Email客户端

开发平台：

Unix_Linux

RELEASE_NOTES：源码内容

SENDMAIL RELEASE NOTES
$Id: RELEASE_NOTES,v 8.477 1999/12/10 03:48:55 gshapiro Exp $
This listing shows the version of the sendmail binary, the version
of the sendmail configuration files, the date of release, and a
summary of the changes in that release.
8.10.0/8.10.0 1999/??/??
*************************************************************
* The engineering department at Sendmail, Inc. has suffered *
* the tragic loss of a key member of our engineering team. *
* Julie Van Bourg was the Vice President of Engineering *
* at Sendmail, Inc. during the development and deployment *
* of this release. It was her vision, dedication, and *
* support that has made this release a success. Julie died *
* on October 26, 1999 of cancer. We have lost a leader, a *
* coach, and a friend. *
* *
* This release is dedicated to her memory and to the joy, *
* strength, ideals, and hope that she brought to all of us. *
* Julie, we miss you! *
*************************************************************
SECURITY: The safe file checks now back track through symbolic
links to make sure the files can't be compromised due
to poor permissions on the parent directories of the
symbolic link target.
SECURITY: Only root, TrustedUser, and users in class t can rebuild
the alias map. Problem noted by Michal Zalewski of the
"Internet for Schools" project (IdS).
SECURITY: There is a potential for a denial of service attack if
the AutoRebuildAliases option is set as a user can kill the
sendmail process while it is rebuilding the aliases file
(leaving it in an inconsistent state). This option and
its use is deprecated and will be removed from a future
version of sendmail.
SECURITY: Make sure all file descriptors (besides stdin, stdout, and
stderr) are closed before restarting sendmail. Problem noted
by Michal Zalewski of the "Internet for Schools" project
(IdS).
Begin using /etc/mail/ for sendmail related files. This affects
a large number of files. See cf/README for more details.
The directory structure of the distribution has changed slightly
for easier code sharing among the programs.
Support SMTP AUTH (see RFC 2554). New macros for this purpose
are ${auth_authen}, ${auth_type}, and ${auth_author}
which hold the client's authentication credentials,
the mechanism used for authentication, and the
authorization identity (i.e., the AUTH= parameter if
supplied). Based on code contributed by Tim Martin of CMU.
On systems which use the Torek stdio library (all of the BSD
distributions), use memory-buffered files to reduce
file system overhead by not creating temporary files on
disk. Contributed by Exactis.com, Inc.
New option DataFileBufferSize to control the maximum size of a
memory-buffered data (df) file before a disk-based file is
used. Contributed by Exactis.com, Inc.
New option XscriptFileBufferSize to control the maximum size of a
memory-buffered transcript (xf) file before a disk-based
file is used. Contributed by Exactis.com, Inc.
sendmail implements RFC 2476 (Message Submission), e.g., it can
now listen on several different ports. Use:
O DaemonPortOptions=Name=MSA, Port=587, M=E
to run a Message Submission Agent (MSA); this is turned
on by default in m4-generated .cf files; it can be turned
off with FEATURE(`no_msa').
The 'XUSR' SMTP command is deprecated. Mail user agents should
begin using RFC 2476 Message Submission for initial user
message submission. XUSR may disappear from a future release.
The new '-G' (relay (gateway) submission) command line option
indicates that the message being submitted from the command
line is for relaying, not initial submission. This means
the message will be rejected if the addresses are not fully
qualified and no canonicalization will be done. Future
releases may even reject improperly formed messages.
The '-U' (initial user submission) command line option is
deprecated and may be removed from a future release.
Mail user agents should begin using '-G' to indicate that
this is a relay submission (the inverse of -U).
The next release of sendmail will assume that any message submitted
from the command line is an initial user submission and act
accordingly.
If sendmail doesn't have enough privileges to run a .forward
program or deliver to file as the owner of that file, the
address is marked as unsafe. This means if RunAsUser is
set, users won't be able to use programs or delivery to
files in their .forward files. Administrators can override
this by setting the DontBlameSendmail option to the new
setting NonRootSafeAddr.
Allow group or world writable directories if the sticky bit is set
on the directory and DontBlameSendmail is set to
TrustStickyBit. Based on patch from Chris Metcalf of
InCert Software.
Prevent logging of unsafe directory paths for non-existant forward
files if the new DontWarnForwardFileInUnsafeDirPath bit is
set in the DontBlameSendmail option. Requested by many.
New Timeout.control option to limit the total time spent satisfying
a control socket request.
New Timeout.resolver options for controlling BIND resolver
settings:
Timeout.resolver.retrans
Sets the resolver's retransmission time interval (in
seconds). Sets both Timeout.resolver.retrans.first
and Timeout.resolver.retrans.normal.
Timeout.resolver.retrans.first
Sets the resolver's retransmission time interval (in
seconds) for the first attempt to deliver a message.
Timeout.resolver.retrans.normal
Sets the resolver's retransmission time interval (in
seconds) for all resolver lookups except the first
delivery attempt.
Timeout.resolver.retry
Sets the number of times to retransmit a resolver
query. Sets both Timeout.resolver.retry.first
and Timeout.resolver.retry.normal.
Timeout.resolver.retry.first
Sets the number of times to retransmit a resolver
query for the first attempt to deliver a message.
Timeout.resolver.retry.normal
Sets the number of times to retransmit a resolver
query for all resolver lookups except the first
delivery attempt.
Contributed by Exactis.com, Inc.
Support multiple queue directories. To use multiple queues, supply
a QueueDirectory option value ending with an asterisk. For
example, /var/spool/mqueue/q* will use all of the
directories or symbolic links to directories beginning with
'q' in /var/spool/mqueue as queue directories. Keep in
mind, the queue directory structure should not be changed
while sendmail is running. Queue runs create a separate
process for running each queue unless the verbose flag is
given on a non-daemon queue run. New items are randomly
assigned to a queue. Contributed by Exactis.com, Inc.
Support different directories for qf, df, and xf queue files; if
subdirectories or symbolic links to directories of those names
exist in the queue directories, they are used for the
corresponding queue files. Keep in mind, the queue
directory structure should not be changed while sendmail is
running. Proposed by Mathias Koerber of Singapore
Telecommunications Ltd.
New queue file naming system which uses a filename guaranteed to be
unique for 60 years. This allows queue IDs to be assigned
without fancy file system locking. Queued items can be
moved between queues easily. Contributed by Exactis.com,
Inc.
Messages which are undeliverable due to temporary address failures
(e.g., DNS failure) will now go to the FallBackMX host, if
set. Contributed by Exactis.com, Inc.
New command line option '-L tag' which sets the identifier used for
syslog. Contributed by Exactis.com, Inc.
QueueSortOrder=Filename will sort the queue by filename. This
avoids opening and reading each queue file when preparing
to run the queue. Contributed by Exactis.com, Inc.
Shared memory counters and microtimers functionality has been
donated by Exactis.com, Inc.
The SCCS ID tags have been replaced with RCS ID tags.
Allow trusted users (those on a T line or in $=t) to set the
QueueDirectory (Q) option without an X-Authentication-Warning:
being added. Suggested by Michael K. Sanders.
IPv6 support based on patches from John Kennedy of Cal State
University, Chico, Motonori Nakamura of Kyoto University,
and John Beck of Sun Microsystems.
In low-disk space situations, where sendmail would previously refuse
connections, still accept them, but only allow ETRN commands.
Suggested by Mathias Koerber of Singapore Telecommunications
Ltd.
The [IPC] builtin mailer now allows delivery to a UNIX domain socket
on systems which support them. This can be used with LMTP
local delivery agents which listen on a named socket. An
example mailer might be:
Mexecmail, P=[IPC], F=lsDFMmnqSXzA5@/:|, E=rn,
S=10, R=20/40, T=DNS/RFC822/X-Unix,
A=FILE /var/run/lmtpd
Code contributed by Lyndon Nerenberg of Messaging Direct.
The [TCP] builtin mailer name is now deprecated. Use [IPC]
instead.
The first mailer argument in the [IPC] mailer is now checked for a
legitimate value. Possible values are TCP (for TCP/IP
connections), IPC (which will be deprecated in a future
version), and FILE (for UNIX domain socket delivery).
PrivacyOptions=goaway no longer includes the noetrn and the noreceipts
flags.
PrivacyOptions=nobodyreturn instructs sendmail not to include the
body of the original message on delivery status
notifications.
Don't announce DSN if PrivacyOptions=noreceipts is set. Problem noted
by Dan Bernstein, fix from Robert Harker of Harker Systems.
Accept the SMTP RSET command even when rejecting commands due to TCP
Wrappers or the check_relay ruleset. Problem noted by
Steve Schweinhart of America Online.
Warn if OperatorChars is set multiple times. OperatorChars should
not be set after rulesets are defined. Suggested by
Mitchell Blank Jr of Exec-PC.
Do not report temporary failure on delivery to files. In
interactive delivery mode, this would result in two SMTP
responses after the DATA command. Problem noted by
Nik Conwell of Boston University.
Check file close when mailing to files. Problem noted by Nik
Conwell of Boston University.
Avoid a segmentation fault when using the LDAP map. Patch from
Curtis W. Hillegas of Princeton University.
Always bind to the LDAP server regardless of whether you are using
ldap_open() or ldap_init(). Fix from Raj Kunjithapadam of
@Home Network.
New ruleset trust_auth to determine whether a given AUTH=
parameter of the MAIL command should be trusted. See SMTP
AUTH, cf/README, and doc/op/op.ps.
Allow new named config file rules check_vrfy, check_expn, and
check_etrn for VRFY, EXPN, and ETRN commands, respectively,
similar to check_rcpt etc.
Introduce new macros ${rcpt_mailer}, ${rcpt_host}, ${rcpt_addr},
${mail_mailer}, ${mail_host}, ${mail_addr} that hold
the results of parsing the RCPT and MAIL arguments, i.e.
the resolved triplet from $#mailer $@host $:addr.
From Kari Hurtta of the Finnish Meteorological Institute.
New macro ${client_resolve} which holds the result of the resolve
call for ${client_name}: OK, FAIL, FORGED, TEMP. Proposed
by Kari Hurtta of the Finnish Meteorological Institute.
New macros ${dsn_notify}, ${dsn_envid}, and ${dsn_ret} that hold
the corresponding DSN parameter values. Proposed by
Mathias Herberts.
New macro ${msg_size} which holds the value of the SIZE= parameter,
i.e., usually the size of the message (in an ESMTP dialogue),
before the message has been collected, thereafter it holds
the message size as computed by sendmail (and can be used
in check_compat).
The macro ${deliveryMode} now specifies the current delivery mode
sendmail is using instead of the value of the DeliveryMode
option.
New macro ${ntries} holds the number of delivery attempts.
Drop explicit From: if same as what would be generated only if it is
a local address. From Motonori Nakamura of Kyoto University.
Write pid to file also if sendmail only processes the queue.
Proposed by Roy J. Mongiovi of Georgia Tech.
Log "low on disk space" only when necessary.
New macro ${load_avg} can be used to check the current load average.
Suggested by Scott Gifford of The Internet Ramp.
Return-Receipt-To: header implies DSN request if option RrtImpliesDsn
is set.
Flag -S for maps to specify the character which is substituted
for spaces (instead of the default given by O BlankSub).
Flag -D for maps: perform no lookup in deferred delivery mode.
This flag is set by default for the host map. Based on a
proposal from Ian MacPhedran of the University of Saskatchewan.
Open maps only on demand, not at startup.
Log warning about unsupported IP address families.
New option MaxHeadersLength allows to specify a maximum length
of the sum of all headers. This can be used to prevent
a denial-of-service attack.
New option MaxMimeHeaderLength which limits the size of MIME
headers and parameters within those headers. This option
is intended to protect mail user agents from buffer
overflow attacks.
Added option MaxAliasRecursion to specify the maximum depth of
alias recursion.
New flag F=6 for mailers to strip headers to seven bit.
Map type syslog to log the key via syslogd.
Entries in the alias file can be continued by putting a backslash
directly before the newline.
New option DeadLetterDrop to define the location of the system-wide
dead.letter file, formerly hardcoded to
/usr/tmp/dead.letter. If this option is not set (the
default), sendmail will not attempt to save to a
system-wide dead.letter file if it can not bounce the mail
to the user nor postmaster. Instead, it will rename the qf
file as it has in the past when the dead.letter file
could not be opened.
New option PidFile to define the location of the pid file. The
value of this option is macro expanded.
New option ProcessTitlePrefix specifies a prefix string for the
process title shown in 'ps' listings.
New macros for use with the PidFile and ProcessTitlePrefix options
(along with the already existing macros):
${daemon_info} Daemon information, e.g.
SMTP+queueing@00:30:00
${daemon_addr} Daemon address, e.g., 0.0.0.0
${daemon_family} Daemon family, e.g., inet, inet6, etc.
${daemon_name} Daemon name, e.g., MSA.
${daemon_port} Daemon port, e.g., 25
${queue_interval} Queue run interval, e.g., 00:30:00
New macros especially for virtual hosting:
${if_name} hostname of interface of incoming connection.
${if_addr} address of interface of incoming connection.
The latter is only set if the interface does not belong to the
loopback net.
If a message being accepted via a method other than SMTP and
would be rejected by a header check, do not send the message.
Suggested by Phil Homewood of Mincom Pty Ltd.
Don't strip comments for header checks if $>+ is used instead of $>.
Provide header value as quoted string in the macro
${currHeader} (possibly truncated to MAXNAME). Suggested by
Jan Krueger of Unix-AG of University of Hannover.
The length of the header value is stored in ${hdrlen}.
H*: allows to specify a default ruleset for header checks. This
ruleset will only be called if the individual header does
not have its own ruleset assigned. Suggested by Jan
Krueger of Unix-AG of University of Hannover.
The name of the header field stored in ${hdr_name}.
Comments (i.e., text within parentheses) in rulesets are not
removed if the config file version is greater than or equal
to 9. For example, "R$+ ( 1 ) $@ 1" matches the
input "token (1)" but does not match "token".
Avoid removing the Content-Transfer-Encoding MIME header on
messages with 8-bit text in headers. Problem noted by
Sigurbjorn B. Larusson of Multimedia Consumer Services.
Fix from Per Hedeland of Ericsson.
Avoid duplicate Content-Transfer-Encoding MIME header on
messages with 8-bit text in headers. Problem noted by
Per Steinar Iversen of Oslo College. Fix from Per Hedeland
of Ericsson.
Avoid keeping maps locked longer than necessary when re-opening a
modified database map file. Problem noted by Chris Adams
of Renaissance Internet Services.
Resolving to the $#error mailer with a temporary failure code (e.g.,
$#error $@ tempfail $: "400 Temporary failure") will now
queue up the message instead of bouncing it.
Be more liberal in acceptable responses to an SMTP RSET command as
standard does not provide any indication of what to do when
something other than 250 is received. Based on a patch
from Steve Schweinhart of America Online.
New option TrustedUser allows to specify a user who can own
important files instead of root. This requires HASFCHOWN.
Fix USERDB conditional so compiling with NEWDB or HESIOD and
setting USERDB=0 works. Fix from Jorg Zanger of Schock.
Fix another instance (similar to one in 8.9.3) of a network failure
being mis-logged as "Illegal Seek" instead of whatever
really went wrong. From John Beck of Sun Microsystems.
$? tests also whether the macro is non-null.
Print an error message if a mailer definition contains an invalid
equate name.
New mailer equate /= to specify a directory to chroot() into before
executing the mailer program. Suggested by Igor Vinokurov.
New mailer equate W= to specify the maximum time to wait for the
mailer to return after sending all data to it.
Only free memory from the process list when adding a new process
into a previously filled slot. Previously, the memory was
freed at removal time. Since removal can happen in a
signal handler, this may leave the memory map in an
inconsistent state. Problem noted by Jeff A. Earickson and
David Cooley of Colby College.
When using the UserDB @hostname catch-all, do not try to lookup
local users in the passwd file. The UserDB code has
already decided the message will be passed to another host
for processing. Fix from Tony Landells of Burdett
Buckeridge Young Limited.
Support LDAP authorization via either a file containing the
password or Kerberos V4 using the new map options
'-ddistinguished_name', '-Mmethod', and '-Pfilename'. The
distinguished_name is who to login as. The method can be
one of LDAP_AUTH_NONE, LDAP_AUTH_SIMPLE, or
LDAP_AUTH_KRBV4. The filename is the file containing the
secret key for LDAP_AUTH_SIMPLE or the name of the Kerberos
ticket file for LDAP_AUTH_KRBV4. Patch from Booker Bense
of Stanford University.
The ldapx map has been renamed to ldap. The use of ldapx is
deprecated and will be removed in a future version.
If the result of an LDAP search returns a multi-valued attribute
and the map has the column delimiter set, it turns that
response into a delimiter separated string. The LDAP map
will traverse multiple entries as well. LDAP alias maps
automatically set the column delimiter to the comma.
Based on patch from Booker Bense of Stanford University and
idea from Philip A. Prindeville of Mirapoint, Inc.
Support return of multiple values for a single LDAP lookup. The
values to be returned should be in a comma separated string.
For example, `-v "email,emailother"'. Patch from
Curtis W. Hillegas of Princeton University.
Allow the use of LDAP for alias maps.
If no LDAP attributes are specified in an LDAP map declaration, all
attributes found in the match will be returned.
Prevent commas in quoted strings in the AliasFile value from
breaking up a single entry into multiple entries. This is
needed for LDAP alias file specifications to allow for
comma separated key and value strings.
Keep connections to LDAP server open instead of opening and closing
for each lookup. To reduce overhead, sendmail will cache
connections such that multiple maps which use the same
host, port, bind DN, and authentication will only result in
a single connection to that host.
Put timeout in the proper place for USE_LDAP_INIT.
Be more careful about checking for errors and freeing memory on
LDAP lookups.
Use asynchronous LDAP searches to save memory and network
resources.
Do not copy LDAP query results if the map's match only flag is set.
Increase portability to the Netscape LDAP libraries.
Change the parsing of the LDAP filter specification. '%s' is still
replaced with the literal contents of the map lookup key --
note that this means a lookup can be done using the LDAP
special characters. The new '%0' token can be used instead
of '%s' to encode the key buffer according to RFC 2254.
For example, if the LDAP map specification contains '-k
"(user=%s)"' and a lookup is done on "*", this would be
equivalent to '-k "(user=*)"' -- matching ANY record with a
user attribute. Instead, if the LDAP map specification
contains '-k "(user=%0)"' and a lookup is one on "*", this
would be equivalent to '-k "(user=2A)"' -- matching a user
with the name "*".
New LDAP map flags: "-1" requires a single match to be returned, if
more than one is returned, it is equivalent to no records
being found; "-r never|always|search|find" sets the LDAP
alias dereference option; "-Z size" limits the number of
matches to return.
New option LDAPDefaultSpec allows a default map specification for
LDAP maps. The value should only contain LDAP specific
settings such as "-h host -p port -d bindDN", etc. The
settings will be used for all LDAP maps unless they are
specified in the individual map specification ('K'
command). This option should be set before any LDAP maps
are defined.
Prevent an NDBM alias file opening loop when the NDBM open
continually fails. Fix from Roy J. Mongiovi of Georgia
Tech.
Reduce memory utilization for smaller symbol table entries. In
particular, class entries get much smaller, which can be
important if you have large classes.
On network-related temporary failures, record the hostname which
gave error in the queued status message. Requested by
Ulrich Windl of the Universitat Regensburg.
Add new F=% mailer flag to allow for a store and forward
configuration. Mailers which have this flag will not attempt
delivery on initial recipient of a message or on queue runs
unless the queued message is selected using one of the
-qI/-qR/-qS queue run modifiers or an ETRN request. Code
provided by Philip Guenther of Gustavus Adolphus College.
New option ControlSocketName which, when set, creates a daemon
control socket. This socket allows an external program to
control and query status from the running sendmail daemon
via a named socket, similar to the ctlinnd interface to the
INN news server. Access to this interface is controlled by
the UNIX file permissions on the named socket on most UNIX
systems (see sendmail/README for more information). An
example control program is provided as contrib/smcontrol.pl.
Change the default values of QueueLA from 8 to (8 * numproc) and
RefuseLA from 12 to (12 * numproc) where numproc is the
number of processors online on the system (if that can be
determined). For single processor machines, this change
has no effect.
Don't return body of message to postmaster on "Too many hops" bounces.
Based on fix from Motonori Nakamura of Kyoto University.
Give more detailed DSN descriptions for some cases. Patch from
Motonori Nakamura of Kyoto University.
Logging of alias, forward file, and UserDB expansion now happens
at LogLevel 11 or higher instead of 10 or higher.
Logging of an envelope's complete delivery (the "done" message) now
happens at LogLevel 10 or higher instead of 11 or higher.
Logging of TCP/IP or UNIX standard input connections now happens at
LogLevel 10 or higher. Previously, only TCP/IP connections
were logged, and on at LogLevel 12 or higher. Setting
LogLevel to 10 will now assist users in tracking frequent
connection-based denial of service attacks.
Macro expand PostmasterCopy and DoubleBounceAddress options.
New "ph" map for performing ph queries in rulesets. More
information is available at
http://www-wsg.cso.uiuc.edu/sendmail/patches/.
Contributed by Mark Roth of the University of Illinois at
Urbana-Champaign.
Detect temporary lookup failures in the host map if looking up a
bracketed IP address. Problem noted by Kari Hurtta of the
Finnish Meteorological Institute.
Do not report a Remote-MTA on local deliveries. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
When a forward file points to an alias which runs a program, run
the program as the default user and the default group, not
the forward file user. This change also assures the
:include: directives in aliases are also processed using
the default user and group. Problem noted by Sergiu
Popovici of DNT Romania.
Prevent attempts to save a dead.letter file for a user with
no home directory (/no/such/directory). Problem noted by
Michael Brown of Finnigan FT/MS.
Include message delay and number of tries when logging that a
message has been completely delivered (LogLevel of 10 or
above). Suggested by Nick Hilliard of Ireland Online.
Log the sender of a message even if none of the recipients were
accepted. If some of the recipients were rejected, it is
helpful to know the sender of the message.
Check the root directory (/) when checking a path for safety.
Problem noted by John Beck of Sun Microsystems.
Prevent multiple responses to the DATA command if DeliveryMode is
interactive and delivering to an alias which resolves to
multiple files.
Macros in the helpfile are expanded if the helpfile version is 2 or
greater (see below); the help function doesn't print the
version of sendmail any longer, instead it is placed in
the helpfile ($v). Suggested by Chuck Foster of UUNET
PIPEX. Additionally, comment lines (starting with #) are
skipped and a version line (#vers) is introduced. The
helpfile version for 8.10.0 is 2, if no version or an older
version is found, a warning is logged. The '#vers'
directive should be placed at the top of the help file.
Use fsync() when delivering to a file to guarantee the delivery to
disk succeeded. Suggested by Nick Christenson.
If delivery to a file is unsuccessful, truncate the file back to its
length before the attempt.
If a forward points to a filename for delivery, change to the
user's uid before checking permissions on the file. This
allows delivery to files on NFS mounted directories where
root is remapped to nobody. Problem noted by Harald
Daeubler of Universitaet Ulm.
purgestat and sendmail -bH purge only expired (Timeout.hoststatus)
host status files, not all files.
Any macros stored in the class $={persistentMacros} will be saved
in the queue file for the message and set when delivery
is attempted on the queued item. Suggested by Kyle Jones of
Wonderworks Inc.
Add support for storing information between rulesets using the new
macro map class. This can be used to store information
between queue runs as well using $={persistentMacros}.
Based on an idea from Jan Krueger of Unix-AG of University
of Hannover.
New map class arith to allow for computations in rules. The
operation (+, -, *, /, l (for less than), and =) is given
as key. The two operands are specified as arguments; the
lookup returns the result of the computation. For example,
"$(arith l $@ 4 $@ 2 $)" will return "FALSE" and
"$(arith + $@ 4 $@ 2 $)" will return "6".
Add new syntax for header declarations which decide whether to
include the header based on a macro rather than a mailer
flag:
H${MyMacro}X-My-Header: ${MyMacro}
This should be used along with $={persistentMacros}.
It can be used for adding headers to a message based on
the results of check_* and header check rulesets.
Allow new named config file rule check_eoh which is called after
all of the headers have been collected. The input to the
ruleset the number of headers and the size of all of the
headers in bytes separated by $|. This ruleset along with
the macro storage map can be used to correlate information
gathered between headers and to check for missing headers.
See cf/README or doc/op/op.ps for an example.
Change the default for the MeToo option to True to correspond
to the clarification in the DRUMS SMTP Update spec.
Change the sendmail binary default for SendMimeErrors to True.
Change the sendmail binary default for SuperSafe to True.
Display ruleset names in debug and address test mode output
if referencing a named ruleset.
New mailer equate m= which will limit the number of messages
delivered per connection on an SMTP or LMTP mailer.
Improve QueueSortOrder=Host by reversing the hostname before
using it to sort. Now all the same domains are really run
through the queue together. If they have the same MX host,
then they will have a much better opportunity to use the
connection cache if available. This should be a reasonable
performance improvement. Patch from Randall Winchester of
the University of Maryland.
If a message is rejected by a header check ruleset, log who would
have received the message if it had not been rejected.
New "now" value for Timeout.queuereturn to bounce entries from the
queue immediately. No delivery attempt is made.
Increase sleeping time exponentially after too many "bad" commands
up to 4 minutes delay (compare MAX{BAD,NOOP,HELO,VRFY,ETRN}-
COMMANDS).
New option ClientPortOptions similar to DaemonPortOptions
but for outgoing connections.
New suboptions for DaemonPortOptions: Name (a name used for
error messages and logging) and Modifiers, i.e.
a require authentication
b bind to interface through which mail has
been received
c perform hostname canonification
f require fully qualified hostname
h use name of interface for outgoing HELO
command
C don't perform hostname canonification
E disallow ETRN (see RFC 2476)
New suboption for ClientPortOptions: Modifiers, i.e.
h use name of interface for HELO command
The version number for queue files (qf) has been incremented to 3.
Log unacceptable HELO/EHLO domain name attempts if LogLevel is set
to 10 or higher. Suggested by Rick Troxel of the National
Institutes of Health.
If a mailer dies, print the status in decimal instead of octal
format. Suggested by Michael Shapiro of Sun Microsystems.
Limit the length of all MX records considered for delivery to 8k.
Move message priority from sender to recipient logging. Suggested by
Ulrich Windl of the Universitat Regensburg.
Add support for Berkeley DB 3.X.
Add fix for Berkeley DB 2.X fcntl() locking race condition.
Requires a post-2.7.5 version of Berkeley DB.
Support writing traffic log (sendmail -X option) to a FIFO.
Patch submitted by Rick Heaton of Network Associates, Inc.
Do not ignore Timeout settings in the .cf file when a Timeout
sub-options is set on the command line. Problem noted by
Graeme Hewson of Oracle.
Randomize equal preference MX records each time delivery is
attempted via a new connection to a host instead of once per
session. Suggested by Scott Salvidio of Compaq.
Implement enhanced status codes as defined by RFC 2034.
Add [hostname] to class w for the names of all interfaces unless
DontProbeInterfaces is set. This is useful for sending mails
to hosts which have dynamically assigned names.
If a message is bounced due to bad MIME conformance, avoid bouncing
the bounce for the same reason. If the body is not 8-bit
clean, and EightBitMode isn't set to pass8, the body will
not be included in the bounce. Problem noted by Valdis
Kletnieks of Virginia Tech.
The timeout for sending a message via SMTP has been changed from
'${msgsize} / 16 + (${nrcpts} * 300)' to a timeout which
simply checks for progress on sending data every 5 minutes.
This will detect the inability to send information quicker
and reduce the number of processes simply waiting to
timeout.
Prevent a segmentation fault on systems which give a partial filled
interface address structure when loading the system network
interface addresses. Fix from Reinier Bezuidenhout of
Nanoteq.
Add a compile-time configuration macro, MAXINTERFACES, which
indicates the number of interfaces to read when probing
for hostnames and IP addresses for class w ($=w). The
default value is 512. Based on idea from Reinier
Bezuidenhout of Nanoteq.
If the RefuseLA option is set to 0, do not reject connections based
on load average.
Allow ruleset 0 to have a name. Problem noted by Neil Rickert of
Northern Illinois University.
Expand the Return-Path: header at delivery time, after "owner-"
envelope splitting has occurred.
Don't try to sort the queue if there are no entries. Patch from
Luke Mewburn from RMIT University.
Add a "/quit" command to address test mode.
Include the proper sender in the UNIX "From " line and Return-Path:
header when undeliverable mail is saved to ~/dead.letter.
Problem noted by Kari Hurtta of the Finnish Meteorological
Institute.
The contents of a class can now be copied to another class using
the syntax: "C{Dest} $={Source}". This would copy all of
the items in class $={Source} into the class $={Dest}.
Include original envelope's error transcript in bounces created for
split (owner-) envelopes to see the original errors when
the recipients were added. Based on fix from Motonori
Nakamura of Kyoto University.
Show reason for permanent delivery errors directly after the
addresses. From Motonori Nakamura of Kyoto University.
Prevent a segmentation fault when bouncing a split-envelope
message. Patch from Motonori Nakamura of Kyoto University.
If the specification for the queue run interval (-q###) has a
syntax error, consider the error fatal and exit.
Pay attention to CheckpointInterval during LMTP delivery. Problem
noted by Motonori Nakamura of Kyoto University.
On operating systems which have setlogin(2), use it to set the
login name to the RunAsUserName when starting as a daemon.
This is for delivery to programs which use getlogin().
Based on fix from Motonori Nakamura of Kyoto University.
Differentiate between "command not implemented" and "command
unrecognized" in the SMTP dialogue.
Strip returns from forward and include files. Problem noted by
Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a core dump when using 'sendmail -bv' on an address which
resolves to the $#error mailer with a temporary failure.
Based on fix from Neil Rickert of Northern Illinois
University.
Prevent multiple deliveries of a message with a "non-local alias"
pointing to a local user, if canonicalization fails
the message was requeued *and* delivered to the alias.
If an invalid ruleset is declared, the ruleset name could be
ignored and its rules added to S0. Instead, ignore the
ruleset lines as well.
Avoid incorrect Final-Recipient, Action, and X-Actual-Recipient
success DSN fields as well as duplicate entries for a
single address due to S5 and UserDB processing. Problems
noted by Kari Hurtta of the Finnish Meteorological
Institute.
Turn off timeouts when exiting sendmail due to an interrupt signal
to prevent the timeout from firing during the exit process.
Problem noted by Michael Shapiro of Sun Microsystems.
Do not append @MyHostName to non-RFC822 addresses output by the EXPN
command or on Final-Recipient: and X-Actual-Recipient: DSN
headers. Non-RFC822 addresses include deliveries to
programs, file, DECnet, etc.
Fix logic for determining if a local user is using -f or -bs to
spoof their return address. Based on idea from Neil Rickert
of Northern Illinois University and patch from Per Hedeland
of Ericsson.
Report the proper UID in the bounce message if an :include: file is
owned by a uid that doesn't map to a username and the
:include: file contains delivery to a file or program.
Problem noted by John Beck of Sun Microsystems.
Avoid the attempt of trying to send a second SMTP QUIT command if
the remote server responds to the first QUIT with a 4xx
response code and drops the connection. This behavior was
noted by Ulrich Windl of the Universitat Regensburg when
sendmail was talking to the Mercury 1.43 MTA.
If a hostname lookup times out and ServiceSwitchFile is set but the
file is not present, the lookup failure would be marked as
a permanent failure instead of a temporary failure. Fix
from Russell King of the ARM Linux Project.
Handle aliases or forwards which deliver to programs using tabs
instead of spaces between arguments. Problem noted by Randy
Wormser. Fix from Neil Rickert of Northern Illinois
University.
Allow MaxRecipientsPerMessage option to be set on the command line
by normal users (e.g., sendmail won't drop its root
privileges) to allow overrides for message submission via
'sendmail -bs'.
Set the names for help file and statistics file to "helpfile" and
"statistics", respectively, if no parameters are given for
them in the .cf file.
Avoid bogus 'errbody: I/O Error -7' log messages when sending
success DSN messages for messages relayed to non-DSN aware
systems. Problem noted by Juergen Georgi of RUS University
of Stuttgart and Kyle Tucker of Parexel International.
Prevent +detail information from interfering with local delivery to
multiple users in the same transaction (F=m).
Portability:
Reverse signal handling logic such that sigaction(2) with
the SA_RESTART flag is the preferred method and the
other signal methods are only tried if SA_RESTART
is not available. Problem noted by Allan E
Johannesen of Worcester Polytechnic Institute.
AIX 4.x supports the sa_len member of struct sockaddr.
This allows network interface probing to work
properly. Fix from David Bronder of the
University of Iowa.
AIX 4.3 has snprintf() support.
Use "PPC" as the architecture name when building under
AIX. This will be reflected in the obj.* directory
name.
Apple Darwin support based on Apple Rhapsody port.
Fixed AIX 'make depend' method from Valdis Kletnieks of
Virginia Tech.
GNU Hurd updates from Mark Kettenis of the University of
Amsterdam.
Improved HPUX 11.0 portability.
Remove special IRIX ABI cases from Build script and the OS
files. Use the standard 'cc' options used by SGI
in building the operating system. Users can
override the defaults by setting confCC and
confLIBSEARCHPATH appropriately.
IRIX nsd map support from Bob Mende of SGI.
Minor devtools fixes for IRIX from Bob Mende of SGI.
Linux patch for IP_SRCROUTE support from Joerg Dorchain
of MW EDV & ELECTRONIC.
Linux now uses /usr/sbin for confEBINDIR in the build
system. From MATSUURA Takanori of Osaka University.
Remove special treatment for Linux PPC in the build
system. From MATSUURA Takanori of Osaka University.
Motorolla UNIX SYSTEM V/88 Release 4.0 support from
Sergey Rusanov of the Republic of Udmurtia.
NCR MP-RAS 3.x includes regular expression support. From
Tom J. Moore of NCR.
NEC EWS-UX/V series settings for _PATH_VENDOR_CF and
_PATH_SENDMAILPID from Oota Toshiya of
NEC Computers Group Planning Division.
NEWS-OS 6.X listed SYSLOG_BUFSIZE as 256 in confENVDEF and
1024 in conf.h. Since confENVDEF would be used,
use that value in conf.h.
Use NeXT's NETINFO to get domain name. From Gerd Knops of
BITart Consulting.
Use NeXT's NETINFO for alias and hostname resolution if
AUTO_NETINFO_ALIASES and AUTO_NETINFO_HOSTS are
defined. Patch from Wilfredo Sanchez of Apple
Computer, Inc.
New compile flag FAST_PID_RECYCLE: set this if your system
can reuse the same PID in the same second.
New compile flag HASFCHOWN: set this if your OS has
fchown(2).
New compile flag HASRANDOM: set this to 0 if your OS does
not have random(3). rand() will be used instead.
New compile flag HASSRANDOMDEV: set this if your OS has
srandomdev(3).
New compile flag HASSETLOGIN: set this if your OS has
setlogin(2).
Replace SINIX and ReliantUNIX support with version
specific SINIX files. From Gerald Rinske of
Siemens Business Services.
Use the 60-second load average instead of the 5 second load
average on Compaq Tru64 UNIX (formerly Digital
UNIX). From Chris Teakle of the University of Qld.
Use ANSI C by default for Compaq Tru64 UNIX. Suggested by
Randall Winchester of Swales Aerospace.
Correct setgroups() prototype for Compaq Tru64 UNIX.
Problem noted by Randall Winchester of Swales
Aerospace.
Hitachi 3050R/3050RX and 3500 Workstations running
HI-UX/WE2 4.02, 6.10 and 7.10 from Motonori
NAKAMURA of Kyoto University.
New compile flag NO_GETSERVBYNAME: set this to disable
use of getservbyname() on systems which can
not lookup a service by name over NIS, such as
HI-UX. Patch from Motonori NAKAMURA of Kyoto
University.
Use devtools/bin/install.sh on SCO 5.x. Problem noted
by Sun Wenbing of the China Engineering and
Technology Information Network.
make depend didn't work properly on UNIXWARE 4.2. Problem
noted by Ariel Malik of Netology, Ltd.
Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX).
Set confSTDIO_TYPE to torek for BSD-OS, FreeBSD, NetBSD,
and OpenBSD.
CONFIG: Begin using /etc/mail/ for sendmail related files. This
affects a large number of files. See cf/README for more
details.
CONFIG: New macro MAIL_SETTINGS_DIR contains the path (including
trailing slash) for the mail settings directory.
CONFIG: Increment version number of config file to 9.
CONFIG: OSTYPE(`bsdi1.0') and OSTYPE(`bsdi2.0') have been
deprecated and may be removed from a future release.
BSD/OS users should begin using OSTYPE(`bsdi').
CONFIG: OpenBSD 2.4 installs mail.local non-setuid root. This
requires a new OSTYPE(`openbsd'). From Todd C. Miller of
Courtesan Consulting.
CONFIG: New OSTYPE(`hpux11') for HP/UX 11.X.
CONFIG: A syntax error in check_mail would cause fake top-level
domains (.BITNET, .DECNET, .FAX, .USENET, and .UUCP) to
be improperly rejected as unresolvable.
CONFIG: New FEATURE(`dnsbl') takes up to two arguments (name of
DNS server, rejection message) and can be included
multiple times.
CONFIG: New FEATURE(`relay_mail_from') allows relaying if the
mail sender is listed as RELAY in the access map (and tagged
with From:).
CONFIG: Optional tagging of LHS in the access map (Connect:,
From:, To:) to enable finer control.
CONFIG: New FEATURE(`ldap_routing') implements LDAP address
routing. See cf/README for a complete description of the
new functionality.
CONFIG: New variables for the new sendmail options:
confAUTH_MECHANISMS AuthMechanisms
confAUTH_OPTIONS AuthOptions
confCLIENT_OPTIONS ClientPortOptions
confCONTROL_SOCKET_NAME ControlSocketName
confDEAD_LETTER_DROP DeadLetterDrop
confDEF_AUTH_INFO DefaultAuthInfo
confDF_BUFFER_SIZE DataFileBufferSize
confLDAP_DEFAULT_SPEC LDAPDefaultSpec
confMAX_ALIAS_RECURSION MaxAliasRecursion
confMAX_HEADERS_LENGTH MaxHeadersLength
confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength
confPID_FILE PidFile
confPROCESS_TITLE_PREFIX ProcessTitlePrefix
confRRT_IMPLIES_DSN RrtImpliesDsn
confTO_CONTROL Timeout.control
confTO_RESOLVER_RETRANS Timeout.resolver.retrans
confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first
confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal
confTO_RESOLVER_RETRY Timeout.resolver.retry
confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first
confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal
confTRUSTED_USER TrustedUser
confXF_BUFFER_SIZE XscriptFileBufferSize
CONFIG: confDAEMON_OPTIONS has been replaced by DAEMON_OPTIONS(),
which takes the options as argument and can be used
multiple times; see cf/README for details.
CONFIG: Add a fifth mailer definition to MAILER(`smtp') called
"dsmtp". This mail provides on-demand delivery using the
F=% mailer flag described above. The "dsmtp" mailer
definition uses the new DSMTP_MAILER_ARGS which defaults
to "IPC $h".
CONFIG: New variables LOCAL_MAILER_MAXMSGS, SMTP_MAILER_MAXMSGS,
and RELAY_MAILER_MAXMSGS for setting the m= equate for the
local, smtp, and relay mailers respectively.
CONFIG: New variable LOCAL_MAILER_DSN_DIAGNOSTIC_CODE for setting
the DSN Diagnostic-Code type for the local mailer. The
value should be changed with care.
CONFIG: FEATURE(`local_lmtp') now sets the DSN Diagnostic-Code type
for the local mailer to the proper value of "SMTP".
CONFIG: All included maps are no longer optional; if there
there is a problem with a map, sendmail will complain.
CONFIG: Removed root from class E; use EXPOSED_USER(`root')
to get the old behavior. Suggested by Joe Pruett
of Q7 Enterprises.
CONFIG: MASQUERADE_EXCEPTION() defines hosts/subdomains which
will not be masqueraded. Proposed by Arne Wichmann
of MPI Saarbruecken, Griff Miller of PGS Tensor,
Jayme Cox of Broderbund Software Inc.
CONFIG: A list of exceptions for FEATURE(`nocanonify') can be
specified by CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE,
i.e., a list of domains which are passed to $[ ... $]
for canonification. Based on an idea from Neil Rickert
of Northern Illinois University.
CONFIG: If `canonify_hosts' is specified as parameter for
FEATURE(`nocanonify') then addresses which have only
a hostname, e.g., <user@host>, will be canonified.
CONFIG: If FEATURE(`nocanonify') is turned on, a trailing dot is
nevertheless added to addresses with more than one component
in it.
CONFIG: New class for matching virtusertable entries $={VirtHost} that
can be populated by VIRTUSER_DOMAIN or VIRTUSER_DOMAIN_FILE.
FEATURE(`virtuser_entire_domain') can be used to apply this
class also to entire subdomains. Hosts in this class are
treated as canonical in SCanonify2, i.e., a trailing dot
is added.
CONFIG: If VIRTUSER_DOMAIN() or VIRTUSER_DOMAIN_FILE() are used,
include $={VirtHost} in $=R (hosts allowed to relay).
CONFIG: FEATURE(`generics_entire_domain') can be used to apply the
genericstable also to subdomains of $=G.
CONFIG: Pass "+detail" as %2 for virtusertable lookups.
Patch from Noam Freedman from University of Chicago.
CONFIG: Pass "+detail" as %1 for genericstable lookups. Suggested
by Raymond S Brand of rsbx.net.
CONFIG: Allow @domain in genericstable to override masquerading.
Suggested by Owen Duffy from Owen Duffy & Associates.
CONFIG: LOCAL_DOMAIN() adds entries to class w. Suggested by Steve
Hubert of University of Washington.
CONFIG: OSTYPE(`gnuhurd') has been replaced by OSTYPE(`gnu') as
GNU is now the canonical system name. From Mark
Kettenis of the University of Amsterdam.
CONFIG: Do not include '=' in option expansion if there is no value
associated with the option. From Andrew Brown of
Graffiti World Wide, Inc.
CONFIG: Add MAILER(`qpage') to define a new pager mailer. Contributed
by Philip A. Prindeville of Enteka Enterprise Technology
Services.
CONFIG: MAILER(`cyrus') was not preserving case for mail folder
names. Problem noted by Randall Winchester of Swales
Aerospace.
CONFIG: RELAY_MAILER_FLAGS can be used to define additional flags
for the relay mailer. Suggested by Doug Hughes of Auburn
University and Brian Candler.
CONFIG: LOCAL_MAILER_FLAGS now includes 'P' (Add Return-Path:
header) by default. Suggested by Per Hedeland of Ericsson.
CONFIG: Use SMART_HOST for bracketed addresses, e.g., user@[host].
Suggested by Kari Hurtta of the Finnish Meteorological
Institute.
CONFIG: New macro MODIFY_MAILER_FLAGS to tweak *_MAILER_FLAGS;
i.e., to set, add, or delete flags.
CONFIG: If SMTP AUTH is used then relaying is allowed for any user
who authenticated via a "trusted" mechanism, i.e., one that
is defined via TRUST_AUTH_MECH(`list of mechanisms').
CONFIG: FEATURE(`delay_checks') delays check_mail and check_relay
after check_rcpt and allows for exceptions from the checks.
CONFIG: Map declarations have been moved into their associated
feature files to allow greater flexibility in use of
sequence maps. Suggested by Per Hedeland of Ericsson.
CONFIG: New macro LOCAL_MAILER_EOL to override the default end of
line string for the local mailer. Requested by Il Oh of
Willamette Industries, Inc.
CONFIG: Route addresses are stripped, i.e., <@a,@b,@c:user@d> is
converted to <user@d>
CONFIG: Reject bogus return address of <@@hostname>, generated by
Sun's older, broken configuration files.
CONFIG: FEATURE(`nullclient') now provides the full rulesets of a
normal configuration, allowing anti-spam checks to be
performed.
CONFIG: Don't return a permanent error (Relaying denied) if
${client_name} can't be resolved just temporarily.
Suggested by Kari Hurtta of the Finnish Meteorological
Institute.
CONFIG: Change numbered rulesets into named (which still can
be accessed by their numbers).
CONFIG: FEATURE(`nouucp') takes one parameter: reject or nospecial
which describes whether to disallow "!" in the local part
of an address.
CONFIG: Call Local_localaddr from localaddr (S5) which can be used
to rewrite an address from a mailer which has the F=5 flag
set. If the ruleset returns a mailer, the appropriate
action is taken, otherwise the returned tokens are ignored.
CONFIG: cf/ostype/solaris.m4 has been renamed to solaris2.pre5.m4
and cf/ostype/solaris2.m4 is now a copy of solaris2.ml.m4.
The latter is kept around for backward compatibility.
CONFIG: Allow ":D.S.N:" for mailer/virtusertable "error:" entries,
where "D.S.N" is an RFC 1893 compliant error code.
CONFIG: Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX).
CONFIG: Remove second space between username and date in UNIX From_
line. Noted by Allan E Johannesen of Worcester Polytechnic
Institute.
CONFIG: Make sure all of the mailers have complete T= equates.
CONFIG: Extend FEATURE(`local_procmail') so it can now take
arguments overriding the mailer program, arguments, and
mailer definition flags. This makes it possible to use
other programs such as maildrop for local delivery.
CONFIG: Emit warning if FEATURE(`local_lmtp') or
FEATURE(`local_procmail') is given after MAILER(`local').
Patch from Richard A. Nelson of IBM.
CONFIG: Add SMTP Authentication information to Received: header
default value (confRECEIVED_HEADER).
CONFIG: Remove `l' flag from USENET_MAILER_FLAGS as it is not a
local mailer. Problem noted by Per Hedeland of Ericsson.
CONTRIB: Added bounce-resender.pl from Brian R. Gaeke of the
University of California at Berkeley.
CONTRIB: Added domainmap.m4 from Mark D. Roth of the University of
Illinois at Urbana-Champaign.
CONTRIB: etrn.pl now recognizes bogus host names. Patch from
Bruce Barnett of GE's R&D Lab.
CONTRIB: Patches for re-mqueue.pl by Graeme Hewson of Oracle
Corporation UK.
CONTRIB: Added qtool.pl to assist in managing the queues.
DEVTOOLS: Prevent user environment variables from interfering with
the Build scripts. Problem noted by Ezequiel H. Panepucci of
Yale University.
DEVTOOLS: 'Build -M' will display the obj.* directory which will
be used for building.
DEVTOOLS: 'Build -A' will display the architecture that would be
used for a fresh build.
DEVTOOLS: New variable confRANLIB, set automatically by configure.sh.
DEVTOOLS: New variable confRANLIBOPTS for the options to send to
ranlib.
DEVTOOLS: 'Build -O <path>' will have the object files build in
<path>/obj.*. Suggested by Bryan Costales of Exactis.
DEVTOOLS: New variable confNO_MAN_BUILD which will prevent the
building of the man pages when defined. Suggested by Bryan
Costales.
DEVTOOLS: New variables confNO_HELPFILE_INSTALL and
confNO_STATISTICS_INSTALL which will prevent the
installation of the sendmail helpfile and statistics file
respectively. Suggested by Bryan Costales.
DEVTOOLS: Recognize ReliantUNIX as SINIX. Patch from Gerald Rinske
of Siemens Business Services.
DEVTOOLS: New variable confSTDIO_TYPE which defines the type of
stdio library. The new buffered file I/O depends on the
Torek stdio library. This option can be either portable or
torek.
DEVTOOLS: New variables confSRCADD and confSMSRCADD which
correspond to confOBJADD and confSMOBJADD respectively.
They should contain the C source files for the object files
listed in confOBJADD and confSMOBJADD. These file names
will be passed to the 'make depend' stage of compilation.
DEVTOOLS: New program specific variables for each of the programs
in the sendmail distribution. Each has the form
`conf_prog_ENVDEF', for example, `conf_sendmail_ENVDEF'.
The new variables are conf_prog_ENVDEF, conf_prog_LIBS,
conf_prog_SRCADD, and conf_prog_OBJADD.
DEVTOOLS: Build system redesign. This should have little affect on
building the distribution, but documentation on the changes
are in devtools/README.
DEVTOOLS: Don't allow 'Build -f file' if an object directory already
exists. Suggested by Valdis Kletnieks of Virginia Tech.
DEVTOOLS: Rename confSRCDIR to confSMSRCDIR since it only identifies
the path to the sendmail source directory. confSRCDIR is a
new variable which identifies the root of the source
directories for all of the programs in the distribution.
DEVTOOLS: confSRCDIR and confSMSRCDIR are now determined at Build
time. They can both still be overridden by setting the m4
macro.
DEVTOOLS: confSBINGRP now defaults to bin instead of kmem.
DEVTOOLS: 'Build -Q prefix' uses devtools/Site/prefix.*.m4 for
build configurations, and places objects in obj.prefix.*/.
Complains as 'Build -f file' does for existing object
directories. Suggested by Tom Smith of Digital Equipment
Corporation.
DEVTOOLS: Setting confINSTALL_RAWMAN will install unformatted
manual pages in the directory tree specified by
confMANROOTMAN.
DEVTOOLS: If formatting the manual pages fails, copy in the
preformatted pages from the distribution. The new variable
confCOPY specifies the copying program.
DEVTOOLS: Defining confFORCE_RMAIL will install rmail without
question. Suggested by Terry Lambert of Whistle
Communications.
DEVTOOLS: confSTFILE and confHFFILE can be used to change the names
of the installed statistics and help files, respectively.
DEVTOOLS: Remove spaces in `uname -r` output when determining
operating system identity. Problem noted by Erik
Wachtenheim of Dartmouth College.
DEVTOOLS: New variable confLIBSEARCHPATH to specify the paths that
will be search for the libraries specified in confLIBSEARCH.
Defaults to "/lib /usr/lib /usr/shlib".
DEVTOOLS: New variables confSTRIP and confSTRIPOPTS for specifying
how to strip binaries. These are used by the new
install-strip target.
MAIL.LOCAL: Will not be installed setuid root. To use mail.local
as local delivery agent without LMTP mode, use
MODIFY_MAILER_FLAGS(`LOCAL', `+S')
to set the S flag.
MAIL.LOCAL: Do not reject addresses which would otherwise be
accepted by sendmail. Suggested by Neil Rickert of
Northern Illinois University.
MAIL.LOCAL: New -7 option which causes LMTP mode not to advertise
8BITMIME in the LHLO response. Suggested by Kari Hurtta of
the Finnish Meteorological Institute.
MAIL.LOCAL: Add support for the maillock() routines by defining
MAILLOCK when compiling. Also requires linking with
-lmail. Patch from Neil Rickert of Northern Illinois
University.
MAIL.LOCAL: Create a Content-Length; header if CONTENTLENGTH is
defined when compiling. Automatically set for Solaris 2.3
and later. Patch from Neil Rickert of Northern Illinois
University.
MAIL.LOCAL: Move the initialization of the 'notifybiff' address
structure to the beginning of the program. This ensures that
the getservbyname() is done before any seteuid to a possibly
unauthenticated user. If you are using NIS+ and secure RPC
on a Solaris system, this avoids syslog messages such as,
"authdes_refresh: keyserv(1m) is unable to encrypt session
key." Patch from Neil Rickert of Northern Illinois
University.
MAIL.LOCAL: Support group writable mail spool files when MAILGID is
set to the gid to use (-DMAILGID=6) when compiling.
Patch from Neil Rickert of Northern Illinois University.
MAIL.LOCAL: When a mail message includes lines longer than 2046
characters (in LMTP mode), mail.local will split the
incoming line up into 2046-character output lines
(excluding the newline). If an input line is 2047
characters long (excluding CR-LF) and the last character is
a '.', mail.local will see it as the end of input, transfer
it to the user mailbox and try to write an `ok' back to
sendmail. If the message was much longer, both sendmail
and mail.local will deadlock waiting for each other to read
what they have written. Problem noted by Peter Jeremy of
Alcatel Australia Limited.
MAIL.LOCAL: New option -b to return a permanent error instead of a
temporary error if a mailbox exceeds quota. Suggested by
Neil Rickert of Northern Illinois University.
MAIL.LOCAL: The creation of a lockfile is subject to a global
timeout to avoid starvation.
MAILSTATS: New -p option to invoke program mode in which stats are
printed in a machine readable fashion and the stats file
is reset. Patch from Kevin Hildebrand of the University
of Maryland.
MAKEMAP: If running as root, automatically change the ownership of
generated maps to the TrustedUser as specified in the
sendmail configuration file.
MAKEMAP: New -C option to accept an alternate sendmail
configuration file to use for finding the TrustedUser
option.
MAKEMAP: New -u option to dump (unmap) a database. Based on
code contributed by Roy Mongiovi of Georgia Tech.
MAKEMAP: New -e option to allow empty values. Suggested by Philip
A. Prindeville of Enteka Enterprise Technology Services.
MAKEMAP: Compile cleanly on 64-bit operating systems. Problem
noted by Gerald Rinske of Siemens Business Services.
OP.ME: Correctly document interaction between F=S and U= mailer
equates. Problem noted by Bob Halley of Internet Engines.
OP.ME: Fixup Timeout documentation. From Graeme Hewson of Oracle
Corporation UK.
OP.ME: The Timeout [r] option was incorrectly listed as "safe"
(e.g., sendmail would not drop root privileges if the
option was specified on the command line). Problem noted
by Todd C. Miller of Courtesan Consulting.
PRALIASES: Handle the hash and btree map specifications for
Berkeley DB. Patch from Brian J. Coan of the
Institute for Global Communications.
PRALIASES: Read the sendmail.cf file for the location(s) of the
alias file(s) if the -f option is not used. Patch from
John Beck of Sun Microsystems.
PRALIASES: New -C option to specify an alternate sendmail
configuration file to use for finding alias file(s). Patch
from John Beck of Sun Microsystems.
SMRSH: allow shell commands echo, exec, and exit. Allow command
lists using || and &&. Based on patch from Brian J. Coan
of the Institute for Global Communications.
SMRSH: Update README for the new Build system. From Tim Pierce
of RootsWeb Genealogical Data Cooperative.
VACATION: Added vacation auto-responder to sendmail distribution.
LIBSMDB: Added abstracted database library. Works with Berkeley
DB 1.85, Berkeley DB 2.X, Berkeley DB 3.X, and NDBM.
Changed Files:
The Build script in the various program subdirectories are
no longer symbolic links. They are now scripts
which execute the actual Build script in
devtools/bin.
All the manual pages are now written against -man and not
-mandoc as they were previously.
Add a simple Makefile to every directory so make instead
of Build will work (unless parameters are
required for Build).
New Directories:
devtools/M4/UNIX
include
install
libsmdb
libsmutil
vacation
Renamed Directories:
BuildTools => devtools
src => sendmail
Deleted Files:
cf/m4/nullrelay.m4
devtools/OS/Linux.ppc
devtools/OS/ReliantUNIX
devtools/OS/SINIX
sendmail/ldap_map.h
New Files:
INSTALL
PGPKEYS
cf/cf/generic-linux.cf
cf/cf/generic-linux.mc
cf/feature/delay_checks.m4
cf/feature/dnsbl.m4
cf/feature/generics_entire_domain.m4
cf/feature/no_msa.m4
cf/feature/relay_mail_from.m4
cf/feature/virtuser_entire_domain.m4
cf/mailer/qpage.m4
cf/ostype/bsdi.m4
cf/ostype/hpux11.m4
cf/ostype/openbsd.m4
contrib/bounce-resender.pl
contrib/domainmap.m4
contrib/qtool.8
contrib/qtool.pl
devtools/M4/depend/AIX.m4
devtools/M4/list.m4
devtools/M4/string.m4
devtools/M4/subst_ext.m4
devtools/M4/switch.m4
devtools/OS/Darwin
devtools/OS/GNU
devtools/OS/SINIX.5.43
devtools/OS/SINIX.5.44
devtools/OS/m88k
devtools/bin/find_in_path.sh
libsmdb/Makefile
libsmutil/Makefile
mail.local/Makefile
mailstats/Makefile
makemap/Makefile
praliases/Makefile
rmail/Makefile
sendmail/Makefile
sendmail/bf.h
sendmail/bf_portable.c
sendmail/bf_portable.h
sendmail/bf_torek.c
sendmail/bf_torek.h
sendmail/shmticklib.c
sendmail/statusd_shm.h
sendmail/timers.c
sendmail/timers.h
smrsh/Makefile
vacation/Makefile
Renamed Files:
cf/ostype/gnuhurd.m4 => cf/ostype/gnu.m4
sendmail/cdefs.h => include/sendmail/cdefs.h
sendmail/sendmail.hf => sendmail/helpfile
sendmail/mailstats.h => include/sendmail/mailstats.h
sendmail/pathnames.h => include/sendmail/pathnames.h
sendmail/safefile.c => libsmutil/safefile.c
sendmail/snprintf.c => libsmutil/snprintf.c
sendmail/useful.h => include/sendmail/useful.h
cf/ostype/solaris2.m4 => cf/ostype/solaris2.pre5.m4
Copied Files:
cf/ostype/solaris2.ml.m4 => cf/ostype/solaris2.m4
8.9.3/8.9.3 1999/02/04
SECURITY: Limit message headers to a maximum of 32K bytes (total
of all headers in a single message) to prevent a denial of
service attack. This limit will be configurable in 8.10.
Problem noted by Michal Zalewski of the "Internet for
Schools" project (IdS).
Prevent segmentation fault on an LDAP lookup if the LDAP map
was closed due to an earlier failure. Problem noted by
Jeff Wasilko of smoe.org. Fix from Booker Bense of
Stanford University and Per Hedeland of Ericsson.
Preserve the order of the MIME headers in multipart messages
when performing the MIME header length check. This
will allow PGP signatures to function properly. Problem
noted by Lars Hecking of University College, Cork, Ireland.
If ruleset 5 rewrote the local address to an :include: directive,
the delivery would fail with an "aliasing/forwarding loop
broken" error. Problem noted by Eric C Hagberg of Morgan
Stanley. Fix from Per Hedeland of Ericsson.
Allow -T to work for bestmx maps. Fix from Aaron Schrab of
ExecPC Internet Systems.
During the transfer of a message in an SMTP transaction, if a
TCP timeout occurs, the message would be properly queued
for later retry but the failure would be logged as
"Illegal Seek" instead of a timeout. Problem noted by
Piotr Kucharski of the Warsaw School of Economics (SGH)
and Carles Xavier Munyoz Baldo of CTV Internet.
Prevent multiple deliveries on a self-referencing alias if the
F=w mailer flag is not set. Problem noted by Murray S.
Kucherawy of Concentric Network Corporation and Per
Hedeland of Ericsson.
Do not strip empty headers but if there is no value and a
default is defined in sendmail.cf, use the default.
Problem noted by Philip Guenther of Gustavus Adolphus
College and Christopher McCrory of Netus, Inc.
Don't inherit information about the sender (notably the full name)
in SMTP (-bs) mode, since this might be called from inetd.
Accept any 3xx reply code in response to DATA command instead of
requiring 354. This change will match the wording to be
published in the updated SMTP specification from the DRUMS
group of the IETF.
Portability:
AIX 4.2.0 or 4.2.1 may become updated by the fileset
bos.rte.net level 4.2.0.2. This introduces the
softlink /usr/lib/libbind.a which should
not be used. It conflicts with the resolver
built into libc.a. "bind" has been removed
from the confLIBSEARCH BuildTools variable.
Users who have installed BIND 8.X will have
to add it back in their site.config.m4 file.
Problem noted by Ole Holm Nielsen of the
Technical University of Denmark.
CRAY TS 10.0.x from Sven Nielsen of San Diego
Supercomputer Center.
Improved LDAP version 3 integration based on input
from Kurt D. Zeilenga of the OpenLDAP Foundation,
John Beck of Sun Microsystems, and Booker Bense
of Stanford University.
Linux doesn't have a standard way to get the timezone
between different releases. Back out the
change in 8.9.2 and don't attempt to derive
a timezone. Problem reported by Igor S. Livshits
of the University of Illinois at Urbana-Champaign
and Michael Dickens of Tetranet Communications.
Reliant UNIX, the new name for SINIX, from Gert-Jan Looy
of Siemens/SNI.
SunOS 5.8 from John Beck of Sun Microsystems.
CONFIG: SCO UnixWare 2.1 and 7.0 need TZ to get the proper
timezone. Problem noted by Petr Lampa of Technical
University of Brno.
CONFIG: Handle <@bestmx-host:user@otherhost> addressing properly
when using FEATURE(bestmx_is_local). Patch from Neil W.
Rickert of Northern Illinois University.
CONFIG: Properly handle source routed and %-hack addresses on
hosts which the mailertable remaps to local:. Patch from
Neil W. Rickert of Northern Illinois University.
CONFIG: Internal fixup of mailertable local: map value. Patch from
Larry Parmelee of Cornell University.
CONFIG: Only add back +detail from host portion of mailer triplet
on local mailer triplets if it was originally +detail.
Patch from Neil W. Rickert of Northern Illinois University.
CONFIG: The bestmx_is_local checking done in check_rcpt would
cause later checks to fail. Patch from Paul J Murphy of
MIDS Europe.
New Files:
BuildTools/OS/CRAYTS.10.0.x
BuildTools/OS/ReliantUNIX
BuildTools/OS/SunOS.5.8
8.9.2/8.9.2 1998/12/30
SECURITY: Remove five second sleep on accepting daemon connections
due to an accept() failure. This sleep could be used
for a denial of service attack.
Do not silently ignore queue files with names which are too long.
Patch from Bryan Costales of InfoBeat, Inc.
Do not store failures closing an SMTP session in persistent
host status. Reported by Graeme Hewson of Oracle
Corporation UK.
Allow symbolic link forward files if they are in safe directories.
Problem noted by Andreas Schott of the Max Planck Society.
Missing columns in a text map could cause a segmentation fault.
Fix from David Lee of the University of Durham.
Note that for 8.9.X, PrivacyOptions=goaway also includes the
noetrn flag. This is scheduled to change in a future
version of sendmail. Problem noted by Theo Van Dinter of
Chrysalis Symbolic Designa and Alan Brown of Manawatu
Internet Services.
When trying to do host canonification in a Wildcard MX
environment, try an MX lookup of the hostname without the
default domain appended. Problem noted by Olaf Seibert of
Polderland Language & Speech Technology.
Reject SMTP RCPT To: commands with only comments (i.e.
'RCPT TO: (comment)'. Problem noted by Earle Ake of
Hassler Communication Systems Technology, Inc.
Handle any number of %s in the LDAP filter spec. Patch from
Per Hedeland of Ericsson.
Clear ldapx open timeouts even if the map open failed to prevent
a segmentation fault. Patch from Wayne Knowles of the
National Institute of Water & Atmospheric Research Ltd.
Do not syslog envelope clone messages when using address
verification (-bv). Problem noted by Kari Hurtta of the
Finnish Meteorological Institute.
Continue to perform queue runs while in daemon mode even if the
daemon is rejecting connections due to a disk full
condition. Problem noted by JR Oldroyd of TerraNet
Internet Services.
Include full filename on installation of the sendmail.hf file
in case the $HFDIR directory does not exist. Problem
noted by Josef Svitak of Montana State University.
Close all maps when exiting the process with one exception.
Berkeley DB can use internal shared memory locking for
its memory pool. Closing a map opened by another process
will interfere with the shared memory and locks of the
parent process leaving things in a bad state. For
Berkeley DB, only close the map if the current process
is also the one that opened the map, otherwise only close
the map file descriptor. Thanks to Yoseff Francus of
Collective Technologies for volunteering his system for
extended testing.
Avoid null pointer dereference on XDEBUG output for SMTP reply
failures. Problem noted by Carlos Canau of EUnet Portugal.
On mailq and hoststat listings being piped to another program, such
as more, if the pipe closes (i.e., the user quits more),
stop sending output and exit. Patch from Allan E Johannesen
of Worcester Polytechnic Institute.
In accordance with the documentation, LDAP map lookup failures
are now considered temporary failures instead of permanent
failures unless the -t flag is used in the map definition.
Problem noted by Booker Bense of Stanford University and
Eric C. Hagberg of Morgan Stanley.
Fix by one error reporting on long alias names. Problem noted by
H. Paul Hammann of the Missouri Research and Education
Network.
Fix DontBlameSendmail=IncludeFileInUnsafeDirPath behavior. Problem
noted by Barry S. Finkel of Argonne National Laboratory.
When automatically converting from 8 bit to quoted printable MIME,
be careful not to miss a multi-part boundary if that
boundary is preceded by a boundary-like line. Problem
noted by Andreas Raschle of Ansid Inc. Fix from
Kari Hurtta of the Finnish Meteorological Institute.
Avoid bogus reporting of "LMTP tobuf overflow" when the buffer
has enough space for the additional address. Problem
noted by Steve Cliffe of the University of Wollongong.
Fix DontBlameSendmail=FileDeliveryToSymlink behavior. Problem
noted by Alex Vorobiev of Swarthmore College.
If the check_compat ruleset resolves to the $#discard mailer,
discard the current recipient. Unlike check_relay,
check_mail, and check_rcpt, the entire envelope is not
discarded. Problem noted by RZ D. Rahlfs. Fix from
Claus Assmann of Christian-Albrechts-University of Kiel.
Avoid segmentation fault when reading ServiceSwitchFile files with
bogus formatting. Patch from Kari Hurtta of the Finnish
Meteorological Institute.
Support Berkeley DB 2.6.4 API change.
OP.ME: Pages weren't properly output on duplexed printers. Fix
from Matthew Black of CSU Long Beach.
Portability:
Apple Rhapsody from Wilfredo Sanchez of Apple Computer, Inc.
Avoid a clash with IRIX 6.2 getopt.h and the UserDatabase
option structure. Problem noted by Ashley M.
Kirchner of Photo Craft Laboratories, Inc.
Break out IP address to hostname translation for
reading network interface addresses into
class 'w'. Patch from John Kennedy of
Cal State University, Chico.
AIX 4.x use -qstrict with -O3 to prevent the optimized
from changing the semantics of the compiled
program. From Simon Travaglia of the
University of Waikato, New Zealand.
FreeBSD 2.2.2 and later support setusercontext(). From
Peter Wemm of DIALix.
FreeBSD 3.x fix from Peter Wemm of DIALix.
IRIX 5.x has a syslog buffer size of 512 bytes. From
Nao NINOMIYA of Utsunomiya University.
IRIX 6.5 64-bit Build support.
LDAP Version 3 support from John Beck and Ravi Iyer
of Sun Microsystems.
Linux does not implement seteuid() properly. From
John Kennedy of Cal State University, Chico.
Linux timezone type was set improperly. From Takeshi Itoh
of Bits Co., Ltd.
NCR MP-RAS 3.x needs -lresolv for confLIBS. From
Tom J. Moore of NCR.
NeXT 4.x correction to man page path. From J. P. McCann
of E I A.
System V Rel 5.x (a.k.a UnixWare7 w/o BSD-Compatibility Libs)
from Paul Gampe of the Asia Pacific Network
Information Center.
ULTRIX now requires an optimization limit of 970 from
Allan E Johannesen of Worcester Polytechnic
Institute.
Fix extern declaration for sm_dopr(). Fix from Henk
van Oers of Algemeen Nederlands Persbureau.
CONFIG: Catch @hostname,user@anotherhost.domain as relaying.
Problem noted by Mark Rogov of AirMedia, Inc. Fix from
Claus Assmann of Christian-Albrechts-University of Kiel.
CONFIG: Do not refer to http://maps.vix.com/ on RBL rejections as
there are multiple RBL's available and the MAPS RBL may
not be the one in use. Suggested by Alan Brown of
Manawatu Internet Services.
CONFIG: Properly strip route addresses (i.e., @host1:user@host2)
when stripping down a recipient address to check for
relaying. Patch from Claus Assmann of
Christian-Albrechts-University of Kiel and Neil W Rickert
of Northern Illinois University.
CONFIG: Allow the access database to override RBL lookups. Patch
from Claus Assmann of Christian-Albrechts-University of
Kiel.
CONFIG: UnixWare 7 support from Phillip P. Porch of The Porch
Dot Com.
CONFIG: Fixed check for deferred delivery mode warning. Patch
from Claus Assmann of Christian-Albrechts-University of
Kiel and Per Hedeland of Ericsson.
CONFIG: If a recipient using % addressing is used, e.g.
user%site@othersite, and othersite's MX records are now
checked for local hosts if FEATURE(relay_based_on_MX) is
used. Problem noted by Alexander Litvin of Lucky Net Ltd.
Patch from Alexander Litvin of Lucky Net Ltd and
Claus Assmann of Christian-Albrechts-University of Kiel.
MAIL.LOCAL: Prevent warning messages from appearing in the LMTP
stream. Do not allow more than one response per recipient.
MAIL.LOCAL: Handle routed addresses properly when using LMTP. Fix
from John Beck of Sun Microsystems.
MAIL.LOCAL: Properly check for CRLF when using LMTP. Fix from
John Beck of Sun Microsystems.
MAIL.LOCAL: Substitute MAILER-DAEMON for the LMTP empty sender in
the envelope From header.
MAIL.LOCAL: Accept underscores in hostnames in LMTP mode.
Problem noted by Glenn A. Malling of Syracuse University.
MAILSTATS: Document msgsrej and msgsdis fields in the man page.
Problem noted by Richard Wong of Princeton University.
MAKEMAP: Build group list so group writable files are allowed with
the -s flag. Problem noted by Curt Sampson of Internet
Portal Services, Inc.
PRALIASES: Automatically handle alias files created without the
NULL byte at the end of the key. Patch from John Beck of
Sun Microsystems.
PRALIASES: Support Berkeley DB 2.6.4 API change.
New Files:
BuildTools/OS/IRIX64.6.5
BuildTools/OS/UnixWare.5.i386
cf/cf/unixware7.m4
contrib/smcontrol.pl
src/control.c
8.9.1/8.9.1 1998/07/02
If both an OS specific site configuration file and a generic
site.config.m4 file existed, only the latter was used
instead of both. Problem noted by Geir Johannessen of
the Norwegian University of Science and Technology.
Fix segmentation fault while converting 8 bit to 7 bit MIME
multipart messages by trying to write to an unopened
file descriptor. Fix from Kari Hurtta of the Finnish
Meteorological Institute.
Do not assume Message: and Text: headers indicate the end of
the header area when parsing MIME headers. Problem noted
by Kari Hurtta of the Finnish Meteorological Institute.
Setting the confMAN#SRC Build variable would only effect the
installation commands. The man pages would still be
built with .0 extensions. Problem noted by Bryan
Costales of InfoBeat, Inc.
Installation of manual pages didn't honor the DESTDIR environment
variable. Problem noted by Bryan Costales of InfoBeat, Inc.
If the check_relay ruleset resolved to the discard mailer, messages
were still delivered. Problem noted by Mirek Luc of NASK.
Mail delivery to files would fail with an Operating System Error
if sendmail was not running as root, i.e., RunAsUser was set.
Problem noted by Leonard N. Zubkoff of Dandelion Digital.
Prevent MinQueueAge from interfering from queued items created
in the future, i.e., if the system clock was set ahead
and then back. Problem noted by Michael Miller of the
University of Natal, Pietermaritzburg.
Do not advertise ETRN support in ESTMP EHLO reply if noetrn is
set in the PrivacyOptions option. Fix from Ted Rule of
Flextech TV.
Log invalid persistent host status file lines instead of
bouncing the message. Problem noted by David Lindes of
DaveLtd Enterprises.
Move creation of empty sendmail.st file from installation to
compilation. Installation may be done from a read-only
mount. Fix from Bryan Costales of InfoBeat, Inc. and Ric
Anderson of the Oasis Research Center, Inc.
Enforce the maximum number of User Database entries limit. Problem
noted by Gary Buchanan of Credence Systems Inc.
Allow dead.letter files in root's home directory. Problem noted
by Anna Ullman of Sun Microsystems.
Program deliveries in forward files could be marked unsafe if
any directory listed in the ForwardPath option did not
exist. Problem noted by Jorg Bielak of Coastal Web Online.
Do not trust the length of the address structure returned by
gethostbyname(). Problem noted by Chris Evans of Oxford
University.
If the SIZE= MAIL From: ESMTP parameter is too large, use the
5.3.4 DSN status code instead of 5.2.2. Similarly, for
non-local deliveries, if the message is larger than the
mailer maximum message size, use 5.3.4 instead of 5.2.3.
Suggested by Antony Bowesman of
Fujitsu/TeaWARE Mail/MIME System.
Portability:
Fix the check for an IP address reverse lookup for
use in $&{client_name} on 64 bit platforms.
From Gilles Gallot of Institut for Development
and Resources in Intensive Scientific computing.
BSD-OS uses .0 for man page extensions. From Jeff Polk
of BSDI.
DomainOS detection for Build. Also, version 10.4 and later
ship a unistd.h. Fixes from Takanobu Ishimura of
PICT Inc.
NeXT 4.x uses /usr/lib/man/cat for its man pages. From
J. P. McCann of E I A.
SCO 4.X and 5.X include NDBM support. From Vlado Potisk
of TEMPEST, Ltd.
CONFIG: Do not pass spoofed PTR results through resolver for
qualification. Problem noted by Michiel Boland of
Digital Valley Internet Professionals; fix from
Kari Hurtta of the Finnish Meteorological Institute.
CONFIG: Do not try to resolve non-DNS hostnames such as UUCP,
BITNET, and DECNET addresses for resolvable senders.
Problem noted by Alexander Litvin of Lucky Net Ltd.
CONFIG: Work around Sun's broken configuration which sends bounce
messages as coming from @@hostname instead of <>. LMTP
would not accept @@hostname.
OP.ME: Corrections to complex sendmail startup script from Rick
Troxel of the National Institutes of Health.
RMAIL: Do not install rmail by default, require 'make force-install'
as this rmail isn't the same as others. Suggested by
Kari Hurtta of the Finnish Meteorological Institute.
New Files:
BuildTools/OS/DomainOS.10.4
8.9.0/8.9.0 1998/05/19
SECURITY: To prevent users from reading files not normally
readable, sendmail will no longer open forward, :include:,
class, ErrorHeader, or HelpFile files located in unsafe
(i.e., group or world writable) directory paths. Sites
which need the ability to override security can use the
DontBlameSendmail option. See the README file for more
information.
SECURITY: Problems can occur on poorly managed systems, specifically,
if maps or alias files are in world writable directories.
This fixes the change added to 8.8.6 to prevent links in these
world writable directories.
SECURITY: Make sure ServiceSwitchFile option file is not a link if
it is in a world writable directory.
SECURITY: Never pass a tty to a mailer -- if a mailer can get at the
tty it may be able to push bytes back to the senders input.
Unfortunately this breaks -v mode. Problem noted by
Wietse Venema of the Global Security Analysis Lab at
IBM T.J. Watson Research.
SECURITY: Empty group list if DontInitGroups is set to true to
prevent program deliveries from picking up extra group
privileges. Problem reported by Wolfgang Ley of DFN-CERT.
SECURITY: The default value for DefaultUser is now set to the uid and
gid of the first existing user mailnull, sendmail, or daemon
that has a non-zero uid. If none of these exist, sendmail
reverts back to the old behavior of using uid 1 and gid 1.
This is a security problem for Linux which has chosen that
uid and gid for user bin instead of daemon. If DefaultUser
is set in the configuration file, that value overrides this
default.
SECURITY: Since 8.8.7, the check for non-setuid binaries
interfered with setting an alternate group id for the
RunAsUser option. Problem noted by Randall Winchester of
the University of Maryland.
Add support for Berkeley DB 2.X. Based on patch from John Kennedy
of Cal State University, Chico.
Remove support for OLD_NEWDB (pre-1.5 version of Berkeley DB). Users
which previously defined OLD_NEWDB=1 must now upgrade to the
current version of Berkeley DB.
Added support for regular expressions using the new map class regex.
From Jan Krueger of Unix-AG of University of Hannover.
Support for BIND 8.1.1's hesiod for hesiod maps and hesiod
UserDatabases from Randall Winchester of the University
of Maryland.
Allow any shell for user shell on program deliveries on V1
configurations for backwards compatibility on machines which
do not have getusershell(). Fix from John Beck of Sun
Microsystems.
On operating systems which change the process title by reusing the
argument vector memory, sendmail could corrupt memory if the
last argument was either "-q" or "-d". Problem noted by
Frank Langbein of the University of Stuttgart.
Support Local Mail Transfer Protocol (LMTP) between sendmail and
mail.local on the F=z flag.
Macro-expand the contents of the ErrMsgFile. Previously this was
only done if you had magic characters (0x81) to indicate
macro expansion. Now $x will be expanded. This means that
real dollar signs have to be backslash escaped.
TCP Wrappers expects "unknown" in the hostname argument if the
reverse DNS lookup for the incoming connection fails.
Problem noted by Randy Grimshaw of Syracuse University and
Wietse Venema of the Global Security Analysis Lab at
IBM T.J. Watson Research.
DSN success bounces generated from an invocation of sendmail -t
would be sent to both the sender and MAILER-DAEMON.
Problem noted by Claus Assmann of
Christian-Albrechts-University of Kiel.
Avoid "Error 0" messages on delivery mailers which exit with a
valid exit value such as EX_NOPERM. Fix from Andreas Luik
of ISA Informationssysteme GmbH.
Tokenize $&x expansions on right hand side of rules. This eliminates
the need to use tricks like $(dequote "" $&{client_name} $)
to cause the ${client_name} macro to be properly tokenized.
Add the MaxRecipientsPerMessage option: this limits the number of
recipients that will be accepted in a single SMTP
transaction. After this number is reached, sendmail
starts returning "452 Too many recipients" to all RCPT
commands. This can be used to limit the number of recipients
per envelope (in particular, to discourage use of the server
for spamming). Note: a better approach is to restrict
relaying entirely.
Fixed pointer initialization for LDAP lmap struct, fixed -s option
to ldapx map and added timeout for ldap_open call to
avoid hanging sendmail in the event of hung LDAP servers.
Patch from Booker Bense of Stanford University.
Allow multiple -qI, -qR, or -qS queue run limiters. For example,
'-qRfoo -qRbar' would deliver mail to recipients with foo or
bar in their address. Patch from Allan E Johannesen of
Worcester Polytechnic Institute.
The bestmx map will now return a list of the MX servers for a host if
passed a column delimiter via the -z map flag. This can be
used to check if the server is an MX server for the recipient
of a message. This can be used to help prevent relaying.
Patch from Mitchell Blank Jr of Exec-PC.
Mark failures for the *file* mailer and return bounce messages to the
sender for those failures.
Prevent bogus syslog timestamps on errors in sendmail.cf by
preserving the TZ environment variable until TimeZoneSpec
has been determined. Problem noted by Ralf Hildebrandt of
Technical University of Braunschweig. Patch from Per Hedeland
of Ericsson.
Print test input in address test mode when input is not from the tty
when the -v flag is given (i.e., sendmail -bt -v) to make
output easier to decipher. Problem noted by Aidan Nichol
of Procter & Gamble.
The LDAP map -s flag was not properly parsed and the error message
given included the remainder of the arguments instead of
solely the argument in error. Problem noted by Aidan Nichol
of Procter & Gamble.
New DontBlameSendmail option. This option allows administrators to
bypass some of sendmail's file security checks at the expense
of system security. This should only be used if you are
absolutely sure you know the consequences. The available
DontBlameSendmail options are:
Safe
AssumeSafeChown
ClassFileInUnsafeDirPath
ErrorHeaderInUnsafeDirPath
GroupWritableDirPathSafe
GroupWritableForwardFileSafe
GroupWritableIncludeFileSafe
GroupWritableAliasFile
HelpFileinUnsafeDirPath
WorldWritableAliasFile
ForwardFileInGroupWritableDirPath
IncludeFileInGroupWritableDirPath
ForwardFileInUnsafeDirPath
IncludeFileInUnsafeDirPath
ForwardFileInUnsafeDirPathSafe
IncludeFileInUnsafeDirPathSafe
MapInUnsafeDirPath
LinkedAliasFileInWritableDir
LinkedClassFileInWritableDir
LinkedForwardFileInWritableDir
LinkedIncludeFileInWritableDir
LinkedMapInWritableDir
LinkedServiceSwitchFileInWritableDir
FileDeliveryToHardLink
FileDeliveryToSymLink
WriteMapToHardLink
WriteMapToSymLink
WriteStatsToHardLink
WriteStatsToSymLink
RunProgramInUnsafeDirPath
RunWritableProgram
New DontProbeInterfaces option to turn off the inclusion of all the
interface names in $=w on startup. In particular, if you
have lots of virtual interfaces, this option will speed up
startup. However, unless you make other arrangements, mail
sent to those addresses will be bounced.
Automatically create alias databases if they don't exist and
AutoRebuildAliases is set.
Add PrivacyOptions=noetrn flag to disable the SMTP ETRN command.
Suggested by Christophe Wolfhugel of the Institut Pasteur.
Add PrivacyOptions=noverb flag to disable the SMTP VERB command.
When determining the client host name ($&{client_name} macro), do
a forward (A) DNS lookup on the result of the PTR lookup
and compare results. If they differ or if the PTR lookup
fails, &{client_name} will contain the IP address
surrounded by square brackets (e.g., [127.0.0.1]).
New map flag: -Tx appends "x" to lookups that return temporary failure
(i.e, it is like -ax for the temporary failure case, in
contrast to the success case).
New syntax to do limited checking of header syntax. A config line
of the form:
HHeader: $>Ruleset
causes the indicated Ruleset to be invoked on the Header
when read. This ruleset works like the check_* rulesets --
that is, it can reject mail on the basis of the contents.
Limit the size of the HELO/EHLO parameter to prevent spammers
from hiding their connection information in Received:
headers.
When SingleThreadDelivery is active, deliveries to locked hosts
are skipped. This will cause the delivering process to
try the next MX host or queue the message if no other MX
hosts are available. Suggested by Alexander Litvin.
The [FILE] mailer type now delivers to the file specified in the
A= equate of the mailer definition instead of $u. It also
obeys all of the F= mailer flags such as the MIME
7/8 bit conversion flags. This is useful for defining
a mailer which delivers to the same file regardless of the
recipient (e.g., 'A=FILE /dev/null' to discard unwanted mail).
Do not assume the identity of a remote connection is root@localhost
if the remote connection closes the socket before the
remote identity can be queried.
Change semantics of the F=S mailer flag back to 8.7.5 behavior.
Some mailers, including procmail, require that the real
uid is left unchanged by sendmail. Problem noted by Per
Hedeland of Ericsson.
No longer is the src/obj*/Makefile selected from a large list -- it
is now generated using the information in BuildTools/OS/ --
some of the details are determined dynamically via
BuildTools/bin/configure.sh.
The other programs in the sendmail distribution -- mail.local,
mailstats, makemap, praliases, rmail, and smrsh -- now use
the new Build method which creates an operating system
specific Makefile using the information in BuildTools.
Make 4xx reply codes to the SMTP MAIL command be non-sticky (i.e.,
a failure on one message won't affect future messages to the
same host). This is necessary if the remote host sends
a 451 error if the domain of the sender does not resolve
as is common in anti-spam configurations. Problem noted
by Mitchell Blank Jr of Exec-PC.
New "discard" mailer for check_* rulesets and header checking
rulesets. If one of the above rulesets resolves to the
$#discard mailer, the commands will be accepted but the
message will be completely discarded after it is accepting.
This means that even if only one of the recipients
resolves to the $#discard mailer, none of the recipients
will receive the mail. Suggested by Brian Kantor.
All but the last cloned envelope of a split envelope were queued
instead of being delivered. Problem noted by John Caruso
of CNET: The Computer Network.
Fix deadlock situation in persistent host status file locking.
Syslog an error if a user forward file could not be read due to
an error. Patch from John Beck of Sun Microsystems.
Use the first name returned on machine lookups when canonifying a
hostname via NetInfo. Patch from Timm Wetzel of GWDG.
Clear the $&{client_addr}, $&{client_name}, and $&{client_port}
macros when delivering a bounce message to prevent
rejection by a check_compat ruleset which uses these macros.
Problem noted by Jens Hamisch of AgiX Internetservices GmbH.
If the check_relay ruleset resolves to the the error mailer, the
error in the $: portion of the resolved triplet is used
in the rejection message given to the remote machine.
Suggested by Scott Gifford of The Internet Ramp.
Set the $&{client_addr}, $&{client_name}, and $&{client_port} macros
before calling the check_relay ruleset. Suggested by Scott
Gifford of The Internet Ramp.
Sendmail would get a segmentation fault if a mailer exited with an
exit code of 79. Problem noted by Aaron Schrab of ExecPC
Internet. Fix from Christophe Wolfhugel of the Pasteur
Institute.
Separate snprintf/vsnprintf routines into separate file for use by
mail.local.
Allow multiple map lookups on right hand side, e.g.,
R$* $( host $1 $) $| $( passwd $1 $). Patch from
Christophe Wolfhugel of the Pasteur Institute.
Properly generate success DSN messages if requested for aliases
which have owner- aliases. Problem noted by Kari Hurtta
of the Finnish Meteorological Institute.
Properly display delayed-expansion macros ($&{macroname}) in
address test mode (-bt). Problem noted by Bryan Costales
of InfoBeat, Inc.
-qR could sometimes match names incorrectly. Problem noted by
Lutz Euler of Lavielle EDV Systemberatung GmbH & Co.
Include a magic number and version in the StatusFile for the
mailstats command.
Record the number of rejected and discarded messages in the
StatusFile for display by the mailstats command. Patch
from Randall Winchester of the University of Maryland.
IDENT returns where the OSTYPE field equals "OTHER" now list the
user portion as IDENT:username@site instead of
username@site to differentiate the two. Suggested by
Kari Hurtta of the Finnish Meteorological Institute.
Enforce timeout for LDAP queries. Patch from Per Hedeland of
Ericsson.
Change persistent host status filename substitution so '/' is
replaced by ':' instead of '|' to avoid clashes. Also
avoid clashes with hostnames with leading dots. Fix from
Mitchell Blank Jr. of Exec-PC.
If the system lock table is full, only attempt to create a new
queue entry five times before giving up. Previously, it
was attempted indefinitely which could cause the partition
to run out of inodes. Problem noted by Suzie Weigand of
Stratus Computer, Inc.
In verbose mode, warn if the sendmail.cf version is less than the
currently supported version.
Sorting for QueueSortOrder=host is now case insensitive. Patch
from Randall S. Winchester of the University of Maryland.
Properly quote a full name passed via the -F command line option,
the Full-Name: header, or the NAME environment variable if
it contains characters which must be quoted. Problem noted
by Kari Hurtta of the Finnish Meteorological Institute.
Avoid possible race condition that unlocked a mail job before
releasing the transcript file on systems that use flock(2).
In some cases, this might result in a "Transcript Unavailable"
message in error bounces.
Accept SMTP replies which contain only a reply code and no
accompanying text. Problem noted by Fernando Fraticelli of
Digital Equipment Corporation.
Portability:
AIX 4.1 uses int for SOCKADDR_LEN_T from Motonori Nakamura
of Kyoto University.
AIX 4.2 requires <userpw.h> before <usersec.h>. Patch from
Randall S. Winchester of the University of
Maryland.
AIX 4.3 from Valdis Kletnieks of Virginia Tech CNS.
CRAY T3E from Manu Mahonen of Center for Scientific Computing
in Finland.
Digital UNIX now uses statvfs for determining free
disk space. Patch from Randall S. Winchester of
the University of Maryland.
HP-UX 11.x from Richard Allen of Opin Kerfi HF and
Regis McEwen of Progress Software Corporation.
IRIX 64 bit fixes from Kari Hurtta of the Finnish
Meteorological Institute.
IRIX 6.2 configuration fix for mail.local from Michael Kyle
of CIC/Advanced Computing Laboratory.
IRIX 6.5 from Thomas H Jones II of SGI.
IRIX 6.X load average code from Bob Mende of SGI.
QNX from Glen McCready <glen@qnx.com>.
SCO 4.2 and 5.x use /usr/bin instead of /usr/ucb for links
to sendmail. Install with group bin instead of kmem
as kmem does not exist. From Guillermo Freige of
Gobernacion de la Pcia de Buenos Aires and Paul
Fischer of BTG, Inc.
SunOS 4.X does not include memmove(). Patch from
Per Hedeland of Ericsson.
SunOS 5.7 includes getloadavg() function for determining
load average. Patch from John Beck of Sun
Microsystems.
CONFIG: Increment version number of config file.
CONFIG: add DATABASE_MAP_TYPE to set the default type of database
map for the various maps. The default is hash. Patch from
Robert Harker of Harker Systems.
CONFIG: new confEBINDIR m4 variable for defining the executable
directory for certain programs.
CONFIG: new FEATURE(local_lmtp) to use the new LMTP support for
local mail delivery. By the default, /usr/libexec/mail.local
is used. This is expected to be the mail.local shipped
with 8.9 which is LMTP capable. The path is based on the
new confEBINDIR m4 variable.
CONFIG: Use confEBINDIR in determining path to smrsh for
FEATURE(smrsh). Note that this changes the default from
/usr/local/etc/smrsh to /usr/libexec/smrsh. To obtain the
old path for smrsh, use FEATURE(smrsh, /usr/local/etc/smrsh).
CONFIG: DOMAIN(generic) changes the default confFORWARD_PATH to
include $z/.forward.$w+$h and $z/.forward+$h which allow
the user to setup different .forward files for
user+detail addressing.
CONFIG: add confMAX_RCPTS_PER_MESSAGE, confDONT_PROBE_INTERFACES,
and confDONT_BLAME_SENDMAIL to set MaxRecipientsPerMessage,
DontProbeInterfaces, and DontBlameSendmail options.
CONFIG: by default do not allow relaying (that is, accepting mail
from outside your domain and sending it to another host
outside your domain).
CONFIG: new FEATURE(promiscuous_relay) to allow mail relaying from
any site to any site.
CONFIG: new FEATURE(relay_entire_domain) allows any host in your
domain as defined by the 'm' class ($=m) to relay.
CONFIG: new FEATURE(relay_based_on_MX) to allow relaying based on
the MX records of the host portion of an incoming recipient.
CONFIG: new FEATURE(access_db) which turns on the access database
feature. This database give you the ability to allow
or refuse to accept mail from specified domains for
administrative reasons. By default, names that are listed
as "OK" in the access db are domain names, not host names.
CONFIG: new confCR_FILE m4 variable for defining the name of the file
used for class 'R'. Defaults to /etc/mail/relay-domains.
CONFIG: new command RELAY_DOMAIN(domain) and RELAY_DOMAIN_FILE(file)
to add items to class 'R' ($=R) for hosts allowed to relay.
CONFIG: new FEATURE(relay_hosts_only) to change the behavior
of FEATURE(access_db) and class 'R' to lookup individual
host names only.
CONFIG: new FEATURE(loose_relay_check). Normally, if a recipient
using % addressing is used, e.g. user%site@othersite,
and othersite is in class 'R', the check_rcpt ruleset
will strip @othersite and recheck user@site for relaying.
This feature changes that behavior. It should not be
needed for most installations.
CONFIG: new FEATURE(relay_local_from) to allow relaying if the
domain portion of the mail sender is a local host. This
should only be used if absolutely necessary as it opens
a window for spammers. Patch from Randall S. Winchester of
the University of Maryland.
CONFIG: new FEATURE(blacklist_recipients) turns on the ability to
block incoming mail destined for certain recipient
usernames, hostnames, or addresses.
CONFIG: By default, MAIL FROM: commands in the SMTP session will be
refused if the host part of the argument to MAIL FROM: cannot
be located in the host name service (e.g., DNS).
CONFIG: new FEATURE(accept_unresolvable_domains) accepts
unresolvable hostnames in MAIL FROM: SMTP commands.
CONFIG: new FEATURE(accept_unqualified_senders) accepts
MAIL FROM: senders which do not include a domain.
CONFIG: new FEATURE(rbl) Turns on rejection of hosts found in the
Realtime Blackhole List. You can specify the RBL name
server to contact by specifying it as an optional argument.
The default is rbl.maps.vix.com. For details, see
http://maps.vix.com/rbl/.
CONFIG: Call Local_check_relay, Local_check_mail, and
Local_check_rcpt from check_relay, check_mail, and
check_rcpt. Users with local rulesets should place the
rules using LOCAL_RULESETS. If a Local_check_* ruleset
returns $#OK, the message is accepted. If the ruleset
returns a mailer, the appropriate action is taken, else
the return of the ruleset is ignored.
CONFIG: CYRUS_MAILER_FLAGS now includes the /:| mailer flags by
default to support file, :include:, and program deliveries.
CONFIG: Remove the default for confDEF_USER_ID so the binary can
pick the proper default value. See the SECURITY note
above for more information.
CONFIG: FEATURE(nodns) now warns the user that the feature is a
no-op. Patch from Kari Hurtta of the Finnish
Meteorological Institute.
CONFIG: OSTYPE(osf1) now sets DefaultUserID (confDEF_USER_ID) to
daemon since DEC's /bin/mail will drop the envelope
sender if run as mailnull. See the Digital UNIX section
of src/README for more information. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
CONFIG: .cf files are now stored in the same directory with the
.mc files instead of in the obj directory.
CONFIG: New options confSINGLE_LINE_FROM_HEADER,
confALLOW_BOGUS_HELO, and confMUST_QUOTE_CHARS for
setting SingleLineFromHeader, AllowBogusHELO, and
MustQuoteChars respectively.
MAIL.LOCAL: support -l flag to run LMTP on stdin/stdout. This
SMTP-like protocol allows detailed reporting of delivery
status on a per-user basis. Code donated by John Myers of
CMU (now of Netscape).
MAIL.LOCAL: HP-UX support from Randall S. Winchester of the
University of Maryland. NOTE: mail.local is not
compatible with the stock HP-UX mail format. Be sure to
read mail.local/README.
MAIL.LOCAL: Prevent other mail delivery agents from stealing a
mailbox lock. Patch from Randall S. Winchester of the
University of Maryland.
MAIL.LOCAL: glibc portability from John Kennedy of Cal State
University, Chico.
MAIL.LOCAL: IRIX portability from Kari Hurtta of the Finnish
Meteorological Institute.
MAILSTATS: Display the number of rejected and discarded messages
in the StatusFile. Patch from Randall Winchester of the
University of Maryland.
MAKEMAP: New -s flag to ignore safety checks on database map files
such as linked files in world writable directories.
MAKEMAP: Add support for Berkeley DB 2.X. Remove OLD_NEWDB support.
PRALIASES: Add support for Berkeley DB 2.X.
PRALIASES: Do not automatically include NDBM support. Problem
noted by Ralf Hildebrandt of the Technical University of
Braunschweig.
RMAIL: Improve portability for other platforms. Patches from
Randall S. Winchester of the University of Maryland and
Kari Hurtta of the Finnish Meteorological Institute.
Changed Files:
src/Makefiles/Makefile.* files have been modified to use
the new build mechanism and are now BuildTools/OS/*.
src/makesendmail changed to symbolic link to src/Build.
New Files:
BuildTools/M4/header.m4
BuildTools/M4/depend/BSD.m4
BuildTools/M4/depend/CC-M.m4
BuildTools/M4/depend/NCR.m4
BuildTools/M4/depend/Solaris.m4
BuildTools/M4/depend/X11.m4
BuildTools/M4/depend/generic.m4
BuildTools/OS/AIX.4.2
BuildTools/OS/AIX.4.x
BuildTools/OS/CRAYT3E.2.0.x
BuildTools/OS/HP-UX.11.x
BuildTools/OS/IRIX.6.5
BuildTools/OS/NEXTSTEP.4.x
BuildTools/OS/NeXT.4.x
BuildTools/OS/NetBSD.8.3
BuildTools/OS/QNX
BuildTools/OS/SunOS.5.7
BuildTools/OS/dcosx.1.x.NILE
BuildTools/README
BuildTools/Site/README
BuildTools/bin/Build
BuildTools/bin/configure.sh
BuildTools/bin/find_m4.sh
BuildTools/bin/install.sh
Makefile
cf/cf/Build
cf/cf/generic-hpux10.cf
cf/feature/accept_unqualified_senders.m4
cf/feature/accept_unresolvable_domains.m4
cf/feature/access_db.m4
cf/feature/blacklist_recipients.m4
cf/feature/loose_relay_check.m4
cf/feature/local_lmtp.m4
cf/feature/promiscuous_relay.m4
cf/feature/rbl.m4
cf/feature/relay_based_on_MX.m4
cf/feature/relay_entire_domain.m4
cf/feature/relay_hosts_only.m4
cf/feature/relay_local_from.m4
cf/ostype/qnx.m4
contrib/doublebounce.pl
mail.local/Build
mail.local/Makefile.m4
mail.local/README
mailstats/Build
mailstats/Makefile.m4
makemap/Build
makemap/Makefile.m4
praliases/Build
praliases/Makefile.m4
rmail/Build
rmail/Makefile.m4
rmail/rmail.0
smrsh/Build
smrsh/Makefile.m4
src/Build
src/Makefile.m4
src/snprintf.c
Deleted Files:
cf/cf/Makefile (replaced by Makefile.dist)
mail.local/Makefile
mail.local/Makefile.dist
mailstats/Makefile
mailstats/Makefile.dist
makemap/Makefile
makemap/Makefile.dist
praliases/Makefile
praliases/Makefile.dist
rmail/Makefile
smrsh/Makefile
smrsh/Makefile.dist
src/Makefile
src/Makefiles/Makefile.AIX.4 (split into AIX.4.x and AIX.4.2)
src/Makefiles/Makefile.SMP_DC.OSx.NILE
(renamed BuildTools/OS/dcosx.1.x.NILE)
src/Makefiles/Makefile.Utah (obsolete platform)
Renamed Files:
READ_ME => README
cf/cf/Makefile.dist => Makefile
cf/cf/obj/* => cf/cf/*
src/READ_ME => src/README
8.8.8/8.8.8 1997/10/24
If the check_relay ruleset failed, the relay= field was logged
incorrectly. Problem noted by Kari Hurtta of the Finnish
Meteorological Institute.
If /usr/tmp/dead.letter already existed, sendmail could not
add additional bounces to it. Problem noted by Thomas J.
Arseneault of SRI International.
If an SMTP mailer used a non-standard port number for the outgoing
connection, it would be displayed incorrectly in verbose mode.
Problem noted by John Kennedy of Cal State University, Chico.
Log the ETRN parameter specified by the client before altering them
to internal form. Suggested by Bob Kupiec of GES-Verio.
EXPN and VRFY SMTP commands on malformed addresses were logging as
User unknown with bogus delay= values. Change them to log
the same as compliant addresses. Problem noted by Kari E.
Hurtta of the Finnish Meteorological Institute.
Ignore the debug resolver option unless using sendmail debug trace
option for resolver. Problem noted by Greg Nichols of Wind
River Systems.
If SingleThreadDelivery was enabled and the remote server returned a
protocol error on the DATA command, the connection would be
closed but the persistent host status file would not be
unlocked so other sendmail processes could not deliver to
that host. Problem noted by Peter Wemm of DIALix.
If queueing up a message due to an expensive mailer, don't increment
the number of delivery attempts or set the last delivery
attempt time so the message will be delivered on the next
queue run regardless of MinQueueAge. Problem noted by
Brian J. Coan of the Institute for Global Communications.
Authentication warnings of "Processed from queue _directory_" and
"Processed by _username_ with -C _filename_" would be logged
with the incorrect timestamp. Problem noted by Kari E. Hurtta
of the Finnish Meteorological Institute.
Use a better heuristic for detecting GDBM.
Log null connections on dropped connections. Problem noted by
Jon Lewis of Florida Digital Turnpike.
If class dbm maps are rebuilt, sendmail will now detect this and
reopen the map. Previously, they could give stale
results during a single message processing (but would
recover when the next message was received). Fix from
Joe Pruett of Q7 Enterprises.
Do not log failures such as "User unknown" on -bv or SMTP VRFY
requests. Problem noted by Kari E. Hurtta of the
Finnish Meteorological Institute.
Do not send a bounce message back to the sender regarding bad
recipients if the SMTP connection is dropped before the
message is accepted. Problem noted by Kari E. Hurtta of the
Finnish Meteorological Institute.
Use "localhost" instead of "[UNIX: localhost]" when connecting to
sendmail via a UNIX pipe. This will allow rulesets using
$&{client_name} to process without sending the string through
dequote. Problem noted by Alan Barrett of Internet Africa.
A combination of deferred delivery mode, a double bounce situation,
and the inability to save a bounce message to
/var/tmp/dead.letter would cause sendmail to send a bounce
to postmaster but not remove the offending envelope from the
queue causing it to create a new bounce message each time the
queue was run. Problem noted by Brad Doctor of Net Daemons
Associates.
Remove newlines from hostname information returned via DNS. There are
no known security implications of newlines in hostnames as
sendmail filters newlines in all vital areas; however, this
could cause confusing error messages.
Starting with sendmail 8.8.6, mail sent with the '-t' option would be
rejected if any of the specified addresses were bad. This
behavior was modified to only reject the bad addresses and not
the entire message. Problem noted by Jozsef Hollosi of
SuperNet, Inc.
Use Timeout.fileopen when delivering mail to a file. Suggested by
Bryan Costales of InfoBeat, Inc.
Display the proper Final-Recipient on DSN messages for non-SMTP
mailers. Problem noted by Kari E. Hurtta of the
Finnish Meteorological Institute.
An error in calculating the available space in the list of addresses
for logging deliveries could cause an address to be silently
dropped.
Include the initial user environment if sendmail is restarted via
a HUP signal. This will give room for the process title.
Problem noted by Jon Lewis of Florida Digital Turnpike.
Mail could be delivered without a body if the machine does not
support flock locking and runs out of processes during
delivery. Fix from Chuck Lever of the University of Michigan.
Drop recipient address from 251 and 551 SMTP responses per RFC 821.
Problem noted by Kari E. Hurtta of the Finnish Meteorological
Institute.
Make sure non-rebuildable database maps are opened before the
rebuildable maps (i.e., alias files) in case the database maps
are needed for verifying the left hand side of the aliases.
Problem noted by Lloyd Parkes of Victoria University.
Make sure sender RFC822 source route addresses are alias expanded for
bounce messages. Problem noted by Juergen Georgi of
RUS University of Stuttgart.
Minor lint fixes.
Return a temporary error instead of a permanent error if an LDAP map
search returns an error. This will allow sequenced maps which
use other LDAP servers to be checked. Fix from Booker Bense
of Stanford University.
When automatically converting from quoted printable to 8bit text do
not pad bare linefeeds with a space. Problem noted by Theo
Nolte of the University of Technology Aachen, Germany.
Portability:
Non-standard C compilers may have had a problem compiling
conf.c due to a standard C external declaration of
setproctitle(). Problem noted by Ted Roberts of
Electronic Data Systems.
AUX: has a broken O_EXCL implementation. Reported by Jim
Jagielski of jaguNET Access Services.
BSD/OS: didn't compile if HASSETUSERCONTEXT was defined.
Digital UNIX: Digital UNIX (and possibly others) moves
loader environment variables into the loader memory
area. If one of these environment variables (such as
LD_LIBRARY_PATH) was the last environment variable,
an invalid memory address would be used by the process
title routine causing memory corruption. Problem
noted by Sam Hartman of Mesa Internet Systems.
GNU libc: uses an enum for _PC_CHOWN_RESTRICTED which caused
chownsafe() to always return 0 even if the OS does
not permit file giveaways. Problem noted by
Yasutaka Sumi of The University of Tokyo.
IRIX6: Syslog buffer size set to 512 bytes. Reported by
Gerald Rinske of Siemens Business Services VAS.
Linux: Pad process title with NULLs. Problem noted by
Jon Lewis of Florida Digital Turnpike.
SCO OpenServer 5.0: SIOCGIFCONF ioctl call returns an
incorrect value for the number of interfaces.
Problem noted by Chris Loelke of JetStream Internet
Services.
SINIX: Update for Makefile and syslog buffer size from Gerald