398 and John Beck of Sun Microsystems.
4399 In low-disk space situations, where sendmail would previously refuse
4400 connections, still accept them, but only allow ETRN commands.
4401 Suggested by Mathias Koerber of Singapore Telecommunications
4403 The [IPC] builtin mailer now allows delivery to a UNIX domain socket
4404 on systems which support them. This can be used with LMTP
4405 local delivery agents which listen on a named socket. An
4406 example mailer might be:
4407 Mexecmail, P=[IPC], F=lsDFMmnqSXzA5@/:|, E=\r\n,
4408 S=10, R=20/40, T=DNS/RFC822/X-Unix,
4409 A=FILE /var/run/lmtpd
4410 Code contributed by Lyndon Nerenberg of Messaging Direct.
4411 The [TCP] builtin mailer name is now deprecated. Use [IPC]
4413 The first mailer argument in the [IPC] mailer is now checked for a
4414 legitimate value. Possible values are TCP (for TCP/IP
4415 connections), IPC (which will be deprecated in a future
4416 version), and FILE (for UNIX domain socket delivery).
4417 PrivacyOptions=goaway no longer includes the noetrn and the noreceipts
4419 PrivacyOptions=nobodyreturn instructs sendmail not to include the
4420 body of the original message on delivery status
4422 Don't announce DSN if PrivacyOptions=noreceipts is set. Problem noted
4423 by Dan Bernstein, fix from Robert Harker of Harker Systems.
4424 Accept the SMTP RSET command even when rejecting commands due to TCP
4425 Wrappers or the check_relay ruleset. Problem noted by
4426 Steve Schweinhart of America Online.
4427 Warn if OperatorChars is set multiple times. OperatorChars should
4428 not be set after rulesets are defined. Suggested by
4429 Mitchell Blank Jr of Exec-PC.
4430 Do not report temporary failure on delivery to files. In
4431 interactive delivery mode, this would result in two SMTP
4432 responses after the DATA command. Problem noted by
4433 Nik Conwell of Boston University.
4434 Check file close when mailing to files. Problem noted by Nik
4435 Conwell of Boston University.
4436 Avoid a segmentation fault when using the LDAP map. Patch from
4437 Curtis W. Hillegas of Princeton University.
4438 Always bind to the LDAP server regardless of whether you are using
4439 ldap_open() or ldap_init(). Fix from Raj Kunjithapadam of
4441 New ruleset trust_auth to determine whether a given AUTH=
4442 parameter of the MAIL command should be trusted. See SMTP
4443 AUTH, cf/README, and doc/op/op.ps.
4444 Allow new named config file rules check_vrfy, check_expn, and
4445 check_etrn for VRFY, EXPN, and ETRN commands, respectively,
4446 similar to check_rcpt etc.
4447 Introduce new macros ${rcpt_mailer}, ${rcpt_host}, ${rcpt_addr},
4448 ${mail_mailer}, ${mail_host}, ${mail_addr} that hold
4449 the results of parsing the RCPT and MAIL arguments, i.e.
4450 the resolved triplet from $#mailer $@host $:addr.
4451 From Kari Hurtta of the Finnish Meteorological Institute.
4452 New macro ${client_resolve} which holds the result of the resolve
4453 call for ${client_name}: OK, FAIL, FORGED, TEMP. Proposed
4454 by Kari Hurtta of the Finnish Meteorological Institute.
4455 New macros ${dsn_notify}, ${dsn_envid}, and ${dsn_ret} that hold
4456 the corresponding DSN parameter values. Proposed by
4458 New macro ${msg_size} which holds the value of the SIZE= parameter,
4459 i.e., usually the size of the message (in an ESMTP dialogue),
4460 before the message has been collected, thereafter it holds
4461 the message size as computed by sendmail (and can be used
4463 The macro ${deliveryMode} now specifies the current delivery mode
4464 sendmail is using instead of the value of the DeliveryMode
4466 New macro ${ntries} holds the number of delivery attempts.
4467 Drop explicit From: if same as what would be generated only if it is
4468 a local address. From Motonori Nakamura of Kyoto University.
4469 Write pid to file also if sendmail only processes the queue.
4470 Proposed by Roy J. Mongiovi of Georgia Tech.
4471 Log "low on disk space" only when necessary.
4472 New macro ${load_avg} can be used to check the current load average.
4473 Suggested by Scott Gifford of The Internet Ramp.
4474 Return-Receipt-To: header implies DSN request if option RrtImpliesDsn
4476 Flag -S for maps to specify the character which is substituted
4477 for spaces (instead of the default given by O BlankSub).
4478 Flag -D for maps: perform no lookup in deferred delivery mode.
4479 This flag is set by default for the host map. Based on a
4480 proposal from Ian MacPhedran of the University of Saskatchewan.
4481 Open maps only on demand, not at startup.
4482 Log warning about unsupported IP address families.
4483 New option MaxHeadersLength allows to specify a maximum length
4484 of the sum of all headers. This can be used to prevent
4485 a denial-of-service attack.
4486 New option MaxMimeHeaderLength which limits the size of MIME
4487 headers and parameters within those headers. This option
4488 is intended to protect mail user agents from buffer
4490 Added option MaxAliasRecursion to specify the maximum depth of
4492 New flag F=6 for mailers to strip headers to seven bit.
4493 Map type syslog to log the key via syslogd.
4494 Entries in the alias file can be continued by putting a backslash
4495 directly before the newline.
4496 New option DeadLetterDrop to define the location of the system-wide
4497 dead.letter file, formerly hardcoded to
4498 /usr/tmp/dead.letter. If this option is not set (the
4499 default), sendmail will not attempt to save to a
4500 system-wide dead.letter file if it can not bounce the mail
4501 to the user nor postmaster. Instead, it will rename the qf
4502 file as it has in the past when the dead.letter file
4503 could not be opened.
4504 New option PidFile to define the location of the pid file. The
4505 value of this option is macro expanded.
4506 New option ProcessTitlePrefix specifies a prefix string for the
4507 process title shown in 'ps' listings.
4508 New macros for use with the PidFile and ProcessTitlePrefix options
4509 (along with the already existing macros):
4510 ${daemon_info} Daemon information, e.g.
4511 SMTP+queueing@00:30:00
4512 ${daemon_addr} Daemon address, e.g., 0.0.0.0
4513 ${daemon_family} Daemon family, e.g., inet, inet6, etc.
4514 ${daemon_name} Daemon name, e.g., MSA.
4515 ${daemon_port} Daemon port, e.g., 25
4516 ${queue_interval} Queue run interval, e.g., 00:30:00
4517 New macros especially for virtual hosting:
4518 ${if_name} hostname of interface of incoming connection.
4519 ${if_addr} address of interface of incoming connection.
4520 The latter is only set if the interface does not belong to the
4522 If a message being accepted via a method other than SMTP and
4523 would be rejected by a header check, do not send the message.
4524 Suggested by Phil Homewood of Mincom Pty Ltd.
4525 Don't strip comments for header checks if $>+ is used instead of $>.
4526 Provide header value as quoted string in the macro
4527 ${currHeader} (possibly truncated to MAXNAME). Suggested by
4528 Jan Krueger of Unix-AG of University of Hannover.
4529 The length of the header value is stored in ${hdrlen}.
4530 H*: allows to specify a default ruleset for header checks. This
4531 ruleset will only be called if the individual header does
4532 not have its own ruleset assigned. Suggested by Jan
4533 Krueger of Unix-AG of University of Hannover.
4534 The name of the header field stored in ${hdr_name}.
4535 Comments (i.e., text within parentheses) in rulesets are not
4536 removed if the config file version is greater than or equal
4537 to 9. For example, "R$+ ( 1 ) $@ 1" matches the
4538 input "token (1)" but does not match "token".
4539 Avoid removing the Content-Transfer-Encoding MIME header on
4540 MIME messages. Problem noted by Sigurbjorn B. Larusson of
4541 Multimedia Consumer Services. Fix from Per Hedeland of
4543 Avoid duplicate Content-Transfer-Encoding MIME header on
4544 messages with 8-bit text in headers. Problem noted by
4545 Per Steinar Iversen of Oslo College. Fix from Per Hedeland
4547 Avoid keeping maps locked longer than necessary when re-opening a
4548 modified database map file. Problem noted by Chris Adams
4549 of Renaissance Internet Services.
4550 Resolving to the $#error mailer with a temporary failure code (e.g.,
4551 $#error $@ tempfail $: "400 Temporary failure") will now
4552 queue up the message instead of bouncing it.
4553 Be more liberal in acceptable responses to an SMTP RSET command as
4554 standard does not provide any indication of what to do when
4555 something other than 250 is received. Based on a patch
4556 from Steve Schweinhart of America Online.
4557 New option TrustedUser allows to specify a user who can own
4558 important files instead of root. This requires HASFCHOWN.
4559 Fix USERDB conditional so compiling with NEWDB or HESIOD and
4560 setting USERDB=0 works. Fix from Jorg Zanger of Schock.
4561 Fix another instance (similar to one in 8.9.3) of a network failure
4562 being mis-logged as "Illegal Seek" instead of whatever
4563 really went wrong. From John Beck of Sun Microsystems.
4564 $? tests also whether the macro is non-null.
4565 Print an error message if a mailer definition contains an invalid
4567 New mailer equate /= to specify a directory to chroot() into before
4568 executing the mailer program. Suggested by Igor Vinokurov.
4569 New mailer equate W= to specify the maximum time to wait for the
4570 mailer to return after sending all data to it.
4571 Only free memory from the process list when adding a new process
4572 into a previously filled slot. Previously, the memory was
4573 freed at removal time. Since removal can happen in a
4574 signal handler, this may leave the memory map in an
4575 inconsistent state. Problem noted by Jeff A. Earickson and
4576 David Cooley of Colby College.
4577 When using the UserDB @hostname catch-all, do not try to lookup
4578 local users in the passwd file. The UserDB code has
4579 already decided the message will be passed to another host
4580 for processing. Fix from Tony Landells of Burdett
4581 Buckeridge Young Limited.
4582 Support LDAP authorization via either a file containing the
4583 password or Kerberos V4 using the new map options
4584 '-ddistinguished_name', '-Mmethod', and '-Pfilename'. The
4585 distinguished_name is who to login as. The method can be
4586 one of LDAP_AUTH_NONE, LDAP_AUTH_SIMPLE, or
4587 LDAP_AUTH_KRBV4. The filename is the file containing the
4588 secret key for LDAP_AUTH_SIMPLE or the name of the Kerberos
4589 ticket file for LDAP_AUTH_KRBV4. Patch from Booker Bense
4590 of Stanford University.
4591 The ldapx map has been renamed to ldap. The use of ldapx is
4592 deprecated and will be removed in a future version.
4593 If the result of an LDAP search returns a multi-valued attribute
4594 and the map has the column delimiter set, it turns that
4595 response into a delimiter separated string. The LDAP map
4596 will traverse multiple entries as well. LDAP alias maps
4597 automatically set the column delimiter to the comma.
4598 Based on patch from Booker Bense of Stanford University and
4599 idea from Philip A. Prindeville of Mirapoint, Inc.
4600 Support return of multiple values for a single LDAP lookup. The
4601 values to be returned should be in a comma separated string.
4602 For example, `-v "email,emailother"'. Patch from
4603 Curtis W. Hillegas of Princeton University.
4604 Allow the use of LDAP for alias maps.
4605 If no LDAP attributes are specified in an LDAP map declaration, all
4606 attributes found in the match will be returned.
4607 Prevent commas in quoted strings in the AliasFile value from
4608 breaking up a single entry into multiple entries. This is
4609 needed for LDAP alias file specifications to allow for
4610 comma separated key and value strings.
4611 Keep connections to LDAP server open instead of opening and closing
4612 for each lookup. To reduce overhead, sendmail will cache
4613 connections such that multiple maps which use the same
4614 host, port, bind DN, and authentication will only result in
4615 a single connection to that host.
4616 Put timeout in the proper place for USE_LDAP_INIT.
4617 Be more careful about checking for errors and freeing memory on
4619 Use asynchronous LDAP searches to save memory and network
4621 Do not copy LDAP query results if the map's match only flag is set.
4622 Increase portability to the Netscape LDAP libraries.
4623 Change the parsing of the LDAP filter specification. '%s' is still
4624 replaced with the literal contents of the map lookup key --
4625 note that this means a lookup can be done using the LDAP
4626 special characters. The new '%0' token can be used instead
4627 of '%s' to encode the key buffer according to RFC 2254.
4628 For example, if the LDAP map specification contains '-k
4629 "(user=%s)"' and a lookup is done on "*", this would be
4630 equivalent to '-k "(user=*)"' -- matching ANY record with a
4631 user attribute. Instead, if the LDAP map specification
4632 contains '-k "(user=%0)"' and a lookup is done on "*", this
4633 would be equivalent to '-k "(user=\2A)"' -- matching a user
4635 New LDAP map flags: "-1" requires a single match to be returned, if
4636 more than one is returned, it is equivalent to no records
4637 being found; "-r never|always|search|find" sets the LDAP
4638 alias dereference option; "-Z size" limits the number of
4640 New option LDAPDefaultSpec allows a default map specification for
4641 LDAP maps. The value should only contain LDAP specific
4642 settings such as "-h host -p port -d bindDN", etc. The
4643 settings will be used for all LDAP maps unless they are
4644 specified in the individual map specification ('K'
4645 command). This option should be set before any LDAP maps
4647 Prevent an NDBM alias file opening loop when the NDBM open
4648 continually fails. Fix from Roy J. Mongiovi of Georgia
4650 Reduce memory utilization for smaller symbol table entries. In
4651 particular, class entries get much smaller, which can be
4652 important if you have large classes.
4653 On network-related temporary failures, record the hostname which
4654 gave error in the queued status message. Requested by
4655 Ulrich Windl of the Universitat Regensburg.
4656 Add new F=% mailer flag to allow for a store and forward
4657 configuration. Mailers which have this flag will not attempt
4658 delivery on initial receipt of a message or on queue runs
4659 unless the queued message is selected using one of the
4660 -qI/-qR/-qS queue run modifiers or an ETRN request. Code
4661 provided by Philip Guenther of Gustavus Adolphus College.
4662 New option ControlSocketName which, when set, creates a daemon
4663 control socket. This socket allows an external program to
4664 control and query status from the running sendmail daemon
4665 via a named socket, similar to the ctlinnd interface to the
4666 INN news server. Access to this interface is controlled by
4667 the UNIX file permissions on the named socket on most UNIX
4668 systems (see sendmail/README for more information). An
4669 example control program is provided as contrib/smcontrol.pl.
4670 Change the default values of QueueLA from 8 to (8 * numproc) and
4671 RefuseLA from 12 to (12 * numproc) where numproc is the
4672 number of processors online on the system (if that can be
4673 determined). For single processor machines, this change
4675 Don't return body of message to postmaster on "Too many hops" bounces.
4676 Based on fix from Motonori Nakamura of Kyoto University.
4677 Give more detailed DSN descriptions for some cases. Patch from
4678 Motonori Nakamura of Kyoto University.
4679 Logging of alias, forward file, and UserDB expansion now happens
4680 at LogLevel 11 or higher instead of 10 or higher.
4681 Logging of an envelope's complete delivery (the "done" message) now
4682 happens at LogLevel 10 or higher instead of 11 or higher.
4683 Logging of TCP/IP or UNIX standard input connections now happens at
4684 LogLevel 10 or higher. Previously, only TCP/IP connections
4685 were logged, and on at LogLevel 12 or higher. Setting
4686 LogLevel to 10 will now assist users in tracking frequent
4687 connection-based denial of service attacks.
4688 Log basic information about authenticated connections at LogLevel
4690 Log SMTP Authentication mechanism and author when logging the sender
4691 information (from= syslog line).
4692 Log the DSN code for each recipient if one is available as a new
4694 Macro expand PostmasterCopy and DoubleBounceAddress options.
4695 New "ph" map for performing ph queries in rulesets, see
4696 sendmail/README for details. Contributed by Mark Roth
4697 of the University of Illinois at Urbana-Champaign.
4698 Detect temporary lookup failures in the host map if looking up a
4699 bracketed IP address. Problem noted by Kari Hurtta of the
4700 Finnish Meteorological Institute.
4701 Do not report a Remote-MTA on local deliveries. Problem noted by
4702 Kari Hurtta of the Finnish Meteorological Institute.
4703 When a forward file points to an alias which runs a program, run
4704 the program as the default user and the default group, not
4705 the forward file user. This change also assures the
4706 :include: directives in aliases are also processed using
4707 the default user and group. Problem noted by Sergiu
4708 Popovici of DNT Romania.
4709 Prevent attempts to save a dead.letter file for a user with
4710 no home directory (/no/such/directory). Problem noted by
4711 Michael Brown of Finnigan FT/MS.
4712 Include message delay and number of tries when logging that a
4713 message has been completely delivered (LogLevel of 10 or
4714 above). Suggested by Nick Hilliard of Ireland Online.
4715 Log the sender of a message even if none of the recipients were
4716 accepted. If some of the recipients were rejected, it is
4717 helpful to know the sender of the message.
4718 Check the root directory (/) when checking a path for safety.
4719 Problem noted by John Beck of Sun Microsystems.
4720 Prevent multiple responses to the DATA command if DeliveryMode is
4721 interactive and delivering to an alias which resolves to
4723 Macros in the helpfile are expanded if the helpfile version is 2 or
4724 greater (see below); the help function doesn't print the
4725 version of sendmail any longer, instead it is placed in
4726 the helpfile ($v). Suggested by Chuck Foster of UUNET
4727 PIPEX. Additionally, comment lines (starting with #) are
4728 skipped and a version line (#vers) is introduced. The
4729 helpfile version for 8.10.0 is 2, if no version or an older
4730 version is found, a warning is logged. The '#vers'
4731 directive should be placed at the top of the help file.
4732 Use fsync() when delivering to a file to guarantee the delivery to
4733 disk succeeded. Suggested by Nick Christenson.
4734 If delivery to a file is unsuccessful, truncate the file back to its
4735 length before the attempt.
4736 If a forward points to a filename for delivery, change to the
4737 user's uid before checking permissions on the file. This
4738 allows delivery to files on NFS mounted directories where
4739 root is remapped to nobody. Problem noted by Harald
4740 Daeubler of Universitaet Ulm.
4741 purgestat and sendmail -bH purge only expired (Timeout.hoststatus)
4742 host status files, not all files.
4743 Any macros stored in the class $={persistentMacros} will be saved
4744 in the queue file for the message and set when delivery
4745 is attempted on the queued item. Suggested by Kyle Jones of
4747 Add support for storing information between rulesets using the new
4748 macro map class. This can be used to store information
4749 between queue runs as well using $={persistentMacros}.
4750 Based on an idea from Jan Krueger of Unix-AG of University
4752 New map class arith to allow for computations in rules. The
4753 operation (+, -, *, /, l (for less than), and =) is given
4754 as key. The two operands are specified as arguments; the
4755 lookup returns the result of the computation. For example,
4756 "$(arith l $@ 4 $@ 2 $)" will return "FALSE" and
4757 "$(arith + $@ 4 $@ 2 $)" will return "6".
4758 Add new syntax for header declarations which decide whether to
4759 include the header based on a macro rather than a mailer
4761 H?${MyMacro}?X-My-Header: ${MyMacro}
4762 This should be used along with $={persistentMacros}.
4763 It can be used for adding headers to a message based on
4764 the results of check_* and header check rulesets.
4765 Allow new named config file rule check_eoh which is called after
4766 all of the headers have been collected. The input to the
4767 ruleset the number of headers and the size of all of the
4768 headers in bytes separated by $|. This ruleset along with
4769 the macro storage map can be used to correlate information
4770 gathered between headers and to check for missing headers.
4771 See cf/README or doc/op/op.ps for an example.
4772 Change the default for the MeToo option to True to correspond
4773 to the clarification in the DRUMS SMTP Update spec. This
4774 option is deprecated and will be removed from a future
4776 Change the sendmail binary default for SendMimeErrors to True.
4777 Change the sendmail binary default for SuperSafe to True.
4778 Display ruleset names in debug and address test mode output
4779 if referencing a named ruleset.
4780 New mailer equate m= which will limit the number of messages
4781 delivered per connection on an SMTP or LMTP mailer.
4782 Improve QueueSortOrder=Host by reversing the hostname before
4783 using it to sort. Now all the same domains are really run
4784 through the queue together. If they have the same MX host,
4785 then they will have a much better opportunity to use the
4786 connection cache if available. This should be a reasonable
4787 performance improvement. Patch from Randall Winchester of
4788 the University of Maryland.
4789 If a message is rejected by a header check ruleset, log who would
4790 have received the message if it had not been rejected.
4791 New "now" value for Timeout.queuereturn to bounce entries from the
4792 queue immediately. No delivery attempt is made.
4793 Increase sleeping time exponentially after too many "bad" commands
4794 up to 4 minutes delay (compare MAX{BAD,NOOP,HELO,VRFY,ETRN}-
4796 New option ClientPortOptions similar to DaemonPortOptions
4797 but for outgoing connections.
4798 New suboptions for DaemonPortOptions: Name (a name used for
4799 error messages and logging) and Modifiers, i.e.
4800 a require authentication
4801 b bind to interface through which mail has
4803 c perform hostname canonification
4804 f require fully qualified hostname
4805 h use name of interface for outgoing HELO
4807 C don't perform hostname canonification
4808 E disallow ETRN (see RFC 2476)
4809 New suboption for ClientPortOptions: Modifiers, i.e.
4810 h use name of interface for HELO command
4811 The version number for queue files (qf) has been incremented to 4.
4812 Log unacceptable HELO/EHLO domain name attempts if LogLevel is set
4813 to 10 or higher. Suggested by Rick Troxel of the National
4814 Institutes of Health.
4815 If a mailer dies, print the status in decimal instead of octal
4816 format. Suggested by Michael Shapiro of Sun Microsystems.
4817 Limit the length of all MX records considered for delivery to 8k.
4818 Move message priority from sender to recipient logging. Suggested by
4819 Ulrich Windl of the Universitat Regensburg.
4820 Add support for Berkeley DB 3.X.
4821 Add fix for Berkeley DB 2.X fcntl() locking race condition.
4822 Requires a post-2.7.5 version of Berkeley DB.
4823 Support writing traffic log (sendmail -X option) to a FIFO.
4824 Patch submitted by Rick Heaton of Network Associates, Inc.
4825 Do not ignore Timeout settings in the .cf file when a Timeout
4826 sub-options is set on the command line. Problem noted by
4827 Graeme Hewson of Oracle.
4828 Randomize equal preference MX records each time delivery is
4829 attempted via a new connection to a host instead of once per
4830 session. Suggested by Scott Salvidio of Compaq.
4831 Implement enhanced status codes as defined by RFC 2034.
4832 Add [hostname] to class w for the names of all interfaces unless
4833 DontProbeInterfaces is set. This is useful for sending mails
4834 to hosts which have dynamically assigned names.
4835 If a message is bounced due to bad MIME conformance, avoid bouncing
4836 the bounce for the same reason. If the body is not 8-bit
4837 clean, and EightBitMode isn't set to pass8, the body will
4838 not be included in the bounce. Problem noted by Valdis
4839 Kletnieks of Virginia Tech.
4840 The timeout for sending a message via SMTP has been changed from
4841 '${msgsize} / 16 + (${nrcpts} * 300)' to a timeout which
4842 simply checks for progress on sending data every 5 minutes.
4843 This will detect the inability to send information quicker
4844 and reduce the number of processes simply waiting to
4846 Prevent a segmentation fault on systems which give a partial filled
4847 interface address structure when loading the system network
4848 interface addresses. Fix from Reinier Bezuidenhout of
4850 Add a compile-time configuration macro, MAXINTERFACES, which
4851 indicates the number of interfaces to read when probing
4852 for hostnames and IP addresses for class w ($=w). The
4853 default value is 512. Based on idea from Reinier
4854 Bezuidenhout of Nanoteq.
4855 If the RefuseLA option is set to 0, do not reject connections based
4857 Allow ruleset 0 to have a name. Problem noted by Neil Rickert of
4858 Northern Illinois University.
4859 Expand the Return-Path: header at delivery time, after "owner-"
4860 envelope splitting has occurred.
4861 Don't try to sort the queue if there are no entries. Patch from
4862 Luke Mewburn from RMIT University.
4863 Add a "/quit" command to address test mode.
4864 Include the proper sender in the UNIX "From " line and Return-Path:
4865 header when undeliverable mail is saved to ~/dead.letter.
4866 Problem noted by Kari Hurtta of the Finnish Meteorological
4868 The contents of a class can now be copied to another class using
4869 the syntax: "C{Dest} $={Source}". This would copy all of
4870 the items in class $={Source} into the class $={Dest}.
4871 Include original envelope's error transcript in bounces created for
4872 split (owner-) envelopes to see the original errors when
4873 the recipients were added. Based on fix from Motonori
4874 Nakamura of Kyoto University.
4875 Show reason for permanent delivery errors directly after the
4876 addresses. From Motonori Nakamura of Kyoto University.
4877 Prevent a segmentation fault when bouncing a split-envelope
4878 message. Patch from Motonori Nakamura of Kyoto University.
4879 If the specification for the queue run interval (-q###) has a
4880 syntax error, consider the error fatal and exit.
4881 Pay attention to CheckpointInterval during LMTP delivery. Problem
4882 noted by Motonori Nakamura of Kyoto University.
4883 On operating systems which have setlogin(2), use it to set the
4884 login name to the RunAsUserName when starting as a daemon.
4885 This is for delivery to programs which use getlogin().
4886 Based on fix from Motonori Nakamura of Kyoto University.
4887 Differentiate between "command not implemented" and "command
4888 unrecognized" in the SMTP dialogue.
4889 Strip returns from forward and include files. Problem noted by
4890 Allan E Johannesen of Worcester Polytechnic Institute.
4891 Prevent a core dump when using 'sendmail -bv' on an address which
4892 resolves to the $#error mailer with a temporary failure.
4893 Based on fix from Neil Rickert of Northern Illinois
4895 Prevent multiple deliveries of a message with a "non-local alias"
4896 pointing to a local user, if canonicalization fails
4897 the message was requeued *and* delivered to the alias.
4898 If an invalid ruleset is declared, the ruleset name could be
4899 ignored and its rules added to S0. Instead, ignore the
4900 ruleset lines as well.
4901 Avoid incorrect Final-Recipient, Action, and X-Actual-Recipient
4902 success DSN fields as well as duplicate entries for a
4903 single address due to S5 and UserDB processing. Problems
4904 noted by Kari Hurtta of the Finnish Meteorological
4906 Turn off timeouts when exiting sendmail due to an interrupt signal
4907 to prevent the timeout from firing during the exit process.
4908 Problem noted by Michael Shapiro of Sun Microsystems.
4909 Do not append @MyHostName to non-RFC822 addresses output by the EXPN
4910 command or on Final-Recipient: and X-Actual-Recipient: DSN
4911 headers. Non-RFC822 addresses include deliveries to
4912 programs, file, DECnet, etc.
4913 Fix logic for determining if a local user is using -f or -bs to
4914 spoof their return address. Based on idea from Neil Rickert
4915 of Northern Illinois University and patch from Per Hedeland
4917 Report the proper UID in the bounce message if an :include: file is
4918 owned by a uid that doesn't map to a username and the
4919 :include: file contains delivery to a file or program.
4920 Problem noted by John Beck of Sun Microsystems.
4921 Avoid the attempt of trying to send a second SMTP QUIT command if
4922 the remote server responds to the first QUIT with a 4xx
4923 response code and drops the connection. This behavior was
4924 noted by Ulrich Windl of the Universitat Regensburg when
4925 sendmail was talking to the Mercury 1.43 MTA.
4926 If a hostname lookup times out and ServiceSwitchFile is set but the
4927 file is not present, the lookup failure would be marked as
4928 a permanent failure instead of a temporary failure. Fix
4929 from Russell King of the ARM Linux Project.
4930 Handle aliases or forwards which deliver to programs using tabs
4931 instead of spaces between arguments. Problem noted by Randy
4932 Wormser. Fix from Neil Rickert of Northern Illinois
4934 Allow MaxRecipientsPerMessage option to be set on the command line
4935 by normal users (e.g., sendmail won't drop its root
4936 privileges) to allow overrides for message submission via
4938 Set the names for help file and statistics file to "helpfile" and
4939 "statistics", respectively, if no parameters are given for
4940 them in the .cf file.
4941 Avoid bogus 'errbody: I/O Error -7' log messages when sending
4942 success DSN messages for messages relayed to non-DSN aware
4943 systems. Problem noted by Juergen Georgi of RUS University
4944 of Stuttgart and Kyle Tucker of Parexel International.
4945 Prevent +detail information from interfering with local delivery to
4946 multiple users in the same transaction (F=m).
4947 Add H_FORCE flag for the X-Authentication-Warning: header, so it
4948 will be added even if one already exists. Problem noted
4949 by Michal Zalewski of Marchew Industries.
4950 Stop processing SMTP commands if the SMTP connection is dropped.
4951 This prevents a remote system from flooding the connection
4952 with commands and then disconnecting. Previously, the
4953 server would process all of the buffered commands. Problem
4954 noted by Michal Zalewski of Marchew Industries.
4955 Properly process user-supplied headers beginning with '?'. Problem
4956 noted by Michal Zalewski of Marchew Industries.
4957 If multiple header checks resolve to the $#error mailer, use the
4958 last permanent (5XX) failure if any exist. Otherwise, use
4959 the last temporary (4XX) failure.
4960 RFC 1891 requires "hexchar" in a "xtext" to be upper case. Patch
4961 from Ronald F. Guilmette of Infinite Monkeys & Co.
4962 Timeout.ident now defaults to 5 seconds instead of 30 seconds to
4963 prevent the now common delays associated with mailing to a
4964 site which drops IDENT packets. Suggested by many.
4965 Persistent host status data is not reloaded disk when current data
4966 is available in the in-memory cache. Problem noted by Per
4967 Hedeland of Ericsson.
4968 mailq displays unprintable characters in addresses as their octal
4969 representation and a leading backslash. This avoids problems
4970 with "unprintable" characters. Problem noted by Michal
4971 Zalewski of the "Internet for Schools" project (IdS).
4972 The mail line length limit (L= equate) was adding the '!' indicator
4973 one character past the limit. This would cause subsequent
4974 hops to break the line again. The '!' is now placed in
4975 the last column of the limit if the line needs to be broken.
4976 Problem noted by Joe Pruett of Q7 Enterprises. Based on fix
4977 from Per Hedeland of Ericsson.
4978 If a resolver ANY query is larger than the UDP packet size, the
4979 resolver will fall back to TCP. However, some
4980 misconfigured firewalls block 53/TCP so the ANY lookup
4981 fails whereas an MX or A record might succeed. Therefore,
4982 don't fail on ANY queries.
4983 If an SMTP recipient is rejected due to syntax errors in the
4984 address, do not send an empty postmaster notification DSN
4985 to the postmaster. Problem noted by Neil Rickert of
4986 Northern Illinois University.
4987 Allow '_' and '.' in map names when parsing a sequence map
4988 specification. Patch from William Setzer of North Carolina
4990 Fix hostname in logging of read timeouts for the QUIT command on
4991 cached connections. Problem noted by Neil Rickert of
4992 Northern Illinois University.
4993 Use a more descriptive entry to log "null" connections, i.e.,
4994 "host did not issue MAIL/EXPN/VRFY/ETRN during connection".
4995 Fix a file descriptor leak in ONEX mode.
4997 Reverse signal handling logic such that sigaction(2) with
4998 the SA_RESTART flag is the preferred method and the
4999 other signal methods are only tried if SA_RESTART
5000 is not available. Problem noted by Allan E
5001 Johannesen of Worcester Polytechnic Institute.
5002 AIX 4.x supports the sa_len member of struct sockaddr.
5003 This allows network interface probing to work
5004 properly. Fix from David Bronder of the
5006 AIX 4.3 has snprintf() support.
5007 Use "PPC" as the architecture name when building under
5008 AIX. This will be reflected in the obj.* directory
5010 Apple Darwin support based on Apple Rhapsody port.
5011 Fixed AIX 'make depend' method from Valdis Kletnieks of
5013 Digital UNIX has uname(2).
5014 GNU Hurd updates from Mark Kettenis of the University of
5016 Improved HPUX 11.0 portability.
5017 Properly determine the number of CPUs on FreeBSD 2.X,
5018 FreeBSD 3.X, HP/UX 10.X and HP/UX 11.X.
5019 Remove special IRIX ABI cases from Build script and the OS
5020 files. Use the standard 'cc' options used by SGI
5021 in building the operating system. Users can
5022 override the defaults by setting confCC and
5023 confLIBSEARCHPATH appropriately.
5024 IRIX nsd map support from Bob Mende of SGI.
5025 Minor devtools fixes for IRIX from Bob Mende of SGI.
5026 Linux patch for IP_SRCROUTE support from Joerg Dorchain
5027 of MW EDV & ELECTRONIC.
5028 Linux now uses /usr/sbin for confEBINDIR in the build
5029 system. From MATSUURA Takanori of Osaka University.
5030 Remove special treatment for Linux PPC in the build
5031 system. From MATSUURA Takanori of Osaka University.
5032 Motorolla UNIX SYSTEM V/88 Release 4.0 support from
5033 Sergey Rusanov of the Republic of Udmurtia.
5034 NCR MP-RAS 3.x includes regular expression support. From
5035 Tom J. Moore of NCR.
5036 NEC EWS-UX/V series settings for _PATH_VENDOR_CF and
5037 _PATH_SENDMAILPID from Oota Toshiya of
5038 NEC Computers Group Planning Division.
5039 Minor NetBSD owner/group tweaks from Ayamura Kikuchi, M.D.
5040 NEWS-OS 6.X listed SYSLOG_BUFSIZE as 256 in confENVDEF and
5041 1024 in conf.h. Since confENVDEF would be used,
5042 use that value in conf.h.
5043 Use NeXT's NETINFO to get domain name. From Gerd Knops of
5045 Use NeXT's NETINFO for alias and hostname resolution if
5046 AUTO_NETINFO_ALIASES and AUTO_NETINFO_HOSTS are
5047 defined. Patch from Wilfredo Sanchez of Apple
5049 NeXT portability tweaks. Problems reported by Dragan
5050 Milicic of the University of Utah and J. P. McCann
5052 New compile flag FAST_PID_RECYCLE: set this if your system
5053 can reuse the same PID in the same second.
5054 New compile flag HASFCHOWN: set this if your OS has
5056 New compile flag HASRANDOM: set this to 0 if your OS does
5057 not have random(3). rand() will be used instead.
5058 New compile flag HASSRANDOMDEV: set this if your OS has
5060 New compile flag HASSETLOGIN: set this if your OS has
5062 Replace SINIX and ReliantUNIX support with version
5063 specific SINIX files. From Gerald Rinske of
5064 Siemens Business Services.
5065 Use the 60-second load average instead of the 5 second load
5066 average on Compaq Tru64 UNIX (formerly Digital
5067 UNIX). From Chris Teakle of the University of Qld.
5068 Use ANSI C by default for Compaq Tru64 UNIX. Suggested by
5069 Randall Winchester of Swales Aerospace.
5070 Correct setgroups() prototype for Compaq Tru64 UNIX.
5071 Problem noted by Randall Winchester of Swales
5073 Hitachi 3050R/3050RX and 3500 Workstations running
5074 HI-UX/WE2 4.02, 6.10 and 7.10 from Motonori
5075 NAKAMURA of Kyoto University.
5076 New compile flag NO_GETSERVBYNAME: set this to disable
5077 use of getservbyname() on systems which can
5078 not lookup a service by name over NIS, such as
5079 HI-UX. Patch from Motonori NAKAMURA of Kyoto
5081 Use devtools/bin/install.sh on SCO 5.x. Problem noted
5082 by Sun Wenbing of the China Engineering and
5083 Technology Information Network.
5084 make depend didn't work properly on UNIXWARE 4.2. Problem
5085 noted by Ariel Malik of Netology, Ltd.
5086 Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX).
5087 Set confSTDIO_TYPE to torek for BSD-OS, FreeBSD, NetBSD,
5089 A recent Compaq Ultrix 4.5 Y2K patch has broken detection
5090 of local_hostname_length(). See sendmail/README
5091 for more details. Problem noted by Allan E
5092 Johannesen of Worcester Polytechnic Institute.
5093 CONFIG: Begin using /etc/mail/ for sendmail related files. This
5094 affects a large number of files. See cf/README for more
5096 CONFIG: New macro MAIL_SETTINGS_DIR contains the path (including
5097 trailing slash) for the mail settings directory.
5098 CONFIG: Increment version number of config file to 9.
5099 CONFIG: OSTYPE(`bsdi1.0') and OSTYPE(`bsdi2.0') have been
5100 deprecated and may be removed from a future release.
5101 BSD/OS users should begin using OSTYPE(`bsdi').
5102 CONFIG: OpenBSD 2.4 installs mail.local non-set-user-ID root. This
5103 requires a new OSTYPE(`openbsd'). From Todd C. Miller of
5104 Courtesan Consulting.
5105 CONFIG: New OSTYPE(`hpux11') for HP/UX 11.X.
5106 CONFIG: A syntax error in check_mail would cause fake top-level
5107 domains (.BITNET, .DECNET, .FAX, .USENET, and .UUCP) to
5108 be improperly rejected as unresolvable.
5109 CONFIG: New FEATURE(`dnsbl') takes up to two arguments (name of
5110 DNS server, rejection message) and can be included
5112 CONFIG: New FEATURE(`relay_mail_from') allows relaying if the
5113 mail sender is listed as RELAY in the access map (and tagged
5115 CONFIG: Optional tagging of LHS in the access map (Connect:,
5116 From:, To:) to enable finer control.
5117 CONFIG: New FEATURE(`ldap_routing') implements LDAP address
5118 routing. See cf/README for a complete description of the
5120 CONFIG: New variables for the new sendmail options:
5121 confAUTH_MECHANISMS AuthMechanisms
5122 confAUTH_OPTIONS AuthOptions
5123 confCLIENT_OPTIONS ClientPortOptions
5124 confCONTROL_SOCKET_NAME ControlSocketName
5125 confDEAD_LETTER_DROP DeadLetterDrop
5126 confDEF_AUTH_INFO DefaultAuthInfo
5127 confDF_BUFFER_SIZE DataFileBufferSize
5128 confLDAP_DEFAULT_SPEC LDAPDefaultSpec
5129 confMAX_ALIAS_RECURSION MaxAliasRecursion
5130 confMAX_HEADERS_LENGTH MaxHeadersLength
5131 confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength
5132 confPID_FILE PidFile
5133 confPROCESS_TITLE_PREFIX ProcessTitlePrefix
5134 confRRT_IMPLIES_DSN RrtImpliesDsn
5135 confTO_CONTROL Timeout.control
5136 confTO_RESOLVER_RETRANS Timeout.resolver.retrans
5137 confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first
5138 confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal
5139 confTO_RESOLVER_RETRY Timeout.resolver.retry
5140 confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first
5141 confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal
5142 confTRUSTED_USER TrustedUser
5143 confXF_BUFFER_SIZE XscriptFileBufferSize
5144 CONFIG: confDAEMON_OPTIONS has been replaced by DAEMON_OPTIONS(),
5145 which takes the options as argument and can be used
5146 multiple times; see cf/README for details.
5147 CONFIG: Add a fifth mailer definition to MAILER(`smtp') called
5148 "dsmtp". This mail provides on-demand delivery using the
5149 F=% mailer flag described above. The "dsmtp" mailer
5150 definition uses the new DSMTP_MAILER_ARGS which defaults
5152 CONFIG: New variables LOCAL_MAILER_MAXMSGS, SMTP_MAILER_MAXMSGS,
5153 and RELAY_MAILER_MAXMSGS for setting the m= equate for the
5154 local, smtp, and relay mailers respectively.
5155 CONFIG: New variable LOCAL_MAILER_DSN_DIAGNOSTIC_CODE for setting
5156 the DSN Diagnostic-Code type for the local mailer. The
5157 value should be changed with care.
5158 CONFIG: FEATURE(`local_lmtp') now sets the DSN Diagnostic-Code type
5159 for the local mailer to the proper value of "SMTP".
5160 CONFIG: All included maps are no longer optional by default; if
5161 there there is a problem with a map, sendmail will
5163 CONFIG: Removed root from class E; use EXPOSED_USER(`root')
5164 to get the old behavior. Suggested by Joe Pruett
5166 CONFIG: MASQUERADE_EXCEPTION() defines hosts/subdomains which
5167 will not be masqueraded. Proposed by Arne Wichmann
5168 of MPI Saarbruecken, Griff Miller of PGS Tensor,
5169 Jayme Cox of Broderbund Software Inc.
5170 CONFIG: A list of exceptions for FEATURE(`nocanonify') can be
5171 specified by CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE,
5172 i.e., a list of domains which are passed to $[ ... $]
5173 for canonification. Based on an idea from Neil Rickert
5174 of Northern Illinois University.
5175 CONFIG: If `canonify_hosts' is specified as parameter for
5176 FEATURE(`nocanonify') then addresses which have only
5177 a hostname, e.g., <user@host>, will be canonified.
5178 CONFIG: If FEATURE(`nocanonify') is turned on, a trailing dot is
5179 nevertheless added to addresses with more than one component
5181 CONFIG: Canonification is no longer attempted for any host or domain
5183 CONFIG: New class for matching virtusertable entries $={VirtHost} that
5184 can be populated by VIRTUSER_DOMAIN or VIRTUSER_DOMAIN_FILE.
5185 FEATURE(`virtuser_entire_domain') can be used to apply this
5186 class also to entire subdomains. Hosts in this class are
5187 treated as canonical in SCanonify2, i.e., a trailing dot
5189 CONFIG: If VIRTUSER_DOMAIN() or VIRTUSER_DOMAIN_FILE() are used,
5190 include $={VirtHost} in $=R (hosts allowed to relay).
5191 CONFIG: FEATURE(`generics_entire_domain') can be used to apply the
5192 genericstable also to subdomains of $=G.
5193 CONFIG: Pass "+detail" as %2 for virtusertable lookups.
5194 Patch from Noam Freedman from University of Chicago.
5195 CONFIG: Pass "+detail" as %1 for genericstable lookups. Suggested
5196 by Raymond S Brand of rsbx.net.
5197 CONFIG: Allow @domain in genericstable to override masquerading.
5198 Suggested by Owen Duffy from Owen Duffy & Associates.
5199 CONFIG: LOCAL_DOMAIN() adds entries to class w. Suggested by Steve
5200 Hubert of University of Washington.
5201 CONFIG: OSTYPE(`gnuhurd') has been replaced by OSTYPE(`gnu') as
5202 GNU is now the canonical system name. From Mark
5203 Kettenis of the University of Amsterdam.
5204 CONFIG: OSTYPE(`unixware7') updates from Larry Rosenman.
5205 CONFIG: Do not include '=' in option expansion if there is no value
5206 associated with the option. From Andrew Brown of
5207 Graffiti World Wide, Inc.
5208 CONFIG: Add MAILER(`qpage') to define a new pager mailer. Contributed
5209 by Philip A. Prindeville of Enteka Enterprise Technology
5211 CONFIG: MAILER(`cyrus') was not preserving case for mail folder
5212 names. Problem noted by Randall Winchester of Swales
5214 CONFIG: RELAY_MAILER_FLAGS can be used to define additional flags
5215 for the relay mailer. Suggested by Doug Hughes of Auburn
5216 University and Brian Candler.
5217 CONFIG: LOCAL_MAILER_FLAGS now includes 'P' (Add Return-Path:
5218 header) by default. Suggested by Per Hedeland of Ericsson.
5219 CONFIG: Use SMART_HOST for bracketed addresses, e.g., user@[host].
5220 Suggested by Kari Hurtta of the Finnish Meteorological
5222 CONFIG: New macro MODIFY_MAILER_FLAGS to tweak *_MAILER_FLAGS;
5223 i.e., to set, add, or delete flags.
5224 CONFIG: If SMTP AUTH is used then relaying is allowed for any user
5225 who authenticated via a "trusted" mechanism, i.e., one that
5226 is defined via TRUST_AUTH_MECH(`list of mechanisms').
5227 CONFIG: FEATURE(`delay_checks') delays check_mail and check_relay
5228 after check_rcpt and allows for exceptions from the checks.
5229 CONFIG: Map declarations have been moved into their associated
5230 feature files to allow greater flexibility in use of
5231 sequence maps. Suggested by Per Hedeland of Ericsson.
5232 CONFIG: New macro LOCAL_MAILER_EOL to override the default end of
5233 line string for the local mailer. Requested by Il Oh of
5234 Willamette Industries, Inc.
5235 CONFIG: Route addresses are stripped, i.e., <@a,@b,@c:user@d> is
5236 converted to <user@d>
5237 CONFIG: Reject bogus return address of <@@hostname>, generated by
5238 Sun's older, broken configuration files.
5239 CONFIG: FEATURE(`nullclient') now provides the full rulesets of a
5240 normal configuration, allowing anti-spam checks to be
5242 CONFIG: Don't return a permanent error (Relaying denied) if
5243 ${client_name} can't be resolved just temporarily.
5244 Suggested by Kari Hurtta of the Finnish Meteorological
5246 CONFIG: Change numbered rulesets into named (which still can
5247 be accessed by their numbers).
5248 CONFIG: FEATURE(`nouucp') takes one parameter: reject or nospecial
5249 which describes whether to disallow "!" in the local part
5251 CONFIG: Call Local_localaddr from localaddr (S5) which can be used
5252 to rewrite an address from a mailer which has the F=5 flag
5253 set. If the ruleset returns a mailer, the appropriate
5254 action is taken, otherwise the returned tokens are ignored.
5255 CONFIG: cf/ostype/solaris.m4 has been renamed to solaris2.pre5.m4
5256 and cf/ostype/solaris2.m4 is now a copy of solaris2.ml.m4.
5257 The latter is kept around for backward compatibility.
5258 CONFIG: Allow ":D.S.N:" for mailer/virtusertable "error:" entries,
5259 where "D.S.N" is an RFC 1893 compliant error code.
5260 CONFIG: Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX).
5261 CONFIG: Remove second space between username and date in UNIX From_
5262 line. Noted by Allan E Johannesen of Worcester Polytechnic
5264 CONFIG: Make sure all of the mailers have complete T= equates.
5265 CONFIG: Extend FEATURE(`local_procmail') so it can now take
5266 arguments overriding the mailer program, arguments, and
5267 mailer definition flags. This makes it possible to use
5268 other programs such as maildrop for local delivery.
5269 CONFIG: Emit warning if FEATURE(`local_lmtp') or
5270 FEATURE(`local_procmail') is given after MAILER(`local').
5271 Patch from Richard A. Nelson of IBM.
5272 CONFIG: Add SMTP Authentication information to Received: header
5273 default value (confRECEIVED_HEADER).
5274 CONFIG: Remove `l' flag from USENET_MAILER_FLAGS as it is not a
5275 local mailer. Problem noted by Per Hedeland of Ericsson.
5276 CONTRIB: Added bounce-resender.pl from Brian R. Gaeke of the
5277 University of California at Berkeley.
5278 CONTRIB: Added domainmap.m4 from Mark D. Roth of the University of
5279 Illinois at Urbana-Champaign.
5280 CONTRIB: etrn.pl now recognizes bogus host names. Patch from
5281 Bruce Barnett of GE's R&D Lab.
5282 CONTRIB: Patches for re-mqueue.pl by Graeme Hewson of Oracle
5284 CONTRIB: Added qtool.pl to assist in managing the queues.
5285 DEVTOOLS: Prevent user environment variables from interfering with
5286 the Build scripts. Problem noted by Ezequiel H. Panepucci of
5288 DEVTOOLS: 'Build -M' will display the obj.* directory which will
5289 be used for building.
5290 DEVTOOLS: 'Build -A' will display the architecture that would be
5291 used for a fresh build.
5292 DEVTOOLS: New variable confRANLIB, set automatically by configure.sh.
5293 DEVTOOLS: New variable confRANLIBOPTS for the options to send to
5295 DEVTOOLS: 'Build -O <path>' will have the object files build in
5296 <path>/obj.*. Suggested by Bryan Costales of Exactis.
5297 DEVTOOLS: New variable confNO_MAN_BUILD which will prevent the
5298 building of the man pages when defined. Suggested by Bryan
5300 DEVTOOLS: New variables confNO_HELPFILE_INSTALL and
5301 confNO_STATISTICS_INSTALL which will prevent the
5302 installation of the sendmail helpfile and statistics file
5303 respectively. Suggested by Bryan Costales.
5304 DEVTOOLS: Recognize ReliantUNIX as SINIX. Patch from Gerald Rinske
5305 of Siemens Business Services.
5306 DEVTOOLS: New variable confSTDIO_TYPE which defines the type of
5307 stdio library. The new buffered file I/O depends on the
5308 Torek stdio library. This option can be either portable or
5310 DEVTOOLS: New variables confSRCADD and confSMSRCADD which
5311 correspond to confOBJADD and confSMOBJADD respectively.
5312 They should contain the C source files for the object files
5313 listed in confOBJADD and confSMOBJADD. These file names
5314 will be passed to the 'make depend' stage of compilation.
5315 DEVTOOLS: New program specific variables for each of the programs
5316 in the sendmail distribution. Each has the form
5317 `conf_prog_ENVDEF', for example, `conf_sendmail_ENVDEF'.
5318 The new variables are conf_prog_ENVDEF, conf_prog_LIBS,
5319 conf_prog_SRCADD, and conf_prog_OBJADD.
5320 DEVTOOLS: Build system redesign. This should have little affect on
5321 building the distribution, but documentation on the changes
5322 are in devtools/README.
5323 DEVTOOLS: Don't allow 'Build -f file' if an object directory already
5324 exists. Suggested by Valdis Kletnieks of Virginia Tech.
5325 DEVTOOLS: Rename confSRCDIR to confSMSRCDIR since it only identifies
5326 the path to the sendmail source directory. confSRCDIR is a
5327 new variable which identifies the root of the source
5328 directories for all of the programs in the distribution.
5329 DEVTOOLS: confSRCDIR and confSMSRCDIR are now determined at Build
5330 time. They can both still be overridden by setting the m4
5332 DEVTOOLS: confSBINGRP now defaults to bin instead of kmem.
5333 DEVTOOLS: 'Build -Q prefix' uses devtools/Site/prefix.*.m4 for
5334 build configurations, and places objects in obj.prefix.*/.
5335 Complains as 'Build -f file' does for existing object
5336 directories. Suggested by Tom Smith of Digital Equipment
5338 DEVTOOLS: Setting confINSTALL_RAWMAN will install unformatted
5339 manual pages in the directory tree specified by
5341 DEVTOOLS: If formatting the manual pages fails, copy in the
5342 preformatted pages from the distribution. The new variable
5343 confCOPY specifies the copying program.
5344 DEVTOOLS: Defining confFORCE_RMAIL will install rmail without
5345 question. Suggested by Terry Lambert of Whistle
5347 DEVTOOLS: confSTFILE and confHFFILE can be used to change the names
5348 of the installed statistics and help files, respectively.
5349 DEVTOOLS: Remove spaces in `uname -r` output when determining
5350 operating system identity. Problem noted by Erik
5351 Wachtenheim of Dartmouth College.
5352 DEVTOOLS: New variable confLIBSEARCHPATH to specify the paths that
5353 will be search for the libraries specified in confLIBSEARCH.
5354 Defaults to "/lib /usr/lib /usr/shlib".
5355 DEVTOOLS: New variables confSTRIP and confSTRIPOPTS for specifying
5356 how to strip binaries. These are used by the new
5357 install-strip target.
5358 DEVTOOLS: New config file site.post.m4 which is included after
5359 the others (if it exists).
5360 DEVTOOLS: Change order of LIBS: first product specific libraries
5361 then the default ones.
5362 MAIL.LOCAL: Will not be installed set-user-ID root. To use mail.local
5363 as local delivery agent without LMTP mode, use
5364 MODIFY_MAILER_FLAGS(`LOCAL', `+S')
5366 MAIL.LOCAL: Do not reject addresses which would otherwise be
5367 accepted by sendmail. Suggested by Neil Rickert of
5368 Northern Illinois University.
5369 MAIL.LOCAL: New -7 option which causes LMTP mode not to advertise
5370 8BITMIME in the LHLO response. Suggested by Kari Hurtta of
5371 the Finnish Meteorological Institute.
5372 MAIL.LOCAL: Add support for the maillock() routines by defining
5373 MAILLOCK when compiling. Also requires linking with
5374 -lmail. Patch from Neil Rickert of Northern Illinois
5376 MAIL.LOCAL: Create a Content-Length: header if CONTENTLENGTH is
5377 defined when compiling. Automatically set for Solaris 2.3
5378 and later. Patch from Neil Rickert of Northern Illinois
5380 MAIL.LOCAL: Move the initialization of the 'notifybiff' address
5381 structure to the beginning of the program. This ensures that
5382 the getservbyname() is done before any seteuid to a possibly
5383 unauthenticated user. If you are using NIS+ and secure RPC
5384 on a Solaris system, this avoids syslog messages such as,
5385 "authdes_refresh: keyserv(1m) is unable to encrypt session
5386 key." Patch from Neil Rickert of Northern Illinois
5388 MAIL.LOCAL: Support group writable mail spool files when MAILGID is
5389 set to the gid to use (-DMAILGID=6) when compiling.
5390 Patch from Neil Rickert of Northern Illinois University.
5391 MAIL.LOCAL: When a mail message included lines longer than 2046
5392 characters (in LMTP mode), mail.local split the incoming
5393 line up into 2046-character output lines (excluding the
5394 newline). If an input line was 2047 characters long
5395 (excluding CR-LF) and the last character was a '.',
5396 mail.local saw it as the end of input, transferred it to the
5397 user mailbox and tried to write an `ok' back to sendmail.
5398 If the message was much longer, both sendmail and
5399 mail.local would deadlock waiting for each other to read
5400 what they have written. Problem noted by Peter Jeremy of
5401 Alcatel Australia Limited.
5402 MAIL.LOCAL: New option -b to return a permanent error instead of a
5403 temporary error if a mailbox exceeds quota. Suggested by
5404 Neil Rickert of Northern Illinois University.
5405 MAIL.LOCAL: The creation of a lockfile is subject to a global
5406 timeout to avoid starvation.
5407 MAIL.LOCAL: Properly parse addresses with multiple quoted
5408 local-parts. Problem noted by Ronald F. Guilmette of
5409 Infinite Monkeys & Co.
5410 MAIL.LOCAL: NCR MP/RAS 3.X portability from Tom J. Moore of NCR.
5411 MAILSTATS: New -p option to invoke program mode in which stats are
5412 printed in a machine readable fashion and the stats file
5413 is reset. Patch from Kevin Hildebrand of the University
5415 MAKEMAP: If running as root, automatically change the ownership of
5416 generated maps to the TrustedUser as specified in the
5417 sendmail configuration file.
5418 MAKEMAP: New -C option to accept an alternate sendmail
5419 configuration file to use for finding the TrustedUser
5421 MAKEMAP: New -u option to dump (unmap) a database. Based on
5422 code contributed by Roy Mongiovi of Georgia Tech.
5423 MAKEMAP: New -e option to allow empty values. Suggested by Philip
5424 A. Prindeville of Enteka Enterprise Technology Services.
5425 MAKEMAP: Compile cleanly on 64-bit operating systems. Problem
5426 noted by Gerald Rinske of Siemens Business Services.
5427 OP.ME: Correctly document interaction between F=S and U= mailer
5428 equates. Problem noted by Bob Halley of Internet Engines.
5429 OP.ME: Fixup Timeout documentation. From Graeme Hewson of Oracle
5431 OP.ME: The Timeout [r] option was incorrectly listed as "safe"
5432 (e.g., sendmail would not drop root privileges if the
5433 option was specified on the command line). Problem noted
5434 by Todd C. Miller of Courtesan Consulting.
5435 PRALIASES: Handle the hash and btree map specifications for
5436 Berkeley DB. Patch from Brian J. Coan of the
5437 Institute for Global Communications.
5438 PRALIASES: Read the sendmail.cf file for the location(s) of the
5439 alias file(s) if the -f option is not used. Patch from
5440 John Beck of Sun Microsystems.
5441 PRALIASES: New -C option to specify an alternate sendmail
5442 configuration file to use for finding alias file(s). Patch
5443 from John Beck of Sun Microsystems.
5444 SMRSH: allow shell commands echo, exec, and exit. Allow command
5445 lists using || and &&. Based on patch from Brian J. Coan
5446 of the Institute for Global Communications.
5447 SMRSH: Update README for the new Build system. From Tim Pierce
5448 of RootsWeb Genealogical Data Cooperative.
5449 VACATION: Added vacation auto-responder to sendmail distribution.
5450 LIBSMDB: Added abstracted database library. Works with Berkeley
5451 DB 1.85, Berkeley DB 2.X, Berkeley DB 3.X, and NDBM.
5453 The Build script in the various program subdirectories are
5454 no longer symbolic links. They are now scripts
5455 which execute the actual Build script in
5457 All the manual pages are now written against -man and not
5458 -mandoc as they were previously.
5459 Add a simple Makefile to every directory so make instead
5460 of Build will work (unless parameters are
5461 required for Build).
5469 Renamed Directories:
5470 BuildTools => devtools
5474 devtools/OS/Linux.ppc
5475 devtools/OS/ReliantUNIX
5481 cf/cf/generic-linux.cf
5482 cf/cf/generic-linux.mc
5483 cf/feature/delay_checks.m4
5485 cf/feature/generics_entire_domain.m4
5486 cf/feature/no_default_msa.m4
5487 cf/feature/relay_mail_from.m4
5488 cf/feature/virtuser_entire_domain.m4
5492 cf/ostype/openbsd.m4
5493 contrib/bounce-resender.pl
5494 contrib/domainmap.m4
5497 devtools/M4/depend/AIX.m4
5499 devtools/M4/string.m4
5500 devtools/M4/subst_ext.m4
5501 devtools/M4/switch.m4
5504 devtools/OS/SINIX.5.43
5505 devtools/OS/SINIX.5.44
5507 devtools/bin/find_in_path.sh
5515 sendmail/bf_portable.c
5516 sendmail/bf_portable.h
5519 sendmail/shmticklib.c
5520 sendmail/statusd_shm.h
5526 cf/ostype/gnuhurd.m4 => cf/ostype/gnu.m4
5527 sendmail/cdefs.h => include/sendmail/cdefs.h
5528 sendmail/sendmail.hf => sendmail/helpfile
5529 sendmail/mailstats.h => include/sendmail/mailstats.h
5530 sendmail/pathnames.h => include/sendmail/pathnames.h
5531 sendmail/safefile.c => libsmutil/safefile.c
5532 sendmail/snprintf.c => libsmutil/snprintf.c
5533 sendmail/useful.h => include/sendmail/useful.h
5534 cf/ostype/solaris2.m4 => cf/ostype/solaris2.pre5.m4
5536 cf/ostype/solaris2.ml.m4 => cf/ostype/solaris2.m4
5538 8.9.3/8.9.3 1999/02/04
5539 SECURITY: Limit message headers to a maximum of 32K bytes (total
5540 of all headers in a single message) to prevent a denial of
5541 service attack. This limit will be configurable in 8.10.
5542 Problem noted by Michal Zalewski of the "Internet for
5543 Schools" project (IdS).
5544 Prevent segmentation fault on an LDAP lookup if the LDAP map
5545 was closed due to an earlier failure. Problem noted by
5546 Jeff Wasilko of smoe.org. Fix from Booker Bense of
5547 Stanford University and Per Hedeland of Ericsson.
5548 Preserve the order of the MIME headers in multipart messages
5549 when performing the MIME header length check. This
5550 will allow PGP signatures to function properly. Problem
5551 noted by Lars Hecking of University College, Cork, Ireland.
5552 If ruleset 5 rewrote the local address to an :include: directive,
5553 the delivery would fail with an "aliasing/forwarding loop
5554 broken" error. Problem noted by Eric C Hagberg of Morgan
5555 Stanley. Fix from Per Hedeland of Ericsson.
5556 Allow -T to work for bestmx maps. Fix from Aaron Schrab of
5557 ExecPC Internet Systems.
5558 During the transfer of a message in an SMTP transaction, if a
5559 TCP timeout occurs, the message would be properly queued
5560 for later retry but the failure would be logged as
5561 "Illegal Seek" instead of a timeout. Problem noted by
5562 Piotr Kucharski of the Warsaw School of Economics (SGH)
5563 and Carles Xavier Munyoz Baldo of CTV Internet.
5564 Prevent multiple deliveries on a self-referencing alias if the
5565 F=w mailer flag is not set. Problem noted by Murray S.
5566 Kucherawy of Concentric Network Corporation and Per
5567 Hedeland of Ericsson.
5568 Do not strip empty headers but if there is no value and a
5569 default is defined in sendmail.cf, use the default.
5570 Problem noted by Philip Guenther of Gustavus Adolphus
5571 College and Christopher McCrory of Netus, Inc.
5572 Don't inherit information about the sender (notably the full name)
5573 in SMTP (-bs) mode, since this might be called from inetd.
5574 Accept any 3xx reply code in response to DATA command instead of
5575 requiring 354. This change will match the wording to be
5576 published in the updated SMTP specification from the DRUMS
5579 AIX 4.2.0 or 4.2.1 may become updated by the fileset
5580 bos.rte.net level 4.2.0.2. This introduces the
5581 softlink /usr/lib/libbind.a which should
5582 not be used. It conflicts with the resolver
5583 built into libc.a. "bind" has been removed
5584 from the confLIBSEARCH BuildTools variable.
5585 Users who have installed BIND 8.X will have
5586 to add it back in their site.config.m4 file.
5587 Problem noted by Ole Holm Nielsen of the
5588 Technical University of Denmark.
5589 CRAY TS 10.0.x from Sven Nielsen of San Diego
5590 Supercomputer Center.
5591 Improved LDAP version 3 integration based on input
5592 from Kurt D. Zeilenga of the OpenLDAP Foundation,
5593 John Beck of Sun Microsystems, and Booker Bense
5594 of Stanford University.
5595 Linux doesn't have a standard way to get the timezone
5596 between different releases. Back out the
5597 change in 8.9.2 and don't attempt to derive
5598 a timezone. Problem reported by Igor S. Livshits
5599 of the University of Illinois at Urbana-Champaign
5600 and Michael Dickens of Tetranet Communications.
5601 Reliant UNIX, the new name for SINIX, from Gert-Jan Looy
5603 SunOS 5.8 from John Beck of Sun Microsystems.
5604 CONFIG: SCO UnixWare 2.1 and 7.0 need TZ to get the proper
5605 timezone. Problem noted by Petr Lampa of Technical
5607 CONFIG: Handle <@bestmx-host:user@otherhost> addressing properly
5608 when using FEATURE(bestmx_is_local). Patch from Neil W.
5609 Rickert of Northern Illinois University.
5610 CONFIG: Properly handle source routed and %-hack addresses on
5611 hosts which the mailertable remaps to local:. Patch from
5612 Neil W. Rickert of Northern Illinois University.
5613 CONFIG: Internal fixup of mailertable local: map value. Patch from
5614 Larry Parmelee of Cornell University.
5615 CONFIG: Only add back +detail from host portion of mailer triplet
5616 on local mailer triplets if it was originally +detail.
5617 Patch from Neil W. Rickert of Northern Illinois University.
5618 CONFIG: The bestmx_is_local checking done in check_rcpt would
5619 cause later checks to fail. Patch from Paul J Murphy of
5622 BuildTools/OS/CRAYTS.10.0.x
5623 BuildTools/OS/ReliantUNIX
5624 BuildTools/OS/SunOS.5.8
5626 8.9.2/8.9.2 1998/12/30
5627 SECURITY: Remove five second sleep on accepting daemon connections
5628 due to an accept() failure. This sleep could be used
5629 for a denial of service attack.
5630 Do not silently ignore queue files with names which are too long.
5631 Patch from Bryan Costales of InfoBeat, Inc.
5632 Do not store failures closing an SMTP session in persistent
5633 host status. Reported by Graeme Hewson of Oracle
5635 Allow symbolic link forward files if they are in safe directories.
5636 Problem noted by Andreas Schott of the Max Planck Society.
5637 Missing columns in a text map could cause a segmentation fault.
5638 Fix from David Lee of the University of Durham.
5639 Note that for 8.9.X, PrivacyOptions=goaway also includes the
5640 noetrn flag. This is scheduled to change in a future
5641 version of sendmail. Problem noted by Theo Van Dinter of
5642 Chrysalis Symbolic Designa and Alan Brown of Manawatu
5644 When trying to do host canonification in a Wildcard MX
5645 environment, try an MX lookup of the hostname without the
5646 default domain appended. Problem noted by Olaf Seibert of
5647 Polderland Language & Speech Technology.
5648 Reject SMTP RCPT To: commands with only comments (i.e.
5649 'RCPT TO: (comment)'. Problem noted by Earle Ake of
5650 Hassler Communication Systems Technology, Inc.
5651 Handle any number of %s in the LDAP filter spec. Patch from
5652 Per Hedeland of Ericsson.
5653 Clear ldapx open timeouts even if the map open failed to prevent
5654 a segmentation fault. Patch from Wayne Knowles of the
5655 National Institute of Water & Atmospheric Research Ltd.
5656 Do not syslog envelope clone messages when using address
5657 verification (-bv). Problem noted by Kari Hurtta of the
5658 Finnish Meteorological Institute.
5659 Continue to perform queue runs while in daemon mode even if the
5660 daemon is rejecting connections due to a disk full
5661 condition. Problem noted by JR Oldroyd of TerraNet
5663 Include full filename on installation of the sendmail.hf file
5664 in case the $HFDIR directory does not exist. Problem
5665 noted by Josef Svitak of Montana State University.
5666 Close all maps when exiting the process with one exception.
5667 Berkeley DB can use internal shared memory locking for
5668 its memory pool. Closing a map opened by another process
5669 will interfere with the shared memory and locks of the
5670 parent process leaving things in a bad state. For
5671 Berkeley DB, only close the map if the current process
5672 is also the one that opened the map, otherwise only close
5673 the map file descriptor. Thanks to Yoseff Francus of
5674 Collective Technologies for volunteering his system for
5676 Avoid null pointer dereference on XDEBUG output for SMTP reply
5677 failures. Problem noted by Carlos Canau of EUnet Portugal.
5678 On mailq and hoststat listings being piped to another program, such
5679 as more, if the pipe closes (i.e., the user quits more),
5680 stop sending output and exit. Patch from Allan E Johannesen
5681 of Worcester Polytechnic Institute.
5682 In accordance with the documentation, LDAP map lookup failures
5683 are now considered temporary failures instead of permanent
5684 failures unless the -t flag is used in the map definition.
5685 Problem noted by Booker Bense of Stanford University and
5686 Eric C. Hagberg of Morgan Stanley.
5687 Fix by one error reporting on long alias names. Problem noted by
5688 H. Paul Hammann of the Missouri Research and Education
5690 Fix DontBlameSendmail=IncludeFileInUnsafeDirPath behavior. Problem
5691 noted by Barry S. Finkel of Argonne National Laboratory.
5692 When automatically converting from 8 bit to quoted printable MIME,
5693 be careful not to miss a multi-part boundary if that
5694 boundary is preceded by a boundary-like line. Problem
5695 noted by Andreas Raschle of Ansid Inc. Fix from
5696 Kari Hurtta of the Finnish Meteorological Institute.
5697 Avoid bogus reporting of "LMTP tobuf overflow" when the buffer
5698 has enough space for the additional address. Problem
5699 noted by Steve Cliffe of the University of Wollongong.
5700 Fix DontBlameSendmail=FileDeliveryToSymlink behavior. Problem
5701 noted by Alex Vorobiev of Swarthmore College.
5702 If the check_compat ruleset resolves to the $#discard mailer,
5703 discard the current recipient. Unlike check_relay,
5704 check_mail, and check_rcpt, the entire envelope is not
5705 discarded. Problem noted by RZ D. Rahlfs. Fix from
5706 Claus Assmann of Christian-Albrechts-University of Kiel.
5707 Avoid segmentation fault when reading ServiceSwitchFile files with
5708 bogus formatting. Patch from Kari Hurtta of the Finnish
5709 Meteorological Institute.
5710 Support Berkeley DB 2.6.4 API change.
5711 OP.ME: Pages weren't properly output on duplexed printers. Fix
5712 from Matthew Black of CSU Long Beach.
5714 Apple Rhapsody from Wilfredo Sanchez of Apple Computer, Inc.
5715 Avoid a clash with IRIX 6.2 getopt.h and the UserDatabase
5716 option structure. Problem noted by Ashley M.
5717 Kirchner of Photo Craft Laboratories, Inc.
5718 Break out IP address to hostname translation for
5719 reading network interface addresses into
5720 class 'w'. Patch from John Kennedy of
5721 Cal State University, Chico.
5722 AIX 4.x use -qstrict with -O3 to prevent the optimized
5723 from changing the semantics of the compiled
5724 program. From Simon Travaglia of the
5725 University of Waikato, New Zealand.
5726 FreeBSD 2.2.2 and later support setusercontext(). From
5727 Peter Wemm of DIALix.
5728 FreeBSD 3.x fix from Peter Wemm of DIALix.
5729 IRIX 5.x has a syslog buffer size of 512 bytes. From
5730 Nao NINOMIYA of Utsunomiya University.
5731 IRIX 6.5 64-bit Build support.
5732 LDAP Version 3 support from John Beck and Ravi Iyer
5733 of Sun Microsystems.
5734 Linux does not implement seteuid() properly. From
5735 John Kennedy of Cal State University, Chico.
5736 Linux timezone type was set improperly. From Takeshi Itoh
5738 NCR MP-RAS 3.x needs -lresolv for confLIBS. From
5739 Tom J. Moore of NCR.
5740 NeXT 4.x correction to man page path. From J. P. McCann
5742 System V Rel 5.x (a.k.a UnixWare7 w/o BSD-Compatibility Libs)
5743 from Paul Gampe of the Asia Pacific Network
5745 ULTRIX now requires an optimization limit of 970 from
5746 Allan E Johannesen of Worcester Polytechnic
5748 Fix extern declaration for sm_dopr(). Fix from Henk
5749 van Oers of Algemeen Nederlands Persbureau.
5750 CONFIG: Catch @hostname,user@anotherhost.domain as relaying.
5751 Problem noted by Mark Rogov of AirMedia, Inc. Fix from
5752 Claus Assmann of Christian-Albrechts-University of Kiel.
5753 CONFIG: Do not refer to http://maps.vix.com/ on RBL rejections as
5754 there are multiple RBL's available and the MAPS RBL may
5755 not be the one in use. Suggested by Alan Brown of
5756 Manawatu Internet Services.
5757 CONFIG: Properly strip route addresses (i.e., @host1:user@host2)
5758 when stripping down a recipient address to check for
5759 relaying. Patch from Claus Assmann of
5760 Christian-Albrechts-University of Kiel and Neil W Rickert
5761 of Northern Illinois University.
5762 CONFIG: Allow the access database to override RBL lookups. Patch
5763 from Claus Assmann of Christian-Albrechts-University of
5765 CONFIG: UnixWare 7 support from Phillip P. Porch of The Porch
5767 CONFIG: Fixed check for deferred delivery mode warning. Patch
5768 from Claus Assmann of Christian-Albrechts-University of
5769 Kiel and Per Hedeland of Ericsson.
5770 CONFIG: If a recipient using % addressing is used, e.g.
5771 user%site@othersite, and othersite's MX records are now
5772 checked for local hosts if FEATURE(relay_based_on_MX) is
5773 used. Problem noted by Alexander Litvin of Lucky Net Ltd.
5774 Patch from Alexander Litvin of Lucky Net Ltd and
5775 Claus Assmann of Christian-Albrechts-University of Kiel.
5776 MAIL.LOCAL: Prevent warning messages from appearing in the LMTP
5777 stream. Do not allow more than one response per recipient.
5778 MAIL.LOCAL: Handle routed addresses properly when using LMTP. Fix
5779 from John Beck of Sun Microsystems.
5780 MAIL.LOCAL: Properly check for CRLF when using LMTP. Fix from
5781 John Beck of Sun Microsystems.
5782 MAIL.LOCAL: Substitute MAILER-DAEMON for the LMTP empty sender in
5783 the envelope From header.
5784 MAIL.LOCAL: Accept underscores in hostnames in LMTP mode.
5785 Problem noted by Glenn A. Malling of Syracuse University.
5786 MAILSTATS: Document msgsrej and msgsdis fields in the man page.
5787 Problem noted by Richard Wong of Princeton University.
5788 MAKEMAP: Build group list so group writable files are allowed with
5789 the -s flag. Problem noted by Curt Sampson of Internet
5790 Portal Services, Inc.
5791 PRALIASES: Automatically handle alias files created without the
5792 NULL byte at the end of the key. Patch from John Beck of
5794 PRALIASES: Support Berkeley DB 2.6.4 API change.
5796 BuildTools/OS/IRIX64.6.5
5797 BuildTools/OS/UnixWare.5.i386
5798 cf/ostype/unixware7.m4
5799 contrib/smcontrol.pl
5802 8.9.1/8.9.1 1998/07/02
5803 If both an OS specific site configuration file and a generic
5804 site.config.m4 file existed, only the latter was used
5805 instead of both. Problem noted by Geir Johannessen of
5806 the Norwegian University of Science and Technology.
5807 Fix segmentation fault while converting 8 bit to 7 bit MIME
5808 multipart messages by trying to write to an unopened
5809 file descriptor. Fix from Kari Hurtta of the Finnish
5810 Meteorological Institute.
5811 Do not assume Message: and Text: headers indicate the end of
5812 the header area when parsing MIME headers. Problem noted
5813 by Kari Hurtta of the Finnish Meteorological Institute.
5814 Setting the confMAN#SRC Build variable would only effect the
5815 installation commands. The man pages would still be
5816 built with .0 extensions. Problem noted by Bryan
5817 Costales of InfoBeat, Inc.
5818 Installation of manual pages didn't honor the DESTDIR environment
5819 variable. Problem noted by Bryan Costales of InfoBeat, Inc.
5820 If the check_relay ruleset resolved to the discard mailer, messages
5821 were still delivered. Problem noted by Mirek Luc of NASK.
5822 Mail delivery to files would fail with an Operating System Error
5823 if sendmail was not running as root, i.e., RunAsUser was set.
5824 Problem noted by Leonard N. Zubkoff of Dandelion Digital.
5825 Prevent MinQueueAge from interfering from queued items created
5826 in the future, i.e., if the system clock was set ahead
5827 and then back. Problem noted by Michael Miller of the
5828 University of Natal, Pietermaritzburg.
5829 Do not advertise ETRN support in ESTMP EHLO reply if noetrn is
5830 set in the PrivacyOptions option. Fix from Ted Rule of
5832 Log invalid persistent host status file lines instead of
5833 bouncing the message. Problem noted by David Lindes of
5834 DaveLtd Enterprises.
5835 Move creation of empty sendmail.st file from installation to
5836 compilation. Installation may be done from a read-only
5837 mount. Fix from Bryan Costales of InfoBeat, Inc. and Ric
5838 Anderson of the Oasis Research Center, Inc.
5839 Enforce the maximum number of User Database entries limit. Problem
5840 noted by Gary Buchanan of Credence Systems Inc.
5841 Allow dead.letter files in root's home directory. Problem noted
5842 by Anna Ullman of Sun Microsystems.
5843 Program deliveries in forward files could be marked unsafe if
5844 any directory listed in the ForwardPath option did not
5845 exist. Problem noted by Jorg Bielak of Coastal Web Online.
5846 Do not trust the length of the address structure returned by
5847 gethostbyname(). Problem noted by Chris Evans of Oxford
5849 If the SIZE= MAIL From: ESMTP parameter is too large, use the
5850 5.3.4 DSN status code instead of 5.2.2. Similarly, for
5851 non-local deliveries, if the message is larger than the
5852 mailer maximum message size, use 5.3.4 instead of 5.2.3.
5853 Suggested by Antony Bowesman of
5854 Fujitsu/TeaWARE Mail/MIME System.
5856 Fix the check for an IP address reverse lookup for
5857 use in $&{client_name} on 64 bit platforms.
5858 From Gilles Gallot of Institut for Development
5859 and Resources in Intensive Scientific computing.
5860 BSD-OS uses .0 for man page extensions. From Jeff Polk
5862 DomainOS detection for Build. Also, version 10.4 and later
5863 ship a unistd.h. Fixes from Takanobu Ishimura of
5865 NeXT 4.x uses /usr/lib/man/cat for its man pages. From
5866 J. P. McCann of E I A.
5867 SCO 4.X and 5.X include NDBM support. From Vlado Potisk
5869 CONFIG: Do not pass spoofed PTR results through resolver for
5870 qualification. Problem noted by Michiel Boland of
5871 Digital Valley Internet Professionals; fix from
5872 Kari Hurtta of the Finnish Meteorological Institute.
5873 CONFIG: Do not try to resolve non-DNS hostnames such as UUCP,
5874 BITNET, and DECNET addresses for resolvable senders.
5875 Problem noted by Alexander Litvin of Lucky Net Ltd.
5876 CONFIG: Work around Sun's broken configuration which sends bounce
5877 messages as coming from @@hostname instead of <>. LMTP
5878 would not accept @@hostname.
5879 OP.ME: Corrections to complex sendmail startup script from Rick
5880 Troxel of the National Institutes of Health.
5881 RMAIL: Do not install rmail by default, require 'make force-install'
5882 as this rmail isn't the same as others. Suggested by
5883 Kari Hurtta of the Finnish Meteorological Institute.
5885 BuildTools/OS/DomainOS.10.4
5887 8.9.0/8.9.0 1998/05/19
5888 SECURITY: To prevent users from reading files not normally
5889 readable, sendmail will no longer open forward, :include:,
5890 class, ErrorHeader, or HelpFile files located in unsafe
5891 (i.e., group or world writable) directory paths. Sites
5892 which need the ability to override security can use the
5893 DontBlameSendmail option. See the README file for more
5895 SECURITY: Problems can occur on poorly managed systems, specifically,
5896 if maps or alias files are in world writable directories.
5897 This fixes the change added to 8.8.6 to prevent links in these
5898 world writable directories.
5899 SECURITY: Make sure ServiceSwitchFile option file is not a link if
5900 it is in a world writable directory.
5901 SECURITY: Never pass a tty to a mailer -- if a mailer can get at the
5902 tty it may be able to push bytes back to the senders input.
5903 Unfortunately this breaks -v mode. Problem noted by
5904 Wietse Venema of the Global Security Analysis Lab at
5905 IBM T.J. Watson Research.
5906 SECURITY: Empty group list if DontInitGroups is set to true to
5907 prevent program deliveries from picking up extra group
5908 privileges. Problem reported by Wolfgang Ley of DFN-CERT.
5909 SECURITY: The default value for DefaultUser is now set to the uid and
5910 gid of the first existing user mailnull, sendmail, or daemon
5911 that has a non-zero uid. If none of these exist, sendmail
5912 reverts back to the old behavior of using uid 1 and gid 1.
5913 This is a security problem for Linux which has chosen that
5914 uid and gid for user bin instead of daemon. If DefaultUser
5915 is set in the configuration file, that value overrides this
5917 SECURITY: Since 8.8.7, the check for non-set-user-ID binaries
5918 interfered with setting an alternate group id for the
5919 RunAsUser option. Problem noted by Randall Winchester of
5920 the University of Maryland.
5921 Add support for Berkeley DB 2.X. Based on patch from John Kennedy
5922 of Cal State University, Chico.
5923 Remove support for OLD_NEWDB (pre-1.5 version of Berkeley DB). Users
5924 which previously defined OLD_NEWDB=1 must now upgrade to the
5925 current version of Berkeley DB.
5926 Added support for regular expressions using the new map class regex.
5927 From Jan Krueger of Unix-AG of University of Hannover.
5928 Support for BIND 8.1.1's hesiod for hesiod maps and hesiod
5929 UserDatabases from Randall Winchester of the University
5931 Allow any shell for user shell on program deliveries on V1
5932 configurations for backwards compatibility on machines which
5933 do not have getusershell(). Fix from John Beck of Sun
5935 On operating systems which change the process title by reusing the
5936 argument vector memory, sendmail could corrupt memory if the
5937 last argument was either "-q" or "-d". Problem noted by
5938 Frank Langbein of the University of Stuttgart.
5939 Support Local Mail Transfer Protocol (LMTP) between sendmail and
5940 mail.local on the F=z flag.
5941 Macro-expand the contents of the ErrMsgFile. Previously this was
5942 only done if you had magic characters (0x81) to indicate
5943 macro expansion. Now $x will be expanded. This means that
5944 real dollar signs have to be backslash escaped.
5945 TCP Wrappers expects "unknown" in the hostname argument if the
5946 reverse DNS lookup for the incoming connection fails.
5947 Problem noted by Randy Grimshaw of Syracuse University and
5948 Wietse Venema of the Global Security Analysis Lab at
5949 IBM T.J. Watson Research.
5950 DSN success bounces generated from an invocation of sendmail -t
5951 would be sent to both the sender and MAILER-DAEMON.
5952 Problem noted by Claus Assmann of
5953 Christian-Albrechts-University of Kiel.
5954 Avoid "Error 0" messages on delivery mailers which exit with a
5955 valid exit value such as EX_NOPERM. Fix from Andreas Luik
5956 of ISA Informationssysteme GmbH.
5957 Tokenize $&x expansions on right hand side of rules. This eliminates
5958 the need to use tricks like $(dequote "" $&{client_name} $)
5959 to cause the ${client_name} macro to be properly tokenized.
5960 Add the MaxRecipientsPerMessage option: this limits the number of
5961 recipients that will be accepted in a single SMTP
5962 transaction. After this number is reached, sendmail
5963 starts returning "452 Too many recipients" to all RCPT
5964 commands. This can be used to limit the number of recipients
5965 per envelope (in particular, to discourage use of the server
5966 for spamming). Note: a better approach is to restrict
5968 Fixed pointer initialization for LDAP lmap struct, fixed -s option
5969 to ldapx map and added timeout for ldap_open call to
5970 avoid hanging sendmail in the event of hung LDAP servers.
5971 Patch from Booker Bense of Stanford University.
5972 Allow multiple -qI, -qR, or -qS queue run limiters. For example,
5973 '-qRfoo -qRbar' would deliver mail to recipients with foo or
5974 bar in their address. Patch from Allan E Johannesen of
5975 Worcester Polytechnic Institute.
5976 The bestmx map will now return a list of the MX servers for a host if
5977 passed a column delimiter via the -z map flag. This can be
5978 used to check if the server is an MX server for the recipient
5979 of a message. This can be used to help prevent relaying.
5980 Patch from Mitchell Blank Jr of Exec-PC.
5981 Mark failures for the *file* mailer and return bounce messages to the
5982 sender for those failures.
5983 Prevent bogus syslog timestamps on errors in sendmail.cf by
5984 preserving the TZ environment variable until TimeZoneSpec
5985 has been determined. Problem noted by Ralf Hildebrandt of
5986 Technical University of Braunschweig. Patch from Per Hedeland
5988 Print test input in address test mode when input is not from the tty
5989 when the -v flag is given (i.e., sendmail -bt -v) to make
5990 output easier to decipher. Problem noted by Aidan Nichol
5991 of Procter & Gamble.
5992 The LDAP map -s flag was not properly parsed and the error message
5993 given included the remainder of the arguments instead of
5994 solely the argument in error. Problem noted by Aidan Nichol
5995 of Procter & Gamble.
5996 New DontBlameSendmail option. This option allows administrators to
5997 bypass some of sendmail's file security checks at the expense
5998 of system security. This should only be used if you are
5999 absolutely sure you know the consequences. The available
6000 DontBlameSendmail options are:
6003 ClassFileInUnsafeDirPath
6004 ErrorHeaderInUnsafeDirPath
6005 GroupWritableDirPathSafe
6006 GroupWritableForwardFileSafe
6007 GroupWritableIncludeFileSafe
6008 GroupWritableAliasFile
6009 HelpFileinUnsafeDirPath
6010 WorldWritableAliasFile
6011 ForwardFileInGroupWritableDirPath
6012 IncludeFileInGroupWritableDirPath
6013 ForwardFileInUnsafeDirPath
6014 IncludeFileInUnsafeDirPath
6015 ForwardFileInUnsafeDirPathSafe
6016 IncludeFileInUnsafeDirPathSafe
6018 LinkedAliasFileInWritableDir
6019 LinkedClassFileInWritableDir
6020 LinkedForwardFileInWritableDir
6021 LinkedIncludeFileInWritableDir
6022 LinkedMapInWritableDir
6023 LinkedServiceSwitchFileInWritableDir
6024 FileDeliveryToHardLink
6025 FileDeliveryToSymLink
6028 WriteStatsToHardLink
6030 RunProgramInUnsafeDirPath
6032 New DontProbeInterfaces option to turn off the inclusion of all the
6033 interface names in $=w on startup. In particular, if you
6034 have lots of virtual interfaces, this option will speed up
6035 startup. However, unless you make other arrangements, mail
6036 sent to those addresses will be bounced.
6037 Automatically create alias databases if they don't exist and
6038 AutoRebuildAliases is set.
6039 Add PrivacyOptions=noetrn flag to disable the SMTP ETRN command.
6040 Suggested by Christophe Wolfhugel of the Institut Pasteur.
6041 Add PrivacyOptions=noverb flag to disable the SMTP VERB command.
6042 When determining the client host name ($&{client_name} macro), do
6043 a forward (A) DNS lookup on the result of the PTR lookup
6044 and compare results. If they differ or if the PTR lookup
6045 fails, &{client_name} will contain the IP address
6046 surrounded by square brackets (e.g., [127.0.0.1]).
6047 New map flag: -Tx appends "x" to lookups that return temporary failure
6048 (i.e, it is like -ax for the temporary failure case, in
6049 contrast to the success case).
6050 New syntax to do limited checking of header syntax. A config line
6053 causes the indicated Ruleset to be invoked on the Header
6054 when read. This ruleset works like the check_* rulesets --
6055 that is, it can reject mail on the basis of the contents.
6056 Limit the size of the HELO/EHLO parameter to prevent spammers
6057 from hiding their connection information in Received:
6059 When SingleThreadDelivery is active, deliveries to locked hosts
6060 are skipped. This will cause the delivering process to
6061 try the next MX host or queue the message if no other MX
6062 hosts are available. Suggested by Alexander Litvin.
6063 The [FILE] mailer type now delivers to the file specified in the
6064 A= equate of the mailer definition instead of $u. It also
6065 obeys all of the F= mailer flags such as the MIME
6066 7/8 bit conversion flags. This is useful for defining
6067 a mailer which delivers to the same file regardless of the
6068 recipient (e.g., 'A=FILE /dev/null' to discard unwanted mail).
6069 Do not assume the identity of a remote connection is root@localhost
6070 if the remote connection closes the socket before the
6071 remote identity can be queried.
6072 Change semantics of the F=S mailer flag back to 8.7.5 behavior.
6073 Some mailers, including procmail, require that the real
6074 uid is left unchanged by sendmail. Problem noted by Per
6075 Hedeland of Ericsson.
6076 No longer is the src/obj*/Makefile selected from a large list -- it
6077 is now generated using the information in BuildTools/OS/ --
6078 some of the details are determined dynamically via
6079 BuildTools/bin/configure.sh.
6080 The other programs in the sendmail distribution -- mail.local,
6081 mailstats, makemap, praliases, rmail, and smrsh -- now use
6082 the new Build method which creates an operating system
6083 specific Makefile using the information in BuildTools.
6084 Make 4xx reply codes to the SMTP MAIL command be non-sticky (i.e.,
6085 a failure on one message won't affect future messages to the
6086 same host). This is necessary if the remote host sends
6087 a 451 error if the domain of the sender does not resolve
6088 as is common in anti-spam configurations. Problem noted
6089 by Mitchell Blank Jr of Exec-PC.
6090 New "discard" mailer for check_* rulesets and header checking
6091 rulesets. If one of the above rulesets resolves to the
6092 $#discard mailer, the commands will be accepted but the
6093 message will be completely discarded after it is accepting.
6094 This means that even if only one of the recipients
6095 resolves to the $#discard mailer, none of the recipients
6096 will receive the mail. Suggested by Brian Kantor.
6097 All but the last cloned envelope of a split envelope were queued
6098 instead of being delivered. Problem noted by John Caruso
6099 of CNET: The Computer Network.
6100 Fix deadlock situation in persistent host status file locking.
6101 Syslog an error if a user forward file could not be read due to
6102 an error. Patch from John Beck of Sun Microsystems.
6103 Use the first name returned on machine lookups when canonifying a
6104 hostname via NetInfo. Patch from Timm Wetzel of GWDG.
6105 Clear the $&{client_addr}, $&{client_name}, and $&{client_port}
6106 macros when delivering a bounce message to prevent
6107 rejection by a check_compat ruleset which uses these macros.
6108 Problem noted by Jens Hamisch of AgiX Internetservices GmbH.
6109 If the check_relay ruleset resolves to the the error mailer, the
6110 error in the $: portion of the resolved triplet is used
6111 in the rejection message given to the remote machine.
6112 Suggested by Scott Gifford of The Internet Ramp.
6113 Set the $&{client_addr}, $&{client_name}, and $&{client_port} macros
6114 before calling the check_relay ruleset. Suggested by Scott
6115 Gifford of The Internet Ramp.
6116 Sendmail would get a segmentation fault if a mailer exited with an
6117 exit code of 79. Problem noted by Aaron Schrab of ExecPC
6118 Internet. Fix from Christophe Wolfhugel of the Pasteur
6120 Separate snprintf/vsnprintf routines into separate file for use by
6122 Allow multiple map lookups on right hand side, e.g.,
6123 R$* $( host $1 $) $| $( passwd $1 $). Patch from
6124 Christophe Wolfhugel of the Pasteur Institute.
6125 Properly generate success DSN messages if requested for aliases
6126 which have owner- aliases. Problem noted by Kari Hurtta
6127 of the Finnish Meteorological Institute.
6128 Properly display delayed-expansion macros ($&{macroname}) in
6129 address test mode (-bt). Problem noted by Bryan Costales
6131 -qR could sometimes match names incorrectly. Problem noted by
6132 Lutz Euler of Lavielle EDV Systemberatung GmbH & Co.
6133 Include a magic number and version in the StatusFile for the
6135 Record the number of rejected and discarded messages in the
6136 StatusFile for display by the mailstats command. Patch
6137 from Randall Winchester of the University of Maryland.
6138 IDENT returns where the OSTYPE field equals "OTHER" now list the
6139 user portion as IDENT:username@site instead of
6140 username@site to differentiate the two. Suggested by
6141 Kari Hurtta of the Finnish Meteorological Institute.
6142 Enforce timeout for LDAP queries. Patch from Per Hedeland of
6144 Change persistent host status filename substitution so '/' is
6145 replaced by ':' instead of '|' to avoid clashes. Also
6146 avoid clashes with hostnames with leading dots. Fix from
6147 Mitchell Blank Jr. of Exec-PC.
6148 If the system lock table is full, only attempt to create a new
6149 queue entry five times before giving up. Previously, it
6150 was attempted indefinitely which could cause the partition
6151 to run out of inodes. Problem noted by Suzie Weigand of
6152 Stratus Computer, Inc.
6153 In verbose mode, warn if the sendmail.cf version is less than the
6154 currently supported version.
6155 Sorting for QueueSortOrder=host is now case insensitive. Patch
6156 from Randall S. Winchester of the University of Maryland.
6157 Properly quote a full name passed via the -F command line option,
6158 the Full-Name: header, or the NAME environment variable if
6159 it contains characters which must be quoted. Problem noted
6160 by Kari Hurtta of the Finnish Meteorological Institute.
6161 Avoid possible race condition that unlocked a mail job before
6162 releasing the transcript file on systems that use flock(2).
6163 In some cases, this might result in a "Transcript Unavailable"
6164 message in error bounces.
6165 Accept SMTP replies which contain only a reply code and no
6166 accompanying text. Problem noted by Fernando Fraticelli of
6167 Digital Equipment Corporation.
6169 AIX 4.1 uses int for SOCKADDR_LEN_T from Motonori Nakamura
6170 of Kyoto University.
6171 AIX 4.2 requires <userpw.h> before <usersec.h>. Patch from
6172 Randall S. Winchester of the University of
6174 AIX 4.3 from Valdis Kletnieks of Virginia Tech CNS.
6175 CRAY T3E from Manu Mahonen of Center for Scientific Computing
6177 Digital UNIX now uses statvfs for determining free
6178 disk space. Patch from Randall S. Winchester of
6179 the University of Maryland.
6180 HP-UX 11.x from Richard Allen of Opin Kerfi HF and
6181 Regis McEwen of Progress Software Corporation.
6182 IRIX 64 bit fixes from Kari Hurtta of the Finnish
6183 Meteorological Institute.
6184 IRIX 6.2 configuration fix for mail.local from Michael Kyle
6185 of CIC/Advanced Computing Laboratory.
6186 IRIX 6.5 from Thomas H Jones II of SGI.
6187 IRIX 6.X load average code from Bob Mende of SGI.
6188 QNX from Glen McCready <glen@qnx.com>.
6189 SCO 4.2 and 5.x use /usr/bin instead of /usr/ucb for links
6190 to sendmail. Install with group bin instead of kmem
6191 as kmem does not exist. From Guillermo Freige of
6192 Gobernacion de la Pcia de Buenos Aires and Paul
6193 Fischer of BTG, Inc.
6194 SunOS 4.X does not include memmove(). Patch from
6195 Per Hedeland of Ericsson.
6196 SunOS 5.7 includes getloadavg() function for determining
6197 load average. Patch from John Beck of Sun
6199 CONFIG: Increment version number of config file.
6200 CONFIG: add DATABASE_MAP_TYPE to set the default type of database
6201 map for the various maps. The default is hash. Patch from
6202 Robert Harker of Harker Systems.
6203 CONFIG: new confEBINDIR m4 variable for defining the executable
6204 directory for certain programs.
6205 CONFIG: new FEATURE(local_lmtp) to use the new LMTP support for
6206 local mail delivery. By the default, /usr/libexec/mail.local
6207 is used. This is expected to be the mail.local shipped
6208 with 8.9 which is LMTP capable. The path is based on the
6209 new confEBINDIR m4 variable.
6210 CONFIG: Use confEBINDIR in determining path to smrsh for
6211 FEATURE(smrsh). Note that this changes the default from
6212 /usr/local/etc/smrsh to /usr/libexec/smrsh. To obtain the
6213 old path for smrsh, use FEATURE(smrsh, /usr/local/etc/smrsh).
6214 CONFIG: DOMAIN(generic) changes the default confFORWARD_PATH to
6215 include $z/.forward.$w+$h and $z/.forward+$h which allow
6216 the user to setup different .forward files for
6217 user+detail addressing.
6218 CONFIG: add confMAX_RCPTS_PER_MESSAGE, confDONT_PROBE_INTERFACES,
6219 and confDONT_BLAME_SENDMAIL to set MaxRecipientsPerMessage,
6220 DontProbeInterfaces, and DontBlameSendmail options.
6221 CONFIG: by default do not allow relaying (that is, accepting mail
6222 from outside your domain and sending it to another host
6223 outside your domain).
6224 CONFIG: new FEATURE(promiscuous_relay) to allow mail relaying from
6225 any site to any site.
6226 CONFIG: new FEATURE(relay_entire_domain) allows any host in your
6227 domain as defined by the 'm' class ($=m) to relay.
6228 CONFIG: new FEATURE(relay_based_on_MX) to allow relaying based on
6229 the MX records of the host portion of an incoming recipient.
6230 CONFIG: new FEATURE(access_db) which turns on the access database
6231 feature. This database gives you the ability to allow
6232 or refuse to accept mail from specified domains for
6233 administrative reasons. By default, names that are listed
6234 as "OK" in the access db are domain names, not host names.
6235 CONFIG: new confCR_FILE m4 variable for defining the name of the file
6236 used for class 'R'. Defaults to /etc/mail/relay-domains.
6237 CONFIG: new command RELAY_DOMAIN(domain) and RELAY_DOMAIN_FILE(file)
6238 to add items to class 'R' ($=R) for hosts allowed to relay.
6239 CONFIG: new FEATURE(relay_hosts_only) to change the behavior
6240 of FEATURE(access_db) and class 'R' to lookup individual
6242 CONFIG: new FEATURE(loose_relay_check). Normally, if a recipient
6243 using % addressing is used, e.g. user%site@othersite,
6244 and othersite is in class 'R', the check_rcpt ruleset
6245 will strip @othersite and recheck user@site for relaying.
6246 This feature changes that behavior. It should not be
6247 needed for most installations.
6248 CONFIG: new FEATURE(relay_local_from) to allow relaying if the
6249 domain portion of the mail sender is a local host. This
6250 should only be used if absolutely necessary as it opens
6251 a window for spammers. Patch from Randall S. Winchester of
6252 the University of Maryland.
6253 CONFIG: new FEATURE(blacklist_recipients) turns on the ability to
6254 block incoming mail destined for certain recipient
6255 usernames, hostnames, or addresses.
6256 CONFIG: By default, MAIL FROM: commands in the SMTP session will be
6257 refused if the host part of the argument to MAIL FROM: cannot
6258 be located in the host name service (e.g., DNS).
6259 CONFIG: new FEATURE(accept_unresolvable_domains) accepts
6260 unresolvable hostnames in MAIL FROM: SMTP commands.
6261 CONFIG: new FEATURE(accept_unqualified_senders) accepts
6262 MAIL FROM: senders which do not include a domain.
6263 CONFIG: new FEATURE(rbl) Turns on rejection of hosts found in the
6264 Realtime Blackhole List. You can specify the RBL name
6265 server to contact by specifying it as an optional argument.
6266 The default is rbl.maps.vix.com. For details, see
6267 http://maps.vix.com/rbl/.
6268 CONFIG: Call Local_check_relay, Local_check_mail, and
6269 Local_check_rcpt from check_relay, check_mail, and
6270 check_rcpt. Users with local rulesets should place the
6271 rules using LOCAL_RULESETS. If a Local_check_* ruleset
6272 returns $#OK, the message is accepted. If the ruleset
6273 returns a mailer, the appropriate action is taken, else
6274 the return of the ruleset is ignored.
6275 CONFIG: CYRUS_MAILER_FLAGS now includes the /:| mailer flags by
6276 default to support file, :include:, and program deliveries.
6277 CONFIG: Remove the default for confDEF_USER_ID so the binary can
6278 pick the proper default value. See the SECURITY note
6279 above for more information.
6280 CONFIG: FEATURE(nodns) now warns the user that the feature is a
6281 no-op. Patch from Kari Hurtta of the Finnish
6282 Meteorological Institute.
6283 CONFIG: OSTYPE(osf1) now sets DefaultUser (confDEF_USER_ID) to
6284 daemon since DEC's /bin/mail will drop the envelope
6285 sender if run as mailnull. See the Digital UNIX section
6286 of src/README for more information. Problem noted by
6287 Kari Hurtta of the Finnish Meteorological Institute.
6288 CONFIG: .cf files are now stored in the same directory with the
6289 .mc files instead of in the obj directory.
6290 CONFIG: New options confSINGLE_LINE_FROM_HEADER,
6291 confALLOW_BOGUS_HELO, and confMUST_QUOTE_CHARS for
6292 setting SingleLineFromHeader, AllowBogusHELO, and
6293 MustQuoteChars respectively.
6294 MAIL.LOCAL: support -l flag to run LMTP on stdin/stdout. This
6295 SMTP-like protocol allows detailed reporting of delivery
6296 status on a per-user basis. Code donated by John Myers of
6297 CMU (now of Netscape).
6298 MAIL.LOCAL: HP-UX support from Randall S. Winchester of the
6299 University of Maryland. NOTE: mail.local is not
6300 compatible with the stock HP-UX mail format. Be sure to
6301 read mail.local/README.
6302 MAIL.LOCAL: Prevent other mail delivery agents from stealing a
6303 mailbox lock. Patch from Randall S. Winchester of the
6304 University of Maryland.
6305 MAIL.LOCAL: glibc portability from John Kennedy of Cal State
6307 MAIL.LOCAL: IRIX portability from Kari Hurtta of the Finnish
6308 Meteorological Institute.
6309 MAILSTATS: Display the number of rejected and discarded messages
6310 in the StatusFile. Patch from Randall Winchester of the
6311 University of Maryland.
6312 MAKEMAP: New -s flag to ignore safety checks on database map files
6313 such as linked files in world writable directories.
6314 MAKEMAP: Add support for Berkeley DB 2.X. Remove OLD_NEWDB support.
6315 PRALIASES: Add support for Berkeley DB 2.X.
6316 PRALIASES: Do not automatically include NDBM support. Problem
6317 noted by Ralf Hildebrandt of the Technical University of
6319 RMAIL: Improve portability for other platforms. Patches from
6320 Randall S. Winchester of the University of Maryland and
6321 Kari Hurtta of the Finnish Meteorological Institute.
6323 src/Makefiles/Makefile.* files have been modified to use
6324 the new build mechanism and are now BuildTools/OS/*.
6325 src/makesendmail changed to symbolic link to src/Build.
6327 BuildTools/M4/header.m4
6328 BuildTools/M4/depend/BSD.m4
6329 BuildTools/M4/depend/CC-M.m4
6330 BuildTools/M4/depend/NCR.m4
6331 BuildTools/M4/depend/Solaris.m4
6332 BuildTools/M4/depend/X11.m4
6333 BuildTools/M4/depend/generic.m4
6334 BuildTools/OS/AIX.4.2
6335 BuildTools/OS/AIX.4.x
6336 BuildTools/OS/CRAYT3E.2.0.x
6337 BuildTools/OS/HP-UX.11.x
6338 BuildTools/OS/IRIX.6.5
6339 BuildTools/OS/NEXTSTEP.4.x
6340 BuildTools/OS/NeXT.4.x
6341 BuildTools/OS/NetBSD.8.3
6343 BuildTools/OS/SunOS.5.7
6344 BuildTools/OS/dcosx.1.x.NILE
6346 BuildTools/Site/README
6347 BuildTools/bin/Build
6348 BuildTools/bin/configure.sh
6349 BuildTools/bin/find_m4.sh
6350 BuildTools/bin/install.sh
6353 cf/cf/generic-hpux10.cf
6354 cf/feature/accept_unqualified_senders.m4
6355 cf/feature/accept_unresolvable_domains.m4
6356 cf/feature/access_db.m4
6357 cf/feature/blacklist_recipients.m4
6358 cf/feature/loose_relay_check.m4
6359 cf/feature/local_lmtp.m4
6360 cf/feature/promiscuous_relay.m4
6362 cf/feature/relay_based_on_MX.m4
6363 cf/feature/relay_entire_domain.m4
6364 cf/feature/relay_hosts_only.m4
6365 cf/feature/relay_local_from.m4
6367 contrib/doublebounce.pl
6369 mail.local/Makefile.m4
6372 mailstats/Makefile.m4
6376 praliases/Makefile.m4
6386 cf/cf/Makefile (replaced by Makefile.dist)
6388 mail.local/Makefile.dist
6390 mailstats/Makefile.dist
6392 makemap/Makefile.dist
6394 praliases/Makefile.dist
6399 src/Makefiles/Makefile.AIX.4 (split into AIX.4.x and AIX.4.2)
6400 src/Makefiles/Makefile.SMP_DC.OSx.NILE
6401 (renamed BuildTools/OS/dcosx.1.x.NILE)
6402 src/Makefiles/Makefile.Utah (obsolete platform)
6405 cf/cf/Makefile.dist => Makefile
6406 cf/cf/obj/* => cf/cf/*
6407 src/READ_ME => src/README
6409 8.8.8/8.8.8 1997/10/24
6410 If the check_relay ruleset failed, the relay= field was logged
6411 incorrectly. Problem noted by Kari Hurtta of the Finnish
6412 Meteorological Institute.
6413 If /usr/tmp/dead.letter already existed, sendmail could not
6414 add additional bounces to it. Problem noted by Thomas J.
6415 Arseneault of SRI International.
6416 If an SMTP mailer used a non-standard port number for the outgoing
6417 connection, it would be displayed incorrectly in verbose mode.
6418 Problem noted by John Kennedy of Cal State University, Chico.
6419 Log the ETRN parameter specified by the client before altering them
6420 to internal form. Suggested by Bob Kupiec of GES-Verio.
6421 EXPN and VRFY SMTP commands on malformed addresses were logging as
6422 User unknown with bogus delay= values. Change them to log
6423 the same as compliant addresses. Problem noted by Kari E.
6424 Hurtta of the Finnish Meteorological Institute.
6425 Ignore the debug resolver option unless using sendmail debug trace
6426 option for resolver. Problem noted by Greg Nichols of Wind
6428 If SingleThreadDelivery was enabled and the remote server returned a
6429 protocol error on the DATA command, the connection would be
6430 closed but the persistent host status file would not be
6431 unlocked so other sendmail processes could not deliver to
6432 that host. Problem noted by Peter Wemm of DIALix.
6433 If queueing up a message due to an expensive mailer, don't increment
6434 the number of delivery attempts or set the last delivery
6435 attempt time so the message will be delivered on the next
6436 queue run regardless of MinQueueAge. Problem noted by
6437 Brian J. Coan of the Institute for Global Communications.
6438 Authentication warnings of "Processed from queue _directory_" and
6439 "Processed by _username_ with -C _filename_" would be logged
6440 with the incorrect timestamp. Problem noted by Kari E. Hurtta
6441 of the Finnish Meteorological Institute.
6442 Use a better heuristic for detecting GDBM.
6443 Log null connections on dropped connections. Problem noted by
6444 Jon Lewis of Florida Digital Turnpike.
6445 If class dbm maps are rebuilt, sendmail will now detect this and
6446 reopen the map. Previously, they could give stale
6447 results during a single message processing (but would
6448 recover when the next message was received). Fix from
6449 Joe Pruett of Q7 Enterprises.
6450 Do not log failures such as "User unknown" on -bv or SMTP VRFY
6451 requests. Problem noted by Kari E. Hurtta of the
6452 Finnish Meteorological Institute.
6453 Do not send a bounce message back to the sender regarding bad
6454 recipients if the SMTP connection is dropped before the
6455 message is accepted. Problem noted by Kari E. Hurtta of the
6456 Finnish Meteorological Institute.
6457 Use "localhost" instead of "[UNIX: localhost]" when connecting to
6458 sendmail via a UNIX pipe. This will allow rulesets using
6459 $&{client_name} to process without sending the string through
6460 dequote. Problem noted by Alan Barrett of Internet Africa.
6461 A combination of deferred delivery mode, a double bounce situation,
6462 and the inability to save a bounce message to
6463 /var/tmp/dead.letter would cause sendmail to send a bounce
6464 to postmaster but not remove the offending envelope from the
6465 queue causing it to create a new bounce message each time the
6466 queue was run. Problem noted by Brad Doctor of Net Daemons
6468 Remove newlines from hostname information returned via DNS. There are
6469 no known security implications of newlines in hostnames as
6470 sendmail filters newlines in all vital areas; however, this
6471 could cause confusing error messages.
6472 Starting with sendmail 8.8.6, mail sent with the '-t' option would be
6473 rejected if any of the specified addresses were bad. This
6474 behavior was modified to only reject the bad addresses and not
6475 the entire message. Problem noted by Jozsef Hollosi of
6477 Use Timeout.fileopen when delivering mail to a file. Suggested by
6478 Bryan Costales of InfoBeat, Inc.
6479 Display the proper Final-Recipient on DSN messages for non-SMTP
6480 mailers. Problem noted by Kari E. Hurtta of the
6481 Finnish Meteorological Institute.
6482 An error in calculating the available space in the list of addresses
6483 for logging deliveries could cause an address to be silently
6485 Include the initial user environment if sendmail is restarted via
6486 a HUP signal. This will give room for the process title.
6487 Problem noted by Jon Lewis of Florida Digital Turnpike.
6488 Mail could be delivered without a body if the machine does not
6489 support flock locking and runs out of processes during
6490 delivery. Fix from Chuck Lever of the University of Michigan.
6491 Drop recipient address from 251 and 551 SMTP responses per RFC 821.
6492 Problem noted by Kari E. Hurtta of the Finnish Meteorological
6494 Make sure non-rebuildable database maps are opened before the
6495 rebuildable maps (i.e., alias files) in case the database maps
6496 are needed for verifying the left hand side of the aliases.
6497 Problem noted by Lloyd Parkes of Victoria University.
6498 Make sure sender RFC822 source route addresses are alias expanded for
6499 bounce messages. Problem noted by Juergen Georgi of
6500 RUS University of Stuttgart.
6502 Return a temporary error instead of a permanent error if an LDAP map
6503 search returns an error. This will allow sequenced maps which
6504 use other LDAP servers to be checked. Fix from Booker Bense
6505 of Stanford University.
6506 When automatically converting from quoted printable to 8bit text do
6507 not pad bare linefeeds with a space. Problem noted by Theo
6508 Nolte of the University of Technology Aachen, Germany.
6510 Non-standard C compilers may have had a problem compiling
6511 conf.c due to a standard C external declaration of
6512 setproctitle(). Problem noted by Ted Roberts of
6513 Electronic Data Systems.
6514 AUX: has a broken O_EXCL implementation. Reported by Jim
6515 Jagielski of jaguNET Access Services.
6516 BSD/OS: didn't compile if HASSETUSERCONTEXT was defined.
6517 Digital UNIX: Digital UNIX (and possibly others) moves
6518 loader environment variables into the loader memory
6519 area. If one of these environment variables (such as
6520 LD_LIBRARY_PATH) was the last environment variable,
6521 an invalid memory address would be used by the process
6522 title routine causing memory corruption. Problem
6523 noted by Sam Hartman of Mesa Internet Systems.
6524 GNU libc: uses an enum for _PC_CHOWN_RESTRICTED which caused
6525 chownsafe() to always return 0 even if the OS does
6526 not permit file giveaways. Problem noted by
6527 Yasutaka Sumi of The University of Tokyo.
6528 IRIX6: Syslog buffer size set to 512 bytes. Reported by
6529 Gerald Rinske of Siemens Business Services VAS.
6530 Linux: Pad process title with NULLs. Problem noted by
6531 Jon Lewis of Florida Digital Turnpike.
6532 SCO OpenServer 5.0: SIOCGIFCONF ioctl call returns an
6533 incorrect value for the number of interfaces.
6534 Problem noted by Chris Loelke of JetStream Internet
6536 SINIX: Update for Makefile and syslog buffer size from Gerald
6537 Rinske of Siemens Business Services VAS.
6538 Solaris: Make sure HASGETUSERSHELL setting for SunOS is not
6539 used on a Solaris machine. Problem noted by
6540 Stephen Ma of Jtec Pty Limited.
6541 CONFIG: SINIX: Update from Gerald Rinske of Siemens Business
6543 MAKEMAP: Use a better heuristic for detecting GDBM.
6544 CONTRIB: expn.pl: Updated version from the author, David Muir Sharnoff.
6545 OP.ME: Document the F=i mailer flag. Problem noted by Per Hedeland of
6548 8.8.7/8.8.7 1997/08/03
6549 If using Berkeley DB on systems without O_EXLOCK (open a file with
6550 an exclusive lock already set -- i.e., almost all systems
6551 except 4.4-BSD derived systems), the initial attempt at
6552 rebuilding aliases file if the database didn't already
6553 exist would fail. Patch from Raymund Will of LST Software
6555 Bogus incoming SMTP commands would reset the SMTP conversation.
6556 Problem noted by Fredrik Jönsson of the Royal Institute
6557 of Technology, Stockholm.
6558 Since TCP Wrappers includes setenv(), unsetenv(), and putenv(),
6559 some environments could give "multiple definitions" for these
6560 routines during compilation. If using TCP Wrappers, assume
6561 that these routines are included as though they were in the
6562 C library. Patch from Robert La Ferla.
6563 When a NEWDB database map was rebuilt at the same time it was being
6564 used by a queue run, the maps could be left locked for the
6565 duration of the queue run, causing other processes to hang.
6566 Problem noted by Kendall Libby of Shore.NET.
6567 In some cases, NoRecipientAction=add-bcc was being ignored, so the
6568 mail was passed on without any recipient header. This could
6569 cause problems downstream. Problem noted by Xander Jansen
6570 of SURFnet ExpertiseCentrum.
6571 Give error when GDBM is used with sendmail. GDBM's locking and
6572 linking of the .dir and .pag files interferes with sendmail's
6573 locking and security checks. Problems noted by Fyodor
6574 Yarochkin of the Kyrgyz Republic FreeNet.
6575 Don't fsync qf files if SuperSafe option is not set.
6576 Avoid extra calls to gethostbyname for addresses for which a
6577 gethostbyaddr found no value. Also, ignore any returns
6578 from gethostbyaddr that look like a dotted quad.
6579 If PTR lookup fails when looking up an SMTP peer, don't tag it as
6580 "may be forged", since at the network level we pretty much
6581 have to assume that the information is good.
6582 In some cases, errors during an SMTP session could leave files
6584 Better handling of missing file descriptors (0, 1, 2) on startup.
6585 Better handling of non-set-user-ID binaries -- avoids certain obnoxious
6586 errors during testing.
6587 Errors in file locking of NEWDB maps had the incorrect file name
6588 printed in the error message.
6589 If the AllowBogusHELO option were set and an EHLO with a bad or
6590 missing parameter were issued, the EHLO behaved like a HELO.
6591 Load limiting never kicked in for incoming SMTP transactions if the
6592 DeliveryMode=background and any recipient was an alias or
6593 had a .forward file. From Nik Conwell of Boston University.
6594 On some non-Posix systems, the decision of whether chown(2) permits
6595 file giveaway was undefined. From Tetsu Ushijima of the
6596 Tokyo Institute of Technology.
6597 Fix race condition that could cause the body of a message to be
6598 lost (so only the header was delivered). This only occurs
6599 on systems that do not use flock(2), and only when a queue
6600 runner runs during a critical section in another message
6601 delivery. Based on a patch from Steve Schweinhart of
6603 If a qf file was found in a mail queue directory that had a problem
6604 (wrong ownership, bad format, etc.) and the file name was
6605 exactly MAXQFNAME bytes long, then instead of being tried
6606 once, it would be tried on every queue run. Problem noted
6607 by Bryan Costales of Mercury Mail.
6608 If the system supports an st_gen field in the status structure,
6609 include it when reporting that a file has changed after open.
6610 This adds a new compile flag, HAS_ST_GEN (0/1 option).
6611 This out to be checked as well as reported, since it is
6612 theoretically possible for an attacker to remove a file after
6613 it is opened and replace it with another file that has the
6614 same i-number, but some filesystems (notably AFS) return
6615 garbage in this field, and hence always look like the file
6616 has changed. As a practical matter this is not a security
6617 problem, since the files can be neither hard nor soft links,
6618 and on no filesystem (that I am aware of) is it possible to
6619 have two files on the same filesystem with the same i-number
6621 Delete the root Makefile from the distribution -- it is only for
6622 use internally, and does not work at customer sites.
6623 Fix botch that caused the second MAIL FROM: command in a single
6624 transaction to clear the entire transaction. Problem
6625 noted by John Kennedy of Cal State University, Chico.
6626 Work properly on machines that have _PATH_VARTMP defined without
6627 a trailing slash. (And a pox on vendors that decide to
6628 ignore the established conventions!) Problem noted by
6629 Gregory Neil Shapiro of WPI.
6630 Internal changes to make it easier to add another protocol family
6631 (intended for IPv6). Patches are from John Kennedy of
6633 In certain cases, 7->8 bit MIME decoding of Base64 text could leave
6634 an extra space at the beginning of some lines. Problem
6635 noted by Charles Karney of Princeton University; fix based
6636 on a patch from Christophe Wolfhugel.
6638 Allow _PATH_VENDOR_CF to be set in Makefile for consistency
6639 with the _Sendmail_ book, 2nd edition. Note that
6640 the book is actually wrong: _PATH_SENDMAILCF should
6642 AIX 3.x: Include <sys/select.h>. Patch from Gene Rackow
6643 of Argonne National Laboratory.
6644 OpenBSD from from Paul DuBois of the University of Wisconsin.
6645 RISC/os 4.0 from Paul DuBois of the University of Wisconsin.
6646 SunOS: Include <memory.h> to fix warning from util.c. From
6647 James Aldridge of EUnet Ltd.
6648 Solaris: Change STDIR (location of status file) to /etc/mail
6650 Linux, Dynix, UNICOS: Remove -DNDBM and -lgdbm from
6651 Makefiles. Use NEWDB on Linux instead.
6652 NCR MP-RAS 3.x with STREAMware TCP/IP: SIOCGIFNUM ioctl
6653 exists but behaves differently than other OSes.
6654 Add SIOCGIFNUM_IS_BROKEN compile flag to get
6655 around the problem. Problem noted by Tom Moore of
6657 HP-UX 9.x: fix compile warnings for old select API. Problem
6658 noted by Tom Smith of Digital Equipment Corp.
6659 UnixWare 2.x: compile warnings on offsetof macro. Problem
6660 noted by Tom Good of the Community Access Information
6662 SCO 4.2: compile problems caused by a change in the type of
6663 the "length" parameters passed to accept, getpeername,
6664 getsockname, and getsockopt. Adds new compile flags
6665 SOCKADDR_SIZE_T and SOCKOPT_SIZE_T. Problem reported
6666 by Tom Good of St. Vincent's North Richmond Community
6667 Mental Health Center Residential Services.
6668 AIX 4: Use size_t for SOCKADDR_SIZE_T and SOCKOPT_SIZE_T.
6669 Suggested by Brett Hogden of Rochester Gas & Electric
6671 Linux: avoid compile problem for versions of <setjmp.h> that
6672 #define both setjmp and longjmp. Problem pointed out
6673 by J.R. Oldroyd of TerraNet.
6674 CONFIG: SCO UnixWare 2.1: Support for OSTYPE(sco-uw-2.1)
6675 from Christopher Durham of SCO.
6676 CONFIG: NEXTSTEP: define confCW_FILE to
6677 /etc/sendmail/sendmail.cw to match the usual
6678 configuration. Patch from Dennis Glatting of
6680 CONFIG: MAILER(fax) called a program that hasn't existed for a long
6681 time. Convert to use the HylaFAX 4.0 conventions. Suggested
6683 CONFIG: Improve sample anti-spam rulesets in cf/cf/knecht.mc. These
6684 are the rulesets in use on sendmail.org.
6685 MAKEMAP: give error on GDBM files.
6686 MAIL.LOCAL: Make error messages a bit more explicit, for example,
6687 telling more details on what actually changed when "file
6688 changed after open".
6689 CONTRIB: etrn.pl: Ignore comments in Fw files. Support multiple Fw
6691 CONTRIB: passwd-to-alias.pl: Handle 8 bit characters and '-'.
6693 src/Makefiles/Makefile.OpenBSD
6694 src/Makefiles/Makefile.RISCos.4_0
6696 cf/ostype/sco-uw-2.1.m4
6700 8.8.6/8.8.6 1997/06/14
6701 *************************************************************
6702 * The extensive assistance of Gregory Neil Shapiro of WPI *
6703 * in preparing this release is gratefully appreciated. *
6704 * Sun Microsystems has also provided resources toward *
6705 * continued sendmail development. *
6706 *************************************************************
6707 SECURITY: A few systems allow an open with the O_EXCL|O_CREAT open
6708 mode bits set to create a file that is a symbolic link that
6709 points nowhere. This makes it possible to create a root
6710 owned file in an arbitrary directory by inserting the symlink
6711 into a writable directory after the initial lstat(2) check
6712 determined that the file did not exist. The only verified
6713 example of a system having these odd semantics for O_EXCL
6714 and symbolic links was HP-UX prior to version 9.07. Most
6715 systems do not have the problem, since a exclusive create
6716 of a file disallows symbolic links. Systems that have been
6717 verified to NOT have the problem include AIX 3.x, *BSD,
6718 DEC OSF/1, HP-UX 9.07 and higher, Linux, SunOS, Solaris,
6719 and Ultrix. This is a potential exposure on systems that
6720 have this bug and which do not have a MAILER-DAEMON alias
6721 pointing at a legitimate account, since this will cause old
6722 mail to be dropped in /var/tmp/dead.letter.
6723 SECURITY: Problems can occur on poorly managed systems, specifically,
6724 if maps or alias files are in world writable directories.
6725 If your system has alias maps in writable directories, it
6726 is potentially possible for an attacker to replace the .db
6727 (or .dir and .pag) files by symbolic links pointing at
6728 another database; this can be used either to expose
6729 information (e.g., by pointing an alias file at /etc/spwd.db
6730 and probing for accounts), or as a denial-of-service attack
6731 (by trashing the password database). The fix disallows
6732 symbolic links entirely when rebuilding alias files or on
6733 maps that are in writable directories, and always warns on
6734 writable directories; 8.9 will probably consider writable
6735 directories to be fatal errors. This does not represent an
6736 exposure on systems that have alias files in unwritable
6738 SECURITY: disallow .forward or :include: files that are links (hard
6739 or soft) if the parent directory (or any directory in the
6740 path) is writable by anyone other than the owner. This is
6741 similar to the previous case for user files. This change
6742 should not affect most systems, but is necessary to prevent
6743 an attacker who can write the directory from pointing such
6744 files at other files that are readable only by the owner.
6745 SECURITY: Tighten safechown rules: many systems will say that they
6746 have a safe (restricted to root) chown even on files that
6747 are mounted from another system that allows owners to give
6748 away files. The new rules are very strict, trusting file
6749 ownership only in those few cases where the system has
6750 been verified to be at least as paranoid as necessary.
6751 However, it is possible to relax the rules to partially
6752 trust the ownership if the directory path is not world or
6753 group writable. This might allow someone who has a legitimate
6754 :include: file (referenced directly from /etc/aliases) to
6755 become another non-root user if the :include: file is in a
6756 non-writable directory on an NFS-mounted filesystem where
6757 the local system says that giveaway is denied but it is
6758 actually permitted. I believe this to be a very small set
6759 of cases. If in doubt, do not point :include: aliases at
6760 NFS-mounted filesystems.
6761 SECURITY: When setting a numeric group id using the RunAsUser option
6762 (e.g., "O RunAsUser=10:20", the group id would not be set.
6763 Implicit group ids (e.g., "O RunAsUser=mailnull") or alpha
6764 group ids (e.g., "O RunAsUser=mailuser:mailgrp") worked fine.
6765 The user id was still set properly. Problem noted by Uli
6766 Pralle of the Technical University of Berlin.
6767 Save the initial gid set for use when checking for if the
6768 PrivacyOptions=restrictmailq option is set. Problem reported
6769 by Wolfgang Ley of DFN-CERT.
6770 Make 55x reply codes to the SMTP DATA-"." be non-sticky (i.e., a
6771 failure on one message won't affect future messages to the
6773 IP source route printing had an "off by one" error that would
6774 affect any options that came after the route option. Patch
6776 The "Message is too large" error didn't successfully bounce the error
6777 back to the sender. Problem reported by Stephen More of
6778 PSI; patch from Gregory Neil Shapiro of WPI.
6779 Change SMTP status code 553 to map into Extended code 5.1.0 (instead
6780 of 5.1.3); it apparently gets used in multiple ways.
6781 Suggested by John Myers of Portola Communications.
6782 Fix possible extra null byte generated during collection if errors
6783 occur at the beginning of the stream. Patch contributed by
6784 Andrey A. Chernov and Gregory Neil Shapiro.
6785 Code changes to avoid possible reentrant call of malloc/free within
6786 a signal handler. Problem noted by John Beck of Sun
6788 Move map initialization to be earlier so that check_relay ruleset
6789 will have the latest version of the map data. Problem noted
6790 by Paul Forgey of Metainfo; patch from Gregory Neil Shapiro.
6791 If there are fatal errors during the collection phase (e.g., message
6792 too large) don't send the bogus message.
6793 Avoid "cannot open xfAAA00000" messages when sending to aliases that
6794 have errors and have owner- aliases. Problem noted by Michael
6795 Barber of MTU; fix from Gregory Neil Shapiro of WPI.
6796 Avoid null pointer dereference on illegal Boundary= parameters in
6797 multipart/mixed Content-Type: header. Problem noted by
6798 Richard Muirden of RMIT University.
6799 Always print error messages during newaliases (-bi) even if the
6800 ErrorMode is not set to "print". Fix from Gregory Neil
6802 Test mode could core dump if you did a /map lookup in an optional map
6803 that could not be opened. Based on a fix from John Beck of
6805 If DNS is misconfigured so that the last MX record tried points to
6806 a host that does not have an A record, but other MX records
6807 pointed to something reasonable, don't bounce the message
6808 with a "host unknown" error. Note that this should really
6809 be fixed in the zone file for the domain. Problem noted by
6810 Joe Rhett of Navigist, Inc.
6811 If a map fails (e.g., DNS times out) on all recipient addresses, mark
6812 the message as having been tried; otherwise the next queue
6813 run will not realize that this is a second attempt and will
6814 retry immediately. Problem noted by Bryan Costales of
6816 If the clock is set backwards, and a MinQueueAge is set, no jobs
6817 will be run until the later setting of the clock is reached.
6818 "Problem" (I use the term loosely) noted by Eric Hagberg of
6820 If the load average rises above the cutoff threshold (above which
6821 sendmail will not process the queue at all) during a queue
6822 run, abort the queue run immediately. Problem noted by
6823 Bryan Costales of Mercury Mail.
6824 The variable queue processing algorithm (based on the message size,
6825 number of recipients, message precedence, and job age) was
6826 non-functional -- either the entire queue was processed or
6827 none of the queue was processed. The updated algorithm
6828 does no queue run if a single recipient zero size job will
6830 If there is a fatal ("panic") message that will cause sendmail to
6831 die immediately, never hold the error message for future
6833 Force ErrorMode=print in -bt mode so that all errors are printed
6834 regardless of the setting of the ErrorMode option in the
6835 configuration file. Patch from Gregory Neil Shapiro.
6836 New compile flag HASSTRERROR says that this OS has the strerror(3)
6837 routine available in one of the libraries. Use it in conf.h.
6838 The -m (match only) flag now works on host class maps.
6839 If class hash or btree maps are rebuilt, sendmail will now detect
6840 this and reopen the map. Previously, they could give
6841 erroneous results during a single message processing
6842 (but would recover when the next message was received).
6843 Don't delete zero length queue files when doing queue runs until the
6844 files are at least ten minutes old. This avoids a potential
6845 race condition: the creator creates the qf file, getting back
6846 a file descriptor. The queue runner locks it and deletes it
6847 because it is zero length. The creator then writes the
6848 descriptor that is now for a disconnected file, and the
6849 job goes away. Based on a suggestion by Bryan Costales.
6850 When determining the "validated" host name ($_ macro), do a forward
6851 (A) DNS lookup on the result of the PTR lookup and compare
6852 results. If they differ or if the PTR lookup fails, tag the
6853 address as "may be forged".
6854 Log null connections (i.e., hosts that connect but do not do any
6855 substantive activity on the connection before disconnecting;
6856 "substantive" is defined to be MAIL, EXPN, VRFY, or ETRN.
6857 Always permit "writes" to /dev/null regardless of the link count.
6858 This is safe because /dev/null is special cased, and no open
6859 or write is ever actually attempted. Patch from Villy Kruse
6861 If a message cannot be sent because of a 552 (exceeded storage
6862 allocation) response to the MAIL FROM:<>, and a SIZE= parameter
6863 was given, don't return the body in the bounce, since there
6864 is a very good chance that the message will double-bounce.
6865 Fix possible line truncation if a quoted-printable had an =00 escape
6866 in the body. Problem noted by Charles Karney of the Princeton
6867 Plasma Physics Laboratory.
6868 Notify flags (e.g., -NSUCCESS) were lost on user+detail addresses.
6869 Problem noted by Kari Hurtta of the Finnish Meteorological
6871 The MaxDaemonChildren option wasn't applying to queue runs as
6872 documented. Note that this increases the potential denial
6873 of service problems with this option: an attacker can
6874 connect many times, and thereby lock out queue runs as well
6875 as incoming connections. If you use this option, you should
6876 run the "sendmail -bd" and "sendmail -q30m" jobs separately
6877 to avoid this attack. Failure to limit noted by Matthew
6878 Dillon of BEST Internet Communications.
6879 Always give a message in newaliases if alias files cannot be
6880 opened instead of failing silently. Suggested by Gregory
6881 Neil Shapiro. This change makes the code match the O'Reilly
6883 Some older versions of the resolver could return with h_errno == -1
6884 if no name server could be reached, causing mail to bounce
6885 instead of queueing. Treat this like TRY_AGAIN. Fix from
6886 John Beck of SunSoft.
6887 If a :include: file is owned by a user that does not have an entry
6888 in the passwd file, sendmail could dereference a null pointer.
6889 Problem noted by Satish Mynam of Sun Microsystems.
6890 Take precautions to make sure that the SMTP protocol cannot get out
6891 of sync if (for example) an alias file cannot be opened.
6892 Fix a possible race condition that can cause a SIGALRM to come in
6893 immediately after a SIGHUP, causing the new sendmail to die.
6894 Avoid possible hang on SVr3 systems when doing child reaping. Patch
6895 from Villy Kruse of TwinCom.
6896 Ignore improperly formatted SMTP reply codes. Previously these were
6897 partially processed, which could cause confusing error
6899 Fix possible bogus pointer dereference when doing ldapx map lookups
6900 on some architectures.
6902 A/UX: from Jim Jagielski of NASA/GSFC.
6903 glibc: SOCK_STREAM was changed from a #define to an enum,
6904 thus breaking #ifdef SOCK_STREAM. Only option seems
6905 to be to assume SOCK_STREAM if __GNU_LIBRARY__ is
6906 defined. Problem reported by A Sun of the University
6908 Solaris: use SIOCGIFNUM to get the number of interfaces on
6909 the system rather than guessing at compile time.
6910 Patch contributed by John Beck of Sun Microsystems.
6911 Intel Paragon: from Wendy Lin of Purdue University.
6912 GNU Hurd: from Miles Bader of the GNU project.
6913 RISC/os 4.50 from Harlan Stenn of PFCS Corporation.
6914 ISC Unix: wait never returns if SIGCLD signals are blocked.
6915 Unfortunately releasing them opens a race condition,
6916 but there appears to be no fix for this. Patch from
6917 Gregory Neil Shapiro.
6918 BIND 8.1 for IPv6 compatibility from John Kennedy.
6919 Solaris: a bug in strcasecmp caused characters with the
6920 high order bit set to apparently randomly match
6921 letters -- for example, $| (0233) matches "i" and "I".
6922 Problem noted by John Gregson of the University of
6924 IRIX 6.x: make Makefile.IRIX.6.2 apply to all 6.x. From
6926 IRIX 6.x: Create Makefiles for systems that claim to be
6927 IRIX64 but are 6.2 or higher (so use the regular
6929 IRIX 6.x: Fix load average computation on 64 bit kernels.
6930 Problem noted by Eric Hagberg of Morgan Stanley.
6931 CONFIG: Some canonification was still done for UUCP-like addresses
6932 even if FEATURE(nocanonify) was set. Problem pointed out by
6934 CONFIG: In some cases UUCP mailers wouldn't properly recognize all
6935 local names as local. Problem noted by Jeff Polk of BSDI;
6936 fix provided by Gregory Neil Shapiro.
6937 CONFIG: The "local:user" syntax entries in mailertables and other
6938 "mailer:user" syntax locations returned an incorrect value
6939 for the $h macro. Problem noted by Gregory Neil Shapiro.
6940 CONFIG: Retain "+detail" information when forwarding mail to a
6941 MAIL_HUB, LUSER_RELAY, or LOCAL_RELAY. Patch from Philip
6942 Guenther of Gustavus Adolphus College.
6943 CONFIG: Make sure user+detail works for FEATURE(virtusertable);
6944 rules are the same as for aliasing. Based on a patch from
6945 Gregory Neil Shapiro.
6946 CONFIG: Break up parsing rules into several pieces; this should
6947 have no functional change in this release, but makes it
6948 possible to have better anti-spam rulesets in the future.
6949 CONFIG: Disallow double dots in host names to avoid having the
6950 HostStatusDirectory store status under the wrong name.
6951 In some cases this can be used as a denial-of-service attack.
6952 Problem noted by Ron Jarrell of Virginia Tech, patch from
6953 Gregory Neil Shapiro.
6954 CONFIG: Don't use F=m (multiple recipients per invocation) for
6955 MAILER(procmail), but do pass F=Pn9 (include Return-Path:,
6956 don't include From_, and convert to 8-bit). Suggestions
6957 from Kimmo Suominen and Roderick Schertler.
6958 CONFIG: Domains under $=M (specified with MASQUERADE_DOMAIN) were
6959 being masqueraded as though FEATURE(masquerade_entire_domain)
6960 was specified, even when it wasn't.
6961 MAIL.LOCAL: Solaris 2.6 has snprintf. From John Beck of SunSoft.
6962 MAIL.LOCAL: SECURITY: check to make sure that an attacker doesn't
6963 "slip in" a symbolic link between the lstat(2) call and the
6964 exclusive open. This is only a problem on System V derived
6965 systems that allow an exclusive create on files that are
6966 symbolic links pointing nowhere.
6967 MAIL.LOCAL: If the final mailbox close() failed, the user id was
6968 not reset back to root, which on some systems would cause
6969 later mailboxes to fail. Also, any partial message would
6970 not be truncated, which could result in repeated deliveries.
6971 Problem noted by Bruce Evans via Peter Wemm (FreeBSD
6973 MAKEMAP: Handle cases where O_EXLOCK is #defined to be 0. A similar
6974 change to the sendmail map code was made in 8.8.3. Problem
6975 noted by Gregory Neil Shapiro.
6976 MAKEMAP: Give warnings on file problems such as map files that are
6977 symbolic links; although makemap is not set-user-ID root, it is
6978 often run as root and hence has the potential for the same
6979 sorts of problems as alias rebuilds.
6980 MAKEMAP: Change compilation so that it will link properly on
6982 CONTRIB: etrn.pl: search for Cw as well as Fw lines in sendmail.cf.
6983 Accept an optional list of arguments following the server
6984 name for the ETRN arguments to use (instead of $=w). Other
6985 miscellaneous bug fixes. From Christian von Roques via
6986 John Beck of Sun Microsystems.
6987 CONTRIB: Add passwd-to-alias.pl, contributed by Kari Hurtta. This
6988 Perl script converts GECOS information in the /etc/passwd
6989 file into aliases, allowing for faster access to full name
6990 lookups; it is also clever about adding aliases (to root)
6991 for system accounts.
6994 cf/ostype/gnuhurd.m4
6996 contrib/passwd-to-alias.pl
6997 src/Makefiles/Makefile.IRIX64.6.1
6998 src/Makefiles/Makefile.IRIX64.6.x
7000 src/Makefiles/Makefile.IRIX.6.2 => Makefile.IRIX.6.x
7001 src/Makefiles/Makefile.IRIX64 => Makefile.IRIX64.6.0
7003 8.8.5/8.8.5 1997/01/21
7004 SECURITY: Clear out group list during startup. Without this, sendmail
7005 will continue to run with the group permissions of the caller,
7006 even if RunAsUser is specified.
7007 SECURITY: Make purgestat (-bH) be root-only. This is not in response
7008 to any known attack, but it's best to be conservative.
7009 Suggested by Peter Wemm of DIALix.
7010 SECURITY: Fix buffer overrun problem in MIME code that has possible
7011 security implications. Patch from Alex Garthwaite of the
7012 University of Pennsylvania.
7013 Use of a -f flag with a phrase attached (e.g., "-f 'Full Name <addr>'")
7014 would truncate the address after "Full". Although the -f
7015 syntax is incorrect (since it is in the envelope, it
7016 shouldn't have comments and full names), the failure mode
7017 was unnecessarily awful.
7018 Fix a possible null pointer dereference when converting 8-bit data
7019 to a 7-bit format. Problem noted by Jim Hutchins of
7020 Sandia National Labs and David James of British Telecom.
7021 Clear out stale state that affected F=9 on SMTP mailers in queue
7022 runs. Although this really shouldn't be used (F=9 is for
7023 final delivery only, and using it on an SMTP mailer makes
7024 it possible for a message to be converted from 8->7->8->7
7025 bits several times), it shouldn't have failed with a syserr.
7026 Problem noted by Eric Hagberg of Morgan Stanley.
7027 _Really_ fix the multiple :maildrop code in the user database
7028 module. Patch from Roy Mongiovi of Georgia Tech.
7029 Let F lines in the configuration file actually read root-only
7030 files if the configuration file is safe. Based on a
7031 patch from Keith Reynolds of SCO.
7032 ETRN followed by QUIT would hold the connection open until the queue
7033 run completed. Problem noted by Truck Lewis of TDK
7035 It turns out that despite the documentation, the TCP wrappers library
7036 does _not_ log rejected connections. Do the logging ourselves.
7037 Problem noted by Fletcher Mattox of the University of Texas
7039 If sendmail finds a qf file in its queue directory that is an unknown
7040 version (e.g., when backing out to an old version), the
7041 error is reported on every queue run. Change it to only
7042 give the error once (and rename the qf => Qf). Patch from
7043 William A. Gianopoulos of Raytheon Company.
7044 Start a new session when doing background delivery; currently it
7045 ignored signals but didn't start a new signal, that caused
7046 some problems if a background process tried to send mail
7047 under certain circumstances. Problem noted by Eric Hagberg
7048 of Morgan Stanley; fix from Kari Hurtta.
7049 Simplify test for skipping a queue run to just check if the current
7050 load average is >= the queueing load average. Previously
7051 the check factored in some other parameters that caused it
7052 to essentially never skip the queue run. Patch from Bryan
7054 If the SMTP server is running in "nullserver" mode (that is, it is
7055 rejecting all commands), start sleeping after MAXBADCOMMAND
7056 (25) commands; this helps prevent a bad guy from putting
7057 you into a tight loop as a denial-of-service attack. Based
7058 on an e-mail conversation with Brad Knowles of AOL.
7059 Slow down when too many "light weight" commands have been issued;
7060 this helps prevent a class of denial-of-service attacks.
7061 The current values and defaults are:
7062 MAXNOOPCOMMANDS 20 NOOP, VERB, ONEX, XUSR
7063 MAXHELOCOMMANDS 3 HELO, EHLO
7064 MAXVRFYCOMMANDS 6 VRFY, EXPN
7065 MAXETRNCOMMANDS 8 ETRN
7066 These will probably be configurable in a future release.
7067 On systems that have uid_t typedefed to be an unsigned short, programs
7068 that had the F=S flag and no U= equate would be invoked with
7069 the real uid set to 65535 rather than being left unchanged.
7070 In some cases, NOTIFY=NEVER was not being honored. Problem noted
7071 by Steve Hubert of the University of Washington, Seattle.
7072 Mail that was Quoted-Printable encoded and had a soft line break on
7073 the last line (i.e., an incomplete continuation) had the last
7074 line dropped. Since this appears to be illegal it isn't
7075 clear what to do with it, but flushing the last line seems
7076 to be a better "fail soft" approach. Based on a patch from
7078 If AllowBogusHELO and PrivacyOptions=needmailhelo are both set, a
7079 bogus HELO command still causes the "Polite people say HELO
7080 first" error message. Problem pointed out by Chris Thomas
7081 of UCLA; patch from John Beck of SunSoft.
7082 Handle "sendmail -bp -qSfoobar" properly if restrictqrun is set
7083 in PrivacyOptions. The -q shouldn't turn this command off.
7084 Problem noted by Murray Kucherawy of Pacific Bell Internet;
7085 based on a patch from Gregory Neil Shapiro of WPI.
7086 Don't consider SMTP reply codes 452 or 552 (exceeded storage allocation)
7087 in a DATA transaction to be sticky; these can occur because
7088 a message is too large, and smaller messages should still go
7089 through. Problem noted by Matt Dillon of Best Internet
7091 In some cases bounces were saved in /var/tmp/dead.letter even if they
7092 had been successfully delivered to the envelope sender.
7093 Problem noted Eric Hagberg of Morgan Stanley; solution from
7094 Gregory Neil Shapiro of WPI.
7095 Give better diagnostics on long alias lines. Based on code contributed
7096 by Patrick Gosling of the University of Cambridge.
7097 Increase the number of virtual interfaces that will be probed for
7098 alternate names. Problem noted by Amy Rich of Shore.Net.
7100 UXP/DS V20L10 for Fujitsu DS/90: Makefile patches from
7101 Toshiaki Nomura of Fujitsu Limited.
7102 SunOS with LDAP support: compile problems with struct timeval.
7103 Patch from Nick Cuccia of TCSI Corporation.
7104 SCO: from Keith Reynolds of SCO.
7105 Solaris: kstat load average computation wasn't being used.
7106 Fixes from Michael Ju. Tokarev of Telecom Service, JSC
7108 OpenBSD: from Jason Downs of teeny.org.
7109 Altos System V: from Tim Rice.
7110 Solaris 2.5: from Alan Perry of SunSoft.
7111 Solaris 2.6: from John Beck of SunSoft.
7112 Harris Nighthawk PowerUX (mh6000 box): from Bob Miorelli
7113 of Pratt & Whitney <miorelli@pweh.com>.
7114 CONFIG: It seems that I hadn't gotten the Received: line syntax
7115 _just_right_ yet. Tweak it again. I'll omit the names
7116 of the "contributors" (quantity two) in this one case.
7117 As of now, NO MORE DISCUSSION about the syntax of the
7119 CONFIG: Although FEATURE(nullclient) uses EXPOSED_USER (class $=E),
7120 it never inserts that class into the output file. Fix it
7121 so it will honor EXPOSED_USER but will _not_ include root
7122 automatically in this class. Problem noted by Ronan KERYELL
7123 of Centre de Recherche en Informatique de l'École Nationale
7124 Supérieure des Mines de Paris (CRI-ENSMP).
7125 CONFIG: Clean up handling of "local:" syntax in relay specifications
7126 such as LUSER_RELAY. This change permits the following
7127 syntaxes: ``local:'' will send to the same user on the
7128 local machine (e.g., in a mailertable entry for "host",
7129 ``local:'' will cause an address addressed to user@host to
7130 go to user on the local machone). ``local:user'' will send
7131 to the named user on the local machine. ``local:user@host''
7132 is equivalent to ``local:user'' (the host is ignored). In
7133 all cases, the original user@host is passed in $@ (i.e., the
7134 detail information). Inspired by a report from Michael Fuhr.
7135 CONFIG: Strip quotes from the first word of an "error:" host
7136 indication. This lets you set (for example) the LUSER_RELAY
7137 to be ``error:\"5.1.1\" Your Message Here''. Note the use
7138 of the \" so that the resulting string is properly quoted.
7139 Problem noted by Gregory Neil Shapiro of WPI.
7140 OP.ME: documentation was inconsistent about whether sendmail did a
7141 NOOP or a RSET to probe the connection (it does a RSET).
7142 Inconsistency noted by Deeran Peethamparam.
7143 OP.ME: insert additional blank pages so it will print properly on
7144 a duplex printer. From Matthew Black of Cal State University,
7147 8.8.4/8.8.4 1996/12/02
7148 SECURITY: under some circumstances, an attacker could get additional
7149 permissions by hard linking to files that were group
7150 writable by the attacker. The solution is to disallow any
7151 files that have hard links -- this will affect .forward,
7152 :include:, and output files. Problem noted by Terry
7153 Kyriacopoulos of Interlog Internet Services. As a
7154 workaround, set UnsafeGroupWrites -- always a good idea.
7155 SECURITY: the TryNullMXList (w) option should not be safe -- if it
7156 is, it is possible to do a denial-of-service attack on
7157 MX hosts that rely on the use of the null MX list. There
7158 is no danger if you have this option turned off (the default).
7159 Problem noted by Dan Bernstein. Also, make the DontInitGroups
7160 unsafe. I know of no specific attack against this, although
7161 a denial-of-service attack is probably possible, but in theory
7162 you should not be able to safely tweak anything that affects
7163 the permissions that are used when mail is delivered.
7164 Purgestat could go into an infinite loop if one of the host status
7165 directories somehow became empty. Problem noted by Roy
7166 Mongiovi of Georgia Tech.
7167 Processes got "lost" when counting children due to a race condition.
7168 This caused "proc_list_probe: lost pid" messages to be logged.
7169 Problem noted by several people.
7170 On systems with System V SIGCLD child signal semantics (notably AIX
7171 and HP-UX), mail transactions would print the message "451
7172 SMTP-MAIL: lost child: No child processes". Problem noted
7174 Miscellaneous compiler warnings on picky compilers (or when setting
7175 gcc to high warning levels). From Tom Moore of NCR Corp.
7176 SMTP protocol errors, and most errors on MAIL FROM: lines should
7177 not be persistent between runs, since they are based on the
7178 message rather than the host. Problem noted by Matt Dillon
7179 of Best Internet Communications.
7180 The F=7 flag was ignored on SMTP mailers. Problem noted by Tom Moore
7181 of NCR (a.k.a., AT&T Global Information Solutions).
7182 Avoid the possibility of having a child daemon run to completion
7183 (including closing the SMTP socket) before the parent has
7184 had a chance to close the socket; this can cause the parent
7185 to hang for a long time waiting for the socket to drain.
7186 Patch from Don Lewis of TDK Semiconductor.
7187 If the fork() failed in a queue run, the queue runners would not be
7188 rescheduled (so queue runs would stop). Patch from Don Lewis.
7189 Some error conditions in ETRN could cause output without an SMTP
7190 status code. Problem noted by Don Lewis.
7191 Multiple :maildrop addresses in the user database didn't work properly.
7192 Patch from Roy Mongiovi of Georgia Tech.
7193 Add ".db" automatically onto any user database spec that does not
7194 already have it; this is for consistency with makemap, the
7195 K line, and the documentation. Inconsistency pointed out
7197 Allow sendmail to be properly called in nohup mode. Patch from
7198 Kyle Jones of UUNET.
7199 Change ETRN to ignore but still update host status files; previously
7200 it would ignore them and not save the updated status, which
7201 caused stale information to be maintained. Based on a patch
7202 from Christopher Davis of Kapor Enterprises Inc. Also, have
7203 ETRN ignore the MinQueueAge option.
7204 Patch long term host status to recover more gracefully from an empty
7205 host status file condition. Patch from NAKAMURA Motonori
7206 of Kyoto University.
7207 Several patches to signal handling code to fix potential race
7208 conditions from Don Lewis.
7209 Make it possible to compile with -DDAEMON=0 (previously it had some
7210 compile errors). This turns DAEMON, QUEUE, and SMTP into
7211 0/1 compilation flags. Note that DAEMON is an obsolete
7212 compile flag; use NETINET instead. Solution based on a
7213 patch from Bryan Costales.
7215 AIX4: getpwnam() and getpwuid() do a sequential scan of the
7216 /etc/security/passwd file when called as root. This
7217 is very slow on some systems. To speed it up, use the
7218 (undocumented) _getpw{nam,uid}_shadow() routines.
7219 Patch from Chris Thomas of UCLA/OAC Systems Group.
7220 SCO 5.x: include -lprot in the Makefile. Patch from Bill
7221 Glicker of Burrelle's Information Service.
7222 NEWS-OS 4.x: need a definition for MODE_T to compile. Patch
7223 from Makoto MATSUSHITA of Osaka University.
7224 SunOS 4.0.3: compile problems. Patches from Andrew Cole of
7225 Leeds University and SASABE Tetsuro of the University
7227 DG/UX 5.4.4.11 from Brian J. Murrell of InterLinx Support
7229 Domain/OS from Don (Truck) Lewis of TDK Semiconductor Corp.
7230 I believe this to have only been a problem if you
7231 compiled with -DUSE_VENDOR_CF_PATH -- another reason
7232 to stick with /etc/sendmail.cf as your One True Path.
7233 Digital UNIX (OSF/1 on Alpha) load average computation from
7234 Martin Laubach of the Technischen Universität Wien.
7235 CONFIG: change default Received: line to be multiple lines rather
7236 than one long one. By popular demand.
7237 MAIL.LOCAL: warnings weren't being logged on some systems. Patch
7238 from Jerome Berkman of U.C. Berkeley.
7239 MAKEMAP: be sure to zero hinfo to avoid cruft that can cause runs
7240 to take a very long time. Problem noted by Yoshiro YONEYA
7241 of NTT Software Corporation.
7242 CONTRIB: add etrn.pl, contributed by John Beck.
7246 8.8.3/8.8.3 1996/11/17
7247 SECURITY: it was possible to get a root shell by lying to sendmail
7248 about argv[0] and then sending it a signal. Problem noted
7249 by Leshka Zakharoff <leshka@leshka.chuvashia.su> on the
7250 best-of-security list.
7251 Log sendmail binary version number in "Warning: .cf version level
7252 (%d) exceeds program functionality (%d) message" -- this
7253 should make it clearer to people that they are running
7255 Fix a problem that occurs when you open an SMTP connection and then
7256 do one or more ETRN commands followed by a MAIL command; at
7257 the end of the DATA phase sendmail would incorrectly report
7258 "451 SMTP-MAIL: lost child: No child processes". Problem
7259 noted by Eric Bishop of Virginia Tech.
7260 When doing text-based host canonification (typically /etc/hosts
7261 lookup), a null host name would match any /etc/hosts entry
7262 with space at the end of the line. Problem noted by Steve
7263 Hubert of the University of Washington, Seattle.
7264 7 to 8 bit BASE64 MIME conversions could duplicate bits of text.
7265 Problem reported by Tom Smith of Digital Equipment Corp.
7266 Increase the size of the DNS answer buffer -- the standard UDP packet
7267 size PACKETSZ (512) is not sufficient for some nameserver
7268 answers containing very many resource records. The resolver
7269 may also switch to TCP and retry if it detects UDP packet
7270 overflow. Also, allow for the fact that the resolver
7271 routines res_query and res_search return the size of the
7272 *un*truncated answer in case the supplied answer buffer it
7273 not big enough to accommodate the entire answer. Patch from
7275 Improvements to MaxDaemonChildren code. If you think you have too
7276 many children, probe the ones you have to verify that they
7277 are still around. Suggested by Jared Mauch of CICnet, Inc.
7278 Also, do this probe before growing the vector of children
7279 pids; this previously caused the vector to grow indefinitely
7280 due to a race condition. Problem reported by Kyle Jones of
7282 On some architectures, <db.h> (from the Berkeley DB library) defines
7283 O_EXLOCK to zero; this fools the map compilation code into
7284 thinking that it can avoid race conditions by locking on open.
7285 Change it to check for O_EXLOCK non-zero. Problem noted by
7286 Leif Erlingsson of Data Lege.
7287 Always call res_init() on startup (if compiled in, of course) to
7288 allow the sendmail.cf file to tweak resolver flags; without
7289 it, flag tweaks in ResolverOptions are ignored. Patch from
7290 Andrew Sun of Merrill Lynch.
7291 Improvements to host status printing code. Suggested by Steve Hubert
7292 of the University of Washington, Seattle.
7293 Change MinQueueAge option processing to do the check for the job age
7294 when reading the queue file, rather than at the end; this
7295 avoids parsing the addresses, which can do DNS lookups.
7296 Problem noted by John Beck of InReference, Inc.
7297 When MIME was being 7->8 bit decoded, "From " lines weren't being
7298 properly escaped. Problem noted by Peter Nilsson of the
7299 University of Linkoping.
7300 In some cases, sendmail would retain root permissions during queue
7301 runs even if RunAsUser was set. Problem noted by Mark
7302 Thomas of Mark G. Thomas Consulting.
7303 If the F=l flag was set on an SMTP mailer to indicate that it is
7304 actually local delivery, and NOTIFY=SUCCESS is specified in
7305 the envelope, and the receiving SMTP server speaks DSN, then
7306 the DSN would be both generated locally and propagated to the
7308 The U= mailer field didn't correctly extract the group id if the
7309 user id was numeric. Problem noted by Kenneth Herron of
7310 MCI Telecommunications Communications.
7311 If a message exceeded the fixed maximum size on input, the body of
7312 the message was included in the bounce. Note that this did
7313 not occur if it exceeded the maximum _output_ size. Problem
7314 reported by Kyle Jones of UUNET.
7316 AIX4: 4.1 doesn't have a working setreuid(2); change the
7317 AIX4 defines to use seteuid(2) instead, which
7318 works on 4.1 as well as 4.2. Problem noted by
7319 Håkan Lindholm of interAF, Sweden.
7320 AIX4: use tzname[] vector to determine time zone name.
7321 Patch from NAKAMURA Motonori of Kyoto University.
7322 MkLinux: add Makefile.Linux.ppc and OSTYPE(mklinux) support.
7323 Contributed by Paul DuBois <dubois@primate.wisc.edu>.
7324 Solaris: kstat(3k) support for retrieving the load average.
7325 This adds the LA_KSTAT definition for LA_TYPE.
7326 The outline of the implementation was contributed
7327 by Michael Tokarev of Telecom Service, JSC, Moscow.
7328 HP-UX 10.0 gripes about the (perfectly legal!) forward
7329 declaration of struct rusage at the top of conf.h;
7330 change it to only be included if you are using gcc,
7331 which is apparently the only compiler that requires
7332 it in the first place. Problem noted by Jeff
7333 Earickson of Colby College.
7334 IRIX: don't default to using gcc. IRIX is a civilized
7335 operating system that comes with a decent compiler
7336 by default. Problem noted by Barry Bouwsma and
7338 CONFIG: specify F=9 as default in FEATURE(local_procmail) for
7339 consistency with other local mailers. Inconsistency
7340 pointed out by Teddy Hogeborn <teddy@fukt.hk-r.se>.
7341 CONFIG: if the "limited best mx" feature is used (to reduce DNS
7342 overhead) as part of the bestmx_is_local feature, the
7343 domain part was dropped from the name. Patch from Steve
7344 Hubert of the University of Washington, Seattle.
7345 CONFIG: catch addresses of the form "user@.dom.ain"; these could
7346 end up being translated to the null host name, which would
7347 return any entry in /etc/hosts that had a space at the end
7348 of the line. Problem noted by Steve Hubert of the
7349 University of Washington, Seattle.
7350 CONFIG: add OSTYPE(aix4). From Michael Sofka of Rensselaer
7351 Polytechnic Institute.
7352 MAKEMAP: tweak hash and btree parameters for better performance.
7353 Patch from Matt Dillon of Best Internet Communications.
7355 src/Makefiles/Makefile.Linux.ppc
7357 cf/ostype/mklinux.m4
7359 8.8.2/8.8.2 1996/10/18
7360 SECURITY: fix a botch in the 7-bit MIME patch; the previous patch
7361 changed the code but didn't fix the problem.
7363 Solaris: Don't use the system getusershell(3); it can
7364 apparently corrupt the heap in some circumstances.
7365 Problem found by Ken Pizzini of Spry, Inc.
7366 OP.ME: document several mailer flags that were accidentally omitted
7367 from this document. These flags were F=d, F=j, F=R, and F=9.
7370 8.8.1/8.8.1 1996/10/17
7371 SECURITY: unset all environment variables that the resolver will
7372 examine during queue runs and daemon mode. Problem noted
7373 by Dan Bernstein of the University of Illinois at Chicago.
7374 SECURITY: in some cases an illegal 7-bit MIME-encoded text/plain
7375 message could overflow a buffer if it was converted back
7376 to 8 bits. This caused core dumps and has the potential
7377 for a remote attack. Problem first noted by Gregory Shapiro
7379 Avoid duplicate deliveries of error messages on systems that don't
7380 have flock(2) support. Patch from Motonori Nakamura of
7382 Ignore null FallBackMX (V) options. If this option is null (as
7383 opposed to undefined) it can cause "null signature" syserrs
7384 on illegal host names.
7385 If a Base64 encoded text/plain message has no trailing newline in
7386 the encoded text, conversion back to 8 bits will drop the
7387 final line. Problem noted by Pierre David.
7388 If running with a RunAsUser, sendmail would give bogus "cannot
7389 setuid" (or seteuid, or setreuid) messages on some systems.
7390 Problem pointed out by Jordan Mendelson of Web Services, Inc.
7391 Always print error messages in -bv mode -- previously, -bv would
7392 be absolutely silent on errors if the error mode was sent
7393 to (say) mail-back. Problem noted by Kyle Jones of UUNET.
7394 If -qI/R/S is set (or the ETRN command is used), ignore all long
7395 term host status. This is necessary because it is common
7396 to do this when you know a host has just come back up.
7397 Disallow duplicate HELO/EHLO commands as required by RFC 1651 section
7398 4.2. Excessive permissiveness noted by Lee Flight of the
7399 University of Leicester.
7400 If a service (such as NIS) is specified as the last entry in the
7401 service switch, but that service is not compiled in, sendmail
7402 would return a temporary failure when an entry was not found
7403 in the map. This caused the message to be queued instead of
7404 bouncing immediately. Problem noted by Harry Edmon of the
7405 University of Washington.
7407 Solaris 2.3 had compilation problems in conf.c. Several
7408 people pointed this out.
7409 NetBSD from Charles Hannum of MIT.
7410 AIX4 improvements based on info from Steve Bauer of South
7411 Dakota School of Mines & Technology.
7412 CONFIG: ``error:code message'' syntax was broken in virtusertable.
7413 Patch from Gil Kloepfer Jr.
7414 CONFIG: if FEATURE(nocanonify) was specified, hosts in $=M (set
7415 using MASQUERADE_DOMAIN) were not masqueraded unless they
7416 were also in $=w. Problem noted by Zoltan Basti of
7418 MAIL.LOCAL: patches to compile and link cleanly on AIX. Based
7419 on a patch from Eric Hagberg of Morgan Stanley.
7420 MAIL.LOCAL: patches to compile on NEXTSTEP. From Patrick Nolan
7421 of Stanford via Robert La Ferla.
7423 8.8.0/8.8.0 1996/09/26
7424 Under some circumstances, Bcc: headers would not be properly
7425 deleted. Pointed out by Jonathan Kamens of OpenVision.
7426 Log a warning if the sendmail daemon is invoked without a full
7427 pathname, which prevents "kill -1" from working. I was
7428 urged to put this in by Andrey A. Chernov of DEMOS (Russia).
7429 Fix small buffer overflow. Since the data in this buffer was not
7430 read externally, there was no security problem (and in fact
7431 probably wouldn't really overflow on most compilers). Pointed
7432 out by KIZU takashi of Osaka University.
7433 Fix problem causing domain literals such as [1.2.3.4] to be ignored
7434 if a FallbackMXHost was specified in the configuration file
7435 -- all mail would be sent to the fallback even if the original
7436 host was accessible. Pointed out by Munenari Hirayama of
7438 A message that didn't terminate with a newline would (sometimes) not
7439 have the trailing "." added properly in the SMTP dialogue,
7440 causing SMTP to hang. Patch from Per Hedeland of Ericsson.
7441 The DaemonPortOptions suboption to bind to a particular address was
7442 incorrect and nonfunctional due to a misunderstanding of the
7443 semantics of binding on a passive socket. Patch from
7444 NIIBE Yutaka of Mitsubishi Research Institute.
7445 Increase the number of MX hosts for a single name to 100 to better
7446 handle the truly huge service providers such as AOL, which
7447 has 13 at the moment (and climbing). In order to avoid
7448 trashing memory, the buffer for all names has only been
7449 slightly increased in size, to 12.8K from 10.2K -- this means
7450 that if a single name had 100 MX records, the average size
7451 of those records could not exceed 128 bytes. Requested by
7452 Brad Knowles of America On Line.
7453 Restore use of IDENT returns where the OSTYPE field equals "OTHER".
7454 Urged by Dan Bernstein of U.C. Berkeley.
7455 Print q_statdate and q_specificity in address structure debugging
7457 Expand MCI structure flag bits for debugging output.
7458 Support IPv6-style domain literals, which can have colons between
7460 Log open file descriptors for the "cannot dup" messages in deliver();
7461 this is an attempt to track down a bug that one person seems
7462 to be having (it may be a Solaris bug!).
7463 DSN NOTIFY parameters were not properly propagated across queue runs;
7464 this caused the NOTIFY info to sometimes be lost. Problem
7465 pointed out by Claus Assmann of the
7466 Christian-Albrechts-University of Kiel.
7467 The statistics gathered in the sendmail.st file were too high; in
7468 some cases failures (e.g., user unknown or temporary failure)
7469 would count as a delivery as far as the statistics were
7470 concerned. Problem noted by Tom Moore of AT&T GIS.
7471 Systems that don't have flock() would not send split envelopes in
7472 the initial run. Problem pointed out by Leonard Zubkoff of
7474 Move buffer overflow checking -- these primarily involve distrusting
7475 results that may come from NIS and DNS.
7476 4.4-BSD-derived systems, including FreeBSD, NetBSD, and BSD/OS didn't
7477 include <paths.h> and hence had the wrong pathnames for a few
7478 things like /var/tmp. Reported by Matthew Green.
7479 Conditions were reversed for the Priority: header, resulting in all
7480 values being interpreted as non-urgent except for non-urgent,
7481 which was interpreted as normal. Patch from Bryan Costales.
7482 The -o (optional) flag was being ignored on hash and btree maps
7483 since 8.7.2. Fix from Bryan Costales.
7484 Content-Types listed in class "q" will always be encoded as
7485 Quoted-Printable (or more accurately, will never be encoded
7486 as base64). The class can have primary types (e.g., "text")
7487 or full types (e.g., "text/plain"). Based on a suggestion by
7488 Marius Olafsson of the University of Iceland.
7489 Define ${envid} to be the original envelope id (from the ESMTP DSN
7490 dialogue) so it can be passed to programs in mailers.
7491 Define ${bodytype} to be the body type (from the -B flag or the
7492 BODY= ESMTP parameter) so it can be passed to programs in
7494 Cause the VRFY command to return 252 instead of 250 unless the F=q
7495 flag is set in the mailer descriptor. Suggested by John
7497 Implement ESMTP ETRN command to flush the queue for a specific host.
7498 The command takes a host name; data for that host is
7499 immediately (and asynchronously) flushed. Because this shares
7500 the -qR implementation, other hosts may be attempted, but
7501 there should be no security implications. Implementation
7502 from John Beck of InReference, Inc. See RFC 1985 for details.
7503 Add three new command line flags to pass in DSN parameters: -V envid
7504 (equivalent to ENVID=envid on the MAIL command), -R ret
7505 (equivalent to RET=ret on the MAIL command), and -Nnotify
7506 (equivalent to NOTIFY=notify on the RCPT command). Note
7507 that the -N flag applies to all recipients; there is no way
7508 to specify per-address notifications on the command line,
7509 nor is there an equivalent for the ORCPT= per-address
7511 Restore LogLevel option to be safe (it can only be increased);
7512 apparently I went into paranoid mode between 8.6 and 8.7
7513 and made it unsafe. Pointed out by Dabe Murphy of the
7514 University of Maryland.
7515 New logging on log level 15: all SMTP traffic. Patches from
7516 Andrew Gross of San Diego Supercomputer Center.
7517 NetInfo property value searching code wasn't stopping when it found
7518 a match. This was causing the wrong values to be found (and
7519 had a memory leak). Found by Bastian Schleuter of TU-Berlin.
7520 Add new F=0 (zero) mailer flag to turn off MX lookups. It was pointed
7521 out by Bill Wisner of Electronics for Imaging that you can't
7522 use the bracket address form for the MAIL_HUB macro, since
7523 that causes the brackets to remain in the envelope recipient
7524 address used for delivery. The simple fix (stripping off the
7525 brackets in the config file) breaks the use of IP literal
7526 addresses. This flag will solve that problem.
7527 Add MustQuoteChars option. This is a list of characters that must
7528 be quoted if they are found in the phrase part of an address
7529 (that is, the full name part). The characters @,;:\()[] are
7530 always in this list and cannot be removed. The default is
7531 this list plus . and ' to match RFC 822.
7532 Add AllowBogusHELO option; if set, sendmail will allow HELO commands
7533 that do not include a host name for back compatibility with
7534 some stupid SMTP clients. Setting this violates RFC 1123
7536 Add MaxDaemonChildren option; if this is set, sendmail will start
7537 rejecting connections if it has more than this many
7538 outstanding children accepting mail. Note that you may
7539 see more processes than this because of outgoing mail; this
7540 is for incoming connections only.
7541 Add ConnectionRateThrottle option. If set to a positive value, the
7542 number of incoming SMTP connections that will be permitted
7543 in a single second is limited to this number. Connections are
7544 not refused during this time, just deferred. The intent is to
7545 flatten out demand so that load average limiting can kick in.
7546 It is less radical than MaxDaemonChildren, which will stop
7547 accepting connections even if all the connections are idle
7548 (e.g., due to connection caching).
7549 Add Timeout.hoststatus option. This interval (defaulting to 30m)
7550 specifies how long cached information about the state of a
7551 host will be kept before they are considered stale and the
7552 host is retried. If you are using persistent host status
7553 (i.e., the HostStatusDirectory option is set) this will apply
7554 between runs; otherwise, it applies only within a single queue
7555 run and hence is useful only for hosts that have large queues
7556 that take a very long time to run.
7557 Add SingleLineFromHeader option. If set, From: headers are coerced
7558 into being a single line even if they had newlines in them
7559 when read. This is to get around a botch in Lotus Notes.
7560 Text class maps were totally broken -- if you ever retrieved the last
7561 item in a table it would be truncated. Problem noted by
7562 Gregory Neil Shapiro of WPI.
7563 Extend the lines printed by the mailq command (== the -bp flag) when
7564 -v is given to 120 characters; this allows more information
7565 to be displayed. Suggested by Gregory Neil Shapiro of WPI.
7566 Allow macro definitions (`D' lines) with unquoted commas; previously
7567 this was treated as end-of-input. Problem noted by Bryan
7569 The RET= envelope parameter (used for DSNs) wasn't properly written
7570 to the queue file. Fix from John Hughes of Atlantic
7572 Close /var/tmp/dead.letter after a successful write -- otherwise
7573 if this happens in a queue run it can cause nasty delays.
7574 Problem noted by Mark Horton of AT&T.
7575 If userdb entries pointed to userdb entries, and there were multiple
7576 values for a given key, the database cursor would get
7577 trashed by the recursive call. Problem noted by Roy Mongiovi
7578 of Georgia Tech. Fixed by reading all the values and creating
7579 a comma-separated list; thus, the -v output will be somewhat
7580 different for this case.
7581 Fix buffer allocation problem with Hesiod-based userdb maps when
7582 HES_GETMAILHOST is defined. Based on a patch by Betty Lee
7583 of Stanford University.
7584 When envelopes were split due to aliases with owner- aliases, and
7585 there was some error on one of the lists, more than one of
7586 the owners would get the message. Problem pointed out by
7587 Roy Mongiovi of Georgia Tech.
7588 Detect excessive recursion in macro expansions, e.g., $X defined
7589 in terms of $Y which is defined in terms of $X. Problem
7590 noted by Bryan Costales; patch from Eric Wassenaar.
7591 When using F=U to get "ugly UUCP" From_ lines, a buffer could in
7592 some cases get trashed causing bogus From_ lines. Fix from
7593 Kyle Jones of UUNET.
7594 When doing load average initialization, if the nlist call for avenrun
7595 failed, the second and subsequent lookups wouldn't notice
7596 that fact causing bogus load averages to be returned. Noted
7597 by Casper Dik of Sun Holland.
7598 Fix problem with incompatibility with some versions of inet_aton that
7599 have changed the return value to unsigned, so a check for an
7600 error return of -1 doesn't work. Use INADDR_NONE instead.
7601 This could cause mail to addresses such as [foo.com] to bounce
7602 or get dropped. Problem noted by Christophe Wolfhugel of the
7604 DSNs were inconsistent if a failure occurred during the DATA phase
7605 rather than the RCPT phase: the Action: would be correct, but
7606 the detailed status information would be wrong. Problem noted
7607 by Bob Snyder of General Electric Company.
7608 Add -U command line flag and the XUSR ESMTP extension, both indicating
7609 that this is the initial MUA->MTA submission. The flag current
7610 does nothing, but in future releases (when MUAs start using
7611 these flags) it will probably turn on things like DNS
7613 Default end-of-line string (E= specification on mailer [M] lines)
7614 to \r\n on SMTP mailers. Default remains \n on non-SMTP
7616 Change the internal definition for the *file* and *include* mailers
7617 to have $u in the argument vectors so that they aren't
7618 misinterpreted as SMTP mailers and thus use \r\n line
7619 termination. This will affect anyone who has redefined
7620 either of these in their configuration file.
7621 Don't assume that IDENT servers close the connection after a query;
7622 responses can be newline terminated. From Terry Kennedy of
7623 St. Peter's College.
7624 Avoid core dumps on erroneous configuration files that have
7625 $#mailer with nothing following. From Bryan Costales.
7626 Avoid null pointer dereference with high debug values in unlockqueue.
7627 Fix from Randy Martin of Clemson University.
7628 Fix possible buffer overrun when expanding very large macros. Fix
7629 from Kyle Jones of UUNET.
7630 After 25 EXPN or VRFY commands, start pausing for a second before
7631 processing each one. This avoids a certain form of denial
7632 of service attack. Potential attack pointed out by Bryan
7634 Allow new named (not numbered!) config file rules to do validity
7635 checking on SMTP arguments: check_mail for MAIL commands and
7636 check_rcpt for RCPT commands. These rulesets can do anything
7637 they want; their result is ignored unless they resolve to the
7638 $#error mailer, in which case the indicated message is printed
7639 and the command is rejected. Similarly, the check_compat
7640 ruleset is called before delivery with "from_addr $| to_addr"
7641 (the $| is a meta-symbol used to separate the two addresses);
7642 it can give a "this sender can't send to this recipient"
7643 notification. Note that this patch allows $| to stand alone
7645 Define new macros ${client_name}, ${client_addr}, and ${client_port}
7646 that have the name, IP address, and port number (respectively)
7647 of the SMTP client (that is, the entity at the other end of
7648 the connection. These can be used in (e.g.) check_rcpt to
7649 verify that someone isn't trying to relay mail through your
7650 host inappropriately. Be sure to use the deferred evaluation
7651 form, for example $&{client_name}, to avoid having these bound
7652 when sendmail reads the configuration file.
7653 Add new config file rule check_relay to check the incoming connection
7654 information. Like check_compat, it is passed the host name
7655 and host address separated by $| and can reject connections
7657 Allow IDA-style recursive function calls. Code contributed by Mark
7658 Lovell and Paul Vixie.
7659 Eliminate the "No ! in UUCP From address!" message" -- instead, create
7660 a virtual UUCP address using either a domain address or the $k
7661 macro. Based on code contributed by Mark Lovell and Paul
7663 Add Stanford LDAP map. Requires special libraries that are not
7664 included with sendmail. Contributed by Booker C. Bense
7665 <bbense@networking.stanford.edu>; contact him for support.
7666 See also the src/READ_ME file.
7667 Allow -dANSI to turn on ANSI escape sequences in debug output; this
7668 puts metasymbols (e.g., $+) in reverse video. Really useful
7669 only for debugging deep bits of code where it is important to
7670 distinguish between the single-character metasymbol $+ and the
7671 two characters $, +.
7672 Changed ruleset 89 (executed in dumpstate()) to a named ruleset,
7674 Add new UnsafeGroupWrites option; if set, .forward and :include:
7675 files that are group writable are considered "unsafe" -- that
7676 is, programs and files referenced from such files are not
7678 Delete bogosity test for FallBackMX host; this prevented it to be a
7679 name that was not in DNS or was a domain-literal. Problem
7681 Change the introduction to error messages to more clearly delineate
7682 permanent from temporary failures; if both existed in a
7683 single message it could be confusing. Suggested by John
7684 Beck of InReference, Inc.
7685 The IngoreDot (i) option didn't work for lines that were terminated
7686 with CRLF. Problem noted by Ted Stockwell of Secure
7687 Computing Corporation.
7688 Add a heuristic to improve the handling of unbalanced `<' signs in
7689 message headers. Problem reported by Matt Dillon of Best
7690 Internet Communications.
7691 Check for bogus characters in the 0200-0237 range; since these are
7692 used internally, very strange errors can occur if those
7693 characters appear in headers. Problem noted by Anders Gertz
7695 Implement 7 -> 8 bit MIME conversions. This only takes place if the
7696 recipient mailer has the F=9 flag set, and only works on
7697 text/plain body types. Code contributed by Marius Olafsson
7698 of the University of Iceland.
7699 Special case "postmaster" name so that it is always treated as lower
7700 case in alias files regardless of configuration settings;
7701 this prevents some potential problems where "Postmaster" or
7702 "POSTMASTER" might not match "postmaster". In most cases
7703 this change is a no-op.
7704 The -o map flag was ignored for text maps. Problem noted by Bryan
7706 The -a map flag was ignored for dequote maps. Problem noted by
7708 Fix core dump when a lookup of a class "prog" map returns no
7709 response. Patch from Bryan Costales.
7710 Log instances where sendmail is deferring or rejecting connections
7711 on LogLevel 14. Suggested by Kyle Jones of UUNET.
7712 Include port number in process title for network daemons. Suggested
7713 by Kyle Jones of UUNET.
7714 Send ``double bounces'' (errors that occur when sending an error
7715 message) to the address indicated in the DoubleBounceAddress
7716 option (default: postmaster). Previously they were always
7717 sent to postmaster. Suggested by Kyle Jones of UUNET.
7718 Add new mode, -bD, that acts like -bd in all respects except that
7719 it runs in foreground. This is useful for using with a
7720 wrapper that "watches" system services. Suggested by Kyle
7722 Fix botch in spacing around (parenthesized) comments in addresses
7723 when the comment comes before the address. Patch from
7724 Motonori Nakamura of Kyoto University.
7725 Use the prefix "Postmaster notify" on the Subject: lines of messages
7726 that are being bounced to postmaster, rather than "Returned
7727 mail". This permits the person who is postmaster more
7728 easily determine what messages are to their role as
7729 postmaster versus bounces to mail they actually sent. Based
7730 on a suggestion by Motonori Nakamura.
7731 Add new value "time" for QueueSortOrder option; this causes the queue
7732 to be sorted strictly by the time of submission. Note that
7733 this can cause very bad behavior over slow lines (because
7734 large jobs will tend to delay small jobs) and on nodes with
7735 heavy traffic (because old things in the queue for hosts that
7736 are down delay processing of new jobs). Also, this does not
7737 guarantee that jobs will be delivered in submission order
7738 unless you also set DeliveryMode=queue. In general, it should
7739 probably only be used on the command line, and only in
7740 conjunction with -qRhost.domain. In fact, there are very few
7741 cases where it should be used at all. Based on an
7742 implementation by Motonori Nakamura.
7743 If a map lookup in ruleset 5 returns tempfail, queue the message in
7744 the same manner as other rulesets. Previously a temporary
7745 failure in ruleset 5 was ignored. Patch from Booker Bense
7746 of Stanford University.
7747 Don't proceed to the next MX host if an SMTP MAIL command returns a
7748 5yz (permanent failure) code. The next MX host will still be
7749 tried if the connection cannot be opened in the first place
7750 or if the MAIL command returns a 4yz (temporary failure) code.
7751 (It's hard to know what to do here, since neither RFC 974 nor
7752 RFC 1123 specify when to proceed to the next MX host.)
7753 Suggested by Jonathan Kamens of OpenVision, Inc.
7754 Add new "-t" flag for map definitions (the "K" line in the .cf file).
7755 This causes map lookups that get a temporary failure (e.g.,
7756 name server failure) to _not_ defer the delivery of the
7757 message. This should only be used if your configuration file
7758 is prepared to do something sensible in this case. Based on
7759 an idea by Gregory Shapiro of WPI.
7760 Fix problem finding network interface addresses. Patch from
7762 Don't reject qf entries that are not owned by your effective uid if
7763 you are not running set-user-ID; this makes management of
7764 certain kinds of firewall setups difficult. Patch
7765 suggested by Eamonn Coleman of Qualcomm.
7766 Add persistent host status. This keeps the information normally
7767 maintained within a single queue run in disk files that are
7768 shared between sendmail instances. The HostStatusDirectory
7769 is the directory in which the information is maintained. If
7770 not set, persistent host status is turned off. If not a full
7771 pathname, it is relative to the queue directory. A common
7772 value is ".hoststat".
7773 There are also two new operation modes:
7774 * -bh prints the status of hosts that have had recent
7776 * -bH purges the host statuses. No attempt is made to save
7777 recent status information.
7778 This feature was originally written by Paul Vixie of Vixie
7779 Enterprises for KJS and adapted for V8 by Mark Lovell of
7780 Bigrock Consulting. Paul's funding of Mark and Mark's patience
7781 with my insistence that things fit cleanly into the V8
7782 framework is gratefully appreciated.
7783 New SingleThreadDelivery option (requires HostStatusDirectory to
7784 operate). Avoids letting two sendmails on the local machine
7785 open connections to the same remote host at the same time.
7786 This reduces load on the other machine, but can cause mail to
7787 be delayed (for example, if one sendmail is delivering a huge
7788 message, other sendmails won't be able to send even small
7789 messages). Also, it requires another file descriptor (for the
7790 lock file) per connection, so you may have to reduce
7791 ConnectionCacheSize to avoid running out of per-process
7792 file descriptors. Based on the persistent host status code
7793 contributed by Paul Vixie and Mark Lovell.
7794 Allow sending to non-simple files (e.g., /dev/null) even if the
7795 SafeFileEnvironment option is set. Problem noted by Bryan
7797 The -qR flag mistakenly matched flags in the "R" line of the queue
7798 file. Problem noted by Bryan Costales.
7799 If a job was aborted using the interrupt signal (e.g., control-C from
7800 the keyboard), on some occasions an empty df file would be
7801 left around; these would collect in the queue directory.
7802 Problem noted by Bryan Costales.
7803 Change the makesendmail script to enhance the search for Makefiles
7804 based on release number. For example, on SunOS 5.5.1, it will
7805 search for Makefile.SunOS.5.5.1, Makefile.SunOS.5.5, and then
7806 Makefile.SunOS.5.x (in addition to the other rules, e.g.,
7807 adding $arch). Problem noted by Jason Mastaler of Atlanta
7809 When creating maps using "newaliases", always map the keys to lower
7810 case when creating the map unless the -f flag is specified on
7811 the map itself. Previously this was done based on the F=u
7812 flag in the local mailer, which meant you could create aliases
7813 that you could never access. Problem noted by Bob Wu of DEC.
7814 When a job was read from the queue, the bits causing notification on
7815 failure or delay were always set. This caused those
7816 notifications to be sent even if NOTIFY=NEVER had been
7817 specified. Problem noted by Steve Hubert of the University
7818 of Washington, Seattle.
7819 Add new configurable routine validate_connection (in conf.c). This
7820 lets you decide if you are willing to accept traffic from
7821 this host. If it returns FALSE, all SMTP commands will return
7822 "550 Access denied". -DTCPWRAPPERS will include support for
7823 TCP wrappers; you will need to add -lwrap to the link line.
7824 (See src/READ_ME for details.)
7825 Don't include the "THIS IS A WARNING MESSAGE ONLY" banner on postmaster
7826 bounces. Some people seemed to think that this could be
7827 confusing (even though it is true). Suggested by Motonori
7829 Add new RunAsUser option; this causes sendmail to do a setuid to that
7830 user early in processing to avoid potential security problems.
7831 However, this means that all .forward and :include: files must
7832 be readable by that user, and all files to be written must be
7833 writable by that user and all programs will be executed by that
7834 user. It is also incompatible with the SafeFileEnvironment
7835 option. In other words, it may not actually add much to
7836 security. However, it should be useful on firewalls and other
7837 places where users don't have accounts and the aliases file is
7839 Add Timeout.iconnect. This is like Timeout.connect except it is used
7840 only on the first attempt to delivery to an address. It could
7841 be set to be lower than Timeout.connect on the principle that
7842 the mail should go through quickly to responsive hosts; less
7843 responsive hosts get to wait for the next queue run.
7844 Fix a problem on Solaris that occasionally causes programs
7845 (such as vacation) to hang with their standard input connected
7846 to a UDP port. It also created some signal handling problems.
7847 The problems turned out to be an interaction between vfork(2)
7848 and some of the libraries, particularly NIS/NIS+. I am
7849 indebted to Tor Egge <tegge@idt.ntnu.no> for this fix.
7850 Change user class map to do the same matching that actual delivery
7851 will do instead of just a /etc/passwd lookup. This adds
7852 fuzzy matching to the user map. Patch from Dan Oscarsson.
7853 The Timeout.* options are not safe -- they can be used to create a
7854 denial-of-service attack. Problem noted by Christophe
7856 Don't send PostmasterCopy messages in the event of a "delayed"
7857 notification. Suggested by Barry Bouwsma.
7858 Don't advertise "VERB" ESMTP extension if the "noexpn" privacy
7859 option is set, since this disables VERB mode. Suggested
7860 by John Hawkinson of MIT.
7861 Complain if the QueueDirectory (Q) option is not set. Problem noted
7862 by Motonori Nakamura of Kyoto University.
7863 Only queue messages on transient .forward open failures if there
7864 were no successful opens. The previous behavior caused it
7865 to queue even if a "fall back" .forward was found. Problem
7866 noted by Ann-Kian Yeo of the Dept. of Information Systems
7867 and Computer Science (DISCS), NUS, Singapore.
7868 Don't do 8->7 bit conversions when bouncing a MIME message that
7869 is bouncing because of a MIME error during 8->7 bit conversion;
7870 the encapsulated message will bounce again, causing a loop.
7871 Problem noted by Steve Hubert of the University of Washington.
7872 Create xf (transcript) files using the TempFileMode option value
7873 instead of 0644. Suggested by Ann-Kian Yeo of the
7874 National University of Singapore.
7875 Print errors if setgid/setuid/etc. fail during delivery. This helps
7876 detect cases where DefaultUser is set to something that the
7877 system can't cope with.
7879 Support for AIX/RS 2.2.1 from Mark Whetzel of Western
7880 Atlas International.
7881 Patches for Intel Paragon OSF/1 1.3 from Leo Bicknell
7883 On DEC OSF/1 3.2 and earlier, the MatchGECOS code would only
7884 work on the first recipient of a message due to a
7885 bug in the getpwent family. If this is something you
7886 use, you can define DEC_OSF_BROKEN_GETPWENT=1 for a
7887 workaround. From Maximum Entropy of Sanford C.
7888 Bernstein and Associates.
7889 FreeBSD 1.1.5.1 uname -r returns a string containing
7890 parentheses, which breaks makesendmail. Reported
7891 by Piero Serini <piero@strider.ibenet.it>.
7892 Sequent DYNIX/ptx 4.0.2 patches from Jack Woolley of
7893 Systems and Computer Technology Corporation.
7894 Solaris 2.x: omit the UUCP grade parameter (-g flag) because
7895 it is system-dependent. Problem noted by J.J. Bailey
7896 of Bailey Computer Consulting.
7897 Pyramid NILE running DC/OSx support from Earle F. Ake of
7898 Hassler Communication Systems Technology, Inc.
7899 HP-UX 10.x compile glitches, reported by Anne Brink of the
7900 U.S. Army and James Byrne of Harte & Lyne Limited.
7901 NetBSD from Matthew Green of the NetBSD crew.
7902 SCO 5.x from Keith Reynolds of SCO.
7903 IRIX 6.2 from Robert Tarrall of the University of
7904 Colorado and Kari Hurtta of the Finnish Meteorological
7906 UXP/DS (Fujitsu/ICL DS/90 series) support from Diego R.
7907 Lopez, CICA (Seville).
7908 NCR SVR4 MP-RAS 3.x support from Tom Moore of NCR.
7909 PTX 3.2.0 from Kenneth Stailey of the US Department of Labor
7910 Employment Standards Administration.
7911 Altos System V (5.3.1) from Tim Rice of Multitalents.
7912 Concurrent Systems Corporation Maxion from Donald R. Laster
7914 NetInfo maps (improved debugging and multi-valued aliases)
7915 from Adrian Steinmann of Steinmann Consulting.
7916 ConvexOS 11.5 (including SecureWare C2 and the Share Scheduler)
7917 from Eric Schnoebelen of Convex.
7918 Linux 2.0 mail.local patches from Horst von Brand.
7919 NEXTSTEP 3.x compilation from Robert La Ferla.
7920 NEXTSTEP 3.x code changes from Allan J. Nathanson of NeXT.
7921 Solaris 2.5 configuration fixes for mail.local by Jim Davis
7922 of the University of Arizona.
7923 Solaris 2.5 has a working setreuid. Noted by David Linn of
7924 Vanderbilt University.
7925 Solaris changes for praliases, makemap, mailstats, and smrsh.
7926 Previously you had to add -DSOLARIS in Makefile.dist;
7927 this auto-detects. Based on a patch from Randall
7928 Winchester of the University of Maryland.
7929 CONFIG: add generic-nextstep3.3.mc file. Contributed by
7930 Robert La Ferla of Hot Software.
7931 CONFIG: allow mailertables to resolve to ``error:code message''
7932 (where "code" is an exit status) on domains (previously
7933 worked only on hosts). Patch from Cor Bosman of Xs4all
7935 CONFIG: hooks for IPv6-style domain literals.
7936 CONFIG: predefine ALIAS_FILE and change the prototype file so that
7937 if it is undefined the AliasFile option is never set; this
7938 should be transparent for most everyone. Suggested by John
7940 CONFIG: add FEATURE(limited_masquerade). Without this feature, any
7941 domain listed in $=w is masqueraded. With it, only those
7942 domains listed in a MASQUERADE_DOMAIN macro are masqueraded.
7943 CONFIG: add FEATURE(masquerade_entire_domain). This causes
7944 masquerading specified by MASQUERADE_DOMAIN to apply to all
7945 hosts under those domains as well as the domain headers
7946 themselves. For example, if a configuration had
7947 MASQUERADE_DOMAIN(foo.com), then without this feature only
7948 foo.com would be masqueraded; with it, *.foo.com would be
7949 masqueraded as well. Based on an implementation by Richard
7950 (Pug) Bainter of U. Texas.
7951 CONFIG: add FEATURE(genericstable) to do a more general rewriting of
7952 outgoing addresses. Defaults to ``hash -o /etc/genericstable''.
7953 Keys are user names; values are outgoing mail addresses. Yes,
7954 this does overlap with the user database, and figuring out
7955 just when to use which one may be tricky. Based on code
7956 contributed by Richard (Pug) Bainter of U. Texas with updates
7957 from Per Hedeland of Ericsson.
7958 CONFIG: add FEATURE(virtusertable) to do generalized rewriting of
7959 incoming addresses. Defaults to ``hash -o /etc/virtusertable''.
7960 Keys are either fully qualified addresses or just the host
7961 part (with the @ sign). For example, a table containing:
7962 info@foo.com foo-info
7963 info@bar.com bar-info
7964 @baz.org jane@elsewhere.net
7965 would send all mail destined for info@foo.com to foo-info
7966 (which is presumably an alias), mail addressed to info@bar.com
7967 to bar-info, and anything addressed to anyone at baz.org will
7968 be sent to jane@elsewhere.net. The names foo.com, bar.com,
7969 and baz.org must all be in $=w. Based on discussions with
7970 a great many people.
7971 CONFIG: add nullclient configurations to define SMTP_MAILER_FLAGS.
7972 Suggested by Richard Bainter.
7973 CONFIG: add FAX_MAILER_ARGS to tweak the arguments passed to the
7975 CONFIG: allow mailertable entries to resolve to local:user; this
7976 passes the original user@host in to procmail-style local
7977 mailers as the "detail" information to allow them to do
7978 additional clever processing. From Joe Pruett of
7979 Teleport Corporation. Delivery to the original user can
7980 be done by specifying "local:" (with nothing after the colon).
7981 CONFIG: allow any context that takes "mailer:domain" to also take
7982 "mailer:user@domain" to force mailing to the given user;
7983 "local:user" can also be used to do local delivery. This
7984 applies on *_RELAY and in the mailertable entries. Based
7985 on a suggestion by Ribert Kiessling of Easynet.
7986 CONFIG: Allow FEATURE(bestmx_is_local) to take an argument that
7987 limits the possible domains; this reduces the number of DNS
7988 lookups required to support this feature. For example,
7989 FEATURE(bestmx_is_local, my.site.com) limits the lookups
7990 to domains under my.site.com. Code contributed by Anthony
7991 Thyssen <anthony@cit.gu.edu.au>.
7992 CONFIG: LOCAL_RULESETS introduces any locally defined rulesets,
7993 such as the check_rcpt ruleset. Suggested by Gregory Shapiro
7995 CONFIG: MAILER_DEFINITIONS introduces any mailer definitions, in the
7996 event you have to define local mailers. Suggested by
7997 Gregory Shapiro of WPI.
7998 CONFIG: fix cases where a three- (or more-) stage route-addr could
7999 be misinterpreted as a list:...; syntax. Based on a patch by
8000 Vlado Potisk <Vlado_Potisk@tempest.sk>.
8001 CONFIG: Fix masquerading of UUCP addresses when the UUCP relay is
8002 remotely connected. The address host!user was being
8003 converted to host!user@thishost instead of host!user@uurelay.
8004 Problem noted by William Gianopoulos of Raytheon Company.
8005 CONFIG: add confTO_ICONNECT to set Timeout.iconnect.
8006 CONFIG: change FEATURE(redirect) message from "User not local" to
8007 "User has moved"; the former wording was confusing if the
8008 new address is still on the local host. Based on a suggestion
8010 CONFIG: add support in FEATURE(nullclient) for $=E (exposed users).
8011 However, the class is not pre-initialized to contain root.
8012 Suggested by Gregory Neil Shapiro.
8013 CONTRIB: Remove XLA code at the request of the author, Christophe
8015 CONTRIB: Add re-mqueue.pl, contributed by Paul Pomes of Qualcomm.
8016 MAIL.LOCAL: make it possible to compile mail.local on Solaris. Note
8017 well: this produces a slightly different mailbox format (no
8018 Content-Length: headers), file ownerships and modes are
8019 different (not owned by group mail; mode 600 instead of 660),
8020 and the local mailer flags will have to be tweaked (make them
8021 match bsd4.4) in order to use this mailer. Patches from Paul
8022 Hammann of the Missouri Research and Education Network.
8023 MAIL.LOCAL: in some cases it could return EX_OK even though there
8024 was a delivery error, such as if the ownership on the file
8025 was wrong or the mode changed between the initial stat and
8026 the open. Problem reported by William Colburn of the New
8027 Mexico Institute of Mining and Technology.
8028 MAILSTATS: handle zero length files more reliably. Patch from Bryan
8030 MAILSTATS: add man page contributed by Keith Bostic of BSDI.
8031 MAKEMAP: The -d flag (to allow duplicate keys) to a btree map wasn't
8032 honored. Fix from Michael Scott Shappe.
8033 PRALIASES: add man page contributed by Keith Bostic of BSDI.
8035 src/Makefiles/Makefile.AIX.2
8036 src/Makefiles/Makefile.IRIX.6.2
8037 src/Makefiles/Makefile.maxion
8038 src/Makefiles/Makefile.NCR.MP-RAS.3.x
8039 src/Makefiles/Makefile.SCO.5.x
8040 src/Makefiles/Makefile.UXPDSV20
8041 mailstats/mailstats.8
8042 praliases/praliases.8
8043 cf/cf/generic-nextstep3.3.mc
8044 cf/feature/genericstable.m4
8045 cf/feature/limited_masquerade.m4
8046 cf/feature/masquerade_entire_domain.m4
8047 cf/feature/virtusertable.m4
8051 cf/ostype/solaris2.ml.m4
8053 contrib/re-mqueue.pl
8055 src/Makefiles/Makefile.Solaris
8059 src/Makefiles/Makefile.NCR3000 => Makefile.NCR.MP-RAS.2.x
8060 src/Makefiles/Makefile.SCO.3.2v4.2 => Makefile.SCO.4.2
8061 src/Makefiles/Makefile.UXPDS => Makefile.UXPDSV10
8062 src/Makefiles/Makefile.NeXT => Makefile.NeXT.2.x
8063 src/Makefiles/Makefile.NEXTSTEP => Makefile.NeXT.3.x
8065 8.7.6/8.7.3 1996/09/17
8066 SECURITY: It is possible to force getpwuid to fail when writing the
8067 queue file, causing sendmail to fall back to running programs
8068 as the default user. This is not exploitable from off-site.
8069 Workarounds include using a unique user for the DefaultUser
8070 (old u & g options) and using smrsh as the local shell.
8071 SECURITY: fix some buffer overruns; in at least one case this allows
8072 a local user to get root. This is not known to be exploitable
8073 from off-site. The workaround is to disable chfn(1) commands.
8075 8.7.5/8.7.3 1996/03/04
8076 Fix glitch in 8.7.4 when putting certain internal lines; this can
8077 in some case cause connections to hang or messages to have
8078 extra spaces in odd places. Patch from Eric Wassenaar;
8079 reports from Eric Hall of Chiron Corporation, Stephen
8080 Hansen of Stanford University, Dean Gaudet of HotWired,
8083 8.7.4/8.7.3 1996/02/18
8084 SECURITY: In some cases it was still possible for an attacker to
8085 insert newlines into a queue file, thus allowing access to
8086 any user (except root).
8087 CONFIG: no changes -- it is not a bug that the configuration
8088 version number is unchanged.
8090 8.7.3/8.7.3 1995/12/03
8091 Fix botch in name server timeout in RCPT code; this problem caused
8092 two responses in SMTP, which breaks things horribly. Fix
8093 from Gregory Neil Shapiro of WPI.
8094 Verify that L= value on M lines cannot be negative, which could cause
8095 negative array subscripting. Not a security problem since
8096 this has to be in the config file, but it could have caused
8097 core dumps. Pointed out by Bryan Costales.
8098 Fix -d21 debug output for long macro names. Pointed out by Bryan
8101 SCO doesn't have ftruncate. From Bill Aten of Computerizers.
8102 IBM's version of arpa/nameser.h defaults to the wrong byte
8103 order. Tweak it to work properly. Based on fixes
8104 from Fletcher Mattox of UTexas and Betty Lee of
8105 Stanford University.
8106 CONFIG: add confHOSTS_FILE m4 variable to set HostsFile option.
8107 Deficiency pointed out by Bryan Costales of ICSI.
8109 8.7.2/8.7.2 1995/11/19
8110 REALLY fix the backslash escapes in SmtpGreetingMessage,
8111 OperatorChars, and UnixFromLine options. They were not
8112 properly repaired in 8.7.1.
8113 Completely delete the Bcc: header if and only if there are other
8114 valid recipient headers (To:, Cc: or Apparently-To:, the
8115 last being a historic botch, of course). If Bcc: is the
8116 only recipient header in the message, its value is tossed,
8117 but the header name is kept. The old behavior (always keep
8118 the header name and toss the value) allowed primary recipients
8119 to see that a Bcc: went to _someone_.
8120 Include queue id on ``Authentication-Warning: <host>: <user> set
8121 sender to <address> using -f'' syslog messages. Suggested
8123 If a sequence or switch map lookup entry gets a tempfail but then
8124 continues on to another map type, but the name is not found,
8125 return a temporary failure from the sequence or switch map.
8126 For example, if hosts search ``dns files'' and DNS fails
8127 with a tempfail, the hosts map will go on and search files,
8128 but if it fails the whole thing should be a tempfail, not
8129 a permanent (host unknown) failure, even though that is the
8130 failure in the hosts.files map. This error caused hard
8131 bounces when it should have requeued.
8132 Aliases to files such as /users/bar/foo/inbox, with /users/bar/foo
8133 owned by bar mode 700 and inbox being set-user-ID bar stopped
8134 working properly due to excessive paranoia. Pointed out by
8135 John Hawkinson of Panix.
8136 An SMTP RCPT command referencing a host that gave a nameserver
8137 timeout would return a 451 command (8.6 accepted it and
8138 queued it locally). Revert to the 8.6 behavior in order
8139 to simplify queue management for clustered systems. Suggested
8140 by Gregory Neil Shapiro of WPI. The same problem could break
8141 MH, which assumes that the SMTP session will succeed (tsk, tsk
8142 -- mail gets lost!); this was pointed out by Stuart Pook of
8144 Fix possible buffer overflow in munchstring(). This was not a security
8145 problem because you couldn't specify any argument to this
8146 without first giving up root privileges, but it is still a
8147 good idea to avoid future problems. Problem noted by John
8148 Hawkinson and Sam Hartman of MIT.
8149 ``452 Out of disk space for temp file'' messages weren't being
8150 printed. Fix from David Perlin of Nanosoft.
8151 Don't advertise the ESMTP DSN extension if the SendMimeErrors option
8152 is not set, since this is required to get the actual DSNs
8153 created. Problem pointed out by John Gardiner Myers of CMU.
8154 Log permission problems that cause .forward and :include: files to
8155 be untrusted or ignored on log level 12 and higher. Suggested
8156 by Randy Martin of Clemson University.
8157 Allow user ids in U= clauses of M lines to have hyphens and
8159 Fix overcounting of recipients -- only happened when sending to an
8160 alias. Pointed out by Mark Andrews of SGI and Jack Woolley
8161 of Systems and Computer Technology Corporation.
8162 If a message is sent to an address that fails, the error message that
8163 is returned could show some extraneous "success" information
8164 included even if the user did not request success notification,
8165 which was confusing. Pointed out by Allan Johannesen of WPI.
8166 Config files that had no AliasFile definition were defaulting to
8167 using /etc/aliases; this caused problems with nullclient
8168 configurations. Change it back to the 8.6 semantics of
8169 having no local alias file unless it is declared. Problem
8170 noted by Charles Karney of Princeton University.
8171 Fix compile problem if NOTUNIX is defined. Pointed out by Bryan
8173 Map lookups of class "userdb" maps were always case sensitive; they
8174 should be controlled by the -f flag like other maps. Pointed
8175 out by Bjart Kvarme <bjart.kvarme@usit.uio.no>.
8176 Fix problem that caused some addresses to be passed through ruleset 5
8177 even when they were tagged as "sticky" by prefixing the
8178 address with an "@". Patch from Thomas Dwyer III of Michigan
8179 Technological University.
8180 When converting a message to Quoted-Printable, prevent any lines with
8181 dots alone on a line by themselves. This is because of the
8182 preponderance of broken mailers that still get this wrong.
8183 Code contributed by Per Hedeland of Ericsson.
8184 Fix F{macro}/file construct -- it previously did nothing. Pointed
8185 out by Bjart Kvarme of USIT/UiO (Norway).
8186 Announce whether a cached connection is SMTP or ESMTP (in -v mode).
8187 Requested by Allan Johannesen.
8188 Delete check for text format of alias files -- it should be legal
8189 to have the database format of the alias files without the
8190 text version. Problem pointed out by Joe Rhett of Navigist,
8192 If "Ot" was specified with no value, the TZ variable was not properly
8193 imported from the environment. Pointed out by Frank Crawford
8194 <frank@ansto.gov.au>.
8195 Some architectures core dumped on "program" maps that didn't have
8196 extra arguments. Patch from Booker C. Bense of Stanford
8198 Queue run processes would re-spawn daemons when given a SIGHUP; only
8199 the parent should do this. Fix from Brian Coan of the
8200 Association for Progressive Communications.
8201 If MinQueueAge was set and a message was considered but not run
8202 during a queue run and the Timeout.queuereturn interval was
8203 reached, a "timed out" error message would be returned that
8204 didn't include the failed address (and claimed to be a warning
8205 even though it was fatal). The fix is to not return such
8206 messages until they are actually tried, i.e., in the next
8207 MinQueueAge interval. Problem noted by Rein Tollevik of
8209 Add HES_GETMAILHOST compile flag to support MIT Hesiod distributions
8210 that have the hes_getmailhost() routine. DEC Hesiod
8211 distributions do not have this routine. Based on a patch
8212 from Betty Lee of Stanford University.
8213 Extensive cleanups to map open code to handle a locking race condition
8214 in ndbm, hash, and btree format database files on some (most
8215 non-4.4-BSD based) OS architectures. This should solve the
8216 occasional "user unknown" problem during alias rebuilds that
8217 has plagued me for quite some time. Based on a patch from
8218 Thomas Dwyer III of Michigan Technological University.
8220 Solaris: Change location of newaliases and mailq from
8221 /usr/ucb to /usr/bin to match Sun settings. From
8222 James B. Davis of TCI.
8223 DomainOS: Makefile.DomainOS doesn't require -ldbm. From
8224 Don Lewis of Silicon Systems.
8225 HP-UX 10: rename Makefile.HP-UX.10 => Makefile.HP-UX.10.x
8226 so that the makesendmail script will find it. Pointed
8227 out by Richard Allen of the University of Iceland.
8228 Also, use -Aa -D_HPUX_SOURCE instead of -Ae, which
8229 isn't supported on all compilers.
8230 UXPDS: compilation fixes from Diego R. Lopez.
8231 CONFIG: FAX mailer wasn't setting .FAX as a pseudo-domain unless
8232 you also had a FAX_RELAY. From Thomas.Tornblom@Hax.SE.
8233 CONFIG: Minor glitch in S21 -- attachment of local domain name
8234 didn't have trailing dot. From Jim Hickstein of Teradyne.
8235 CONFIG: Fix best_mx_is_local feature to allow nested addresses such as
8236 user%host@thishost. From Claude Scarpelli of Infobiogen
8238 CONFIG: OSTYPE(hpux10) failed to define the location of the help file.
8239 Pointed out by Hannu Martikka of Nokia Telecommunications.
8240 CONFIG: Diagnose some inappropriate ordering in configuration files,
8241 such as FEATURE(smrsh) listed after MAILER(local). Based on
8242 a bug report submitted by Paul Hoffman of Proper Publishing.
8243 CONFIG: Make OSTYPE files consistently not override settings that
8244 have already been set. Previously it worked differently
8245 for different files.
8246 CONFIG: Change relay mailer to do masquerading like 8.6 did. My take
8247 is that this is wrong, but the change was causing problems
8248 for some people. From Per Hedeland of Ericsson.
8249 CONTRIB: bitdomain.c patch from John Gardiner Myers <jgm+@CMU.EDU>;
8250 portability changes for Posix environments (no functional
8253 8.7.1/8.7.1 1995/10/01
8254 Old macros that have become options (SmtpGreetingMessage,
8255 OperatorChars, and UnixFromLine) didn't allow backslash
8256 escapes in the options, where they previously had. Bug
8257 pointed out by John Hawkinson of MIT.
8258 Fix strange case of an executable called by a program map that
8259 returns a value but also a non-zero exit status; this
8260 would give contradictory results in the higher level; in
8261 particular, the default clause in the map lookup would be
8262 ignored. Change to ignore the value if the program returns
8263 non-zero exit status. From Tom Moore of AT&T GIS.
8264 Shorten parameters passed to syslog() in some contexts to avoid a
8265 bug in many vendors' implementations of that routine. Although
8266 this isn't really a bug in sendmail per se, and my solution
8267 has to assume that syslog() has at least a 1K buffer size
8268 internally (I know some vendors have shortened this
8269 dramatically -- they're on their own), sendmail is a popular
8270 target. Also, limit the size of %s arguments in sprintf.
8271 These both have possible security implications. Solutions
8272 suggested by Casper Dik of Sun's Network Security Group
8273 (Holland), Mark Seiden, and others.
8274 Fix a problem that might cause a non-standard -B (body type)
8275 parameter to be passed to the next server with undefined
8276 results. This could have security implications.
8277 If a filesystem was at > 100% utilization, the freediskspace()
8278 routine incorrectly returned an error rather than zero.
8279 Problem noted by G. Paul Ziemba of Alantec.
8280 Change MX sort order so that local hostnames (those in $=w) always
8281 sort first within a given preference. This forces the bestmx
8282 map to always return the local host first, if it is included
8283 in the list of highest priority MX records. From K. Robert
8285 Avoid some possible null pointer dereferences. Fixes from Randy
8286 Martin <WOLF@CLEMSON.EDU>
8287 When sendmail starts up on systems that have no fully qualified
8288 domain name (FQDN) anywhere in the first matching host map
8289 (e.g., /etc/hosts if the hosts service searches "files dns"),
8290 sendmail would sleep to try to find a FQDN, which it really
8291 really needs. This has been changed to fall through to the
8292 next map type if it can't find a FQDN -- i.e., if the hosts
8293 file doesn't have a FQDN, it will try dns even though the
8294 short name was found in /etc/hosts. This is probably a crock,
8295 but many people have hosts files without FQDNs. Remember:
8296 domain names are your friends.
8297 Log a high-priority message if you can't find your FQDN during startup.
8298 Suggested by Simon Barnes of Schlumberger Limited.
8299 When using Hesiod, initialize it early to improve error reporting.
8300 Patch from Don Lewis of Silicon Systems, Inc.
8301 Apparently at least some versions of Linux have a 90 !minute! TCP
8302 connection timeout in the kernel. Add a new "connect" timeout
8303 to limit this time. Defaults to zero (use whatever the
8304 kernel provides). Based on code contributed by J.R. Oldroyd
8306 Under some circumstances, a failed message would not be properly
8307 removed from the queue, causing tons of bogus error messages.
8308 (This fix eliminates the problematic EF_KEEPQUEUE flag.)
8309 Problem noted by Allan E Johannesen and Gregory Neil Shapiro
8312 On IRIX 5.x, there was an inconsistency in the setting
8313 of sendmail.st location. Change the Makefile to
8314 install it in /var/sendmail.st to match the OSTYPE
8315 file and SGI standards. From Andre
8316 <andre@curry.zfe.siemens.de>.
8317 Support for Fujitsu/ICL UXP/DS (For the DS/90 Series)
8318 from Diego R. Lopez <drlopez@cica.es>.
8319 Linux compilation patches from J.R. Oldroyd of TerraNet, Inc.
8320 LUNA 2 Mach patches from Motonori Nakamura.
8321 SunOS Makefile was including -ldbm, which is for the old
8322 dbm library. The ndbm library is part of libc.
8323 CONFIG: avoid bouncing ``user@host.'' (note trailing dot) with
8324 ``local configuration error'' in nullclient configuration.
8325 Patch from Gregory Neil Shapiro of WPI.
8326 CONFIG: don't allow an alias file in nullclient configurations --
8327 since all addresses are relayed, they give errors during
8328 rebuild. Suggested by Per Hedeland of Ericsson.
8329 CONFIG: local mailer on Solaris 2 should always get a -f flag because
8330 otherwise the F=S causes the From_ line to imply that root is
8331 the sender. Problem pointed out by Claude Scarpelli of
8332 Infobiogen (France).
8334 cf/feature/use_ct_file.m4 (omitted from 8.7 by mistake)
8335 src/Makefiles/Makefile.KSR (omitted from 8.7 by mistake)
8336 src/Makefiles/Makefile.UXPDS
8339 Fix a problem that could cause sendmail to run out of file
8340 descriptors due to a trashed data structure after a
8341 vfork. Fix from Brian Coan of the Institute for
8342 Global Communications.
8343 Change the VRFY response if you have disabled VRFY -- some
8344 people seemed to think that it was too rude.
8345 Avoid reference to uninitialized file descriptor if HASFLOCK
8346 was not defined. This was used "safely" in the sense
8347 that it only did a stat, but it would have set the
8348 map modification time improperly. Problem pointed out
8349 by Roy Mongiovi of Georgia Tech.
8350 Clean up the Subject: line on warning messages and return
8351 receipts so that they don't say "Returned mail:"; this
8353 Move ruleset entry/exit debugging from 21.2 to 21.1 -- this is
8354 useful enough to make it worthwhile printing on "-d".
8355 Avoid logging alias statistics every time you read the alias
8356 file on systems with no database method compiled in.
8357 If you have a name with a trailing dot, and you try looking it
8358 up using gethostbyname without the dot (for /etc/hosts
8359 compatibility), be sure to turn off RES_DEFNAMES and
8360 RES_DNSRCH to avoid finding the wrong name accidentally.
8361 Problem noted by Charles Amos of the University of
8363 Don't do timeouts in collect if you are not running SMTP.
8364 There is nothing that says you can't have a long
8365 running program piped into sendmail (possibly via
8366 /bin/mail, which just execs sendmail). Problem reported
8367 by Don "Truck" Lewis of Silicon Systems.
8368 Try gethostbyname() even if the DNS lookup fails iff option I
8369 is not set. This allows you to have hosts listed in
8370 NIS or /etc/hosts that are not known to DNS. It's normally
8371 a bad idea, but can be useful on firewall machines. This
8372 should really be broken out on a separate flag, I suppose.
8373 Avoid compile warnings against BIND 4.9.3, which uses function
8374 prototypes. From Don Lewis of Silicon Systems.
8375 Avoid possible incorrect diagnosis of DNS-related errors caused
8376 by things like attempts to resolve uucp names using
8377 $[ ... $] -- the fix is to clear h_errno at appropriate
8378 times. From Kyle Jones of UUNET.
8379 SECURITY: avoid denial-of-service attacks possible by destroying
8380 the alias database file by setting resource limits low.
8381 This involves adding two new compile-time options:
8382 HASSETRLIMIT (indicating that setrlimit(2) support is
8383 available) and HASULIMIT (indicating that ulimit(2) support
8384 is available -- the Release 3 form is used). The former
8385 is assumed on BSD-based systems, the latter on System
8386 V-based systems. Attack noted by Phil Brandenberger of
8387 Swarthmore University.
8388 New syntaxes in test (-bt) mode:
8389 ``.Dmvalue'' will define macro "m" to "value".
8390 ``.Ccvalue'' will add "value" to class "c".
8391 ``=Sruleset'' will dump the contents of the indicated
8393 ``=M'' will display the known mailers.
8394 ``-ddebug-spec'' is equivalent to the command-line
8396 ``$m'' will print the value of macro $m.
8397 ``$=c'' will print the contents of class $=c.
8398 ``/mx host'' returns the MX records for ``host''.
8399 ``/parse address'' will parse address, returning the value of
8400 crackaddr (essentially, the comment information)
8401 and the parsed address.
8402 ``/try mailer address'' will rewrite address into the form
8403 it will have when presented to the indicated mailer.
8404 ``/tryflags flags'' will set flags used by parsing. The
8405 flags can be `H' for header or `E' for envelope,
8406 and `S' for sender or `R' for recipient. These
8407 can be combined, so `HR' sets flags for header
8409 ``/canon hostname'' will try to canonify hostname and
8411 ``/map mapname key'' will look up `key' in the indicated
8412 `mapname' and return the result.
8413 Somewhat better handling of UNIX-domain socket addresses -- it
8414 should show the pathname rather than hex bytes.
8415 Restore ``-ba'' mode -- this reads a file from stdin and parses
8416 the header for envelope sender information and uses
8417 CR-LF as message terminators. It was thought to be
8418 obsolete (used only for Arpanet NCP protocols), but it
8419 turns out that the UK ``Grey Book'' protocols require
8421 Fix a fix in previous release -- if gethostname and gethostbyname
8422 return a name without dots, and if an attempt to canonify
8423 that name fails, wait one minute and try again. This can
8424 result in an extra 60 second delay on startup if your system
8425 hostname (as returned by hostname(1)) has no dot and no names
8426 listed in /etc/hosts or your NIS map have a dot.
8427 Check for proper domain name on HELO and EHLO commands per
8428 RFC 1123 section 5.2.5. Problem noted by Thomas Dwyer III
8429 of Michigan Technological University.
8430 Relax chownsafe rules slightly -- old version said that if you
8431 can't tell if _POSIX_CHOWN_RESTRICTED is set (that is,
8432 if fpathconf returned EINVAL or ENOSYS), assume that
8433 chown is not safe. The new version falls back to whether
8434 you are on a BSD system or not. This is important for
8435 SunOS, which apparently always returns one of those
8436 error codes. This impacts whether you can mail to files
8438 Syntax errors such as unbalanced parentheses in the configuration
8439 file could be omitted if you had "Oem" prior to the
8440 syntax error in the config file. Change to always print
8441 the error message. It was especially weird because it
8442 would cause a "warning" message to be sent to the Postmaster
8443 for every message sent (but with no transcript). Problem
8444 noted by Gregory Paris of Motorola.
8445 Rewrite collect and putbody to handle full 8-bit data, including
8446 zero bytes. These changes are internally extensive, but
8447 should have minimal impact on external function.
8448 Allow full words for option names -- if the option letter is
8449 (apparently) a space, then take the word following -- e.g.,
8451 The full list of old and new names is as follows:
8457 b MinFreeBlocks/MaxMessageSize
8458 C CheckpointInterval
8460 D AutoRebuildAliases
8473 k ConnectionCacheSize
8474 K ConnectionCacheTimeout
8501 The old macros that passed information into sendmail have
8502 been changed to options; those correspondences are:
8503 $e SmtpGreetingMessage
8506 $q (deleted -- not necessary)
8507 To avoid possible problems with an older sendmail,
8508 configuration level 6 is accepted by this version of
8509 sendmail; any config file using the new names should
8510 specify "V6" in the configuration.
8511 Change address parsing to properly note that a phrase before a
8512 colon and a trailing semicolon are essentially the same
8513 as text outside of angle brackets (i.e., sendmail should
8514 treat them as comments). This is to handle the
8515 ``group name: addr1, addr2, ..., addrN;'' syntax (it will
8516 assume that ``group name:'' is a comment on the first
8517 address and the ``;'' is a comment on the last address).
8518 This requires config file support to get right. It does
8519 understand that :: is NOT this syntax, and can be turned
8520 off completely by setting the ColonOkInAddresses option.
8521 Level 6 config files added with new mailer flags:
8522 A Addresses are aliasable.
8523 i Do udb rewriting on envelope as well as header
8524 sender lines. Applies to the from address mailer
8525 flags rather than the recipient mailer flags.
8526 j Do udb rewriting on header recipient addresses.
8527 Applies to the sender mailer flags rather than the
8528 recipient mailer flags.
8529 k Disable check for loops when doing HELO command.
8530 o Always run as the mail recipient, even on local
8532 w Check for an /etc/passwd entry for this user.
8533 5 Pass addresses through ruleset 5.
8534 : Check for :include: on this address.
8535 | Check for |program on this address.
8536 / Check for /file on this address.
8537 @ Look up sender header addresses in the user
8538 database. Applies to the mailer flags for the
8539 mailer corresponding to the envelope sender
8540 address, rather than to recipient mailer flags.
8541 Pre-level 6 configuration files set A, w, 5, :, |, /, and @
8542 on the "local" mailer, the o flag on the "prog" and "*file*"
8543 mailers, and the ColonOkInAddresses option.
8544 Eight-to-seven bit MIME conversions. This borrows ideas from
8545 John Beck of Hewlett-Packard, who generously contributed
8546 their implementation to me, which I then didn't use (see
8547 mime.c for an explanation of why). This adds the
8548 EightBitMode option (a.k.a. `8') and an F=8 mailer flag
8549 to control handling of 8-bit data. These have to cope with
8550 two types of 8-bit data: unlabelled 8-bit data (that is,
8551 8-bit data that is entered without declaring it as 8-bit
8552 MIME -- technically this is illegal according to the
8553 specs) and labelled 8-bit data (that is, it was declared
8554 as 8BITMIME in the ESMTP session or by using the
8555 -B8BITMIME command line flag). If the F=8 mailer flag is
8556 set then 8-bit data is sent to non-8BITMIME machines
8557 instead of converting to 7 bit (essentially using
8558 just-send-8 semantics). The values for EightBitMode are:
8559 m convert unlabelled 8-bit input to 8BITMIME, and do
8560 any necessary conversion of 8BITMIME to 7BIT
8561 (essentially, the full MIME option).
8562 p pass unlabelled 8-bit input, but convert labelled
8563 8BITMIME input to 7BIT as required (default).
8564 s strict adherence: reject unlabelled 8-bit input,
8565 convert 8BITMIME to 7BIT as required. The F=8
8567 Unlabelled 8-bit data is rejected in mode `s' regardless of
8569 Add new internal class 'n', which is the set of MIME Content-Types
8570 which can not be 8 to 7 bit encoded because of other
8571 considerations. Types "multipart/*" and "message/*" are
8572 never directly encoded (although their components can be).
8573 Add new internal class 's', which is the set of subtypes of the
8574 MIME message/* content type that can be treated as though
8575 they are an RFC822 message. It is predefined to have
8576 "rfc822". Suggested By Kari Hurtta.
8577 Add new internal class 'e'. This is the set of MIME
8578 Content-Transfer-Encodings that can be converted to
8579 a seven bit format (Quoted-Printable or Base64). It is
8580 preinitialized to contain "7bit", "8bit", and "binary".
8581 Add C=charset mailer parameter and the the DefaultCharSet option (no
8582 short name) to set the default character set to use in the
8583 Content-Type: header when doing encoding of an 8-bit message
8584 which isn't marked as MIME into MIME format. If the C=
8585 parameter is set on the Envelope From address, use that as
8586 the default encoding; else use the DefaultCharSet option.
8587 If neither is set, it defaults to "unknown-8bit" as
8588 suggested by RFC 1428 section 3.
8589 Allow ``U=user:group'' field in mailer definition to set a default
8590 user and group that a mailer will be executed as. This
8591 overrides the 'u' and 'g' options, and if the `F=S' flag is
8592 also set, it is the uid/gid that will always be used (that
8593 is, the controlling address is ignored). The values may be
8594 numeric or symbolic; if only a symbolic user is given (no
8595 group) that user's default group in the passwd file is used
8596 as the group. Based on code donated by Chip Rosenthal of
8598 Allow `u' option to also accept user:group as a value, in the same
8599 fashion as the U= mailer option.
8600 Add the symbolic time zone name in the Arpanet format dates (as
8601 a comment). This adds a new compile-time configuration
8602 flag: TZ_TYPE can be set to TZ_TM_NAME (use the value
8603 of (struct tm *)->tm_name), TZ_TM_ZONE (use the value
8604 of (struct tm *)->tm_zone), TZ_TZNAME (use extern char
8605 *tzname[(struct tm *)->tm_isdst]), TZ_TIMEZONE (use
8606 timezone()), or TZ_NONE (don't include the comment). Code
8607 from Chip Rosenthal.
8608 The "Timeout" option (formerly "r") is extended to allow suboptions.
8611 There are also two new suboptions "queuereturn" and
8612 "queuewarn"; these subsume the old T option. Thus, to
8613 set them both the preferred new syntax is
8614 O Timeout.queuereturn = 5d
8615 O Timeout.queuewarn = 4h
8616 Sort queue by host name instead of by message priority if the
8617 QueueSortOrder option (no short name) is set is set to
8618 ``host''. This makes better use of the connection cache,
8619 but may delay more ``interactive'' messages behind large
8620 backlogs under some circumstances. This is probably a
8621 good option if you have high speed links or don't do lots
8622 of ``batch'' messages, but less good if you are using
8623 something like PPP on a 14.4 modem. Based on code
8624 contributed by Roy Mongiovi of Georgia Tech (my main
8625 contribution was to make it configurable).
8626 Save i-number of df file in qf file to simplify rebuilding of queue
8627 after disastrous disk crash. Suggested by Kyle Jones of
8628 UUNET; closely based on code from KJS DECWRL code written
8629 by Paul Vixie. NOTA BENE: The qf files produced by 8.7
8630 are NOT back compatible with 8.6 -- that is, you can convert
8631 from 8.6 to 8.7, but not the other direction.
8632 Add ``F=d'' mailer flag to disable all use of angle brackets in
8633 route-addrs in envelopes; this is because in some cases
8634 they can be sent to the shell, which interprets them as
8636 Don't include error file (option E) with return-receipts; this
8638 Don't send "Warning: cannot send" messages to owner-* or
8639 *-request addresses. Suggested by Christophe Wolfhugel
8640 of the Institut Pasteur, Paris.
8641 Allow -O command line flag to set long form options.
8642 Add "MinQueueAge" option to set the minimum time between attempts
8643 to run the queue. For example, if the queue interval
8644 (-q value) is five minutes, but the minimum queue age
8645 is fifteen minutes, jobs won't be tried more often than
8646 once every fifteen minutes. This can be used to give
8647 you more responsiveness if your delivery mode is set to
8649 Allow "fileopen" timeout (default: 60 seconds) for opening
8650 :include: and .forward files.
8651 Add "-k", "-v", and "-z" flags to map definitions; these set the
8652 key field name, the value field name, and the field
8653 delimiter. The field delimiter can be a single character
8654 or the sequence "\t" or "\n" for tab or newline.
8655 These are for use by NIS+ and similar access methods.
8656 Change maps to always strip quotes before lookups; the -q flag
8657 turns off this behavior. Suggested by Motonori Nakamura.
8658 Add "nisplus" map class. Takes -k and -v flags to choose the
8659 key and value field names respectively. Code donated by
8661 Add "hesiod" map class. The "file name" is used as the
8662 "HesiodNameType" parameter to hes_resolve(3). Returns the
8663 first value found for the match. Code donated by Scott
8664 Hutton of Indiana University.
8665 Add "netinfo" (NeXT NetInfo) map class. Maps can have a -k flag to
8666 specify the name of the property that is searched as the
8667 key and a -v flag to specify the name of the property that
8668 is returned as the value (defaults to "members"). The
8669 default map is "/aliases". Some code based on code
8670 contributed by Robert La Ferla of Hot Software.
8671 Add "text" map class. This does slow, linear searches through
8672 text files. The -z flag specifies a column delimiter
8673 (defaults to any sequence of white space), the -k flag
8674 sets the key column number, and the -v flag sets the
8675 value column number. Lines beginning with `#' are treated
8677 Add "program" map class to execute arbitrary programs. The search
8678 key is presented as the last argument; the output is one
8679 line read from the programs standard output. Exit statuses
8680 are from sysexits.h.
8681 Add "sequence" map class -- searches maps in sequence until it
8682 finds a match. For example, the declarations:
8685 Kmapseq sequence map1 map2
8686 defines a map "mapseq" that first searches map1; if the
8687 value is found it is returned immediately, otherwise
8688 map2 is searched and the value returned.
8689 Add "switch" map class. This is much like "sequence" except that
8690 the ordering is fetched from an external file, usually
8691 the system service switch. The parameter is the name of
8692 the service to switch on, and the maps that it will use
8693 are the name of the switch map followed by ".service_type".
8694 For example, if the declaration of the map is
8695 Ksample switch hosts
8696 and the system service switch specifies that hosts are
8697 looked up using dns and nis in that order, then this is
8699 Ksample sequence sample.dns sample.nis
8700 The subordinate maps (sample.*) must already be defined.
8701 Add "user" map class -- looks up users using getpwnam. Takes a
8702 "-v field" flag on the definition that tells what passwd
8703 entry to return -- legal values are name, passwd, uid, gid,
8704 gecos, dir, and shell. Generally expected to be used with
8705 the -m (matchonly) flag.
8706 Add "bestmx" map class -- returns the best MX value for the host
8707 listed as the value. If there are several "best" MX records
8708 for this host, one will be chosen at random.
8709 Add "userdb" map class -- looks up entries in the user database.
8710 The "file name" is actually the tag that will be used,
8711 typically "mailname". If there are multiple entries
8712 matching the name, the one chosen is undefined.
8713 Add multiple queue timeouts (both return and warning). These are
8714 set by the Precedence: or Priority: header fields to one of
8715 three values. If a Priority: is set and has value "normal",
8716 "urgent", or "non-urgent" the corresponding timeouts are
8717 used. If no priority is set, the Precedence: is consulted;
8718 if negative, non-urgent timeouts are used; if greater than
8719 zero, urgent timeouts are used. Otherwise, normal timeouts
8720 are used. The timeouts are set by setting the six timeouts
8721 queue{warn,return}.{urgent,normal,non-urgent}.
8722 Fix problem when a mail address is resolved to a $#error mailer
8723 with a temporary failure indication; it works in SMTP,
8724 but when delivering locally the mail is silently discarded.
8725 This patch, from Kyle Jones of UUNET, bounces it instead
8726 of queueing it (queueing is very hard).
8727 When using /etc/hosts or NIS-style lookups, don't assume that
8728 the first name in the list is the best one -- instead,
8729 search for the first one with a dot. For example, if
8730 an /etc/hosts entry reads
8731 128.32.149.68 mammoth mammoth.CS.Berkeley.EDU
8732 this change will use the second name as the canonical
8733 machine name instead of the initial, unqualified name.
8734 Change dequote map to replace spaces in quoted text with a value
8735 indicated by the -s flag on the dequote map definition.
8736 For example, ``Mdequote dequote -s_'' will change
8737 "Foo Bar" into an unquoted Foo_Bar instead of leaving it
8738 quoted (because of the space character). Suggested by Dan
8739 Oscarsson for use in X.400 addresses.
8740 Implement long macro names as ${name}; long class names can
8741 be similarly referenced as $={name} and $~{name}.
8742 Definitions are (e.g.) ``D{name}value''. Names that have
8743 a leading lower case letter or punctuation characters are
8744 reserved for internal use by sendmail; i.e., config files
8745 should use names that begin with a capital letter. Based
8746 on code contributed by Dan Oscarsson.
8747 Fix core dump if getgrgid returns a null group list (as opposed
8748 to an empty group list, that is, a pointer to a list
8749 with no members). Fix from Andrew Chang of Sun Microsystems.
8750 Fix possible core dump if malloc fails -- if the malloc in xalloc
8751 failed, it called syserr which called newstr which called
8752 xalloc.... The newstr is now avoided for "panic" messages.
8753 Reported by Stuart Kemp of James Cook University.
8754 Improve connection cache timeouts; previously, they were not even
8755 checked if you were delivering to anything other than an
8756 IPC-connected host, so a series of (say) local mail
8757 deliveries could cause cached connections to be open
8758 much longer than the specified timeout.
8759 If an incoming message exceeds the maximum message size, stop
8760 writing the incoming bytes to the queue data file, since
8761 this can fill your mqueue partition -- this is a possible
8762 denial-of-service attack.
8763 Don't reject all numeric local user names unless HESIOD is
8764 defined. It turns out that Posix allows all-numeric
8765 user names. Fix from Tony Sanders of BSDI.
8766 Add service switch support. If the local OS has a service
8767 switch (e.g., /etc/nsswitch.conf on Solaris or /etc/svc.conf
8768 on DEC systems) that will be used; otherwise, it falls back
8769 to using a local mechanism based on the ServiceSwitchFile
8770 option (default: /etc/service.switch). For example, if the
8771 service switch lists "files" and "nis" for the aliases
8772 service, that will be the default lookup order. the "files"
8773 ("local" on DEC) service type expands to any alias files
8774 you listed in the configuration file, even if they aren't
8775 actually file lookups.
8776 Option I (NameServerOptions) no longer sets the "UseNameServer"
8777 variable which tells whether or not DNS should be considered
8778 canonical. This is now determined based on whether or not
8779 "dns" is in the service list for "hosts".
8780 Add preliminary support for the ESMTP "DSN" extension (Delivery
8781 Status Notifications). DSN notifications override
8782 Return-Receipt-To: headers, which are bogus anyhow --
8783 support for them has been removed.
8784 Add T=mts-name-type/address-type/diagnostic-type keyletter to mailer
8785 definitions to define the types used in DSN returns for
8786 MTA names, addresses, and diagnostics respectively.
8787 Extend heuristic to force running in ESMTP mode to look for the
8788 five-character string "ESMTP" anywhere in the 220 greeting
8789 message (not just the second line). This is to provide
8790 better compatibility with other ESMTP servers.
8791 Print sequence number of job when running the queue so you can
8792 easily see how much progress you have made. Suggested
8793 by Peter Wemm of DIALix.
8794 Map newlines to spaces in logged message-ids; some versions of
8795 syslog truncate the rest of the line after newlines.
8796 Suggested by Fletcher Mattox of U. Texas.
8797 Move up forking for job runs so that if a message is split into
8798 multiple envelopes you don't get "fork storms" -- this
8799 also improves the connection cache utilization.
8800 Accept "<<>>", "<<<>>>", and so forth as equivalent to "<>" for
8801 the purposes of refusing to send error returns. Suggested
8802 by Motonori Nakamura of Ritsumeikan University.
8803 Relax rules on when a file can be written when referenced from
8804 the aliases file: use the default uid/gid instead of the
8805 real uid/gid. This allows you to create a file owned by
8806 and writable only by the default uid/gid that will work
8807 all the time (without having the set-user-ID bit set). Change
8808 suggested by Shau-Ping Lo and Andrew Cheng of Sun
8810 Add "DialDelay" option (no short name) to provide an "extra"
8811 delay for dial on demand systems. If this is non-zero
8812 and a connect fails, sendmail will wait this long and
8813 then try again. If it takes longer than the kernel
8814 timeout interval to establish the connection, this
8815 option can give the network software time to establish
8816 the link. The default units are seconds.
8817 Move logging of sender information to be as early as possible;
8818 previously, it could be delayed a while for SMTP mail
8819 sent to aliases. Suggested by Brad Knowles of the
8820 Defense Information Systems Agency.
8821 Call res_init() before setting RES_DEBUG; this is required by
8822 BIND 4.9.3, or so I'm told. From Douglas Anderson of
8823 the National Computer Security Center.
8824 Add xdelay= field in logs -- this is a transaction delay, telling
8825 you how long it took to deliver to this address on the
8826 last try. It is intended to be used for sorting mailing
8827 lists to favor "quick" addresses. Provided for use by
8828 the mailprio scripts (see below).
8829 If a map cannot be opened, and that map is non-optional, and
8830 an address requires that map for resolution, queue the
8831 map instead of bouncing it. This involves creating a
8832 pseudo-class of maps called "bogus-map" -- if a required
8833 map cannot be opened, the class is changed to bogus-map;
8834 all queries against bogus-map return "tempfail". The
8835 bogus-map class is not directly accessible. A sample
8836 implementation was donated by Jem Taylor of Glasgow
8837 University Computing Service.
8838 Fix a possible core dump when mailing to a program that talks
8839 SMTP on its standard input. Fix from Keith Moore of
8840 the University of Kentucky.
8841 Make it possible to resolve filenames to $#local $: @ /filename;
8842 previously, the "@" would cause it to not be recognized
8843 as a file. Problem noted by Brian Hill of U.C. Davis.
8844 Accept a -1 signal to re-exec the daemon. This only works if
8845 argv[0] is a full path to sendmail.
8846 Fix bug in "addr=..." field in O option on little-endian machines
8847 -- the network number wasn't being converted to network
8848 byte order. Patch from Kurt Lidl of Pix Technologies
8850 Pre-initialize the resolver early on; this is to avoid a bug with
8851 BIND 4.9.3 that can cause the _res.retry field to get
8852 reset to zero, causing all name server lookups to time
8853 out. Fix from Matt Day of Artisoft.
8854 Restore T line (trusted users) in config file -- but instead of
8855 locking out the -f flag, they just tell whether or not
8856 an X-Authentication-Warning: will be added. This really
8857 just creates new entries in class 't', so "Ft/file/name"
8858 can be used to read trusted user names from a file.
8859 Trusted users are also allowed to execute programs even
8860 if they have a shell that isn't in /etc/shells.
8861 Improve NEWDB alias file rebuilding so it will create them
8862 properly if they do not already exist. This had been
8863 a MAYBENEXTRELEASE feature in 8.6.9.
8864 Check for @:@ entry in NIS maps before starting up to avoid
8865 (but not prevent, sigh) race conditions. This ought to
8866 be handled properly in ypserv, but isn't. Suggested by
8867 Michael Beirne of Motorola.
8868 Refuse connections if there isn't enough space on the filesystem
8869 holding the queue. Contributed by Robert Dana of Wolf
8871 Skip checking for directory permissions in the path to a file
8872 when checking for file permissions iff setreuid()
8873 succeeded -- it is unnecessary in that case. This avoids
8874 significant performance problems when looking for .forward
8875 files. Based on a suggestion by Win Bent of USC.
8876 Allow symbolic ruleset names. Syntax can be "Sname" to get an
8877 arbitrary ruleset number assigned or "Sname = integer"
8878 to assign a specific ruleset number. Reference is
8879 $>name_or_number. Names can be composed of alphas, digits,
8880 underscore, or hyphen (first character must be non-numeric).
8881 Allow -o flag on AliasFile lines to make the alias file optional.
8882 From Bryan Costales of ICSI.
8883 Add NoRecipientAction option to handle the case where there is
8884 no legal recipient header in the message. It can take
8886 None Leave the message as is. The
8887 message will be passed on even
8888 though it is in technically
8890 Add-To Add a To: header with any
8891 recipients that it can find from
8892 the envelope. This risks exposing
8894 Add-Apparently-To Add an Apparently-To: header. This
8895 has almost no redeeming social value,
8896 and is provided only for back
8898 Add-To-Undisclosed Add a header reading
8899 To: undisclosed-recipients:;
8900 which will have the effect of
8901 making the message legal without
8902 exposing Bcc: recipients.
8903 Add-Bcc To add an empty Bcc: header.
8904 There is a chance that mailers down
8905 the line will delete this header,
8906 which could cause exposure of Bcc:
8908 The default is NoRecipientAction=None.
8909 Truncate (rather than delete) Bcc: lines in the header. This
8910 should prevent later sendmails (at least, those that don't
8911 themselves delete Bcc:) from considering this message to
8912 be non-conforming -- although it does imply that non-blind
8913 recipients can see that a Bcc: was sent, albeit not to whom.
8914 Add SafeFileEnvironment option. If declared, files named as delivery
8915 targets must be regular files in addition to the regular
8916 checks. Also, if the option is non-null then it is used as
8917 the name of a directory that is used as a chroot(2)
8918 environment for the delivery; the file names listed in an
8919 alias or forward should include the name of this root.
8920 For example, if you run with
8921 O SafeFileEnvironment=/arch
8922 then aliases should reference "/arch/rest/of/path". If a
8923 value is given, sendmail also won't try to save to
8924 /usr/tmp/dead.letter (instead it just leaves the job in the
8925 queue as Qfxxxxxx). Inspired by *Hobbit*'s sendmail patch kit.
8926 Support -A flag for alias files; this will comma concatenate like
8927 entries. For example, given the aliases:
8930 and an alias file declared as:
8931 OAhash:-A /etc/aliases
8932 the final alias inserted will be "list: member1,member2";
8933 without -A you will get an error on the second and subsequent
8934 alias for "list". Contributed by Bryan Costales of ICSI.
8935 Line-buffer transcript file. Suggested by Liudvikas Bukys.
8936 Fix a problem that could cause very long addresses to core dump in
8937 some special circumstances. Problem pointed out by Allan
8939 (Internal change.) Change interface to expand() (macro expansion)
8940 to be simpler and more consistent.
8941 Delete check for funny qf file names. This didn't really give
8942 any extra security and caused some people some problems.
8943 (If you -really- want this, define PICKY_QF_NAME_CHECK
8944 at compile time.) Suggested by Kyle Jones of UUNET.
8945 (Internal change.) Change EF_NORETURN to EF_NO_BODY_RETN and
8946 merge with DSN code; this is simpler and more consistent.
8947 This may affect some people who have written their own
8948 checkcompat() routine.
8949 (Internal change.) Eliminate `D' line in qf file. The df file
8950 is now assumed to be the same name as the qf file (with
8951 the `q' changed to a `d', of course).
8952 Avoid forking for delivery if all recipient mailers are marked as
8953 "expensive" -- this can be a major cost on some systems.
8954 Essentially, this forces sendmail into "queue only" mode
8955 if all it is going to do is queue anyway.
8956 Avoid sending a null message in some rather unusual circumstances
8957 (specifically, the RCPT command returns a temporary
8958 failure but the connection is lost before the DATA
8959 command). Fix from Scott Hammond of Secure Computing
8961 Change makesendmail to use a somewhat more rational naming scheme:
8962 Makefiles and obj directories are named $os.$rel.$arch,
8963 where $os is the operating system (e.g., SunOS), $rel is
8964 the release number (e.g., 5.3), and $arch is the machine
8965 architecture (e.g., sun4). Any of these can be omitted,
8966 and anything after the first dot in a release number can
8967 be replaced with "x" (e.g., SunOS.4.x.sun4). The previous
8968 version used $os.$arch.$rel and was rather less general.
8969 Change makesendmail to do a "make depend" in the target directory
8970 when it is being created. This involves adding an empty
8971 "depend:" entry in most Makefiles.
8972 Ignore IDENT return value if the OSTYPE field returns "OTHER",
8973 as indicated by RFC 1413. Pointed out by Kari Hurtta
8974 of the Finnish Meteorological Institute.
8975 Fix problem that could cause multiple responses to DATA command
8976 on header syntax errors (e.g., lines beginning with colons).
8977 Problem noted by Jens Thomassen of the University of Oslo.
8978 Don't let null bytes in headers cause truncation of the rest of
8980 Log Authentication-Warning:s. Suggested by Motonori Nakamura.
8981 Increase timeouts on message data puts to allow time for receivers
8982 to canonify addresses in headers on the fly. This is still
8983 a rather ugly heuristic. From Motonori Nakamura.
8984 Add "HasWildcardMX" suboption to ResolverOptions; if set, MX
8985 records are not used when canonifying names, and when MX
8986 lookups are done for addressing they must be fully
8987 qualified. This is useful if you have a wildcard MX record,
8988 although it may cause other problems. In general, don't use
8989 wildcard MX records. Patch from Motonori Nakamura.
8990 Eliminate default two-line SMTP greeting message. Instead of
8991 adding an extra "ESMTP spoken here" line, the word "ESMTP"
8992 is added between the first and second word of the first
8993 line of the greeting message (i.e., immediately after the
8994 host name). This eliminates the need for the BROKEN_SMTP_PEERS
8995 compile flag. Old sendmails won't see the ESMTP, but that's
8996 acceptable because SIZE was the only useful extension that
8997 old sendmails understand.
8998 Avoid gethostbyname calls on UNIX domain sockets during SIGUSR1
8999 invoked state dumps. From Masaharu Onishi.
9000 Allow on-line comments in .forward and :include: files; they are
9001 introduced by the string "<LWSP>#@#<LWSP>", where <LWSP>
9002 is a space or a tab. This is intended for native
9003 representation of non-ASCII sets such as Japanese, where
9004 existing encodings would be unreadable or would lose
9005 data -- for example,
9006 <motonori@cs.ritsumei.ac.jp> NAKAMURA Motonori
9007 (romanized/less information)
9008 <motonori@cs.ritsumei.ac.jp> =?ISO-2022-JP?B?GyRCQ2ZCPBsoQg==?=
9009 =?ISO-2022-JP?B?GyRCQUdFNRsoQg==?=
9010 (with MIME encoding, not human readable)
9011 <motonori@cs.ritsumei.ac.jp> #@# ^[$BCfB<^[(B ^[$BAGE5^[(B
9012 (native encoding with ISO-2022-JP)
9013 The last form is human readable in the Japanese environment.
9014 Based on a fix from (surprise!) Motonori Nakamura.
9015 Don't make SMTP error returns on MAIL FROM: line be "sticky" for all
9016 messages to that host; these are most frequently associated
9017 with addresses rather than the host, with the exception of
9018 421 (service shutting down). The effect was to cause queues
9019 to sometimes take an excessive time to flush. Reported by
9020 Robert Sargent of Southern Geographics Technologies and
9021 Eric Prestemon of American University.
9022 Add Nice=N mailer option to set the niceness at which a mailer will
9023 run. This is actually a relative niceness (that is, an
9024 increment on the background value).
9025 Log queue runs that are skipped due to high loads. They are logged
9026 at LOG_INFO priority iff the log level is > 8. Contributed
9027 by Bruce Nagel of Data General.
9028 Allow the error mailer to accept a DSN-style error status code
9029 instead of an sysexits status code in the host part.
9030 Anything with a dot will be interpreted as a DSN-style code.
9031 Add new mailer flag: F=3 will tell translations to Quoted-Printable
9032 to encode characters that might be munged by an EBCDIC system
9033 in addition to the set required by RFC 1521. The additional
9034 characters are !, ", #, $, @, [, \, ], ^, `, {, |, }, and ~.
9035 (Think of "IBM 360" as the mnemonic for this flag.)
9036 Change check for mailing to files to look for a pathname of [FILE]
9037 rather than looking for the mailer named *file*. The mapping
9038 of leading slashes still goes to the *file* mailer. This
9039 allows you to implement the *file* mailer as a separate
9040 program, for example, to insert a Content-Length: header
9041 or do special security policy. However, note that the usual
9042 initial checking for the file permissions is still done, and
9043 the program in question needs to be very careful about how
9044 it does the file write to avoid security problems.
9045 Be able to read ~root/.forward even if the path isn't accessible to
9046 regular users. This is disrecommended because sendmail
9047 sometimes does not run as root (e.g., when an unsafe option
9048 is specified on the command line), but should otherwise be
9049 safe because .forward files must be owned by the user for
9050 whom mail is being forwarded, and cannot be a symbolic link.
9051 Suggested by Forrest Aldrich of Wang Laboratories.
9052 Add new "HostsFile" option that is the pathname to the /etc/hosts
9053 file. This is used for canonifying hostnames when the
9054 service type is "files".
9055 Implement programs on F (read class from file) line. The syntax is
9056 Fc|/path/to/program to read the output from the program
9058 Probe the network interfaces to find alternate names for this
9059 host. Requires the SIOCGIFCONF ioctl call. Code
9060 contributed by SunSoft.
9061 Add "E" configuration line to set or propagate environment
9062 variables into children. "E<envar>" will propagate
9063 the named variable from the environment when sendmail
9064 was invoked into any children it calls; "E<envar>=<value>"
9065 sets the named variable to the indicated value. Any
9066 variables not explicitly named will not be in the child
9067 environment. However, sendmail still forces an
9068 "AGENT=sendmail" environment variable, in part to enforce
9069 at least one environment variable, since many programs and
9070 libraries die horribly if this is not guaranteed.
9071 Change heuristic for rebuilding both NEWDB and NDBM versions of
9072 alias databases -- new algorithm looks for the substring
9073 "/yp/" in the file name. This is more portable and involves
9074 less overhead. Suggested by Motonori Nakamura.
9075 Dynamically allocate the queue work list so that you don't lose
9076 jobs in large queue runs. The old QUEUESIZE compile parameter
9077 is replaced by QUEUESEGSIZE (the unit of allocation, which
9078 should not need to be changed) and the MaxQueueRunSize option,
9079 which is the absolute maximum number of jobs that will ever
9080 be handled in a single queue run. Based on code contributed
9081 by Brian Coan of the Institute for Global Communications.
9082 Log message when a message is dropped because it exceeds the maximum
9083 message size. Suggested by Leo Bicknell of Virginia Tech.
9084 Allow trusted users (those on a T line or in $=t) to use -bs without
9085 an X-Authentication-Warning: added. Suggested by Mark Thomas
9086 of Mark G. Thomas Consulting.
9087 Announce state of compile flags on -d0.1 (-d0.10 throws in the
9088 OS-dependent defines). The old semantic of -d0.1 to not
9089 run the daemon in background has been moved to -d99.100,
9090 and the old 52.5 flag (to avoid disconnect() from closing
9091 all output files) has been moved to 52.100. This makes
9092 things more consistent (flags below .100 don't change
9093 semantics) and separates out the backgrounding so that
9094 it doesn't happen automatically on other unrelated debugging
9096 If -t is used but no addresses are found in the header, give an
9097 error message rather than just doing nothing. Fix from
9099 On systems (like SunOS) where the effective gid is not necessarily
9100 included in the group list returned by getgroups(), the
9101 `restrictmailq' option could sometimes cause an authorized
9102 user to not be able to use `mailq'. Fix from Charles Hannum
9104 Allow symbolic service names for [IPC] mailers. Suggested by
9105 Gerry Magennis of Logica International.
9106 Add DontExpandCnames option to prevent $[ ... $] from expanding CNAMEs
9107 when running DNS. For example, if the name FTP.Foo.ORG is
9108 a CNAME for Cruft.Foo.ORG, then when sitting on a machine in
9109 the Foo.ORG domain a lookup of "FTP" returns "Cruft.Foo.ORG"
9110 if this option is not set, or "FTP.Foo.ORG" if it is set.
9111 This is technically illegal under RFC 822 and 1123, but the
9112 IETF is moving toward legalizing it. Note that turning on
9113 this option is not sufficient to guarantee that a downstream
9114 neighbor won't rewrite the address for you.
9115 Add "-m" flag to makesendmail script -- this tells you what object
9116 directory and Makefile it will use, but doesn't actually do
9118 Do some additional checking on the contents of the qf file to try
9119 to detect attacks against the qf file. In particular,
9120 abort on any line beginning "From ", and add an "end of
9121 file" line -- any data after that line is prohibited.
9122 Always use /etc/sendmail.cf, regardless of the arbitrary vendor
9123 choices. This can be overridden in the Makefile by using
9124 either -DUSE_VENDOR_CF_PATH to get the vendor location
9125 (to the extent that we know it) or by defining
9126 _PATH_SENDMAILCF (which is a "hard override"). This allows
9127 sendmail 8 to have more consistent installation instructions.
9128 Allow macros on `K' line in config file. Suggested by Andrew Chang
9129 of Sun Microsystems.
9130 Improved symbol table hash function from Eric Wassenaar. This one
9131 is at least 50% faster.
9132 Fix problem that didn't notice that timeout on file open was a
9133 transient error. Fix from Larry Parmelee of Cornell
9135 Allow comments (lines beginning with a `#') in files read for
9136 classes. Suggested by Motonori Nakamura.
9137 Make SIGINT (usually ^C) in test mode return to the prompt instead
9138 of dropping out entirely. This makes testing some of the
9139 name server lookups easier to deal with when there are
9140 hung servers. From Motonori Nakamura.
9141 Add new ${opMode} macro that is set to the current operation mode
9142 (e.g., `s' for -bs, `t' for -bt, etc.). Suggested by
9143 Claude Marinier <MARINIER@emp.ewd.dreo.dnd.ca>.
9144 Add new delivery mode (Odd) that defers all map lookups to queue runs.
9145 Kind of like queue-only mode (Odq) except it tries to avoid
9146 any external service requests; for dial-on-demand hosts that
9147 want to minimize DNS lookups when mail is being queued. For
9148 this to work you will also have to make sure that gethostbyname
9149 of your local host name does not do a DNS lookup.
9150 Improved handling of "out of space" conditions from John Myers of
9152 Improved security for mailing to files on systems that have fchmod(2)
9154 Improve "cannot send message for N days" message -- now says "could
9155 not send for past N days". Suggested by Tom Moore of AT&T
9156 Global Information Solutions.
9157 Less misleading Subject: line on messages sent to postmaster only.
9158 From Motonori Nakamura.
9159 Avoid duplicate error messages on bad command line flags. From
9161 Better error message for case where ruleset 0 falls off the end
9162 or otherwise does not resolve to a canonical triple.
9163 Fix a problem that could cause multiple bounce messages if a bad
9164 address was sent along with a good address to an SMTP
9165 site where that SMTP site returned a 4yz code in response
9166 to the final dot of the data. Problem reported by David
9167 James of British Telecom.
9168 Add "volatile" declarations so that gcc -O2 will work. Patches
9169 from Alexander Dupuy of System Management ARTS.
9170 Delete duplicates in MX lists -- believe it or not, there are sites
9171 that list the same host twice in an MX list. This deletion
9172 only works on adjacent preferences, so an MX list that
9173 had A=5, B=10, A=15 would leave both As, but one that had
9174 A=5, A=10, B=15 would reduce to A, B. This is intentional,
9175 just in case there is something weird I haven't thought of.
9176 Suggested by Barry Shein of Software Tool & Die.
9177 SECURITY: .forward files cannot be symbolic links. If they are,
9178 a bad guy can read your private files.
9180 Solaris 2 from Rob McMahon <cudcv@csv.warwick.ac.uk>.
9181 System V Release 4 from Motonori Nakamura of Ritsumeikan
9182 University. This expands the disk size
9183 checking to include all (?) SVR4 configurations.
9184 System V Release 4 from Kimmo Suominen -- initgroups(3)
9185 and setrlimit(2) are both available.
9186 System V Release 4 from sob@sculley.ffg.com -- some versions
9187 apparently "have EX_OK defined in other headerfiles."
9188 Linux Makefile typo.
9189 Linux getusershell(3) is broken in Slackware 2.0 --
9190 from Andrew Pam of Xanadu Australia.
9191 More Linux tweaking from John Kennedy of California State
9193 Cray changes from Eric Wassenaar: ``On Cray, shorts,
9194 ints, and longs are all 64 bits, and all structs
9195 are multiples of 64 bits. This means that the
9196 sizeof operator returns only multiples of 8.
9197 This requires adaptation of code that really
9198 deals with 32 bit or 16 bit fields, such as IP
9199 addresses or nameserver fields.''
9200 DG/UX 5.4.3 from Mark T. Robinson <mtr@ornl.gov>. To
9201 get the old behavior, use -DDGUX_5_4_2.
9202 DG/UX hack: add _FORCE_MAIL_LOCAL_=yes environment
9203 variable to fix bogus /bin/mail behavior.
9204 Tandem NonStop-UX from Rick McCarty <mccarty@mpd.tandem.com>.
9205 This also cleans up some System V Release 4 compile
9207 Solaris 2: sendmail.cw file should be in /etc/mail to
9208 match all the other configuration files. Fix
9209 from Glenn Barry of Emory University.
9210 Solaris 2.3: compile problem in conf.c. Fix from Alain
9211 Nissen of the University of Liege, Belgium.
9212 Ultrix: freespace calculation was incorrect. Fix from
9213 Takashi Kizu of Osaka University.
9214 SVR4: running in background gets a SIGTTOU because the
9215 emulation code doesn't realize that "getpeername"
9216 doesn't require reading the file. Fix from Peter
9218 Solaris 2.3: due to an apparent bug in the socket emulation
9219 library, sockets can get into a "wedged" state where
9220 they just return EPROTO; closing and re-opening the
9221 socket clears the problem. Fix from Bob Manson
9222 of Ohio State University.
9223 Hitachi 3050R & 3050RX running HI-UX/WE2: portability
9224 fixes from Akihiro Hashimoto ("Hash") of Chiba
9226 AIX changes to allow setproctitle to work from Rainer Schöpf
9227 of Zentrum für Datenverarbeitung der Universität
9229 AIX changes for load average from Ed Ravin of NASA/Goddard.
9230 SCO Unix from Chip Rosenthal of Unicom (code was using the
9232 ANSI C fixes from Adam Glass (NetBSD project).
9233 Stardent Titan/ANSI C fixes from Kate Hedstrom of Rutgers
9235 DG-UX fixes from Bruce Nagel of Data General.
9236 IRIX64 updates from Mark Levinson of the University of
9237 Rochester Medical Center.
9238 Altos System V (``the first UNIX/XENIX merge the Altos
9239 did for their Series 1000 & Series 2000 line;
9240 their merged code was licensed back to AT&T and
9241 Microsoft and became System V release 3.2'') from
9242 Tim Rice <timr@crl.com>.
9243 OSF/1 running on Intel Paragon from Jeff A. Earickson
9244 <jeff@ssd.intel.com> of Intel Scalable Systems
9246 Amdahl UTS System V 2.1.5 (SVr3-based) from Janet Jackson
9247 <janet@dialix.oz.au>.
9248 System V Release 4 (statvfs semantic fix) from Alain
9250 HP-UX 10.x multiprocessor load average changes from
9251 Scott Hutton and Jeff Sumler of Indiana University.
9252 Cray CSOS from Scott Bolte of Cray Computer Corporation.
9253 Unicos 8.0 from Douglas K. Rand of the University of North
9254 Dakota, Scientific Computing Center.
9255 Solaris 2.4 fixes from Sanjay Dani of Dani Communications.
9256 ConvexOS 11.0 from Christophe Wolfhugel.
9257 IRIX 4.0.5 from David Ashton-Reader of CADcentre.
9258 ISC UNIX from J. J. Bailey.
9259 HP-UX 9.xx on the 8xx series machines from Remy Giraud
9261 HP-UX configuration from Tom Lane <tgl@sss.pgh.pa.us>.
9262 IRIX 5.2 and 5.3 from Kari E. Hurtta.
9263 FreeBSD 2.0 from Mike Hickey of Federal Data Corporation.
9264 Sony NEWS-OS 4.2.1R and 6.0.3 from Motonori Nakamura.
9265 Omron LUNA unios-b, mach from Motonori Nakamura.
9266 NEC EWS-UX/V 4.2 from Motonori Nakamura.
9267 NeXT 2.1 from Bryan Costales.
9268 AUX patch thanks to Mike Erwin of Apple Computer.
9269 HP-UX 10.0 from John Beck of Hewlett-Packard.
9270 Ultrix: allow -DBROKEN_RES_SEARCH=0 if you are using a
9271 non-DEC resolver. Suggested by Allan Johannesen.
9272 UnixWare 2.0 fixes from Petr Lampa of the Technical
9273 University of Brno (Czech Republic).
9274 KSR OS 1.2.2 support from Todd Miller of the University
9276 UX4800 support from Kazuhisa Shimizu of NEC.
9277 MAKEMAP: allow -d flag to allow insertion of duplicate aliases
9278 in type ``btree'' maps. The semantics of this are undefined
9279 for regular maps, but it can be useful for the user database.
9280 MAKEMAP: lock database file while rebuilding to avoid sendmail
9281 lookups while the rebuild is going on. There is a race
9282 condition between the open(... O_TRUNC ...) and the lock
9283 on the file, but it should be quite small.
9284 SMRSH: sendmail restricted shell added to the release. This can
9285 be used as an alternative to /bin/sh for the "prog" mailer,
9286 giving the local administrator more control over what
9287 programs can be run from sendmail.
9288 MAIL.LOCAL: add this local mailer to the tape. It is not really
9289 part of the release proper, and isn't fully supported; in
9290 particular, it does not run on System V based systems and
9292 CONTRIB: a patch to rmail.c from Bill Gianopoulos of Raytheon
9293 to allow rmail to compile on systems that don't have
9294 function prototypes and systems that don't have snprintf.
9295 CONTRIB: add the "mailprio" scripts that will help you sort mailing
9296 lists by transaction delay times so that addresses that
9297 respond quickly get sent first. This is to prevent very
9298 sluggish servers from delaying other peoples' mail.
9299 Contributed by Tony Sanders of BSDI.
9300 CONTRIB: add the "bsdi.mc" file as contributed by Tony Sanders
9301 of BSDI. This has a lot of comments to help people out.
9302 CONFIG: Don't have .mc files include(../m4/cf.m4) -- instead,
9303 put this on the m4 command line. On GNU m4 (which
9304 supports the __file__ primitive) you can run m4 in an
9305 arbitrary directory -- use either:
9306 m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf
9308 m4 -I${CFDIR} m4/cf.m4 config.mc > config.cf
9309 On other versions of m4 that don't support __file__, you
9311 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 ...
9312 (Note the trailing slash on the _CF_DIR_ definition.)
9313 Old versions of m4 will default to _CF_DIR_=.. for back
9315 CONFIG: fix mail from <> so it will properly convert to
9316 MAILER-DAEMON on local addresses.
9317 CONFIG: fix code that was supposed to catch colons in host
9318 names. Problem noted by John Gardiner Myers of CMU.
9319 CONFIG: allow use of SMTP_MAILER_MAX in nullclient configuration.
9320 From Paul Riddle of the University of Maryland, Baltimore
9322 CONFIG: Catch and reject "." as a host address.
9323 CONFIG: Generalize domaintable to look up all domains, not
9324 just unqualified ones.
9325 CONFIG: Delete OLD_SENDMAIL support -- as near as I can tell, it
9326 was never used and didn't work anyway.
9327 CONFIG: Set flags A, w, 5, :, /, |, and @ on the "local" mailer
9328 and d on all mailers in the UUCP class.
9329 CONFIG: Allow "user+detail" to be aliased specially: it will first
9330 look for an alias for "user+detail", then for "user+*", and
9331 finally for "user". This is intended for forwarding mail
9332 for system aliases such as root and postmaster to a
9334 CONFIG: add confEIGHT_BIT_HANDLING to set option 8 (see above).
9335 CONFIG: add smtp8 mailer; this has the F=8 (just-send-8) flag set.
9336 The F=8 flag is also set on the "relay" mailer, since
9337 this is expected to be another sendmail.
9338 CONFIG: avoid qualifying all UUCP addresses sent via SMTP with
9339 the name of the UUCP_RELAY -- in some cases, this is the
9340 wrong value (e.g., when we have local UUCP connections),
9341 and this can create unreplyable addresses. From Chip
9342 Rosenthal of Unicom.
9343 CONFIG: add confRECEIVED_HEADER to change the format of the
9344 Received: header inserted into all messages. Suggested by
9345 Gary Mills of the University of Manitoba.
9346 CONFIG: Make "notsticky" the default; use FEATURE(stickyhost)
9347 to get the old behavior. I did this upon observing
9348 that almost everyone needed this feature, and that the
9349 concept I was trying to make happen didn't work with
9350 some user agents anyway. FEATURE(notsticky) still works,
9352 CONFIG: Add LUSER_RELAY -- the host to which unrecognized user
9353 names are sent, rather than immediately diagnosing them
9355 CONFIG: Add SMTP_MAILER_ARGS, ESMTP_MAILER_ARGS, SMTP8_MAILER_ARGS,
9356 and RELAY_MAILER_ARGS to set the arguments for the
9357 indicated mailers. All default to "IPC $h". Patch from
9358 Larry Parmelee of Cornell University.
9359 CONFIG: pop mailer needs F=n flag to avoid "annoying side effects
9360 on the client side" and F=P to get an appropriate
9361 return-path. From Kimmo Suominen.
9362 CONFIG: add FEATURE(local_procmail) to use the procmail program
9363 as the local mailer. For addresses of the form "user+detail"
9364 the "detail" part is passed to procmail via the -a flag.
9365 Contributed by Kimmo Suominen.
9366 CONFIG: add MAILER(procmail) to add an interface to procmail for
9367 use from mailertables. This lets you execute arbitrary
9368 procmail scripts. Contributed by Kimmo Suominen.
9369 CONFIG: add T= fields (MTS type) to local, smtp, and uucp mailers.
9370 CONFIG: add OSTYPE(ptx2) for DYNIX/ptx 2.x from Sequent. From
9371 Paul Southworth of CICNet Systems Support.
9372 CONFIG: use -a$g as default to UUCP mailers, instead of -a$f.
9373 This causes the null return path to be rewritten as
9374 MAILER-DAEMON; otherwise UUCP gets horribly confused.
9375 From Michael Hohmuth of Technische Universitat Dresden.
9376 CONFIG: Add FEATURE(bestmx_is_local) to cause any hosts that
9377 list us as the best possible MX record to be treated as
9378 though they were local (essentially, assume that they
9379 are included in $=w). This can cause additional DNS
9380 traffic, but is easier to administer if this fits your
9381 local model. It does not work reliably if there are
9382 multiple hosts that share the best MX preference.
9383 Code contributed by John Oleynick of Rutgers.
9384 CONFIG: Add FEATURE(smrsh) to use smrsh (the SendMail Restricted
9385 SHell) instead of /bin/sh as the program used for delivery
9386 to programs. If an argument is included, it is used as
9387 the path to smrsh; otherwise, /usr/local/etc/smrsh is
9389 CONFIG: Add LOCAL_MAILER_MAX and PROCMAILER_MAILER_MAX to limit the
9390 size of messages to the local and procmail mailers
9391 respectively. Contributed by Brad Knowles of the Defense
9392 Information Systems Agency.
9393 CONFIG: Handle leading ``phrase:'' and trailing ``;'' as comments
9394 (just like text outside of angle brackets) in order to
9395 properly deal with ``group: addr1, ... addrN;'' syntax.
9396 CONFIG: Require OSTYPE macro (the defaults really don't apply to
9397 any real systems any more) and tweak the DOMAIN macro
9398 so that it is less likely that users will accidentally use
9399 the Berkeley defaults. Also, create some generic files
9400 that really can be used in the real world.
9401 CONFIG: Add new configuration macros to set character sets for
9402 messages _arriving from_ various mailers: LOCAL_MAILER_CHARSET,
9403 SMTP_MAILER_CHARSET, and UUCP_MAILER_CHARSET.
9404 CONFIG: Change UUCP_MAX_SIZE to UUCP_MAILER_MAX for consistency.
9405 The old name will still be accepted for a while at least.
9406 CONFIG: Implement DECNET_RELAY as spec for host to which DECNET
9407 mail (.DECNET pseudo-domain or node::user) will be sent.
9408 As with all relays, it can be ``mailer:hostname''. Suggested
9410 CONFIG: Add MAILER(mail11) to get DECnet support. Code contributed
9411 by Barb Dijker of Labyrinth Computer Services.
9412 CONFIG: change confCHECK_ALIASES to default to False -- it has poor
9413 performance for large alias files, and this confused many
9415 CONFIG: Add confCF_VERSION to append local information to the
9416 configuration version number displayed during SMTP startup.
9417 CONFIG: fix some.newsgroup.usenet@local.host syntax (previously it
9418 would only work when locally addressed. Fix from
9419 Edvard Tuinder of Cistron Internet Services.
9420 CONFIG: use ${opMode} to avoid error on .REDIRECT addresses if option
9421 "n" (CheckAliases) is set when rebuilding alias database.
9422 Based on code contributed by Claude Marinier.
9423 CONFIG: Allow mailertable to have values of the form
9424 ``error:code message''. The ``code'' is a status code
9425 derived from the sysexits codes -- e.g., NOHOST or UNAVAILABLE.
9426 Contributed by David James <dwj@agw.bt.co.uk>.
9427 CONFIG: add MASQUERADE_DOMAIN(domain list) to extend the list of
9428 sender domains that will be replaced with the masquerade name.
9429 These domains will not be treated as local, but if mail passes
9430 through with sender addresses in those domains they will be
9431 replaced by the masquerade name. These can also be specified
9432 in a file using MASQUERADE_DOMAIN_FILE(filename).
9433 CONFIG: add FEATURE(masquerade_envelope) to masquerade the envelope
9434 as well as the header. Substantial improvements to this
9435 code were contributed by Per Hedeland.
9436 CONFIG: add MAILER(phquery) to define a new "ph" mailer; this can be
9437 accessed from a mailertable to do CCSO ph lookups. Contributed
9439 CONFIG: add MAILER(cyrus) to define a new Cyrus mailer; this can be
9440 used to define cyrus and cyrusbb mailers (for IMAP support).
9441 Contributed by John Gardiner Myers of Carnegie Mellon.
9442 CONFIG: add confUUCP_MAILER to select default mailer to use for
9443 UUCP addressing. Suggested by Tom Moore of AT&T GIS.
9446 cf/cf/cs-solaris2.mc
9448 cf/cf/generic-bsd4.4.mc
9449 cf/cf/generic-hpux10.mc
9450 cf/cf/generic-hpux9.mc
9451 cf/cf/generic-osf1.mc
9452 cf/cf/generic-solaris2.mc
9453 cf/cf/generic-sunos4.1.mc
9454 cf/cf/generic-ultrix4.mc
9456 cf/domain/berkeley-only.m4
9457 cf/domain/generic.m4
9458 cf/feature/bestmx_is_local.m4
9459 cf/feature/local_procmail.m4
9460 cf/feature/masquerade_envelope.m4
9462 cf/feature/stickyhost.m4
9463 cf/feature/use_ct_file.m4
9467 cf/mailer/phquery.m4
9468 cf/mailer/procmail.m4
9469 cf/ostype/amdahl-uts.m4
9470 cf/ostype/bsdi2.0.m4
9475 cf/ostype/unknown.m4
9478 contrib/rmail.oldsys.patch
9479 mail.local/mail.local.0
9485 src/Makefiles/Makefile.CSOS
9486 src/Makefiles/Makefile.EWS-UX_V
9487 src/Makefiles/Makefile.HP-UX.10
9488 src/Makefiles/Makefile.IRIX.5.x
9489 src/Makefiles/Makefile.IRIX64
9490 src/Makefiles/Makefile.ISC
9491 src/Makefiles/Makefile.KSR
9492 src/Makefiles/Makefile.NEWS-OS.4.x
9493 src/Makefiles/Makefile.NEWS-OS.6.x
9494 src/Makefiles/Makefile.NEXTSTEP
9495 src/Makefiles/Makefile.NonStop-UX
9496 src/Makefiles/Makefile.Paragon
9497 src/Makefiles/Makefile.SCO.3.2v4.2
9498 src/Makefiles/Makefile.SunOS.5.3
9499 src/Makefiles/Makefile.SunOS.5.4
9500 src/Makefiles/Makefile.SunOS.5.5
9501 src/Makefiles/Makefile.UNIX_SV.4.x.i386
9502 src/Makefiles/Makefile.uts.systemV
9503 src/Makefiles/Makefile.UX4800
9511 cf/cf/alpha.mc => cf/cf/s2k-osf1.mc
9512 cf/cf/chez.mc => cf/cf/chez.cs.mc
9513 cf/cf/hpux-cs-exposed.mc => cf/cf/cs-hpux9.mc
9514 cf/cf/osf1-cs-exposed.mc => cf/cf/cs-osf1.mc
9515 cf/cf/s2k.mc => cf/cf/s2k-ultrix4.mc
9516 cf/cf/sunos4.1-cs-exposed.mc => cf/cf/cs-sunos4.1.mc
9517 cf/cf/ultrix4.1-cs-exposed.mc => cf/cf/cs-ultrix4.mc
9518 cf/cf/vangogh.mc => cf/cf/vangogh.cs.mc
9519 cf/domain/Berkeley.m4 => cf/domain/Berkeley.EDU.m4
9520 cf/domain/cs-exposed.m4 => cf/domain/CS.Berkeley.EDU.m4
9521 cf/domain/eecs-hidden.m4 => cf/domain/EECS.Berkeley.EDU.m4
9522 cf/domain/s2k.m4 => cf/domain/S2K.Berkeley.EDU.m4
9523 cf/ostype/hpux.m4 => cf/ostype/hpux9.m4
9524 cf/ostype/irix.m4 => cf/ostype/irix4.m4
9525 cf/ostype/ultrix4.1.m4 => cf/ostype/ultrix4.m4
9526 src/Makefile.* => src/Makefiles/Makefile.*
9527 src/Makefile.AUX => src/Makefiles/Makefile.A-UX
9528 src/Makefile.BSDI => src/Makefiles/Makefile.BSD-OS
9529 src/Makefile.DGUX => src/Makefiles/Makefile.dgux
9530 src/Makefile.RISCos => src/Makefiles/Makefile.UMIPS
9531 src/Makefile.SunOS.4.0.3 => src/Makefiles/Makefile.SunOS.4.0
9536 cf/cf/hpux-cs-hidden.mc
9538 cf/cf/osf1-cs-hidden.mc
9539 cf/cf/sunos3.5-cs-exposed.mc
9540 cf/cf/sunos3.5-cs-hidden.mc
9541 cf/cf/sunos4.1-cs-hidden.mc
9542 cf/cf/ultrix4.1-cs-hidden.mc
9543 cf/domain/cs-hidden.m4
9544 contrib/rcpt-streaming
9545 src/Makefiles/Makefile.SunOS.5.x
9547 8.6.13/8.6.12 1996/01/25
9548 SECURITY: In some cases it was still possible for an attacker to
9549 insert newlines into a queue file, thus allowing access to
9550 any user (except root).
9551 CONFIG: no changes -- it is not a bug that the configuration
9552 version number is unchanged.
9554 8.6.12/8.6.12 1995/03/28
9555 Fix to IDENT code (it was getting the size of the reply buffer
9556 too small, so nothing was ever accepted). Fix from several
9557 people, including Allan Johannesen, Shane Castle of the
9558 Boulder County Information Services, and Jeff Smith of
9559 Warwick University (all arrived within a few hours of
9561 Fix a problem that could cause large jobs to run out of
9562 file descriptors on systems that use vfork() rather
9565 8.6.11/8.6.11 1995/03/08
9566 The ``possible attack'' message would be logged more often
9567 than necessary if you are using Pine as a user agent.
9568 The wrong host would be reported in the ``possible attack''
9569 message when attempted from IDENT.
9570 In some cases the syslog buffer could be overflowed when
9571 reporting the ``possible attack'' message. This can
9572 cause denial of service attacks. Truncate the message
9573 to 80 characters to prevent this problem.
9574 When reading the IDENT response a loop is needed around the
9575 read from the network to ensure that you don't get
9577 Password entries without any shell listed (that is, a null
9578 shell) wouldn't match as "ok". Problem noted by
9580 When running BIND 4.9.x a problem could occur because the
9581 _res.options field is initialized differently than it
9582 was historically -- this requires that sendmail call
9583 res_init before it tweaks any bits.
9584 Fix an incompatibility in openxscript() between the file open mode
9585 and the stdio mode passed to fdopen. This caused UnixWare
9586 2.0 to have conniptions. Fix from Martin Sohnius of
9588 Fix problem with static linking of local getopt routine when
9589 using GNU's ld command. Fix from John Kennedy of
9591 It was possible to turn off privacy flags. Problem noted by
9593 Be more paranoid about writing files. Suggestions by *Hobbit*
9594 and Liudvikas Bukys.
9595 MAKEMAP: fixes for 64 bit machines (DEC Alphas in particular)
9596 from Spider Boardman.
9597 CONFIG: No changes (version number only, to keep it in sync
9600 8.6.10/8.6.10 1995/02/10
9601 SECURITY: Diagnose bogus values to some command line flags that
9602 could allow trash to get into headers and qf files.
9603 Validate the name of the user returned by the IDENT protocol.
9604 Some systems that really dislike IDENT send intentionally
9605 bogus information. Problem pointed out by Michael Bushnell
9606 of the Free Software Foundation. Has some security
9608 Fix a problem causing error messages about DNS problems when
9609 the host name contained a percent sign to act oddly
9610 because it was passed as a printf-style format string.
9611 In some cases this could cause core dumps.
9612 Avoid possible buffer overrun in returntosender() if error
9613 message is quite long. From Fletcher Mattox of the
9614 University of Texas.
9615 Fix a problem that would silently drop "too many hops" error
9616 messages if and only if you were sending to an alias.
9617 From Jon Giltner of the University of Colorado and
9618 Dan Harton of Oak Ridge National Laboratory.
9619 Fix a bug that caused core dumps on some systems if -d11.2 was
9620 set and e->e_message was null. Fix from Bruce Nagel of
9622 Fix problem that can still cause df files to be left around
9623 after "hop count exceeded" messages. Fix from Andrew
9624 Chang and Shau-Ping Lo of SunSoft.
9625 Fix a problem that can cause buffer overflows on very long
9626 user names (as might occur if you piped to a program
9627 with a lot of arguments).
9628 Avoid returning an error and re-queueing if the host signature
9629 is null; this can occur on addresses like ``user@.''.
9630 Problem noted by Wesley Craig and the University of
9632 Avoid possible calls to malloc(0) if MCI caching is turned
9633 off. Bug fix from Pierre David of the Laboratoire
9634 Parallelisme, Reseaux, Systemes et Modelisation (PRiSM),
9635 Universite de Versailles - St Quentin, and Jacky
9637 Make a local copy of the line being sent via senttolist() -- in
9638 some cases, buffers could get trashed by map lookups
9639 causing it to do unexpected things. This also simplifies
9640 some of the map code.
9641 CONFIG: No changes (version number only, to keep it in sync
9644 8.6.9/8.6.9 1994/04/19
9645 Do all mail delivery completely disconnected from any terminal.
9646 This provides consistency with daemon delivery and
9647 may have some security implications.
9648 Make sure that malloc doesn't get called with zero size,
9649 since that fails on some systems. Reported by Ed
9650 Hill of the University of Iowa.
9651 Fix multi-line values for $e (SMTP greeting message). Reported
9652 by Mike O'Connor of Ford Motor Company.
9653 Avoid syserr if no NIS domain name is defined, but the map it
9654 is trying to open is optional. From Win Bent of USC.
9655 Changes for picky compilers from Ed Gould of Digital Equipment.
9656 Hesiod support for UDB from Todd Miller of the University of
9657 Colorado. Use "hesiod" as the service name in the U
9659 Fix a problem that failed to set the "authentic" host name (that
9660 is, the one derived from the socket info) if you called
9661 sendmail -bs from inetd. Based on code contributed by
9662 Todd Miller (this problem was also reported by Guy Helmer
9663 of Dakota State University). This also fixes a related
9664 problem reported by Liudvikas Bukys of the University of
9666 Parameterize "nroff -h" in all the Makefiles so people with
9667 variant versions can use them easily. Suggested by
9668 Peter Collinson of Hillside Systems.
9669 SMTP "MAIL" commands with multiple ESMTP parameters required two
9670 spaces between parameters instead of one. Reported by
9671 Valdis Kletnieks of Virginia Tech.
9672 Reduce the number of system calls during message collection by
9673 using global timeouts around the collect() loop. This
9674 code was contributed by Eric Wassenaar.
9675 If the initial hostname name gathering results in a name
9676 without a dot (usually caused by NIS misconfiguration)
9677 and BIND is compiled in, directly access DNS to get
9678 the canonical name. This should make life easier for
9679 Solaris systems. If it still can't be resolved, and
9680 if the name server is listed as "required", try again
9681 in 30 seconds. If that also fails, exit immediately to
9682 avoid bogus "config error: mail loops back to myself"
9684 Improve the "MAIL DELETED BECAUSE OF LACK OF DISK SPACE" error
9685 message to explain how much space was available and
9686 sound a bit less threatening. Suggested by Stan Janet
9687 of the National Institute of Standards and Technology.
9688 If mail is delivered to an alias that has an owner, deliver any
9689 requested return-receipt immediately, and strip the
9690 Return-Receipt-To: header from the subsequent message.
9691 This prevents a certain class of denial of service
9692 attack, arguably gives more reasonable semantics, and
9693 moves things more towards what will probably become a
9694 network standard. Suggested by Christopher Davis of
9696 Add a "noreceipts" privacy flag to turn off all return receipts
9697 without recompiling.
9698 Avoid printing ESMTP parameters as part of the error message
9699 if there are errors during parsing. This change is
9701 Avoid sending out error messages during the collect phase of
9702 SMTP; there is an MVS mailer from UCLA that gets
9703 confused by this. Of course, I think it's their bug....
9704 Check for the $j macro getting undefined, losing a dot, or getting
9705 lost from $=w in the daemon before accepting a connection;
9706 if it is, it dumps state, prints a LOG_ALERT message,
9707 and drops core for debugging. This is an attempt to
9708 track down a bug that I thought was long since gone.
9709 If you see this, please forward the log fragment to
9710 sendmail@sendmail.ORG.
9711 Change OLD_NEWDB from a #ifdef to a #if so it can be turned off
9712 with -DOLD_NEWDB=0 on the command line. From Christophe
9714 Instead of trying to truncate the listen queue for the server
9715 SMTP port when the load average is too high, just close
9716 the port completely and reopen it later as needed.
9717 This ensures that the other end gets a quick "connection
9718 refused" response, and that the connection can be
9719 recovered later. In particular, some socket emulations
9720 seem to get confused if you tweak the listen queue
9721 size around and can never start listening to connections
9722 again. The down side is that someone could start up
9723 another daemon process in the interim, so you could
9724 have multiple daemons all not listening to connections;
9725 this could in turn cause the sendmail.pid file to be
9726 incorrect. A better approach might be to accept the
9727 connection and give a 421 code, but that could break
9728 other mailers in mysterious ways and have paging behavior
9730 Fix a glitch in TCP-level debugging that caused flag 16.101 to
9731 set debugging on the wrong socket. From Eric Wassenaar.
9732 When creating a df* temporary file, be sure you truncate any
9733 existing data in the file -- otherwise system crashes
9734 and the like could result in extra data being sent.
9735 DOC: Replace the CHANGES-R5-R8 readme file with a paper in the
9736 doc directory. This includes some additional
9738 CONFIG: change UUCP rules to never add $U! or $k! on the front
9739 of recipient envelope addresses. This should have been
9740 handled by the $&h trick, but broke if people were
9741 mixing domainized and UUCP addresses. They should
9742 probably have converted all the way over to uucp-uudom
9743 instead of uucp-{new,old}, but the failure mode was to
9744 loop the mail, which was bad news.
9746 Newer BSDI systems (several people).
9747 Older BSDI systems from Christophe Wolfhugel.
9748 Intergraph CLIX, from Paul Southworth of CICNet.
9749 UnixWare, from Evan Champion.
9750 NetBSD from Adam Glass.
9751 Solaris from Quentin Campbell of the University of
9752 Newcastle upon Tyne.
9753 IRIX from Dean Cookson and Bill Driscoll of Mitre
9755 NCR 3000 from Kevin Darcy of Chrysler Financial Corporation.
9756 SunOS (it has setsid() and setvbuf() calls) from
9757 Jonathan Kamens of OpenVision Technologies.
9758 HP-UX from Tor Lillqvist.
9761 src/Makefile.NCR3000
9762 doc/changes/Makefile
9763 doc/changes/changes.me
9764 doc/changes/changes.ps
9766 8.6.8/8.6.6 1994/03/21
9767 SECURITY: it was possible to read any file as root using the
9768 E (error message) option. Reported by Richard Jones;
9769 fixed by Michael Corrigan and Christophe Wolfhugel.
9771 8.6.7/8.6.6 1994/03/14
9772 SECURITY: it was possible to get root access by using weird
9773 values to the -d flag. Thanks to Alain Durand of
9774 INRIA for forwarding me the notice from the bugtraq
9777 8.6.6/8.6.6 1994/03/13
9778 SECURITY: the ability to give files away on System V-based
9779 systems proved dangerous -- don't run as the owner
9780 of a :include: file on a system that allows giveaways.
9781 Unfortunately, this also applies to determining a
9783 IMPORTANT: Previous versions weren't expiring old connections
9784 in the connection cache for a long time under some
9785 circumstances. This could result in resource exhaustion,
9786 both at your end and at the other end. This checks the
9787 connections for timeouts much more frequently. From
9788 Doug Anderson of NCSC.
9789 Fix a glitch that snuck in that caused programs to be run as
9790 the sender instead of the recipient if the mail was
9791 from a local user to another local user. From
9792 Motonori Nakamura of Kyoto University.
9793 Fix "wildcard" on /etc/shells matching -- instead of looking
9794 for "*", look for "/SENDMAIL/ANY/SHELL/". From
9795 Bryan Costales of ICSI.
9796 Change the method used to declare the "statfs" availability;
9797 instead of HASSTATFS and/or HASUSTAT with a ton of
9798 tweaking in conf.c, there is a single #define called
9799 SFS_TYPE which takes on one of six values (SFS_NONE
9800 for no statfs availability, SFS_USTAT for the ustat(2)
9801 syscall, SFS_4ARGS for a four argument statfs(2) call,
9802 and SFS_VFS, SFS_MOUNT, or SFS_STATFS for a two argument
9803 statfs(2) call with the declarations in <sys/vfs.h>,
9804 <sys/mount.h>, or <sys/statfs.h> respectively).
9805 Fix glitch in NetInfo support that could return garbage if
9806 there was no "/locations/sendmail" property. From
9807 David Meyer of the University of Virginia.
9808 Change HASFLOCK from defined/not-defined to a 0/1 definition
9809 to allow Linux to turn it off even though it is a
9811 Allow setting of "ident" timeout to zero to turn off the ident
9813 Make 7-bit stripping local to a connection (instead of to a
9814 mailer); this allows you to specify that SMTP is a
9815 7-bit channel, but revert to 8-bit should it advertise
9816 that it supports 8BITMIME. You still have to specify
9817 mailer flag 7 to get this stripping at all.
9818 Improve makesendmail script so it handles more cases automatically.
9819 Tighten up restrictions on taking ownership of :include: files
9820 to avoid problems on systems that allow you to give away
9822 Fix a problem that made it impossible to rebuild the alias
9823 file if it was on a read-only file system. From
9824 Harry Edmon of the University of Washington.
9825 Improve MX randomization function. From John Gardiner Myers
9827 Fix a minor glitch causing a bogus message to be printed (used
9828 %s instead of %d in a printf string for the line number)
9829 when a bad queue file was read. From Harry Edmon.
9830 Allow $s to remain NULL on locally generated mail. I'm not
9831 sure this is necessary, but a lot of people have complained
9832 about it, and there is a legitimate question as to whether
9833 "localhost" is legal as an 822-style domain.
9834 Fix a problem with very short line lengths (mailer L= flag) in
9835 headers. This causes a leading space to be added onto
9836 continuation lines (including in the body!), and also
9837 tries to wrap headers containing addresses (From:, To:,
9838 etc) intelligently at the shorter line lengths. Problem
9839 Reported by Lars-Johan Liman of SUNET Operations Center.
9840 Log the real user name when logging syserrs, since these can have
9841 security implications. Suggested by several people.
9842 Fix address logging of cached connections -- it used to always
9843 log the numeric address as zero. This is a somewhat
9844 bogus implementation in that it does an extra system
9845 call, but it should be an inexpensive one. Fix from
9847 Tighten up handling of short syslog buffers even more -- there
9848 were cases where the outgoing relay= name was too long
9849 to share a line with delay= and mailer= logging.
9850 Limit the overhead on split envelopes to one open file descriptor
9851 per envelope -- previously the overhead was three
9852 descriptors. This was in response to a problem reported
9853 by P{r (Pell) Emanuelsson.
9854 Fixes to better handle the case of unexpected connection closes;
9855 this redirects the output to the transcript so the info
9856 is not lost. From Eric Wassenaar.
9857 Fix potential string overrun if you macro evaluate a string that
9858 has a naked $ at the end. Problem noted by James Matheson
9859 <jmrm@eng.cam.ac.uk>.
9860 Make default error number on $#error messages 553 (``Requested
9861 action not taken: mailbox name not allowed'') instead of
9862 501 (``Syntax error in parameters or arguments'') to
9863 avoid bogus "protocol error" messages.
9864 Strip off any existing trailing dot on names during $[ ... $]
9865 lookup. This prevents it from ending up with two dots
9866 on the end of dot terminated names. From Wesley Craig
9867 of the University of Michigan and Bryan Costales of ICSI.
9868 Clean up file class reading so that the debugging information is
9869 more informative. It hadn't been using setclass, so you
9870 didn't see the class items being added.
9871 Avoid core dump if you are running a version of sendmail where
9872 NIS is compiled in, and you specify an NIS map, but
9873 NIS is not running. Fix from John Oleynick of
9875 Diagnose bizarre case where res_search returns a failure value,
9876 but sets h_errno to a success value.
9877 Make sure that "too many hops" messages are considered important
9878 enough to send an error to the Postmaster (that is, the
9879 address specified in the P option). This fix should
9880 help problems that cause the df file to be left around
9881 sometimes -- unfortunately, I can't seem to reproduce
9883 Avoid core dump (null pointer reference) on EXPN command; this
9884 only occurred if your log level was set to 10 or higher
9885 and the target account was an alias or had a .forward file.
9886 Problem noted by Janne Himanka.
9887 Avoid "denial of service" attacks by someone who is flooding your
9888 SMTP port with bad commands by shutting the connection
9889 after 25 bad commands are issued. From Kyle Jones of
9891 Fix core dump on error messages with very long "to" buffers;
9892 fmtmsg overflows the message buffer. Fixed by trimming
9893 the to address to 203 characters. Problem reported by
9895 Fix configuration for HASFLOCK -- there were some spots where
9896 a #ifndef was incorrectly #ifdef. Pointed out by
9897 George Baltz of the University of Maryland.
9898 Fix a typo in savemail() that could cause the error message To:
9899 lists to be incorrect in some places. From Motonori
9901 Fix a glitch that can cause duplicate error messages on split
9902 envelopes where an address on one of the lists has a
9903 name server failure. Fix from Voradesh Yenbut of the
9904 University of Washington.
9905 Fix possible bogus pointer reference on ESMTP parameters that
9906 don't have an ``=value'' part.
9907 CNAME loops caused an error message to be generated, but also
9908 re-queued the message. Changed to just re-queue the
9909 message (it's really hard to just bounce it because
9910 of the weird way the name server works in the presence
9911 of CNAME loops). Problem noted by James M.R.Matheson
9912 of Cambridge University.
9913 Avoid giving ``warning: foo owned process doing -bs'' messages
9914 if they use ``MAIL FROM:<foo>'' where foo is their true
9915 user name. Suggested by Andreas Stolcke of ICSI.
9916 Change the NAMED_BIND compile flag to be a 0/1 flag so you can
9917 override it easily in the Makefile -- that is, you can
9918 turn it off using -DNAMED_BIND=0.
9919 If a gethostbyname(...) of an address with a trailing dot fails,
9920 try it without the trailing dot. This is because if
9921 you have a version of gethostbyname() that falls back
9922 to NIS or the /etc/hosts file it will fail to find
9923 perfectly reasonable names that just don't happen to
9924 be dot terminated in the hosts file. You don't want to
9925 strip the dot first though because we're trying to ensure
9926 that country names that match one of your subdomains get
9928 PRALIASES: fix bogus output on non-null-terminated strings.
9929 From Bill Gianopoulos of Raytheon.
9930 CONFIG: Avoid rewriting anything that matches $w to be $j.
9931 This was in code intended to only catch the self-literal
9932 address (that is, [1.2.3.4], where 1.2.3.4 is your
9933 IP address), but the code was broken. However, it will
9934 still do this if $M is defined; this is necessary to
9935 get client configurations to work (sigh). Note that this
9936 means that $M overrides :mailname entries in the user
9937 database! Problem noted by Paul Southworth.
9938 CONFIG: Fix definition of Solaris help file location. From
9939 Steve Cliffe <steve@gorgon.cs.uow.edu.au>.
9940 CONFIG: Fix bug that broke news.group.USENET mappings.
9941 CONFIG: Allow declaration of SMTP_MAILER_MAX, FAX_MAILER_MAX,
9942 and USENET_MAILER_MAX to tweak the maximum message
9943 size for various mailers.
9944 CONFIG: Change definition of USENET_MAILER_ARGS to include argv[0]
9945 instead of assuming that it is "inews" for consistency
9946 with other mailers. From Michael Corrigan of UC San Diego.
9947 CONFIG: When mail is forwarded to a LOCAL_RELAY or a MAIL_HUB,
9948 qualify the address in the SMTP envelope as user@{relay|hub}
9949 instead of user@$j. From Bill Wisner of The Well.
9950 CONFIG: Fix route-addr syntax in nullrelay configuration set.
9951 CONFIG: Don't turn off case mapping of user names in the local
9952 mailer for IRIX. This was different than most every other
9954 CONFIG: Avoid infinite loops on certainly list:; syntaxes in
9955 envelope. Noted by Thierry Besancon
9956 <besancon@excalibur.ens.fr>.
9957 CONFIG: Don't include -z by default on uux line -- most systems
9958 don't want it set by default. Pointed out by Philippe
9959 Michel of Thomson CSF.
9960 CONFIG: Fix some bugs with mailertables -- for example, if your
9961 host name was foo.bar.ray.com and you matched against
9962 ".ray.com", the old implementation bound %1 to "bar"
9963 instead of "foo.bar". Also, allow "." in the mailertable
9964 to match anything -- essentially, take over SMART_HOST.
9965 This also moves matching of explicit local host names
9966 before the mailertable so they don't have to be special
9967 cased in the mailertable data. Reported by Bill
9968 Gianopoulos of Raytheon; the fix for the %1 binding
9969 problem was contributed by Nicholas Comanos of the
9970 University of Sydney.
9971 CONFIG: Don't include "root" in class $=L (users to deliver
9972 locally, even if a hub or relay exists) by default.
9973 This is because of the known bug where definition of
9974 both a LOCAL_RELAY and a MAIL_HUB causes $=L to ignore
9975 both and deliver into the local mailbox.
9976 CONFIG: Move up bitdomain and uudomain handling so that they
9977 are done before .UUCP class matching; uudomain was
9978 reported as ineffective before. This also frees up
9979 diversion 8 for future use. Problem reported by Kimmo
9981 CONFIG: Don't try to convert dotted IP address (e.g., [1.2.3.4])
9982 into host names. As pointed out by Jonathan Kamens,
9983 these are often used because either the forward or reverse
9984 mapping is broken; this translation makes it broken again.
9985 DOC: Clarify $@ and $: in the Install & Op Guide. From Kimmo
9988 Unicos from David L. Kensiski of Sterling Software.
9989 DomainOS from Don Lewis of Silicon Systems.
9990 GNU m4 1.0.3 from Karst Koymans of Utrecht University.
9991 Convex from Kimmo Suominen <kim@tac.nyc.ny.us>.
9992 NetBSD from Adam Glass <glass@sun-lamp.cs.berkeley.edu>.
9993 BSD/386 from Tony Sanders of BSDI.
9994 Apollo from Eric Wassenaar.
9995 DGUX from Doug Anderson.
9996 Sequent DYNIX/ptx 2.0 from Tim Wright of Sequent.
9998 src/Makefile.DomainOS
10000 src/Makefile.SunOS.5.1
10001 src/Makefile.SunOS.5.2
10002 src/Makefile.SunOS.5.x
10004 cf/ostype/domainos.m4
10007 doc/usenix/Makefile
10009 8.6.5/8.6.5 1994/01/13
10010 Security fix: /.forward could be owned by anyone (the test
10011 to allow root to own any file was backwards). From
10012 Bob Campbell at U.C. Berkeley.
10013 Security fix: group ids were not completely set when programs
10014 were invoked. This caused programs to have group
10015 permissions they should not have had (usually group
10016 daemon instead of their own group). In particular,
10017 Perl scripts would refuse to run.
10018 Security: check to make sure files that are written are not
10019 symbolic links (at least under some circumstances).
10020 Although this does not respond to a specific known
10021 attack, it's just a good idea. Suggested by
10022 Christian Wettergren.
10023 Security fix: if a user had an NFS mounted home directory on
10024 a system with a restricted shell listed in their
10025 /etc/passwd entry, they could still execute any
10026 program by putting that in their .forward file.
10027 This fix prevents that by insisting that their shell
10028 appear in /etc/shells before allowing a .forward to
10029 execute a program or write a file. You can disable
10030 this by putting "*" in /etc/shells. It also won't
10031 permit world-writable :include: files to reference
10032 programs or files (there's no way to disable this).
10033 These behaviors are only one level deep -- for
10034 example, it is legal for a world-writable :include:
10035 file to reference an alias that writes a file, on
10036 the assumption that the alias file is well controlled.
10037 Security fix: root was not treated suspiciously enough when
10038 looking into subdirectories. This would potentially
10039 allow a cracker to examine files that were publicly
10040 readable but in a non-publicly searchable directory.
10041 Fix a problem that causes an error on QUIT on a cached
10042 connection to create problems on the current job.
10043 These are typically unrelated, so errors occur in
10045 Reset CurrentLA in sendall() -- this makes sendmail queue
10046 runs more responsive to load average, and fixes a
10047 problem that ignored the load average in locally
10048 generated mail. From Eric Wassenaar.
10049 Fix possible core dump on aliases with null LHS. From
10050 John Orthoefer of BB&N.
10051 Revert to using flock() whenever possible -- there are just
10052 too many bugs in fcntl() locking, particularly over
10053 NFS, that cause sendmail to fail in perverse ways.
10054 Fix a bug that causes the connection cache to get confused
10055 when sending error messages. This resulted in
10056 "unexpected close" messages. It should fix itself
10057 on the following queue run. Problem noted by
10058 Liudvikas Bukys of the University of Rochester.
10059 Include $k in $=k as documented in the Install & Op Guide.
10060 This seems odd, but it was documented.... From
10061 Michael Corrigan of UCSD.
10062 Fix problem that caused :include:s from alias files to be
10063 forced to be owned by root instead of daemon
10064 (actually DefUid). From Tim Irvin.
10065 Diagnose unrecognized I option values -- from Mortin Forssen
10066 of the Chalmers University of Technology.
10067 Make "error" mailer work consistently when there is no error
10068 code associated with it -- previously it returned OK
10069 even though there was a real problem. Now it assumes
10071 Fix bug that caused the last header line of messages that had
10072 no body and which were terminated with EOF instead of
10073 "." to be discarded. Problem noted by Liudvikas Bukys.
10074 Fix core dump on SMTP mail to programs that failed -- it tried
10075 to go to a "next MX host" when none existed, causing
10076 a core dump. From der Mouse at McGill University.
10077 Change IDENTPROTO from a defined/not defined to a 0/1 switch;
10078 this makes it easier to turn it off (using
10079 -DIDENTPROTO=0 in the Makefile). From der Mouse.
10080 Fix YP_MASTER_NAME store to use the unupdated result of
10081 gethostname() (instead of myhostname(), which tries
10082 to fully qualify the name) to be consistent with
10083 SunOS. If your hostname is unqualified, this fixes
10084 transfers to secondary servers. Bug noted by Keith
10085 McMillan of Ameritech Services, Inc.
10086 Fix Ultrix problem: gethostbyname() can return a very large
10087 (> 500) h_length field, which causes the sockaddr
10088 to be trashed. Use the size of the sockaddr instead.
10089 Fix from Bob Manson of Ohio State.
10090 Don't assume "-a." on host lookups if NAMED_BIND is not
10091 defined -- this confuses gethostbyname on hosts
10092 file lookups, which doesn't understand the trailing
10094 Log SMTP server subprocesses that die with a signal instead
10095 of from a clean exit.
10096 If you don't have option "I" set, don't assume that a DNS
10097 "host unknown" message is authoritative -- it
10098 might still be found in /etc/hosts.
10099 Fix a problem that would cause Deferred: messages to be sent
10100 as the subject of an error message, even though the
10101 actual cause of a message was more severe than that.
10102 Problem noted by Chris Seabrook of OSSI.
10103 Fix race condition in DBM alias file locking. From Kyle
10105 Limit delivery syslog line length to avoid bugs in some
10106 versions of syslog(3). This adds a new compile time
10107 variable SYSLOG_BUFSIZE. From Jay Plett of Princeton
10108 University, which is in turn derived from IDA.
10109 Fix quotes inside of comments in addresses -- previously
10110 it insisted that they be balanced, but the 822 spec
10111 says that they should be ignored.
10112 Dump open file state to syslog upon receiving SIGUSR1 (for
10113 debugging). This also evaluates ruleset 89, if set
10114 (with the null input), and logs the result. This
10115 should be used sparingly, since the rewrite process
10117 Change -qI, -qR, and -qS flags to be case-insensitive as
10118 documented in the Bat Book.
10119 If the mailer returned EX_IOERR or EX_OSERR, sendmail did not
10120 return an error message and did not requeue the message.
10121 Fix based on code from Roland Dirlewanger of
10122 Reseau Regional Aquarel, Bordeaux, France.
10123 Fix a problem that caused a seg fault if you got a 421 error
10124 code during some parts of connection initialization.
10125 I've only seen this when talking to buggy mailers on
10126 the other end, but it shouldn't give a seg fault in
10127 any case. From Amir Plivatsky.
10128 Fix core dump caused by a ruleset call that returns null.
10129 Fix from Bryan Costales of ICSI.
10130 Full-Name: field was being ignored. Fix from Motonori Nakamura
10131 of Kyoto University.
10132 Fix a possible problem with very long input lines in setproctitle.
10133 From P{r Emanuelsson.
10134 Avoid putting "This is a warning message" out on return receipts.
10135 Suggested by Douglas Anderson.
10136 Detect loops caused by recursive ruleset calls. Suggested by
10138 Initialize non-alias maps during alias rebuilds -- they may be
10139 needed for parsing. Problem noted by Douglas Anderson.
10140 Log sender address even if no message was collected in SMTP
10141 (e.g., if all RCPTs failed). Suggested by Motonori
10143 Don't reflect the owner-list contents into the envelope sender
10144 address if the value contains ", :, /, or | (to avoid
10145 illegal addresses appearing there).
10146 Efficiency hack for toktype macro -- from Craig Partridge of
10148 Clean up DNS error printing so that a host name is always
10150 Remember to set $i during queue runs. Reported by Stephen
10151 Campbell of Dartmouth University.
10152 If the environment variable HOSTALIASES is set, use it during
10153 canonification as the name of a file with per-user host
10154 translations so that headers are properly mapped. Reported
10155 by Anne Bennett of Concordia University.
10156 Avoid printing misleading error message if SMTP mailer (not
10157 using [IPC]) should die on a core dump.
10158 Avoid incorrect diagnosis of "file 1 closed" when it is caused
10159 by the other end closing the connection. From
10160 Dave Morrison of Oracle.
10161 Improve several of the error messages printed by "mailq"
10162 to include a host name or other useful information.
10163 Add NetInfo preliminary support for NeXT systems. From Vince
10165 Fix a glitch that sometimes caused :include:s that pointed to
10166 NFS filesystems that were down to give an "aliasing/
10167 forwarding loop broken" message instead of queueing
10168 the message for retry. Noted by William C Fenner of
10169 the NRL Connection Machine Facility.
10170 Fix a problem that could cause a core dump if the input sequence
10171 had (or somehow acquired) a \231 character.
10172 Make sure that route-addrs always have <angle brackets> around
10173 them in non-SMTP envelopes (SMTP envelopes already do
10175 Avoid weird headers on unbalanced punctuation of the form:
10176 ``Joe User <user)'' -- this caused reference to the
10177 null macro. Fix from Rick McCarty of IO.COM.
10178 Fix a problem that caused an alias "user: user@local.host" to
10179 not have the QNOTREMOTE bit set; this caused configs
10180 to act as if FEATURE(notsticky) was defined even when
10181 it was not. The effect of the problem was to make it
10182 very hard to to set up satellite sites that had a few
10183 local accounts, with everything else forwarded to a
10184 corporate hub. Reported by Detlef Drewanz of the
10185 University of Rostock and Mark Frost of NCD.
10186 Change queuing to not call rulesets 3, {1 or 2}, 4 on header
10187 addresses. This is more efficient (fewer name server
10188 calls) and fixes certain unusual configurations, such
10189 as those that have ruleset 4 do something that is
10190 non-idempotent unless a mailer-specific ruleset did
10191 something else. Problem reported by Brian J. Coan
10192 of the Institute for Global Communications.
10193 Fix the "obsolete argument" routine in main to better understand
10194 new arguments. For example, if you used ``sendmail
10195 -C config -v -q'' it would choke on the -q because
10196 the -C would stop looking for old-format arguments.
10197 Fix the code that was intended to allow two users to forward their
10198 mail to the same program and have them appear unique.
10199 Portability fixes for:
10200 SCO UNIX from Murray Kucherawy.
10201 SCO Open Server 3.2v4 from Philippe Brand.
10202 System V Release 4 from Rick Ellis and others.
10203 OSF/1 from Steve Campbell.
10204 DG/UX from Ben Mesander of the USGS and Bryan Curnutt
10205 of Stoner Associates.
10206 Motorola SysV88 from Kevin Johnson of Motorola.
10207 Solaris 2.3 from Casper H.S. Dik of the University
10208 of Amsterdam and John Caruso of University
10210 FreeBSD from Ollivier Robert.
10211 NetBSD from Adam Glass.
10212 TitanOS from Kate Hedstrom of Rutgers University.
10213 Irix from Bryan Curnutt.
10214 Dynix from Jim Davis of the University of Arizona.
10216 Linux from John Kennedy of California State University
10218 Solaris 2.x from Tony Boner of the U.S. Air Force.
10219 NEXTSTEP 3.x from Vince DeMarco.
10220 HP-UX from various people. NOTA BENE: the location
10221 of the config file has moved to /usr/lib
10222 to match the HP-UX version of sendmail.
10223 CONFIG: Don't do any recipient rewriting on relay mailer;
10224 since this is intended only for internal use, the
10225 usual RFC 821/822/1123 rules can be relaxed. The
10226 main point of this is to avoid munging (ugh) UUCP
10227 addresses when relaying internally.
10228 CONFIG: fix typo in mailer/uucp.m4 that mutilates list:;
10229 syntax addresses delivered via UUCP. Solution
10230 provided by Peter Wemm.
10231 CONFIG: fix thumb-fumble in default UUCP relaying in ruleset
10232 zero; it caused double @ signs in addresses. From
10233 Irving Reid of the University of Toronto.
10234 CONFIG: Portability fixes for SCO Unix 3.2 with TCP/IP 1.2.1
10235 from Markku Toijala of ICL Personal Systems Oy.
10236 CONFIG: Add trailing "." on pseudo-domains for consistency;
10237 this fixes a problem (noted by Al Whaley of Sunnyside)
10238 that made it hard to recognize your own pseudodomain
10240 CONFIG: catch "@host" syntax errors (i.e., null local-parts)
10241 rather than letting them get "local configuration
10242 error"s. Problem noted by John Gardiner Myers.
10243 CONFIG: add uucp-uudom mailer variant, based on code posted
10244 by Spider Boardman <spider@Orb.Nashua.NH.US>; this
10245 has uucp-dom semantics but old UUCP syntax. This
10246 also permits "uucp-old" as an alias for "uucp" and
10247 "uucp-new" as a synonym for "suucp" for consistency.
10248 CONFIG: add POP mailer support (from Kimmo Suominen
10249 <kim@grendel.lut.fi>).
10250 CONFIG: drop CSNET_RELAY support -- CSNET is long gone.
10251 CONFIG: fix bug caused with domain literal addresses (e.g.,
10252 ``[128.32.131.12]'') when FEATURE(allmasquerade)
10253 was set; it would get an additional @masquerade.host
10254 added to the address. Problem noted by Peter Wan
10256 CONFIG: make sure that the local UUCP name is in $=w. From
10257 Jim Murray of Stratus.
10258 CONFIG: changes to UUCP rewriting to simulate IDA-style "V"
10259 mailer flag. Briefly, if you are sending to host
10260 "foo", then it rewrites "foo!...!baz" to "...!baz",
10261 "foo!baz" remains "foo!baz", and anything else has
10262 the local name prepended.
10263 CONFIG: portability fixes for HP-UX.
10264 DOC: several minor problems fixed in the Install & Op Guide.
10265 MAKEMAP: fix core dump problem on lines that are too long or
10266 which lack newline. From Mark Delany.
10267 MAILSTATS: print sums of columns (total messages & kbytes
10268 in and out of the system). From Tom Ferrin of UC
10269 San Francisco Computer Graphics Lab.
10270 SIGNIFICANT USER- OR SYSAD-VISIBLE CHANGES:
10271 On HP-UX, /etc/sendmail.cf has been moved to
10272 /usr/lib/sendmail.cf to match HP sendmail.
10273 Permissions have been tightened up on world-writable
10274 :include: files and accounts that have shells
10275 that are not listed in /etc/shells. This may
10276 cause some .forward files that have worked
10277 before to start failing.
10278 SIGUSR1 dumps some state to the log.
10282 src/Makefile.FreeBSD
10283 src/Makefile.Mach386
10284 src/Makefile.NetBSD
10285 src/Makefile.RISCos
10290 cf/ostype/bsdi1.0.m4
10292 cf/ostype/dynix3.2.m4
10293 cf/ostype/sco3.2.m4
10294 makemap/Makefile.dist
10295 praliases/Makefile.dist
10297 8.6.4/8.6.4 1993/10/31
10298 Repair core-dump problem (write to read-only memory segment)
10299 if you fall back to the return-to-Postmaster case in
10300 savemail. Problem reported by Richard Liu.
10301 Immediately diagnose bogus sender addresses in SMTP. This
10302 makes quite certain that crackers can't use this
10304 Reliability Fix: check return value from fclose() and fsync()
10305 in a few critical places.
10306 Minor problem in initsys() that reversed a condition for
10307 redirecting the output channel on queue runs. It's
10308 not clear this code even does anything. From Eric
10309 Wassenaar of the Dutch National Institute for Nuclear
10310 and High-Energy Physics.
10311 Fix some problems that caused queue runs to do "too much work",
10312 such as double-reading the Errors-To: header. From
10314 Error messages on writing the temporary file (including the
10315 data file) were getting suppressed in SMTP -- this
10316 fix causes them to be properly reported. From Eric
10318 Some changes to support AF_UNIX sockets -- this will only
10319 really become relevant in the next release, but some
10320 people need it for local patches. From Michael
10321 Corrigan of UC San Diego.
10322 Use dynamically allocated memory (instead of static buffers)
10323 for macros defined in initsys() and settime(); since
10324 these can have different values depending on which
10325 envelope they are in. From Eric Wassenaar.
10326 Improve logging to show ctladdr on to= logging; this tells you
10327 what uid/gid processes ran as.
10328 Fix a problem that caused error messages to be discarded if
10329 the sender address was unparseable for some reason;
10330 this was supposed to fall back to the "return to
10332 Improve aliaswait backoff algorithm.
10333 Portability patches for Linux (8.6.3 required another header
10334 file) (from Karl London) and SCO UNIX.
10335 CONFIG: patch prog mailer to not strip host name off of envelope
10336 addresses (so that it matches local again). From
10338 CONFIG: change uucp-dom mailer so that "<>" translates to $n;
10339 this prevents uux from seeing lines with null names like
10340 ``From Sat Oct 30 14:55:31 1993''. From Motonori
10341 Nakamura of Kyoto University.
10342 CONFIG: handle <list:;> syntax correctly. This isn't legal, but
10343 it shouldn't fail miserably. From Motonori Nakamura.
10345 8.6.2/8.6.2 1993/10/15
10346 Put a "successful delivery" message in the transcript for
10347 addresses that get return-receipts.
10348 Put a prominent "this is only a warning" message in warning
10349 messages -- some people don't read carefully enough
10350 and end up sending the message several times.
10351 Include reason for temporary failure in the "warning" return
10352 message. Currently, it just says "cannot send for
10354 Fix the "Original message received" time generated for
10355 returntosender messages. It was previously listed as
10356 the current time. Bug reported by Eric Hagberg of
10357 Cornell University Medical College.
10358 If there is an error when writing the body of a message,
10359 don't send the trailing dot and wait for a response
10360 in sender SMTP, as this could cause the connection to
10361 hang up under some bizarre circumstances. From Eric
10363 Fix some server SMTP synchronization problems caused when
10364 connections fail during message collection. From
10366 Fix a problem that can cause srvrsmtp to reject mail if the
10367 name server is down -- it accepts the RCPT but rejects
10368 the DATA command. Problem reported by Jim Murray of
10370 Fix a problem that can cause core dumps if the config file
10371 incorrectly resolves to a null hostname. Reported by
10372 Allan Johannesen of WPI.
10373 Non-root use of -C flag, dangerous -f flags, and use of -oQ
10374 by non-root users were not put into
10375 X-Authentication-Warning:s as intended because the
10376 config file hadn't set the PrivacyOptions yet. Fix
10377 from Sven-Ove Westberg of the University of Lulea.
10378 Under very odd circumstances, the alias file rebuild code
10379 could get confused as to whether a database was
10381 Check "vendor code" on the end of V lines -- this is
10382 intended to provide a hook for vendor-specific
10383 configuration syntax. (This is a "new feature",
10384 but I've made an exception to my rule in a belief
10385 that this is a highly exceptional case.)
10386 Portability fixes for DG/UX (from Douglas Anderson of NCSC),
10387 SCO Unix (from Murray Kucherawy), A/UX, and OSF/1
10388 (from Jon Forrest of UC Berkeley)
10389 CONFIG: fix ``mailer:host'' form of UUCP relay naming.
10391 8.6.1/8.6 1993/10/08
10392 Portability fixes for A/UX and Encore UMAX V.
10393 Fix error message handling -- if you had a name server down
10394 causing an error during parsing, that message was never
10395 propagated to the queue file.
10398 Configuration cleanup: make it easier to undo IDENTPROTO in
10399 conf.h (other systems have the same bug).
10400 If HASGETDTABLESIZE and _SC_OPEN_MAX are both defined, assume
10401 getdtablesize() instead of sysconf(); a disturbingly
10402 large number of systems defined _SC_OPEN_MAX in the
10403 header files but don't have the syscall.
10404 Another patch to really truly ignore MX records in getcanonname
10406 Fix problem that caused the "250 IAA25499 Message accepted for
10407 delivery" message to be omitted if there was an error
10408 in the header of the message (e.g., a bad Errors-To:
10409 line). Pointed out by Michael Corrigan of UCSD.
10410 Announce name of host we are chatting when we get errors; this
10411 is an IDA-ism suggested by Christophe Wolfhugel.
10412 Portability fixes for Alpha OSF/1 (from Anthony Baxter of the
10413 Australian Artificial Intelligence Institute), SCO Unix
10414 (from Murray Kucherawy of Hookup Communication Corp.),
10415 NeXT (from Vince DeMarco and myself), Linux (from
10416 Karl London <karl@borg.demon.co.uk>), BSDI (from
10417 Christophe Wolfhugel, and SVR4 on Dell (from Kimmo
10418 Suominen), AUX 3.0 on Macintosh, and ANSI C compilers.
10419 Some changes to get around gcc optimizer bugs. From Takahiro
10421 Fix error recovery in queueup if another tf file of the same
10422 name already exists. Problem stumbled over by Bill
10423 Wisner of The Well.
10424 Output YP_MASTER_NAME and YP_LAST_MODIFIED without null bytes.
10425 Problem noted by Keith McMillan of Ameritech Services.
10426 Deal with group permissions properly when opening .forward and
10427 :include: files. This relaxes the 8.1C restrictions
10428 slightly more. This includes proper setting of groups
10429 when reading :include: files, allowing you to read some
10430 files that you should be able to read but have previously
10431 been denied unless you owned them or they had "other"
10433 Make certain that $j is in $=w (after the .cf is read) so that
10434 if the user is forced to override some silly system,
10435 MX suppression will still work.
10436 Fix a couple of efficiency problems where newstr was double-
10437 calling expensive routines. In at least one case, it
10438 wasn't guaranteed that they would always return the
10439 same result. Problem noted by Christophe Wolfhugel.
10440 Fix null pointer dereference in putoutmsg -- only on an error
10441 condition from a non-SMTP mailer. From Motonori
10443 Macro expand "C" line class definitions before scanning so that
10445 Fix problem that caused error message to be sent while still
10446 trying to send the original message if the connection
10447 is closed during a DATA command after getting an error
10448 on an RCPT command (pretty obscure). Problem reported
10449 by John Myers of CMU.
10450 Fix reply to NOOP to be 250 instead of 200 -- this is a long
10452 Fix a nasty bug causing core dumps when returning the "warning:
10453 cannot deliver for N hours -- will keep trying" message;
10454 it only occurred if you had PostmasterCopy set and
10455 only on some architectures. Although sendmail would
10456 keep trying, it would send error messages on each
10457 queue interval. This is an important fix.
10458 Allow u and g options to take user and group names respectively.
10459 Don't do a chdir into the queue directory in -bt mode to make
10460 ruleset testing a bit easier.
10461 Don't allow users to turn off logging (using -oL) on the command
10462 line -- command line can only raise, not lower, logging
10464 Set $u to the original recipient on the SMTP transaction or on
10465 the command line. This is only done if there is exactly
10466 one recipient. Technically, this does not meet the
10467 specs, because it does not guarantee a domain on the
10469 Fix a problem that dumped error messages on bad addresses if
10470 you used the -t flag. Problem noted by Josh Smith of
10471 Harvey Mudd College.
10472 Given an address such as ``<foo> <bar>'', auto-quote the first
10473 ``<foo>'' part, giving ``"<foo>" <bar>''. This is to
10474 avoid the problem of people who use angle brackets in
10475 their full name information.
10476 Fix a null pointer dereference if you set option "l", have
10477 an Errors-To: header in the message, and have Errors-To:
10478 defined in the config file H lines. From J.R. Oldroyd.
10479 Put YPCOMPAT on #ifdef NIS instead -- it's one less thing to get
10480 wrong when compiling. Suggested by Rick McCarty of TI.
10481 Fix a problem that could pass negative SIZE parameter if the
10482 df file got lost; this would cause servers to always
10483 give a temporary failure, making the problem even worse.
10484 Problem noted by Allan Johannesen of WPI.
10485 Add "ident" timeout (one of the "r" option selectors) for IDENT
10486 protocol timeouts (30s default). Requested by Murray
10487 Kucherawy of HookUp Communication Corp. to handle bogus
10488 PC TCP/IP implementations.
10489 Change $w default definition to be just the first component of
10490 the domain name on config level 5. The $j macro defaults
10491 to the FQDN; $m remains as before. This lets well-behaved
10492 config files use any of the short, long, or subdomain
10494 Add makesendmail script in src to try to automate multi-architecture
10495 builds. I know, this is sub-optimal, but it is still
10497 Fix very obscure race condition that can cause a queue run to
10498 get a queue file for an already completed job. This
10499 problem has existed for years. Problem noted by the
10500 long suffering Allan Johannesen of WPI.
10501 Fix a problem that caused the raw sender name to be passed to
10502 udbsender instead of the canonified name -- this caused
10503 it to sometimes miss records that it should have found.
10504 Relax check of name on HELO packet so that a program using -bs
10505 that claims to be itself works properly.
10506 Restore rewriting of $: part of address through 2, R, 4 in
10507 buildaddr -- this requires passing a lot of flags to get
10508 it right. Unlike old versions, this ONLY rewrites
10509 recipient addresses, not sender addresses.
10510 Fix a bug that caused core dumps in config files that cannot
10511 resolve /file/name style addresses. Fix from Jonathan
10512 Kamens of OpenVision Technologies.
10513 Fix problem with fcntl locking that can cause error returns to
10514 be lost if the lock is lost; this required fully
10515 queueing everything, dropping the envelope (so errors
10516 would get returned), and then re-reading the queue from
10518 Fix a problem that caused aliases that redefine an otherwise
10519 true address to still send to the original address
10520 if and only if the alias failed in certain bizarre
10521 ways (e.g, if they pointed at a list:; syntax address).
10522 Problem pointed out by Jonathan Kamens.
10523 Remove support for frozen configuration files. They caused
10524 more trouble than it was worth.
10525 Fix problem that can cause error messages to get ignored when
10526 using both -odb and -t flags. Problem noted by Rob
10527 McNicholas at U.C. Berkeley.
10528 Include all "normal" variations on hostname in $=w. For example,
10529 if the host name is vangogh.cs.berkeley.edu, $=w will
10530 contain vangogh, vangogh.cs, and vangogh.cs.berkeley.edu.
10531 Add "restrictqrun" privacy flag -- without this, anyone can run
10533 Reset SmtpPhase global on initial connection creation so that
10534 messages don't come out with stale information.
10535 Pass an "ext" argument to lockfile so that error/log messages
10536 will properly reflect the true filename being locked.
10537 Put all [...] address forms into $=w -- this eliminates the need
10538 for MAXIPADDR in conf.h. Suggested by John Gardiner
10540 Fix a bug that can cause qf files to be left around even after
10541 an SMTP RSET command. Problem and fix from Michael
10543 Don't send a PostmasterCopy to errors when the Precedence: is
10544 negative. Error reports still go to the envelope
10546 Add LA_SHORT for load averages.
10547 Lock sendmail.st file when posting statistics.
10548 Add "SendBufSize" and "RcvBufSize" suboptions to "O" option to
10549 set the size of the TCP send and receive buffers; if you
10550 run over a slow slip line you may need to set these down
10551 (although it would be better to fix the SLIP implementation
10552 so that it's not necessary to recompile every program
10553 that does bulk data transfer).
10554 Allow null defaults on $( ... $) lookups. Problem reported by
10556 Diagnose crufty S and V config lines. This resulted from an
10557 observation that some people were using the SITE macro
10558 without the SITECONFIG macro first, which was causing
10559 bogus config files that were not caught.
10560 Fix makemap -f flag to turn off case folding (it was turning it
10561 on instead). THIS IS A USER VISIBLE CHANGE!!!
10562 Fix a problem that caused multiple error messages to be sent if
10563 you used "sendmail -t -oem -odb", your system uses fcntl
10564 locking, and one of the recipient addresses is unknown.
10565 Reset uid earlier in include() so that recursive .forwards or
10566 :include:s don't use the wrong uid.
10567 If file descriptor 0, 1, or 2 was closed when sendmail was
10568 called, the code to recover the descriptor was broken.
10569 This sometimes (only sometimes) caused problems with the
10570 alias file. Fix from Motonori Nakamura.
10571 Fix a problem that caused aliaswait to go into infinite recursion
10572 if the @:@ metasymbol wasn't found in the alias file.
10573 Improve error message on newaliases if database files cannot be
10574 opened or if running with no database format defined.
10575 Do a better estimation of the size of error messages when NoReturn
10576 is set. Problem noted by P{r (Pell) Emanuelsson.
10577 Fix a problem causing the "c" option (don't connect to expensive
10578 mailers) to be ignored in SMTP. Problem noted and the
10579 solution suggested by Robert Elz of The University of
10581 Improve connection caching algorithm by passing "[host]" to
10582 hostsignature, which strips the square brackets and
10583 returns the real name. This allows mailertable entries
10584 to match regular entries.
10585 Re-enable Return-Receipt-To: -- people seem to want this stupid
10586 feature, even if it doesn't work right.
10587 Catch and log attempts to try the "wiz" command in server SMTP.
10588 This also ups the log level from LOG_NOTICE to LOG_CRIT.
10589 Be more generous at assigning $z to the home directory -- do this
10590 for programs that are specified through a .forward file.
10591 Fix from Andrew Chang of Sun Microsystems.
10592 Always save a fatal error message in preference to a non-fatal
10593 error message so that the "subject" line of return
10594 messages is the best possible.
10595 CONFIG: reduce the number of quotes needed to quote configuration
10596 parameters with commas: two quotes should work now, e.g.,
10597 define(ALIAS_FILE, ``/etc/aliases,/etc/aliases.local'').
10598 CONFIG: class $=Z is a set of UUCP hosts that use uucp-dom
10599 connections (domain-ized UUCP).
10600 CONFIG: fix bug in default maps (-o must be before database file
10601 name). Pointed out by Christophe Wolfhugel.
10602 CONFIG: add FEATURE(nodns) to state that we are not relying on
10603 DNS. This would presumably be used in UUCP islands.
10604 CONFIG: add OSTYPE(nextstep) and OSTYPE(linux).
10605 CONFIG: log $u in Received: line. This is in technical violation
10606 of the standards, since it doesn't guarantee a domain
10608 CONFIG: don't assume "m" in local mailer flags -- this means that
10609 if you redefine LOCAL_MAILER_FLAGS you will have to include
10610 the "m" flag should you want it. Apparently some Solaris 2.2
10611 installations can't handle multiple local recipients.
10612 Problem noted by Josh Smith.
10613 CONFIG: add confDOMAIN_NAME to set $j (if undefined, $j defaults).
10614 CONFIG: change default version level from 4 to 5.
10615 CONFIG: add FEATURE(nullclient) to create a config file that
10616 forwards all mail to a hub without ever looking at the
10617 addresses in any detail.
10618 CONFIG: properly strip mailer: information off of relays when
10619 used to change .BITNET form into %-hack form.
10620 CONFIG: fix a problem that caused infinite loops if presented
10621 with an address such as "!foo".
10622 CONFIG: check for self literal (e.g., [128.32.131.12]) even if
10623 the reverse "PTR" mapping is broken. There's a better
10624 way to do this, but the change is fairly major and I
10625 want to hold it for another release. Problem noted by
10629 Serious bug: if you used a command line recipient that was unknown
10630 sendmail would not send a return message (it was treating
10631 everything as though it had an SMTP-style client that
10632 would do the return itself). Problem noted by Josh Smith.
10633 Change "trymx" option in getcanonname() to ignore all MX data,
10634 even during a T_ANY query. This actually didn't break
10635 anything, because the only time you called getcanonname
10636 with !trymx was if you already knew there were no MX
10637 records, but it is somewhat cleaner. From Motonori
10639 Don't call getcanonname from getmxrr if you already know there
10640 are no DNS records matching the name.
10641 Fix a problem causing error messages to always include "The
10642 original message was received ... from localhost".
10643 The correct original host information is now included.
10644 Previous change to cf/sh/makeinfo.sh doesn't port to Ultrix (their
10645 version of "test" doesn't have the -x flag). Change it
10646 to use -f instead. From John Myers.
10647 CONFIG: 8.4 mistakenly set the default SMTP-style mailer to
10648 esmtp -- it should be smtp.
10649 CONFIG: send all relayed mail using confRELAY_MAILER (defaults
10650 to "relay" (a variant of "smtp") if MAILER(smtp) is used,
10651 else "suucp" if MAILER(uucp) is used, else "unknown");
10652 this cleans up the configs somewhat. This fixes a serious
10653 problem that caused route-addrs to get mistaken as relays,
10654 pointed out by John Myers. WARNING: this also causes
10655 the default on SMART_HOST to change from "suucp" to
10656 "relay" if you have MAILER(smtp) specified.
10659 Add option `w'. If you receive a message that comes to you because
10660 you are the best (lowest preference) target of an MX, and
10661 you haven't explicitly recognized the source MX host in
10662 your .cf file, this option will cause you to try the target
10663 host directly (as if there were no MX for it at all). If
10664 `w' is not set, this case is a configuration error.
10665 Beware: if `w' is set, senders may get bogus errors like
10666 "message timed out" or "host unknown" for problems that
10667 are really configuration errors. This option is
10668 disrecommended, provided only for compatibility with
10670 Fix a problem that caused the incoming socket to be left open
10671 when sendmail forks after the DATA command. This caused
10672 calling systems to wait in FIN_WAIT_2 state until the
10673 entire list was processed and the child closed -- a
10674 potentially prodigious amount of time. Problem noted
10676 Fix problem (created in 6.64) that caused mail sent to multiple
10677 addresses, one of which was a bad address, to completely
10678 suppress the sending of the message. This changes
10679 handling of EF_FATALERRS somewhat, and adds an
10680 EF_GLOBALERRS flag. This also fixes a potential problem
10681 with duplicate error messages if there is a syntax error
10682 in the header of a message that isn't noticed until late
10683 in processing. Original problem pointed out by Josh Smith
10684 of Harvey Mudd College. This release includes quite a bit
10685 of dickering with error handling (see below).
10686 Back out SMTP transaction if MAIL gets nested 501 error. This
10687 will only hurt already-broken software and should help
10689 Fix a problem that broke aliases when neither NDBM nor NEWDB were
10690 compiled in. It would never read the alias file.
10691 Repair unbalanced `)' and `>' (the "open" versions are already
10693 Logging of "done" in dropenvelope() was incorrect: it would
10694 log this even when the queue file still existed. Change
10695 this to only log "done" (at log level 11) when the
10696 queue file is actually removed. From John Myers.
10697 Log "lost connection" in server SMTP at log level 20 if there
10698 is no pending transaction. Some senders just close the
10699 connection rather than sending QUIT.
10700 Fix a bug causing getmxrr to add a dot to the end of unqualified
10701 domains that do not have MX records -- this would cause
10702 the subsequent host name lookup to fail. The problem
10703 only occurred if you had FEATURE(nocanonify) set.
10704 Problem noted by Rick McCarty of Texas Instruments.
10705 Fix invocation of setvbuf when passed a -X flag -- I had
10706 unwittingly used an ANSI C extension, and this caused
10707 core dumps on some machines.
10708 Diagnose self-destructive alias loops on RCPT as well as EXPN.
10709 Previously it just gave an empty send queue, which
10710 then gave either "Need RCPT (recipient)" at the DATA
10711 (confusing, since you had given an RCPT command which
10712 returned 250) or just dropped the email, depending on
10713 whether you were running VERBose mode. Now it usually
10714 diagnoses this case as "aliasing/forwarding loop broken".
10715 Unfortunately, it still doesn't adequately diagnose
10716 some true error conditions.
10717 Add internal concept of "warning messages" using 6xx codes.
10718 These are not reported only to Postmaster. Unbalanced
10719 parens, brackets, and quotes are printed as 653 codes.
10720 They are always mapped to 5xx codes before use in SMTP.
10721 Clean up error messages to tell both the actual address that
10722 failed and the alias they arose from. This makes it
10723 somewhat easier to diagnose problems. Difficulty noted
10724 by Motonori Nakamura.
10725 Fix a problem that inappropriately added a ctladdr to addresses
10726 that shouldn't have had one during a queue run. This
10727 caused error messages to be handled differently during
10728 a queue run than a direct run.
10729 Don't print the qf name and line number if you get errors during
10730 the direct run of the queue from srvrsmtp -- this was
10731 just extra stuff for users to crawl through.
10732 Put command line flags on second line of pid file so you can
10733 auto-restart the daemon with all appropriate arguments.
10734 Use "kill `head -1 /etc/sendmail.pid`" to stop the
10735 daemon, and "eval `tail -1 /etc/sendmail.pid`" to
10737 Remove the ``setuid(getuid())'' in main -- this caused the
10738 IDENT daemon to screw up. This required that I change
10739 HASSETEUID to HASSETREUID and complicate the mode
10740 changing somewhat because both Ultrix and SunOS seem
10741 to have a bug causing seteuid() to set the saved uid
10742 as well as the effective. The program test/t_setreuid.c
10743 will test to see if your implementation of setreuid(2)
10744 is appropriately functional.
10745 The FallBackMX (option V) handling failed to properly identify
10746 fallback to yourself -- most of the code was there,
10747 but it wasn't being enabled. Problem noted by Murray
10748 Kucherawy of the University of Waterloo.
10749 Change :include: open timeout from ETIMEDOUT to an internal
10750 code EOPENTIMEOUT; this avoids adding "during SmtpPhase
10751 with CurHostName" in error messages, which can be
10752 confusing. Reported by Jonathan Kamens of OpenVision
10754 Back out setpgrp (setpgid on POSIX systems) call to reset the
10755 process group id. The original fix was to get around
10756 some problems with recalcitrant MUAs, but it breaks
10757 any call from a shell that creates a process group id
10758 different from the process id. I could try to fix
10759 this by diddling the tty owner (using tcsetpgrp or
10760 equivalent) but this is too likely to break other
10762 Portability changes:
10763 Support -M as equivalent to -oM on Ultrix -- apparently
10764 DECnet calls sendmail with -MrDECnet -Ms<HOST> -bs
10765 instead of using standard flags. Oh joy. This
10766 behavior reported by Jon Giltner of University
10768 SGI IRIX -- this includes several changes that should
10769 help other strict ANSI compilers.
10770 SCO Unix -- from Murray Kucherawy of HookUp Communication
10772 Solaris running the Sun C compiler (which despite the
10773 documentation apparently doesn't define
10774 __STDC__ by default).
10775 ConvexOS from Eric Schnoebelen of Convex.
10776 Sony NEWS workstations and Omron LUNA workstations from
10778 CONFIG: add confTRY_NULL_MX_LIST to set option `w'.
10779 CONFIG: delete `C' and `e' from default SMTP mailers flags;
10780 several people have made a good argument that this
10781 creates more problems than it solves (although this
10782 may prove painful in the short run).
10783 CONFIG: generalize all the relays to accept a "mailer:host"
10785 CONFIG: move local processing in ruleset 0 into a new ruleset
10786 98 (8 on old sendmail). Domain literal [a.b.c.d]
10787 addresses are also passed through this ruleset.
10788 CONFIG: if neither SMART_HOST nor MAILER(smtp) were defined,
10789 internet-style addresses would "fall off the end" of
10790 ruleset zero and be interpreted as local -- however,
10791 the angle brackets confused the recursive call.
10792 These are now diagnosed as "Unrecognized host name".
10793 CONFIG: USENET rules weren't included in S0 because of a mistaken
10794 ifdef(`_MAILER_USENET_') instead of
10795 ifdef(`_MAILER_usenet_'). Problem found by Rein Tollevik
10796 of SINTEF RUNIT, Oslo.
10797 CONFIG: move up LOCAL_RULE_0 processing so that it happens very
10798 early in ruleset 0; this allows .mc authors to bypass
10799 things like the "short circuit" code for local addresses.
10800 Prompted by a comment by Bill Wisner of The Well.
10801 CONFIG: add confSMTP_MAILER to define the mailer used (smtp or
10802 esmtp) to send SMTP mail. This allows you to default
10803 to esmtp but use a mailertable or other override to
10804 deal with broken servers. This logic was pointed out
10805 to me by Bill Wisner. Ditto for confLOCAL_MAILER.
10806 Changes to cf/sh/makeinfo.sh to make it portable to SVR4
10807 environments. Ugly as sin.
10810 Fix setuid problems introduced in 8.2 that caused messages
10811 like "Cannot create qfXXXXXX: Invalid argument"
10812 or "Cannot reopen dfXXXXXX: Permission denied". This
10813 involved a new compile flag "HASSETEUID" that takes
10814 the place of the old _POSIX_SAVED_IDS -- it turns out
10815 that the POSIX interface is broken enough to break
10816 some systems badly. This includes some fixes for
10817 HP-UX. Also fixes problems where the real uid is
10818 not reset properly on startup (from Neil Rickert).
10819 Fix a problem that caused timed out messages to not report the
10820 addresses that timed out. Error messages are also more
10822 Drop required bandwidth on connections from 64 bytes/sec to
10824 Further Solaris portability changes -- doesn't require the BSD
10825 compatibility library. This also adds a new
10826 "HASGETDTABLESIZE" compile flag which can be used if
10827 you want to use getdtablesize(2) instead of sysconf(2).
10828 These are loosely based on changes from David Meyer at
10829 University of Oregon. This now seems to work, at least
10830 for quick test cases.
10831 Fix a problem that can cause duplicate error messages to be
10832 sent if you are in SMTP, you send to multiple addresses,
10833 and at least one of those addresses is good and points
10834 to an account that has a .forward file (whew!).
10835 Fix a problem causing messages to be discarded if checkcompat()
10836 returned EX_TEMPFAIL (because it didn't properly mark
10837 the "to" address). Problem noted by John Myers.
10838 Fix dfopen to return NULL if the open failed; I was depending
10839 on fdopen(-1) returning NULL, which isn't the case. This
10840 isn't serious, but does result in weird error diagnoses.
10841 From Michael Corrigan.
10842 CONFIG: add UUCP_MAX_SIZE M4 macro to set the maximum size of
10843 messages sent through UUCP-family mailers. Suggested
10844 by Bill Wisner of The Well.
10845 CONFIG: if both MAILER(uucp) and MAILER(smtp) are specified,
10846 include a "uucp-dom" mailer that uses domain-style
10847 addressing. Suggested by Bill Wisner.
10848 CONFIG: Add LOCAL_SHELL_FLAGS and LOCAL_SHELL_ARGS to match
10849 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS. Suggested by
10850 Christophe Wolfhugel.
10851 CONFIG: Add OSTYPE(aix3). From Christophe Wolfhugel.
10854 Don't drop out on config file parse errors in -bt mode.
10855 On older configuration files, assume option "l" (use Errors-To
10856 header) for back compatibility. NOTE: this DOES NOT
10857 imply an endorsement of the Errors-To: header in any way.
10858 Accept -x flag on AIX-3 as well as OSF/1. Why, why, why???
10859 Don't log errors on EHLO -- it isn't a "real" error for an old
10860 SMTP server to give an error on this command, and
10861 logging it in the transcript can be confusing. Fix
10863 IRIX compatibility changes provided by Dan Rich
10864 <drich@sandman.lerc.nasa.gov>.
10865 Solaris 2 compatibility changes. Provided by Bob Cunningham
10866 <bob@kahala.soest.hawaii.edu>, John Oleynick
10867 <juo@klinzhai.rutgers.edu>
10868 Debugging: -d17 was overloaded (hostsignature and usersmtp.c);
10869 move usersmtp (smtpinit and smtpmailfrom) to -d18 to
10870 match the other flags in that file.
10871 Flush transcript before fork in mailfile(). From Eric Wassenaar.
10872 Save h_errno in mci struct and improve error message display.
10873 Changes from Eric Wassenaar.
10874 Open /dev/null for the transcript if the create of the xf file
10875 failed; this avoids at least one possible null pointer
10876 reference in very weird cases. From Eric Wassenaar.
10877 Clean up statistics gathering; it was over-reporting because of
10878 forks. From Eric Wassenaar.
10879 Fix problem that causes old Return-Path: line to override new
10880 Return-Path: line (conf.c needs H_FORCE to avoid
10881 re-using old value). From Motonori Nakamura.
10882 Fix broken -m flag in K definition -- even if -m (match only)
10883 was specified, it would still replace the key with the
10884 value. Noted by Rick McCarty of Texas Instruments.
10885 If the name server timed out over several days, no "timed out"
10886 message would ever be sent back. The timeout code
10887 has been moved from markfailure() to dropenvelope()
10888 so that all such failures should be diagnosed. Pointed
10889 out by Christophe Wolfhugel and others.
10890 Relax safefile() constraints: directories in an include or
10891 forward path must be readable by self if the controlling
10892 user owns the entry, readable by all otherwise (e.g.,
10893 when reading your .forward file, you have to own and
10894 have X permission in it; everyone needs X permission in
10895 the root and directories leading up to your home);
10896 include files must be readable by anyone, but need not
10898 If _POSIX_SAVED_IDS is defined, setuid to the owner before
10899 reading a .forward file; this gets around some problems
10900 on NFS mounts if root permission is not exported and
10901 the user's home directory isn't x'able.
10902 Additional NeXT portability enhancements from Axel Zinser.
10903 Additional HP-UX portability enhancements from Brian Bullen.
10904 Add a timeout around SMTP message writes; this assumes you can
10905 get throughput of at least 64 bytes/second. Note that
10906 this does not impact the "datafinal" default, which
10907 is separate; this is just intended to work around
10908 network clogs that will occur before the final dot
10909 is sent. From Eric Wassenaar.
10910 Change map code to set the "include null" flag adaptively --
10911 it initially tries both, but if it finds anything
10912 matching without a null it never tries again with a
10913 null and vice versa. If -N is specified, it never
10914 tries without the null and creates new maps with a
10915 null byte. If -O is specified, it never tries with
10916 the null (for efficiency). If -N and -O are specified,
10917 you get -NO (get it?) lookup at all, so this would
10918 be a bad idea. If you don't specify either -N or -O,
10920 Fix recognition of "same from address" so that MH submissions
10921 will insert the appropriate full name information;
10922 this used to work and got broken somewhere along the
10924 Some changes to eliminate some unnecessary SYSERRs in the
10925 log. For example, if you lost a connection, don't
10926 bother reporting that fact on the connection you lost.
10927 Add some "extended debugging" flags to try to track down
10928 why we get occasional problems with file descriptor
10929 one being closed when execing a mailer; it seems to
10930 only happen when there has been another error in the
10931 same transaction. This requires XDEBUG, defined
10932 by default in conf.h.
10933 Add "-X filename" command line flag, which logs both sides of
10934 all SMTP transactions. This is intended ONLY for
10935 debugging bad implementations of other mailers; start
10936 it up, send a message from a mailer that is failing,
10937 and then kill it off and examine the indicated log.
10938 This output is not intended to be particularly human
10939 readable. This also adds the HASSETVBUF compile
10940 flag, defaulted on if your compiler defines __STDC__.
10941 CONFIG: change SMART_HOST to override an SMTP mailer. If you
10942 have a local net that should get direct connects, you
10943 will need to use LOCAL_NET_CONFIG to catch these hosts.
10944 See cf/README for an example.
10945 CONFIG: add LOCAL_MAILER_ARGS (default: `mail -d $u') to handle
10946 sites that don't use the -d flag.
10947 CONFIG: hide recipient addresses as well as sender addresses
10948 behind $M if FEATURE(allmasquerade) is specified; this
10949 has been requested by several people, but can break
10950 local aliases. For example, if you mail to "localalias"
10951 this will be rewritten as "localalias@masqueradehost";
10952 although initial delivery will work, replies will be
10953 broken. Use it sparingly.
10954 CONFIG: add FEATURE(domaintable). This maps unqualified domains
10955 to qualified domains in headers. I believe this is
10956 largely equivalent to the IDA feature of the same name.
10957 CONFIG: use $U as UUCP name instead of $k. This permits you
10958 to override the "system name" as your UUCP name --
10959 in particular, to use domain-ized UUCP names. From
10960 Bill Wisner of The Well.
10961 CONFIG: create new mailer "esmtp" that always tries EHLO
10962 first. This is currently unused in the config files,
10963 but could be used in a mailertable entry.
10965 8.1C/8.1B 1993/06/27
10966 Serious security bug fix: it was possible to read any file on
10967 the system, regardless of ownership and permissions.
10968 If a subroutine returns a fully qualified address, return it
10969 immediately instead of feeding it back into rewriting.
10970 This fixes a problem with mailertable lookups.
10971 CONFIG: fix some M4 frotz (concat => CONCAT)
10973 8.1B/8.1A 1993/06/12
10974 Serious bug fix: pattern matching backup algorithm stepped by
10975 two tokens in classes instead of one. Found by Claus
10976 Assmann at University of Kiel, Germany.
10978 8.1A/8.1A 1993/06/08
10979 Another mailertable fix....
10982 4.4BSD freeze. No semantic changes.