Commit | Line | Data |
---|---|---|
05ea1abf | 1 | SENDMAIL RELEASE NOTES |
9503f767 | 2 | @(#)RELEASE_NOTES 8.7.Beta (Berkeley) %G% |
05ea1abf EA |
3 | |
4 | This listing shows the version of the sendmail binary, the version | |
5 | of the sendmail configuration files, the date of release, and a | |
6 | summary of the changes in that release. | |
7 | ||
9503f767 EA |
8 | 8.7/8.7 95/xx/xx CURRENTLY IN BETA PRERELEASE!!! |
9 | Fix a problem that could cause sendmail to run out of file | |
10 | descriptors due to a trashed data structure after a | |
11 | vfork. Fix from Brian Coan of the Institute for | |
12 | Global Communications. | |
13 | Change the VRFY response if you have disabled VRFY -- some | |
14 | people seemed to think that it was too rude. | |
15 | Avoid reference to uninitialized file descriptor if HASFLOCK | |
16 | was not defined. This was used "safely" in the sense | |
17 | that it only did a stat, but it would have set the | |
18 | map modification time improperly. Problem pointed out | |
19 | by Roy Mongiovi of Georgia Tech. | |
20 | Clean up the Subject: line on warning messages and return | |
21 | receipts so that they don't say "Returned mail:"; this | |
22 | can be confusing. | |
23 | Move ruleset entry/exit debugging from 21.2 to 21.1 -- this is | |
24 | useful enough to make it worthwhile printing on "-d". | |
25 | Avoid logging alias statistics every time you read the alias | |
26 | file on systems with no database method compiled in. | |
27 | If you have a name with a trailing dot, and you try looking it | |
28 | up using gethostbyname without the dot (for /etc/hosts | |
29 | compatibility), be sure to turn off RES_DEFNAMES and | |
30 | RES_DNSRCH to avoid finding the wrong name accidently. | |
31 | Problem noted by Charles Amos of the University of | |
32 | Maryland. | |
33 | Don't do timeouts in collect if you are not running SMTP. | |
34 | There is nothing that says you can't have a long | |
35 | running program piped into sendmail (possibly via | |
36 | /bin/mail, which just execs sendmail). Problem reported | |
37 | by Don "Truck" Lewis of Silicon Systems. | |
38 | Try gethostbyname() even if the DNS lookup fails iff option I | |
39 | is not set. This allows you to have hosts listed in | |
40 | NIS or /etc/hosts that are not known to DNS. It's normally | |
41 | a bad idea, but can be useful on firewall machines. This | |
42 | should really be broken out on a separate flag, I suppose. | |
43 | Avoid compile warnings against BIND 4.9.3, which uses function | |
44 | prototypes. From Don Lewis of Silicon Systems. | |
45 | Avoid possible incorrect diagnosis of DNS-related errors caused | |
46 | by things like attempts to resolve uucp names using | |
47 | $[ ... $] -- the fix is to clear h_errno at appropriate | |
48 | times. From Kyle Jones of UUNET. | |
49 | SECURITY: avoid denial-of-service attacks possible by destroying | |
50 | the alias database file by setting resource limits low. | |
51 | This involves adding two new compile-time options: | |
52 | HASSETRLIMIT (indicating that setrlimit(2) support is | |
53 | available) and HASULIMIT (indicating that ulimit(2) support | |
54 | is available -- the Release 3 form is used). The former | |
55 | is assumed on BSD-based systems, the latter on System | |
56 | V-based systems. Attack noted by Phil Brandenberger of | |
57 | Swarthmore University. | |
58 | New syntaxes in test (-bt) mode: | |
59 | ``.Dmvalue'' will define macro "m" to "value". | |
60 | ``.Ccvalue'' will add "value" to class "c". | |
61 | ``.Sruleset'' will dump the contents of the indicated | |
62 | ruleset. | |
63 | ``-ddebug-spec'' is equivalent to the command-line | |
64 | -d debug flag. | |
65 | ``$m'' will print the value of macro "m". | |
66 | ``/mx host'' returns the MX records for ``host''. | |
67 | ``/try address'' will parse address, returning the value of | |
68 | crackaddr (essentially, the comment information) | |
69 | and the parsed address (the same as -bv). | |
70 | Somewhat better handling of UNIX-domain socket addresses -- it | |
71 | should show the pathname rather than hex bytes. | |
72 | Restore ``-ba'' mode -- this reads a file from stdin and parses | |
73 | the header for envelope sender information and uses | |
74 | CR-LF as message terminators. It was thought to be | |
75 | obsolete (used only for Arpanet NCP protocols), but it | |
76 | turns out that the UK ``Grey Book'' protocols require | |
77 | that functionality. | |
78 | Fix a fix in previous release -- if gethostname and gethostbyname | |
79 | return a name without dots, and if a DNS lookup of that | |
80 | name fails, wait one minute and try again even if DNS | |
81 | not specified in the config file -- the problem is that | |
82 | this code is executed before the config file is read. | |
83 | This can result in an extra 60 second delay on startup | |
84 | if (1) you have DNS compiled in, (2) you are not running | |
85 | DNS, (3) your system hostname (as returned by hostname(1)) | |
86 | has no dot, AND (4) the canonical name listed in /etc/hosts | |
87 | or your NIS map has no dot. | |
88 | Check for proper domain name on HELO and EHLO commands per | |
89 | RFC 1123 section 5.2.5. Problem noted by Thomas Dwyer III | |
90 | of Michigan Technological University. | |
91 | Relax chownsafe rules slightly -- old version said that if you | |
92 | can't tell if _POSIX_CHOWN_RESTRICTED is set (that is, | |
93 | if fpathconf returned EINVAL or ENOSYS), assume that | |
94 | chown is not safe. The new version falls back to whether | |
95 | you are on a BSD system or not. This is important for | |
96 | SunOS, which apparently always returns one of those | |
97 | error codes. This impacts whether you can mail to files | |
98 | or not. | |
99 | Syntax errors such as unbalanced parentheses in the configuration | |
100 | file could be omitted if you had "Oem" prior to the | |
101 | syntax error in the config file. Change to always print | |
102 | the error message. It was especially wierd because it | |
103 | would cause a "warning" message to be sent to the Postmaster | |
104 | for every message sent (but with no transcript). Problem | |
105 | noted by Gregory Paris of Motorola. | |
106 | Rewrite collect and putbody to handle full 8-bit data, including | |
107 | zero bytes. These changes are internally extensive, but | |
108 | should have minimal impact on external function. | |
109 | Allow full words for option names -- if the option letter is | |
110 | (apparently) a space, then take the word following -- e.g., | |
111 | O MatchGECOS=TRUE | |
112 | The full list of old and new names is as follows: | |
113 | 7 SevenBitInput | |
114 | 8 EightBitMode | |
115 | A AliasFile | |
116 | a AliasWait | |
117 | B BlankSub | |
118 | b MinFreeBlocks/MaxMessageSize | |
119 | C CheckpointInterval | |
120 | c HoldExpensive | |
121 | D AutoRebuildAliases | |
122 | d DeliveryMode | |
123 | E ErrorHeader | |
124 | e ErrorMode | |
125 | f SaveFromLine | |
126 | F TempFileMode | |
127 | G MatchGECOS | |
128 | H HelpFile | |
129 | h MaxHopCount | |
130 | i IgnoreDots | |
131 | I ResolverOptions | |
132 | J ForwardPath | |
133 | j SendMimeErrors | |
134 | k ConnectionCacheSize | |
135 | K ConnectionCacheTimeout | |
136 | L LogLevel | |
137 | l UseErrorsTo | |
138 | m MeToo | |
139 | n CheckAliases | |
140 | O DaemonPortOptions | |
141 | o OldStyleHeaders | |
142 | P PostmasterCopy | |
143 | p PrivacyOptions | |
144 | Q QueueDirectory | |
145 | q QueueFactor | |
146 | R DontPruneRoutes | |
147 | r, T Timeout | |
148 | S StatusFile | |
149 | s SuperSafe | |
150 | t TimeZoneSpec | |
151 | u DefaultUser | |
152 | U UserDatabaseSpec | |
153 | V FallbackMXhost | |
154 | v Verbose | |
155 | w TryNullMXList | |
156 | x QueueLA | |
157 | X RefuseLA | |
158 | Y ForkEachJob | |
159 | y RecipientFactor | |
160 | z ClassFactor | |
161 | Z RetryFactor | |
162 | To avoid possible problems with an older sendmail, | |
163 | configuration level 6 is accepted by this version of | |
164 | sendmail; any config file using the new names should | |
165 | specify "V6" in the configuration. | |
166 | Change address parsing to properly note that a phrase before a | |
167 | colon and a trailing semicolon are essentially the same | |
168 | as text outside of angle brackets (i.e., sendmail should | |
169 | treat them as comments). This is to handle the | |
170 | ``group name: addr1, addr2, ..., addrN;'' syntax (it will | |
171 | assume that ``group name:'' is a comment on the first | |
172 | address and the ``;'' is a comment on the last address). | |
173 | This requires config file support to get right. It does | |
174 | understand that :: is NOT this syntax, and can be turned | |
175 | off completely by setting the ColonOkInAddresses option. | |
176 | Level 6 config files added with new mailer flags: | |
177 | A Addresses are aliasable. | |
178 | i Do udb rewriting on envelope as well as header | |
179 | sender lines. Applies to the from address mailer | |
180 | flags rather than the recipient mailer flags. | |
181 | j Do udb rewriting on header recipient addresses. | |
182 | Applies to the sender mailer flags rather than the | |
183 | recipient mailer flags. | |
184 | k Disable check for loops when doing HELO command. | |
185 | o Always run as the mail recipient, even on local | |
186 | delivery. | |
187 | w Check for an /etc/passwd entry for this user. | |
188 | 5 Pass addresses through ruleset 5. | |
189 | : Check for :include: on this address. | |
190 | | Check for |program on this address. | |
191 | / Check for /file on this address. | |
192 | @ Look up sender header addresses in the user | |
193 | database. Applies to the mailer flags for the | |
194 | mailer corresponding to the envelope sender | |
195 | address, rather than to recipient mailer flags. | |
196 | Pre-level 6 configuration files set A, w, 5, :, |, /, and @ | |
197 | on the "local" mailer, the o flag on the "prog" and "*file*" | |
198 | mailers, and the ColonOkInAddresses option. | |
199 | Eight-to-seven bit MIME conversions. This borrows ideas from | |
200 | John Beck of Hewlett-Packard, who generously contributed | |
201 | their implementation to me, which I then didn't use (see | |
202 | mime.c for an explanation of why). This adds the | |
203 | EightBitMode option (a.k.a. `8') and an F=8 mailer flag | |
204 | to control handling of 8-bit data. These have to cope with | |
205 | two types of 8-bit data: unlabelled 8-bit data (that is, | |
206 | 8-bit data that is entered without declaring it as 8-bit | |
207 | MIME -- technically this is illegal according to the | |
208 | specs) and labelled 8-bit data (that is, it was declared | |
209 | as 8BITMIME in the ESMTP session or by using the | |
210 | -B8BITMIME command line flag). If the F=8 mailer flag is | |
211 | set then 8-bit data is sent to non-8BITMIME machines | |
212 | instead of converting to 7 bit (essentially using | |
213 | just-send-8 semantics). The values for EightBitMode are: | |
214 | m convert unlabelled 8-bit input to 8BITMIME, and do | |
215 | any necessary conversion of 8BITMIME to 7BIT | |
216 | (essentially, the full MIME option). | |
217 | p pass unlabelled 8-bit input, but convert labelled | |
218 | 8BITMIME input to 7BIT as required (default). | |
219 | s strict adherence: reject unlabelled 8-bit input, | |
220 | convert 8BITMIME to 7BIT as required. The F=8 | |
221 | flag is ignored. | |
222 | Unlabelled 8-bit data is rejected in mode `s' regardless of | |
223 | the setting of F=8. | |
224 | Add new internal class 'n', which is the set of MIME Content-Types | |
225 | which can not be 8 to 7 bit encoded because of other | |
226 | considerations. Types "multipart/*" and "message/*" are | |
227 | never directly encoded (although their components can be). | |
228 | Add new internal class 'e'. This is the set of MIME | |
229 | Content-Transfer-Encodings that can be converted to | |
230 | a seven bit format (Quoted-Printable or Base64). It is | |
231 | preinitialized to contain "7bit", "8bit", and "binary". | |
232 | Add C=charset mailer parameter and the the DefaultCharSet option (no | |
233 | short name) to set the default character set to use in the | |
234 | Content-Type: header when doing encoding of an 8-bit message | |
235 | which isn't marked as MIME into MIME format. If the C= | |
236 | parameter is set on the Envelope From address, use that as | |
237 | the default encoding; else use the DefaultCharSet option. | |
238 | If neither is set, it defaults to "unknown-8bit" as | |
239 | suggested by RFC 1428 section 3. | |
240 | Allow ``U=user:group'' field in mailer definition to set a default | |
241 | user and group that a mailer will be executed as. This | |
242 | overrides the 'u' and 'g' options, and if the `F=S' flag is | |
243 | also set, it is the uid/gid that will always be used (that | |
244 | is, the controlling address is ignored). The values may be | |
245 | numeric or symbolic; if only a symbolic user is given (no | |
246 | group) that user's default group in the passwd file is used | |
247 | as the group. Based on code donated by Chip Rosenthal of | |
248 | Unicom. | |
249 | Allow `u' option to also accept user:group as a value, in the same | |
250 | fashion as the U= mailer option. | |
251 | Add the symbolic time zone name in the Arpanet format dates (as | |
252 | a comment). This adds a new compile-time configuration | |
253 | flag: TZ_TYPE can be set to TZ_TM_NAME (use the value | |
254 | of (struct tm *)->tm_name), TZ_TM_ZONE (use the value | |
255 | of (struct tm *)->tm_zone), TZ_TZNAME (use extern char | |
256 | *tzname[(struct tm *)->tm_isdst]), TZ_TIMEZONE (use | |
257 | timezone()), or TZ_NONE (don't include the comment). Code | |
258 | from Chip Rosenthal. | |
259 | The "Timeout" option (formerly "r") is extended to allow suboptions. | |
260 | For example, | |
261 | O Timeout.helo = 2m | |
262 | There are also two new suboptions "queuereturn" and | |
263 | "queuewarn"; these subsume the old T option. Thus, to | |
264 | set them both the preferred new syntax is | |
265 | O Timeout.queuereturn = 5d | |
266 | O Timeout.queuewarn = 4h | |
267 | Sort queue by host name instead of by message priority if the | |
268 | QueueSortOrder option (no short name) is set is set to | |
269 | ``host''. This makes better use of the connection cache, | |
270 | but may delay more ``interactive'' messages behind large | |
271 | backlogs under some circumstances. This is probably a | |
272 | good option if you have high speed links or don't do lots | |
273 | of ``batch'' messages, but less good if you are using | |
274 | something like PPP on a 14.4 modem. Based on code | |
275 | contributed by Roy Mongiovi of Georgia Tech (my main | |
276 | contribution was to make it configurable). | |
277 | Save i-number of df file in qf file to simplify rebuilding of queue | |
278 | after disasterous disk crash. Suggested by Kyle Jones of | |
279 | UUNET; closely based on code from KJS DECWRL code written | |
280 | by Paul Vixie. NOTA BENE: The qf files produced by 8.7 | |
281 | are NOT back compatible with 8.6 -- that is, you can convert | |
282 | from 8.6 to 8.7, but not the other direction. | |
283 | Add ``F=d'' mailer flag to disable all use of angle brackets in | |
284 | route-addrs in envelopes; this is because in some cases | |
285 | they can be sent to the shell, which interprets them as | |
286 | I/O redirection. | |
287 | Don't include error file (option E) with return-receipts; this | |
288 | can be confusing. | |
289 | Don't send "Warning: cannot send" messages to owner-* or | |
290 | *-request addresses. Suggested by Christophe Wolfhugel | |
291 | of the Institut Pasteur, Paris. | |
292 | Allow -O command line flag to set long form options. | |
293 | Add "MinQueueAge" option to set the minimum time between attempts | |
294 | to run the queue. For example, if the queue interval | |
295 | (-q value) is five minutes, but the minimum queue age | |
296 | is fifteen minutes, jobs won't be tried more often than | |
297 | once every fifteen minutes. This can be used to give | |
298 | you more responsiveness if your delivery mode is set to | |
299 | queue-only. | |
300 | Allow "fileopen" timeout (default: 60 seconds) for opening | |
301 | :include: and .forward files. | |
302 | Add "-k", "-v", and "-z" flags to map definitions; these set the | |
303 | key field name, the value field name, and the field | |
304 | delimiter. The field delimiter can be a single character | |
305 | or the sequence "\t" or "\n" for tab or newline. | |
306 | These are for use by NIS+ and similar access methods. | |
307 | Add "nisplus" map class. Takes -k and -v flags to choose the | |
308 | key and value field names respectively. Code donated by | |
309 | Sun Microsystems. | |
310 | Add "hesiod" map class. The "file name" is used as the | |
311 | "HesiodNameType" parameter to hes_resolve(3). Returns the | |
312 | first value found for the match. Code donated by Scott | |
313 | Hutton of Indiana University. | |
314 | Add "netinfo" (NeXT NetInfo) map class. Maps can have a -k flag to | |
315 | specify the name of the property that is searched as the | |
316 | key and a -v flag to specify the name of the property that | |
317 | is returned as the value (defaults to "members"). The | |
318 | default map is "/aliases". | |
319 | Add "text" map class. This does slow, linear searches through | |
320 | text files. The -z flag specifies a column delimiter | |
321 | (defaults to any sequence of white space), the -k flag | |
322 | sets the key column number, and the -v flag sets the | |
323 | value column number. Lines beginning with `#' are treated | |
324 | as comments. | |
325 | Add "program" map class to execute arbitrary programs. The search | |
326 | key is presented as the last argument; the output is one | |
327 | line read from the programs standard output. Exit statuses | |
328 | are from sysexits.h. | |
329 | Add "sequence" map class -- searches maps in sequence until it | |
330 | finds a match. For example, the declarations: | |
331 | Kmap1 ... | |
332 | Kmap2 ... | |
333 | Kmapseq sequence map1 map2 | |
334 | defines a map "mapseq" that first searches map1; if the | |
335 | value is found it is returned immediately, otherwise | |
336 | map2 is searched and the value returned. | |
337 | Add "switch" map class. This is much like "sequence" except that | |
338 | the ordering is fetched from an external file, usually | |
339 | the system service switch. The parameter is the name of | |
340 | the service to switch on, and the maps that it will use | |
341 | are this name followed by ".service_type". For example, | |
342 | if the declaration of the map is | |
343 | Ksample switch hosts | |
344 | and the system service switch specifies that hosts are | |
345 | looked up using dns and nis in that order, then this is | |
346 | equivalent to | |
347 | Ksample sequence hosts.dns hosts.nis | |
348 | The subordinate maps must already be defined. | |
349 | Add "user" map class -- looks up users using getpwnam. Takes a | |
350 | "-v field" flag on the definition that tells what passwd | |
351 | entry to return -- legal values are name, passwd, uid, gid, | |
352 | gecos, dir, and shell. Generally expected to be used with | |
353 | the -m (matchonly) flag. | |
354 | Add "bestmx" map class -- returns the best MX value for the host | |
355 | listed as the value. If there are several "best" MX records | |
356 | for this host, one will be chosen at random. | |
357 | Add "userdb" map class -- looks up entries in the user database. | |
358 | The "file name" is actually the tag that will be used, | |
359 | typically "mailname". If there are multiple entries | |
360 | matching the name, the one chosen is undefined. | |
361 | Add multiple queue timeouts (both return and warning). These are | |
362 | set by the Precedence: or Priority: header fields to one of | |
363 | three values. If a Priority: is set and has value "normal", | |
364 | "urgent", or "non-urgent" the corresponding timeouts are | |
365 | used. If no priority is set, the Precedence: is consulted; | |
366 | if negative, non-urgent timeouts are used; if greater than | |
367 | zero, urgent timeouts are used. Otherwise, normal timeouts | |
368 | are used. The timeouts are set by setting the six timeouts | |
369 | queue{warn,return}.{urgent,normal,non-urgent}. | |
370 | Fix problem when a mail address is resolved to a $#error mailer | |
371 | with a temporary failure indication; it works in SMTP, | |
372 | but when delivering locally the mail is silently discarded. | |
373 | This patch, from Kyle Jones of UUNET, bounces it instead | |
374 | of queueing it (queueing is very hard). | |
375 | When using /etc/hosts or NIS-style lookups, don't assume that | |
376 | the first name in the list is the best one -- instead, | |
377 | search for the first one with a dot. For example, if | |
378 | an /etc/hosts entry reads | |
379 | 128.32.149.68 mammoth mammoth.CS.Berkeley.EDU | |
380 | this change will use the second name as the canonical | |
381 | machine name instead of the initial, unqualified name. | |
382 | This heuristic is only used for finding your own name on | |
383 | startup, when the system may not be fully configured yet. | |
384 | Change dequote map to replace spaces in quoted text with a value | |
385 | indicated by the -s flag on the dequote map definition. | |
386 | For example, ``Mdequote dequote -s_'' will change | |
387 | "Foo Bar" into an unquoted Foo_Bar instead of leaving it | |
388 | quoted (because of the space character). Suggested by Dan | |
389 | Oscarsson for use in X.400 addresses. | |
390 | Implement long macro names as ${name}; long class names can | |
391 | be similarly referenced as $={name} and $~{name}. | |
392 | Definitions are (e.g.) ``D{name}value''. Names that have | |
393 | a leading lower case letter or punctuation characters are | |
394 | reserved for internal use by sendmail; i.e., config files | |
395 | should use names that begin with a capital letter. Based | |
396 | on code contributed by Dan Oscarsson. | |
397 | Fix core dump if getgrgid returns a null group list (as opposed | |
398 | to an empty group list, that is, a pointer to a list | |
399 | with no members). Fix from Andrew Chang of Sun Microsystems. | |
400 | Fix possible core dump if malloc fails -- if the malloc in xalloc | |
401 | failed, it called syserr which called newstr which called | |
402 | xalloc.... The newstr is now avoided for "panic" messages. | |
403 | Reported by Stuart Kemp of James Cook University. | |
404 | Improve connection cache timeouts; previously, they were not even | |
405 | checked if you were delivering to anything other than an | |
406 | IPC-connected host, so a series of (say) local mail | |
407 | deliveries could cause cached connections to be open | |
408 | much longer than the specified timeout. | |
409 | If an incoming message exceeds the maximum message size, stop | |
410 | writing the incoming bytes to the queue data file, since | |
411 | this can fill your mqueue partition -- this is a possible | |
412 | denial-of-service attack. | |
413 | Don't reject all numeric local user names unless HESIOD is | |
414 | defined. It turns out that Posix allows all-numeric | |
415 | user names. Fix from Tony Sanders of BSDI. | |
416 | Add service switch support. If the local OS has a service | |
417 | switch (e.g., /etc/nsswitch.conf on Solaris) that will | |
418 | be used; otherwise, it falls back to using a local | |
419 | mechanism based on the ServiceSwitchFile option | |
420 | (default: /etc/service.switch). For example, if the | |
421 | service switch lists "files" and "nis" for the aliases | |
422 | service, that will be the default lookup order. Note | |
423 | that you can still stack aliases files however, although | |
424 | you have to list them explicitly as "implicit:filename". | |
425 | Option I (NameServerOptions) no longer sets the "UseNameServer" | |
426 | variable which tells whether or not DNS should be considered | |
427 | canonical. This is now determined based on whether or not | |
428 | "dns" is in the service list for "hosts". | |
429 | Add preliminary support for the ESMTP "DSN" extension (Delivery | |
430 | Status Notifications). This is not yet a standard | |
431 | and the implementation is for experimentation only. | |
432 | For this reason it only announces itself as "X-DSN-0" | |
433 | instead of "DSN". DSN notifications override | |
434 | Return-Receipt-To:. | |
435 | Add T=mtstype keyletter to mailer definitions to define the value | |
436 | for the Final-MTS-Type: and Remote-MTS-Type: fields in the | |
437 | DSN-standard return message. | |
438 | Extend heuristic to force running in ESMTP mode to look for the | |
439 | six-character string "ESMTP " anywhere in the 220 greeting | |
440 | message (not just the second line). This is to provide | |
441 | better compatibility with other ESMTP servers. | |
442 | Print sequence number of job when running the queue so you can | |
443 | easily see how much progress you have made. Suggested | |
444 | by Peter Wemm of DIALix. | |
445 | Map newlines to spaces in logged message-ids; some versions of | |
446 | syslog truncate the rest of the line after newlines. | |
447 | Suggested by Fletcher Mattox of U. Texas. | |
448 | Move up forking for job runs so that if a message is split into | |
449 | multiple envelopes you don't get "fork storms" -- this | |
450 | also improves the connection cache utilization. | |
451 | Accept "<<>>", "<<<>>>", and so forth as equivalent to "<>" for | |
452 | the purposes of refusing to send error returns. Suggested | |
453 | by Motonori Nakamura of Ritsumeikan University. | |
454 | Relax rules on when a file can be written when referenced from | |
455 | the aliases file: use the default uid/gid instead of the | |
456 | real uid/gid. This allows you to create a file owned by | |
457 | and writable only by the default uid/gid that will work | |
458 | all the time (without having the setuid bit set). Change | |
459 | suggested by Shau-Ping Lo and Andrew Cheng of Sun | |
460 | Microsystems. | |
461 | Add "DialDelay" option (no short name) to provide an "extra" | |
462 | delay for dial on demand systems. If this is non-zero | |
463 | and a connect fails, sendmail will wait this long and | |
464 | then try again. If it takes longer than the kernel | |
465 | timeout interval to establish the connection, this | |
466 | option can give the network software time to establish | |
467 | the link. The default units are seconds. | |
468 | Move logging of sender information to be as early as possible; | |
469 | previously, it could be delayed a while for SMTP mail | |
470 | sent to aliases. Suggested by Brad Knowles of the | |
471 | Defense Information Systems Agency. | |
472 | Call res_init() before setting RES_DEBUG; this is required by | |
473 | BIND 4.9.3, or so I'm told. From Douglas Anderson of | |
474 | the National Computer Security Center. | |
475 | Add xdelay= field in logs -- this is a transaction delay, telling | |
476 | you how long it took to deliver to this address on the | |
477 | last try. It is intended to be used for sorting mailing | |
478 | lists to favor "quick" addresses. Provided for use by | |
479 | the mailprio scripts (see below). | |
480 | If a map cannot be opened, and that map is non-optional, and | |
481 | an address requires that map for resolution, queue the | |
482 | map instead of bouncing it. This involves creating a | |
483 | pseudo-class of maps called "bogus-map" -- if a required | |
484 | map cannot be opened, the class is changed to bogus-map; | |
485 | all queries against bogus-map return "tempfail". The | |
486 | bogus-map class is not directly accessible. A sample | |
487 | implementation was donated by Jem Taylor of Glasgow | |
488 | University Computing Service. | |
489 | Don't make a bad ``MAIL FROM:'' address on one message blow away | |
490 | other messages to the same host later in the queue. | |
491 | Problem noted by Eric Prestemon of American University. | |
492 | Fix a possible core dump when mailing to a program that talks | |
493 | SMTP on its standard input. Fix from Keith Moore of | |
494 | the University of Kentucky. | |
495 | Make it possible to resolve filenames to $#local $: @ /filename; | |
496 | previously, the "@" would cause it to not be recognized | |
497 | as a file. Problem noted by Brian Hill of U.C. Davis. | |
498 | Accept a -1 signal to re-exec the daemon. This only works if | |
499 | argv[0] is a full path to sendmail. | |
500 | Fix bug in "addr=..." field in O option on little-endian machines | |
501 | -- the network number wasn't being converted to network | |
502 | byte order. Patch from Kurt Lidl of Pix Technologies | |
503 | Corporation. | |
504 | Pre-initialize the resolver early on; this is to avoid a bug with | |
505 | BIND 4.9.3 that can cause the _res.retry field to get | |
506 | reset to zero, causing all name server lookups to time | |
507 | out. Fix from Matt Day of Artisoft. | |
508 | Restore T line (trusted users) in config file -- but instead of | |
509 | locking out the -f flag, they just tell whether or not | |
510 | an X-Authentication-Warning: will be added. This really | |
511 | just creates new entries in class 't', so "Ft/file/name" | |
512 | can be used to read trusted user names from a file. | |
513 | Improve NEWDB alias file rebuilding so it will create them | |
514 | properly if they do not already exist. This had been | |
515 | a MAYBENEXTRELEASE feature in 8.6.9. | |
516 | Check for @:@ entry in NIS maps before starting up to avoid | |
517 | (but not prevent, sigh) race conditions. This ought to | |
518 | be handled properly in ypserv, but isn't. Suggested by | |
519 | Michael Beirne of Motorola. | |
520 | Refuse connections if there isn't enough space on the filesystem | |
521 | holding the queue. Contributed by Robert Dana of Wolf | |
522 | Communications. | |
523 | Skip checking for directory permissions in the path to a file | |
524 | when checking for file permissions iff setreuid() | |
525 | succeeded -- it is unnecessary in that case. This avoids | |
526 | significant performance problems when looking for .forward | |
527 | files. Based on a suggestion by Win Bent of USC. | |
528 | Allow symbolic ruleset names. Syntax can be "Sname" to get an | |
529 | arbitrary ruleset number assigned or "Sname = integer" | |
530 | to assign a specific ruleset number. Reference is | |
531 | $>name_or_number. Names can be composed of alphas, digits, | |
532 | underscore, or hyphen (first character must be non-numeric). | |
533 | Allow -o flag on AliasFile lines to make the alias file optional. | |
534 | From Bryan Costales of ICSI. | |
535 | Add NoRecipientAction option to handle the case where there is | |
536 | no legal recipient header in the message. It can take | |
537 | on values: | |
538 | None Leave the message as is. The | |
539 | message will be passed on even | |
540 | though it is in technically | |
541 | illegal syntax. | |
542 | Add-To Add a To: header with any | |
543 | recipients that it can find from | |
544 | the envelope. This risks exposing | |
545 | Bcc: recipients. | |
546 | Add-Apparently-To Add an Apparently-To: header. This | |
547 | has almost no redeeming social value, | |
548 | and is provided only for back | |
549 | compatibility. | |
550 | Add-To-Undisclosed Add a header reading | |
551 | To: undisclosed-recipients:; | |
552 | which will have the effect of | |
553 | making the message legal without | |
554 | exposing Bcc: recipients. | |
555 | Add-Bcc To add an empty Bcc: header. | |
556 | There is a chance that mailers down | |
557 | the line will delete this header, | |
558 | which could cause exposure of Bcc: | |
559 | recipients. | |
560 | The default is NoRecipientAction=None. | |
561 | Truncate (rather than delete) Bcc: lines in the header. This | |
562 | should prevent later sendmails (at least, those that don't | |
563 | themselves delete Bcc:) from considering this message to | |
564 | be non-conforming -- although it does imply that non-blind | |
565 | recipients can see that a Bcc: was sent, albeit not to whom. | |
566 | Add SafeFileEnvironment option. If declared, files named as delivery | |
567 | targets must be regular files in addition to the regular | |
568 | checks. Also, if the option is non-null then it is used as | |
569 | the name of a directory that is used as a chroot(2) | |
570 | environment for the delivery; the file names listed in an | |
571 | alias or forward should include the name of this root. | |
572 | For example, if you run with | |
573 | O SafeFileEnvironment=/arch | |
574 | then aliases should reference "/arch/rest/of/path". If a | |
575 | value is given, sendmail also won't try to save to | |
576 | /usr/tmp/dead.letter (instead it just leaves the job in the | |
577 | queue as Qfxxxxxx). Inspired by *Hobbit*'s sendmail patch kit. | |
578 | Support -A flag for alias files; this will comma concatenate like | |
579 | entries. For example, given the aliases: | |
580 | list: member1 | |
581 | list: member2 | |
582 | and an alias file declared as: | |
583 | OAhash:-A /etc/aliases | |
584 | the final alias inserted will be "list: member1,member2"; | |
585 | without -A you will get an error on the second and subsequent | |
586 | alias for "list". Contributed by Bryan Costales of ICSI. | |
587 | Line-buffer transcript file. Suggested by Liudvikas Bukys. | |
588 | Fix a problem that could cause very long addresses to core dump in | |
589 | some special circumstances. Problem pointed out by Allan | |
590 | Johannesen. | |
591 | (Internal change.) Change interface to expand() (macro expansion) | |
592 | to be simpler and more consistent. | |
593 | Delete check for funny qf file names. This didn't really give | |
594 | any extra security and caused some people some problems. | |
595 | (If you -really- want this, define PICKY_QF_NAME_CHECK | |
596 | at compile time.) Suggested by Kyle Jones of UUNET. | |
597 | (Internal change.) Change EF_NORETURN to EF_NO_BODY_RETN and | |
598 | merge with DSN code; this is simpler and more consistent. | |
599 | This may affect some people who have written their own | |
600 | checkcompat() routine. | |
601 | (Internal change.) Eliminate `D' line in qf file. The df file | |
602 | is now assumed to be the same name as the qf file (with | |
603 | the `q' changed to a `d', of course). | |
604 | Avoid forking for delivery if all recipient mailers are marked as | |
605 | "expensive" -- this can be a major cost on some systems. | |
606 | Essentially, this forces sendmail into "queue only" mode | |
607 | if all it is going to do is queue anyway. | |
608 | Avoid sending a null message in some rather unusual circumstances | |
609 | (specifically, the RCPT command returns a temporary | |
610 | failure but the connection is lost before the DATA | |
611 | command). Fix from Scott Hammond of Secure Computing | |
612 | Corporation. | |
613 | Change makesendmail to use a somewhat more rational naming scheme: | |
614 | Makefiles and obj directories are named $os.$rel.$arch, | |
615 | where $os is the operating system (e.g., SunOS), $rel is | |
616 | the release number (e.g., 5.3), and $arch is the machine | |
617 | architecture (e.g., sun4). Any of these can be omitted, | |
618 | and anything after the first dot in a release number can | |
619 | be replaced with "x" (e.g., SunOS.4.x.sun4). The previous | |
620 | version used $os.$arch.$rel and was rather less general. | |
621 | Ignore IDENT return value if the OSTYPE field returns "OTHER", | |
622 | as indicated by RFC 1413. Pointed out by Kari Hurtta | |
623 | of the Finnish Meteorological Institute. | |
624 | Fix problem that could cause multiple responses to DATA command | |
625 | on header syntax errors (e.g., lines beginning with colons). | |
626 | Problem noted by Jens Thomassen of the University of Oslo. | |
627 | Don't let null bytes in headers cause truncation of the rest of | |
628 | the header. | |
629 | Log Authentication-Warning:s. Suggested by Motonori Nakamura. | |
630 | Increase timeouts on message data puts to allow time for receivers | |
631 | to canonify addresses in headers on the fly. This is still | |
632 | a rather ugly heuristic. From Motonori Nakamura. | |
633 | Add "HasWildcardMX" suboption to ResolverOptions; if set, MX | |
634 | records are not used when canonifying names. This is | |
635 | useful if you have a wildcard MX record, although it | |
636 | may cause other problems. In general, don't use wildcard | |
637 | MX records. Patch from Motonori Nakamura. | |
638 | Eliminate default two-line SMTP greeting message. Instead of | |
639 | adding an extra "ESMTP spoken here" line, the word "ESMTP" | |
640 | is added between the first and second word of the first | |
641 | line of the greeting message (i.e., immediately after the | |
642 | host name). This eliminates the need for the BROKEN_SMTP_PEERS | |
643 | compile flag. Old sendmails won't see the ESMTP, but that's | |
644 | acceptable because SIZE was the only useful extension that | |
645 | old sendmails understand. | |
646 | Avoid gethostbyname calls on UNIX domain sockets during SIGUSR1 | |
647 | invoked state dumps. From Masaharu Onishi. | |
648 | Allow on-line comments in .forward and :include: files; they are | |
649 | introduced by the string "<LWSP>#@#<LWSP>", where <LWSP> | |
650 | is a space or a tab. This is intended for native | |
651 | representation of non-ASCII sets such as Japanese, where | |
652 | existing encodings would be unreadable or would lose | |
653 | data -- for example, | |
654 | <motonori@cs.ritsumei.ac.jp> NAKAMURA Motonori | |
655 | (romanized/less information) | |
656 | <motonori@cs.ritsumei.ac.jp> =?ISO-2022-JP?B?GyRCQ2ZCPBsoQg==?= | |
657 | =?ISO-2022-JP?B?GyRCQUdFNRsoQg==?= | |
658 | (with MIME encoding, not human readable) | |
659 | <motonori@cs.ritsumei.ac.jp> #@# ^[$BCfB<^[(B ^[$BAGE5^[(B | |
660 | (native encoding with ISO-2022-JP) | |
661 | The last form is human readable in the Japanese environment. | |
662 | Based on a fix from (surprise!) Motonori Nakamura. | |
663 | Don't make SMTP error returns on MAIL FROM: line be "sticky" for all | |
664 | messages to that host; these are most frequently associated | |
665 | with addresses rather than the host, with the exception of | |
666 | 421 (service shutting down). The effect was to cause queues | |
667 | to sometimes take an excessive time to flush. Reported by | |
668 | Robert Sargent of Southern Geographics Technologies. | |
669 | Add Nice=N mailer option to set the niceness at which a mailer will | |
670 | run. | |
671 | When looking for a default config file (that is, not specified using | |
672 | a -C flag), try a configuration file name extended by the | |
673 | binary version number -- e.g., sendmail.8.7.Alpha.9.cf, | |
674 | sendmail.8.7.Alpha.cf, sendmail.8.7.cf, sendmail.8.cf, and | |
675 | sendmail.cf in that order. This should make it easier to | |
676 | test new versions in a shared environment. | |
677 | Log queue runs that are skipped due to high loads. They are logged | |
678 | at LOG_INFO priority iff the log level is > 8. Contributed | |
679 | by Bruce Nagel of Data General. | |
680 | Allow the error mailer to accept a DSN-style error status code | |
681 | instead of an sysexits status code in the host part. | |
682 | Anything with a dot will be interpreted as a DSN-style code. | |
683 | Add new mailer flag: F=3 will tell translations to Quoted-Printable | |
684 | to encode characters that might be munged by an EBCDIC system | |
685 | in addition to the set required by RFC 1521. The additional | |
686 | characters are !, ", #, $, @, [, \, ], ^, `, {, |, }, and ~. | |
687 | (Think of "IBM 360" as the mnemonic for this flag.) | |
688 | Change check for mailing to files to look for a pathname of [FILE] | |
689 | rather than looking for the mailer named *file*. The mapping | |
690 | of leading slashes still goes to the *file* mailer. This | |
691 | allows you to implement the *file* mailer as a separate | |
692 | program, for example, to insert a Content-Length: header | |
693 | or do special security policy. However, note that the usual | |
694 | initial checking for the file permissions is still done, and | |
695 | the program in question needs to be very careful about how | |
696 | it does the file write to avoid security problems. | |
697 | Be able to read ~root/.forward even if the path isn't accessible to | |
698 | regular users. This is disrecommended because sendmail | |
699 | sometimes does not run as root (e.g., when an unsafe option | |
700 | is specified on the command line), but should otherwise be | |
701 | safe because .forward files must be owned by the user for | |
702 | whom mail is being forwarded, and cannot be a symbolic link. | |
703 | Suggested by Forrest Aldrich of Wang Laboratories. | |
704 | Add new "HostsFile" option that is the pathname to the /etc/hosts | |
705 | file. This is used for canonifying hostnames when the | |
706 | service type is "files". | |
707 | Implement programs on F (read class from file) line. The syntax is | |
708 | Fc|/path/to/program to read the output from the program | |
709 | into class "c". | |
710 | Probe the network interfaces to find alternate names for this | |
711 | host. Requires the SIOCGIFCONF ioctl call. Code | |
712 | contributed by SunSoft. | |
713 | Add "E" configuration line to set or propogate environment | |
714 | variables into children. "E<envar>" will propogate | |
715 | the named variable from the environment when sendmail | |
716 | was invoked into any children it calls; "E<envar>=<value>" | |
717 | sets the named variable to the indicated value. Any | |
718 | variables not explicitly named will not be in the child | |
719 | environment. However, sendmail still forces an | |
720 | "AGENT=sendmail" environment variable, in part to enforce | |
721 | at least one environment variable, since many programs and | |
722 | libraries die horribly if this is not guaranteed. | |
723 | PORTABILITY FIXES: | |
724 | Solaris 2 from Rob McMahon <cudcv@csv.warwick.ac.uk>. | |
725 | System V Release 4 from Motonori Nakamura of Ritsumeikan | |
726 | University. This expands the disk size | |
727 | checking to include all (?) SVR4 configurations. | |
728 | System V Release 4 from Kimmo Suominen -- initgroups(3) | |
729 | and setrlimit(2) are both available. | |
730 | System V Release 4 from sob@sculley.ffg.com -- some versions | |
731 | apparently "have EX_OK defined in other headerfiles." | |
732 | Linux Makefile typo. | |
733 | Linux getusershell(3) is broken in Slackware 2.0 -- | |
734 | from Andrew Pam of Xanadu Australia. | |
735 | More Linux tweaking from John Kennedy of California State | |
736 | University, Chico. | |
737 | Cray changes from Eric Wassenaar: ``On Cray, shorts, | |
738 | ints, and longs are all 64 bits, and all structs | |
739 | are multiples of 64 bits. This means that the | |
740 | sizeof operator returns only multiples of 8. | |
741 | This requires adaptation of code that really | |
742 | deals with 32 bit or 16 bit fields, such as IP | |
743 | addresses or nameserver fields.'' | |
744 | DG/UX 5.4.3 from Mark T. Robinson <mtr@ornl.gov>. To | |
745 | get the old behaviour, use -DDGUX_5_4_2. | |
746 | DG/UX hack: add _FORCE_MAIL_LOCAL_=yes environment | |
747 | variable to fix bogus /bin/mail behaviour. | |
748 | Tandem NonStop-UX from Rick McCarty <mccarty@mpd.tandem.com>. | |
749 | This also cleans up some System V Release 4 compile | |
750 | problems. | |
751 | Solaris 2: sendmail.cw file should be in /etc/mail to | |
752 | match all the other configuration files. Fix | |
753 | from Glenn Barry of Emory University. | |
754 | Solaris 2.3: compile problem in conf.c. Fix from Alain | |
755 | Nissen of the University of Liege, Belgium. | |
756 | Ultrix: freespace calculation was incorrect. Fix from | |
757 | Takashi Kizu of Osaka University. | |
758 | SVR4: running in background gets a SIGTTOU because the | |
759 | emulation code doesn't realize that "getpeername" | |
760 | doesn't require reading the file. Fix from Peter | |
761 | Wemm of DIALix. | |
762 | Solaris 2.3: due to an apparent bug in the socket emulation | |
763 | library, sockets can get into a "wedged" state where | |
764 | they just return EPROTO; closing and re-opening the | |
765 | socket clears the problem. Fix from Bob Manson | |
766 | of Ohio State University. | |
767 | Hitachi 3050R & 3050RX running HI-UX/WE2: portability | |
768 | fixes from Akihiro Hashimoto ("Hash") of Chiba | |
769 | University. | |
770 |