+ SENDMAIL RELEASE NOTES
+ @(#)RELEASE_NOTES 8.7.Beta (Berkeley) %G%
+
+This listing shows the version of the sendmail binary, the version
+of the sendmail configuration files, the date of release, and a
+summary of the changes in that release.
+
+8.7/8.7 95/xx/xx CURRENTLY IN BETA PRERELEASE!!!
+ Fix a problem that could cause sendmail to run out of file
+ descriptors due to a trashed data structure after a
+ vfork. Fix from Brian Coan of the Institute for
+ Global Communications.
+ Change the VRFY response if you have disabled VRFY -- some
+ people seemed to think that it was too rude.
+ Avoid reference to uninitialized file descriptor if HASFLOCK
+ was not defined. This was used "safely" in the sense
+ that it only did a stat, but it would have set the
+ map modification time improperly. Problem pointed out
+ by Roy Mongiovi of Georgia Tech.
+ Clean up the Subject: line on warning messages and return
+ receipts so that they don't say "Returned mail:"; this
+ can be confusing.
+ Move ruleset entry/exit debugging from 21.2 to 21.1 -- this is
+ useful enough to make it worthwhile printing on "-d".
+ Avoid logging alias statistics every time you read the alias
+ file on systems with no database method compiled in.
+ If you have a name with a trailing dot, and you try looking it
+ up using gethostbyname without the dot (for /etc/hosts
+ compatibility), be sure to turn off RES_DEFNAMES and
+ RES_DNSRCH to avoid finding the wrong name accidently.
+ Problem noted by Charles Amos of the University of
+ Maryland.
+ Don't do timeouts in collect if you are not running SMTP.
+ There is nothing that says you can't have a long
+ running program piped into sendmail (possibly via
+ /bin/mail, which just execs sendmail). Problem reported
+ by Don "Truck" Lewis of Silicon Systems.
+ Try gethostbyname() even if the DNS lookup fails iff option I
+ is not set. This allows you to have hosts listed in
+ NIS or /etc/hosts that are not known to DNS. It's normally
+ a bad idea, but can be useful on firewall machines. This
+ should really be broken out on a separate flag, I suppose.
+ Avoid compile warnings against BIND 4.9.3, which uses function
+ prototypes. From Don Lewis of Silicon Systems.
+ Avoid possible incorrect diagnosis of DNS-related errors caused
+ by things like attempts to resolve uucp names using
+ $[ ... $] -- the fix is to clear h_errno at appropriate
+ times. From Kyle Jones of UUNET.
+ SECURITY: avoid denial-of-service attacks possible by destroying
+ the alias database file by setting resource limits low.
+ This involves adding two new compile-time options:
+ HASSETRLIMIT (indicating that setrlimit(2) support is
+ available) and HASULIMIT (indicating that ulimit(2) support
+ is available -- the Release 3 form is used). The former
+ is assumed on BSD-based systems, the latter on System
+ V-based systems. Attack noted by Phil Brandenberger of
+ Swarthmore University.
+ New syntaxes in test (-bt) mode:
+ ``.Dmvalue'' will define macro "m" to "value".
+ ``.Ccvalue'' will add "value" to class "c".
+ ``.Sruleset'' will dump the contents of the indicated
+ ruleset.
+ ``-ddebug-spec'' is equivalent to the command-line
+ -d debug flag.
+ ``$m'' will print the value of macro "m".
+ ``/mx host'' returns the MX records for ``host''.
+ ``/try address'' will parse address, returning the value of
+ crackaddr (essentially, the comment information)
+ and the parsed address (the same as -bv).
+ Somewhat better handling of UNIX-domain socket addresses -- it
+ should show the pathname rather than hex bytes.
+ Restore ``-ba'' mode -- this reads a file from stdin and parses
+ the header for envelope sender information and uses
+ CR-LF as message terminators. It was thought to be
+ obsolete (used only for Arpanet NCP protocols), but it
+ turns out that the UK ``Grey Book'' protocols require
+ that functionality.
+ Fix a fix in previous release -- if gethostname and gethostbyname
+ return a name without dots, and if an attempt to canonify
+ that name fails, wait one minute and try again. This can
+ result in an extra 60 second delay on startup if your system
+ hostname (as returned by hostname(1)) has no dot and no names
+ listed in /etc/hosts or your NIS map have a dot.
+ Check for proper domain name on HELO and EHLO commands per
+ RFC 1123 section 5.2.5. Problem noted by Thomas Dwyer III
+ of Michigan Technological University.
+ Relax chownsafe rules slightly -- old version said that if you
+ can't tell if _POSIX_CHOWN_RESTRICTED is set (that is,
+ if fpathconf returned EINVAL or ENOSYS), assume that
+ chown is not safe. The new version falls back to whether
+ you are on a BSD system or not. This is important for
+ SunOS, which apparently always returns one of those
+ error codes. This impacts whether you can mail to files
+ or not.
+ Syntax errors such as unbalanced parentheses in the configuration
+ file could be omitted if you had "Oem" prior to the
+ syntax error in the config file. Change to always print
+ the error message. It was especially wierd because it
+ would cause a "warning" message to be sent to the Postmaster
+ for every message sent (but with no transcript). Problem
+ noted by Gregory Paris of Motorola.
+ Rewrite collect and putbody to handle full 8-bit data, including
+ zero bytes. These changes are internally extensive, but
+ should have minimal impact on external function.
+ Allow full words for option names -- if the option letter is
+ (apparently) a space, then take the word following -- e.g.,
+ O MatchGECOS=TRUE
+ The full list of old and new names is as follows:
+ 7 SevenBitInput
+ 8 EightBitMode
+ A AliasFile
+ a AliasWait
+ B BlankSub
+ b MinFreeBlocks/MaxMessageSize
+ C CheckpointInterval
+ c HoldExpensive
+ D AutoRebuildAliases
+ d DeliveryMode
+ E ErrorHeader
+ e ErrorMode
+ f SaveFromLine
+ F TempFileMode
+ G MatchGECOS
+ H HelpFile
+ h MaxHopCount
+ i IgnoreDots
+ I ResolverOptions
+ J ForwardPath
+ j SendMimeErrors
+ k ConnectionCacheSize
+ K ConnectionCacheTimeout
+ L LogLevel
+ l UseErrorsTo
+ m MeToo
+ n CheckAliases
+ O DaemonPortOptions
+ o OldStyleHeaders
+ P PostmasterCopy
+ p PrivacyOptions
+ Q QueueDirectory
+ q QueueFactor
+ R DontPruneRoutes
+ r, T Timeout
+ S StatusFile
+ s SuperSafe
+ t TimeZoneSpec
+ u DefaultUser
+ U UserDatabaseSpec
+ V FallbackMXhost
+ v Verbose
+ w TryNullMXList
+ x QueueLA
+ X RefuseLA
+ Y ForkEachJob
+ y RecipientFactor
+ z ClassFactor
+ Z RetryFactor
+ To avoid possible problems with an older sendmail,
+ configuration level 6 is accepted by this version of
+ sendmail; any config file using the new names should
+ specify "V6" in the configuration.
+ Change address parsing to properly note that a phrase before a
+ colon and a trailing semicolon are essentially the same
+ as text outside of angle brackets (i.e., sendmail should
+ treat them as comments). This is to handle the
+ ``group name: addr1, addr2, ..., addrN;'' syntax (it will
+ assume that ``group name:'' is a comment on the first
+ address and the ``;'' is a comment on the last address).
+ This requires config file support to get right. It does
+ understand that :: is NOT this syntax, and can be turned
+ off completely by setting the ColonOkInAddresses option.
+ Level 6 config files added with new mailer flags:
+ A Addresses are aliasable.
+ i Do udb rewriting on envelope as well as header
+ sender lines. Applies to the from address mailer
+ flags rather than the recipient mailer flags.
+ j Do udb rewriting on header recipient addresses.
+ Applies to the sender mailer flags rather than the
+ recipient mailer flags.
+ k Disable check for loops when doing HELO command.
+ o Always run as the mail recipient, even on local
+ delivery.
+ w Check for an /etc/passwd entry for this user.
+ 5 Pass addresses through ruleset 5.
+ : Check for :include: on this address.
+ | Check for |program on this address.
+ / Check for /file on this address.
+ @ Look up sender header addresses in the user
+ database. Applies to the mailer flags for the
+ mailer corresponding to the envelope sender
+ address, rather than to recipient mailer flags.
+ Pre-level 6 configuration files set A, w, 5, :, |, /, and @
+ on the "local" mailer, the o flag on the "prog" and "*file*"
+ mailers, and the ColonOkInAddresses option.
+ Eight-to-seven bit MIME conversions. This borrows ideas from
+ John Beck of Hewlett-Packard, who generously contributed
+ their implementation to me, which I then didn't use (see
+ mime.c for an explanation of why). This adds the
+ EightBitMode option (a.k.a. `8') and an F=8 mailer flag
+ to control handling of 8-bit data. These have to cope with
+ two types of 8-bit data: unlabelled 8-bit data (that is,
+ 8-bit data that is entered without declaring it as 8-bit
+ MIME -- technically this is illegal according to the
+ specs) and labelled 8-bit data (that is, it was declared
+ as 8BITMIME in the ESMTP session or by using the
+ -B8BITMIME command line flag). If the F=8 mailer flag is
+ set then 8-bit data is sent to non-8BITMIME machines
+ instead of converting to 7 bit (essentially using
+ just-send-8 semantics). The values for EightBitMode are:
+ m convert unlabelled 8-bit input to 8BITMIME, and do
+ any necessary conversion of 8BITMIME to 7BIT
+ (essentially, the full MIME option).
+ p pass unlabelled 8-bit input, but convert labelled
+ 8BITMIME input to 7BIT as required (default).
+ s strict adherence: reject unlabelled 8-bit input,
+ convert 8BITMIME to 7BIT as required. The F=8
+ flag is ignored.
+ Unlabelled 8-bit data is rejected in mode `s' regardless of
+ the setting of F=8.
+ Add new internal class 'n', which is the set of MIME Content-Types
+ which can not be 8 to 7 bit encoded because of other
+ considerations. Types "multipart/*" and "message/*" are
+ never directly encoded (although their components can be).
+ Add new internal class 'e'. This is the set of MIME
+ Content-Transfer-Encodings that can be converted to
+ a seven bit format (Quoted-Printable or Base64). It is
+ preinitialized to contain "7bit", "8bit", and "binary".
+ Add C=charset mailer parameter and the the DefaultCharSet option (no
+ short name) to set the default character set to use in the
+ Content-Type: header when doing encoding of an 8-bit message
+ which isn't marked as MIME into MIME format. If the C=
+ parameter is set on the Envelope From address, use that as
+ the default encoding; else use the DefaultCharSet option.
+ If neither is set, it defaults to "unknown-8bit" as
+ suggested by RFC 1428 section 3.
+ Allow ``U=user:group'' field in mailer definition to set a default
+ user and group that a mailer will be executed as. This
+ overrides the 'u' and 'g' options, and if the `F=S' flag is
+ also set, it is the uid/gid that will always be used (that
+ is, the controlling address is ignored). The values may be
+ numeric or symbolic; if only a symbolic user is given (no
+ group) that user's default group in the passwd file is used
+ as the group. Based on code donated by Chip Rosenthal of
+ Unicom.
+ Allow `u' option to also accept user:group as a value, in the same
+ fashion as the U= mailer option.
+ Add the symbolic time zone name in the Arpanet format dates (as
+ a comment). This adds a new compile-time configuration
+ flag: TZ_TYPE can be set to TZ_TM_NAME (use the value
+ of (struct tm *)->tm_name), TZ_TM_ZONE (use the value
+ of (struct tm *)->tm_zone), TZ_TZNAME (use extern char
+ *tzname[(struct tm *)->tm_isdst]), TZ_TIMEZONE (use
+ timezone()), or TZ_NONE (don't include the comment). Code
+ from Chip Rosenthal.
+ The "Timeout" option (formerly "r") is extended to allow suboptions.
+ For example,
+ O Timeout.helo = 2m
+ There are also two new suboptions "queuereturn" and
+ "queuewarn"; these subsume the old T option. Thus, to
+ set them both the preferred new syntax is
+ O Timeout.queuereturn = 5d
+ O Timeout.queuewarn = 4h
+ Sort queue by host name instead of by message priority if the
+ QueueSortOrder option (no short name) is set is set to
+ ``host''. This makes better use of the connection cache,
+ but may delay more ``interactive'' messages behind large
+ backlogs under some circumstances. This is probably a
+ good option if you have high speed links or don't do lots
+ of ``batch'' messages, but less good if you are using
+ something like PPP on a 14.4 modem. Based on code
+ contributed by Roy Mongiovi of Georgia Tech (my main
+ contribution was to make it configurable).
+ Save i-number of df file in qf file to simplify rebuilding of queue
+ after disasterous disk crash. Suggested by Kyle Jones of
+ UUNET; closely based on code from KJS DECWRL code written
+ by Paul Vixie. NOTA BENE: The qf files produced by 8.7
+ are NOT back compatible with 8.6 -- that is, you can convert
+ from 8.6 to 8.7, but not the other direction.
+ Add ``F=d'' mailer flag to disable all use of angle brackets in
+ route-addrs in envelopes; this is because in some cases
+ they can be sent to the shell, which interprets them as
+ I/O redirection.
+ Don't include error file (option E) with return-receipts; this
+ can be confusing.
+ Don't send "Warning: cannot send" messages to owner-* or
+ *-request addresses. Suggested by Christophe Wolfhugel
+ of the Institut Pasteur, Paris.
+ Allow -O command line flag to set long form options.
+ Add "MinQueueAge" option to set the minimum time between attempts
+ to run the queue. For example, if the queue interval
+ (-q value) is five minutes, but the minimum queue age
+ is fifteen minutes, jobs won't be tried more often than
+ once every fifteen minutes. This can be used to give
+ you more responsiveness if your delivery mode is set to
+ queue-only.
+ Allow "fileopen" timeout (default: 60 seconds) for opening
+ :include: and .forward files.
+ Add "-k", "-v", and "-z" flags to map definitions; these set the
+ key field name, the value field name, and the field
+ delimiter. The field delimiter can be a single character
+ or the sequence "\t" or "\n" for tab or newline.
+ These are for use by NIS+ and similar access methods.
+ Change maps to always strip quotes before lookups; the -q flag
+ turns off this behaviour. Suggested by Motonori Nakamura.
+ Add "nisplus" map class. Takes -k and -v flags to choose the
+ key and value field names respectively. Code donated by
+ Sun Microsystems.
+ Add "hesiod" map class. The "file name" is used as the
+ "HesiodNameType" parameter to hes_resolve(3). Returns the
+ first value found for the match. Code donated by Scott
+ Hutton of Indiana University.
+ Add "netinfo" (NeXT NetInfo) map class. Maps can have a -k flag to
+ specify the name of the property that is searched as the
+ key and a -v flag to specify the name of the property that
+ is returned as the value (defaults to "members"). The
+ default map is "/aliases".
+ Add "text" map class. This does slow, linear searches through
+ text files. The -z flag specifies a column delimiter
+ (defaults to any sequence of white space), the -k flag
+ sets the key column number, and the -v flag sets the
+ value column number. Lines beginning with `#' are treated
+ as comments.
+ Add "program" map class to execute arbitrary programs. The search
+ key is presented as the last argument; the output is one
+ line read from the programs standard output. Exit statuses
+ are from sysexits.h.
+ Add "sequence" map class -- searches maps in sequence until it
+ finds a match. For example, the declarations:
+ Kmap1 ...
+ Kmap2 ...
+ Kmapseq sequence map1 map2
+ defines a map "mapseq" that first searches map1; if the
+ value is found it is returned immediately, otherwise
+ map2 is searched and the value returned.
+ Add "switch" map class. This is much like "sequence" except that
+ the ordering is fetched from an external file, usually
+ the system service switch. The parameter is the name of
+ the service to switch on, and the maps that it will use
+ are this name followed by ".service_type". For example,
+ if the declaration of the map is
+ Ksample switch hosts
+ and the system service switch specifies that hosts are
+ looked up using dns and nis in that order, then this is
+ equivalent to
+ Ksample sequence hosts.dns hosts.nis
+ The subordinate maps must already be defined.
+ Add "user" map class -- looks up users using getpwnam. Takes a
+ "-v field" flag on the definition that tells what passwd
+ entry to return -- legal values are name, passwd, uid, gid,
+ gecos, dir, and shell. Generally expected to be used with
+ the -m (matchonly) flag.
+ Add "bestmx" map class -- returns the best MX value for the host
+ listed as the value. If there are several "best" MX records
+ for this host, one will be chosen at random.
+ Add "userdb" map class -- looks up entries in the user database.
+ The "file name" is actually the tag that will be used,
+ typically "mailname". If there are multiple entries
+ matching the name, the one chosen is undefined.
+ Add multiple queue timeouts (both return and warning). These are
+ set by the Precedence: or Priority: header fields to one of
+ three values. If a Priority: is set and has value "normal",
+ "urgent", or "non-urgent" the corresponding timeouts are
+ used. If no priority is set, the Precedence: is consulted;
+ if negative, non-urgent timeouts are used; if greater than
+ zero, urgent timeouts are used. Otherwise, normal timeouts
+ are used. The timeouts are set by setting the six timeouts
+ queue{warn,return}.{urgent,normal,non-urgent}.
+ Fix problem when a mail address is resolved to a $#error mailer
+ with a temporary failure indication; it works in SMTP,
+ but when delivering locally the mail is silently discarded.
+ This patch, from Kyle Jones of UUNET, bounces it instead
+ of queueing it (queueing is very hard).
+ When using /etc/hosts or NIS-style lookups, don't assume that
+ the first name in the list is the best one -- instead,
+ search for the first one with a dot. For example, if
+ an /etc/hosts entry reads
+ 128.32.149.68 mammoth mammoth.CS.Berkeley.EDU
+ this change will use the second name as the canonical
+ machine name instead of the initial, unqualified name.
+ Change dequote map to replace spaces in quoted text with a value
+ indicated by the -s flag on the dequote map definition.
+ For example, ``Mdequote dequote -s_'' will change
+ "Foo Bar" into an unquoted Foo_Bar instead of leaving it
+ quoted (because of the space character). Suggested by Dan
+ Oscarsson for use in X.400 addresses.
+ Implement long macro names as ${name}; long class names can
+ be similarly referenced as $={name} and $~{name}.
+ Definitions are (e.g.) ``D{name}value''. Names that have
+ a leading lower case letter or punctuation characters are
+ reserved for internal use by sendmail; i.e., config files
+ should use names that begin with a capital letter. Based
+ on code contributed by Dan Oscarsson.
+ Fix core dump if getgrgid returns a null group list (as opposed
+ to an empty group list, that is, a pointer to a list
+ with no members). Fix from Andrew Chang of Sun Microsystems.
+ Fix possible core dump if malloc fails -- if the malloc in xalloc
+ failed, it called syserr which called newstr which called
+ xalloc.... The newstr is now avoided for "panic" messages.
+ Reported by Stuart Kemp of James Cook University.
+ Improve connection cache timeouts; previously, they were not even
+ checked if you were delivering to anything other than an
+ IPC-connected host, so a series of (say) local mail
+ deliveries could cause cached connections to be open
+ much longer than the specified timeout.
+ If an incoming message exceeds the maximum message size, stop
+ writing the incoming bytes to the queue data file, since
+ this can fill your mqueue partition -- this is a possible
+ denial-of-service attack.
+ Don't reject all numeric local user names unless HESIOD is
+ defined. It turns out that Posix allows all-numeric
+ user names. Fix from Tony Sanders of BSDI.
+ Add service switch support. If the local OS has a service
+ switch (e.g., /etc/nsswitch.conf on Solaris or /etc/svc.conf
+ on DEC systems) that will be used; otherwise, it falls back
+ to using a local mechanism based on the ServiceSwitchFile
+ option (default: /etc/service.switch). For example, if the
+ service switch lists "files" and "nis" for the aliases
+ service, that will be the default lookup order. the "files"
+ ("local" on DEC) service type expands to any alias files
+ you listed in the configuration file, even if they aren't
+ actually file lookups.
+ Option I (NameServerOptions) no longer sets the "UseNameServer"
+ variable which tells whether or not DNS should be considered
+ canonical. This is now determined based on whether or not
+ "dns" is in the service list for "hosts".
+ Add preliminary support for the ESMTP "DSN" extension (Delivery
+ Status Notifications). This is not yet a standard
+ and the implementation is for experimentation only.
+ For this reason it only announces itself as "X-DSN-0"
+ instead of "DSN". DSN notifications override
+ Return-Receipt-To:.
+ Add T=mtstype keyletter to mailer definitions to define the value
+ for the Final-MTS-Type: and Remote-MTS-Type: fields in the
+ DSN-standard return message.
+ Extend heuristic to force running in ESMTP mode to look for the
+ six-character string "ESMTP " anywhere in the 220 greeting
+ message (not just the second line). This is to provide
+ better compatibility with other ESMTP servers.
+ Print sequence number of job when running the queue so you can
+ easily see how much progress you have made. Suggested
+ by Peter Wemm of DIALix.
+ Map newlines to spaces in logged message-ids; some versions of
+ syslog truncate the rest of the line after newlines.
+ Suggested by Fletcher Mattox of U. Texas.
+ Move up forking for job runs so that if a message is split into
+ multiple envelopes you don't get "fork storms" -- this
+ also improves the connection cache utilization.
+ Accept "<<>>", "<<<>>>", and so forth as equivalent to "<>" for
+ the purposes of refusing to send error returns. Suggested
+ by Motonori Nakamura of Ritsumeikan University.
+ Relax rules on when a file can be written when referenced from
+ the aliases file: use the default uid/gid instead of the
+ real uid/gid. This allows you to create a file owned by
+ and writable only by the default uid/gid that will work
+ all the time (without having the setuid bit set). Change
+ suggested by Shau-Ping Lo and Andrew Cheng of Sun
+ Microsystems.
+ Add "DialDelay" option (no short name) to provide an "extra"
+ delay for dial on demand systems. If this is non-zero
+ and a connect fails, sendmail will wait this long and
+ then try again. If it takes longer than the kernel
+ timeout interval to establish the connection, this
+ option can give the network software time to establish
+ the link. The default units are seconds.
+ Move logging of sender information to be as early as possible;
+ previously, it could be delayed a while for SMTP mail
+ sent to aliases. Suggested by Brad Knowles of the
+ Defense Information Systems Agency.
+ Call res_init() before setting RES_DEBUG; this is required by
+ BIND 4.9.3, or so I'm told. From Douglas Anderson of
+ the National Computer Security Center.
+ Add xdelay= field in logs -- this is a transaction delay, telling
+ you how long it took to deliver to this address on the
+ last try. It is intended to be used for sorting mailing
+ lists to favor "quick" addresses. Provided for use by
+ the mailprio scripts (see below).
+ If a map cannot be opened, and that map is non-optional, and
+ an address requires that map for resolution, queue the
+ map instead of bouncing it. This involves creating a
+ pseudo-class of maps called "bogus-map" -- if a required
+ map cannot be opened, the class is changed to bogus-map;
+ all queries against bogus-map return "tempfail". The
+ bogus-map class is not directly accessible. A sample
+ implementation was donated by Jem Taylor of Glasgow
+ University Computing Service.
+ Don't make a bad ``MAIL FROM:'' address on one message blow away
+ other messages to the same host later in the queue.
+ Problem noted by Eric Prestemon of American University.
+ Fix a possible core dump when mailing to a program that talks
+ SMTP on its standard input. Fix from Keith Moore of
+ the University of Kentucky.
+ Make it possible to resolve filenames to $#local $: @ /filename;
+ previously, the "@" would cause it to not be recognized
+ as a file. Problem noted by Brian Hill of U.C. Davis.
+ Accept a -1 signal to re-exec the daemon. This only works if
+ argv[0] is a full path to sendmail.
+ Fix bug in "addr=..." field in O option on little-endian machines
+ -- the network number wasn't being converted to network
+ byte order. Patch from Kurt Lidl of Pix Technologies
+ Corporation.
+ Pre-initialize the resolver early on; this is to avoid a bug with
+ BIND 4.9.3 that can cause the _res.retry field to get
+ reset to zero, causing all name server lookups to time
+ out. Fix from Matt Day of Artisoft.
+ Restore T line (trusted users) in config file -- but instead of
+ locking out the -f flag, they just tell whether or not
+ an X-Authentication-Warning: will be added. This really
+ just creates new entries in class 't', so "Ft/file/name"
+ can be used to read trusted user names from a file.
+ Trusted users are also allowed to execute programs even
+ if they have a shell that isn't in /etc/shells.
+ Improve NEWDB alias file rebuilding so it will create them
+ properly if they do not already exist. This had been
+ a MAYBENEXTRELEASE feature in 8.6.9.
+ Check for @:@ entry in NIS maps before starting up to avoid
+ (but not prevent, sigh) race conditions. This ought to
+ be handled properly in ypserv, but isn't. Suggested by
+ Michael Beirne of Motorola.
+ Refuse connections if there isn't enough space on the filesystem
+ holding the queue. Contributed by Robert Dana of Wolf
+ Communications.
+ Skip checking for directory permissions in the path to a file
+ when checking for file permissions iff setreuid()
+ succeeded -- it is unnecessary in that case. This avoids
+ significant performance problems when looking for .forward
+ files. Based on a suggestion by Win Bent of USC.
+ Allow symbolic ruleset names. Syntax can be "Sname" to get an
+ arbitrary ruleset number assigned or "Sname = integer"
+ to assign a specific ruleset number. Reference is
+ $>name_or_number. Names can be composed of alphas, digits,
+ underscore, or hyphen (first character must be non-numeric).
+ Allow -o flag on AliasFile lines to make the alias file optional.
+ From Bryan Costales of ICSI.
+ Add NoRecipientAction option to handle the case where there is
+ no legal recipient header in the message. It can take
+ on values:
+ None Leave the message as is. The
+ message will be passed on even
+ though it is in technically
+ illegal syntax.
+ Add-To Add a To: header with any
+ recipients that it can find from
+ the envelope. This risks exposing
+ Bcc: recipients.
+ Add-Apparently-To Add an Apparently-To: header. This
+ has almost no redeeming social value,
+ and is provided only for back
+ compatibility.
+ Add-To-Undisclosed Add a header reading
+ To: undisclosed-recipients:;
+ which will have the effect of
+ making the message legal without
+ exposing Bcc: recipients.
+ Add-Bcc To add an empty Bcc: header.
+ There is a chance that mailers down
+ the line will delete this header,
+ which could cause exposure of Bcc:
+ recipients.
+ The default is NoRecipientAction=None.
+ Truncate (rather than delete) Bcc: lines in the header. This
+ should prevent later sendmails (at least, those that don't
+ themselves delete Bcc:) from considering this message to
+ be non-conforming -- although it does imply that non-blind
+ recipients can see that a Bcc: was sent, albeit not to whom.
+ Add SafeFileEnvironment option. If declared, files named as delivery
+ targets must be regular files in addition to the regular
+ checks. Also, if the option is non-null then it is used as
+ the name of a directory that is used as a chroot(2)
+ environment for the delivery; the file names listed in an
+ alias or forward should include the name of this root.
+ For example, if you run with
+ O SafeFileEnvironment=/arch
+ then aliases should reference "/arch/rest/of/path". If a
+ value is given, sendmail also won't try to save to
+ /usr/tmp/dead.letter (instead it just leaves the job in the
+ queue as Qfxxxxxx). Inspired by *Hobbit*'s sendmail patch kit.
+ Support -A flag for alias files; this will comma concatenate like
+ entries. For example, given the aliases:
+ list: member1
+ list: member2
+ and an alias file declared as:
+ OAhash:-A /etc/aliases
+ the final alias inserted will be "list: member1,member2";
+ without -A you will get an error on the second and subsequent
+ alias for "list". Contributed by Bryan Costales of ICSI.
+ Line-buffer transcript file. Suggested by Liudvikas Bukys.
+ Fix a problem that could cause very long addresses to core dump in
+ some special circumstances. Problem pointed out by Allan
+ Johannesen.
+ (Internal change.) Change interface to expand() (macro expansion)
+ to be simpler and more consistent.
+ Delete check for funny qf file names. This didn't really give
+ any extra security and caused some people some problems.
+ (If you -really- want this, define PICKY_QF_NAME_CHECK
+ at compile time.) Suggested by Kyle Jones of UUNET.
+ (Internal change.) Change EF_NORETURN to EF_NO_BODY_RETN and
+ merge with DSN code; this is simpler and more consistent.
+ This may affect some people who have written their own
+ checkcompat() routine.
+ (Internal change.) Eliminate `D' line in qf file. The df file
+ is now assumed to be the same name as the qf file (with
+ the `q' changed to a `d', of course).
+ Avoid forking for delivery if all recipient mailers are marked as
+ "expensive" -- this can be a major cost on some systems.
+ Essentially, this forces sendmail into "queue only" mode
+ if all it is going to do is queue anyway.
+ Avoid sending a null message in some rather unusual circumstances
+ (specifically, the RCPT command returns a temporary
+ failure but the connection is lost before the DATA
+ command). Fix from Scott Hammond of Secure Computing
+ Corporation.
+ Change makesendmail to use a somewhat more rational naming scheme:
+ Makefiles and obj directories are named $os.$rel.$arch,
+ where $os is the operating system (e.g., SunOS), $rel is
+ the release number (e.g., 5.3), and $arch is the machine
+ architecture (e.g., sun4). Any of these can be omitted,
+ and anything after the first dot in a release number can
+ be replaced with "x" (e.g., SunOS.4.x.sun4). The previous
+ version used $os.$arch.$rel and was rather less general.
+ Ignore IDENT return value if the OSTYPE field returns "OTHER",
+ as indicated by RFC 1413. Pointed out by Kari Hurtta
+ of the Finnish Meteorological Institute.
+ Fix problem that could cause multiple responses to DATA command
+ on header syntax errors (e.g., lines beginning with colons).
+ Problem noted by Jens Thomassen of the University of Oslo.
+ Don't let null bytes in headers cause truncation of the rest of
+ the header.
+ Log Authentication-Warning:s. Suggested by Motonori Nakamura.
+ Increase timeouts on message data puts to allow time for receivers
+ to canonify addresses in headers on the fly. This is still
+ a rather ugly heuristic. From Motonori Nakamura.
+ Add "HasWildcardMX" suboption to ResolverOptions; if set, MX
+ records are not used when canonifying names. This is
+ useful if you have a wildcard MX record, although it
+ may cause other problems. In general, don't use wildcard
+ MX records. Patch from Motonori Nakamura.
+ Eliminate default two-line SMTP greeting message. Instead of
+ adding an extra "ESMTP spoken here" line, the word "ESMTP"
+ is added between the first and second word of the first
+ line of the greeting message (i.e., immediately after the
+ host name). This eliminates the need for the BROKEN_SMTP_PEERS
+ compile flag. Old sendmails won't see the ESMTP, but that's
+ acceptable because SIZE was the only useful extension that
+ old sendmails understand.
+ Avoid gethostbyname calls on UNIX domain sockets during SIGUSR1
+ invoked state dumps. From Masaharu Onishi.
+ Allow on-line comments in .forward and :include: files; they are
+ introduced by the string "<LWSP>#@#<LWSP>", where <LWSP>
+ is a space or a tab. This is intended for native
+ representation of non-ASCII sets such as Japanese, where
+ existing encodings would be unreadable or would lose
+ data -- for example,
+ <motonori@cs.ritsumei.ac.jp> NAKAMURA Motonori
+ (romanized/less information)
+ <motonori@cs.ritsumei.ac.jp> =?ISO-2022-JP?B?GyRCQ2ZCPBsoQg==?=
+ =?ISO-2022-JP?B?GyRCQUdFNRsoQg==?=
+ (with MIME encoding, not human readable)
+ <motonori@cs.ritsumei.ac.jp> #@# ^[$BCfB<^[(B ^[$BAGE5^[(B
+ (native encoding with ISO-2022-JP)
+ The last form is human readable in the Japanese environment.
+ Based on a fix from (surprise!) Motonori Nakamura.
+ Don't make SMTP error returns on MAIL FROM: line be "sticky" for all
+ messages to that host; these are most frequently associated
+ with addresses rather than the host, with the exception of
+ 421 (service shutting down). The effect was to cause queues
+ to sometimes take an excessive time to flush. Reported by
+ Robert Sargent of Southern Geographics Technologies.
+ Add Nice=N mailer option to set the niceness at which a mailer will
+ run.
+ When looking for a default config file (that is, not specified using
+ a -C flag), try a configuration file name extended by the
+ binary version number -- e.g., sendmail.8.7.Alpha.9.cf,
+ sendmail.8.7.Alpha.cf, sendmail.8.7.cf, sendmail.8.cf, and
+ sendmail.cf in that order. This should make it easier to
+ test new versions in a shared environment.
+ Log queue runs that are skipped due to high loads. They are logged
+ at LOG_INFO priority iff the log level is > 8. Contributed
+ by Bruce Nagel of Data General.
+ Allow the error mailer to accept a DSN-style error status code
+ instead of an sysexits status code in the host part.
+ Anything with a dot will be interpreted as a DSN-style code.
+ Add new mailer flag: F=3 will tell translations to Quoted-Printable
+ to encode characters that might be munged by an EBCDIC system
+ in addition to the set required by RFC 1521. The additional
+ characters are !, ", #, $, @, [, \, ], ^, `, {, |, }, and ~.
+ (Think of "IBM 360" as the mnemonic for this flag.)
+ Change check for mailing to files to look for a pathname of [FILE]
+ rather than looking for the mailer named *file*. The mapping
+ of leading slashes still goes to the *file* mailer. This
+ allows you to implement the *file* mailer as a separate
+ program, for example, to insert a Content-Length: header
+ or do special security policy. However, note that the usual
+ initial checking for the file permissions is still done, and
+ the program in question needs to be very careful about how
+ it does the file write to avoid security problems.
+ Be able to read ~root/.forward even if the path isn't accessible to
+ regular users. This is disrecommended because sendmail
+ sometimes does not run as root (e.g., when an unsafe option
+ is specified on the command line), but should otherwise be
+ safe because .forward files must be owned by the user for
+ whom mail is being forwarded, and cannot be a symbolic link.
+ Suggested by Forrest Aldrich of Wang Laboratories.
+ Add new "HostsFile" option that is the pathname to the /etc/hosts
+ file. This is used for canonifying hostnames when the
+ service type is "files".
+ Implement programs on F (read class from file) line. The syntax is
+ Fc|/path/to/program to read the output from the program
+ into class "c".
+ Probe the network interfaces to find alternate names for this
+ host. Requires the SIOCGIFCONF ioctl call. Code
+ contributed by SunSoft.
+ Add "E" configuration line to set or propogate environment
+ variables into children. "E<envar>" will propogate
+ the named variable from the environment when sendmail
+ was invoked into any children it calls; "E<envar>=<value>"
+ sets the named variable to the indicated value. Any
+ variables not explicitly named will not be in the child
+ environment. However, sendmail still forces an
+ "AGENT=sendmail" environment variable, in part to enforce
+ at least one environment variable, since many programs and
+ libraries die horribly if this is not guaranteed.
+ Change heuristic for rebuilding both NEWDB and NDBM versions of
+ alias databases -- new algorithm looks for the substring
+ "/yp/" in the file name. This is more portable and involves
+ less overhead. Suggested by Motonori Nakamura.
+ Dynamically allocate the queue work list so that you don't lose
+ jobs in large queue runs. The old QUEUESIZE compile parameter
+ is replaced by QUEUESEGSIZE (the unit of allocation, which
+ should not need to be changed) and the MaxQueueRunSize option,
+ which is the absolute maximum number of jobs that will ever
+ be handled in a single queue run. Based on code contributed
+ by Brian Coan of the Institute for Global Communications.
+ Log message when a message is dropped because it exceeds the maximum
+ message size. Suggested by Leo Bicknell of Virginia Tech.
+ Allow trusted users (those on a T line or in $=t) to use -bs without
+ an X-Authentication-Warning: added. Suggested by Mark Thomas
+ of Mark G. Thomas Consulting.
+ Announce state of compile flags on -d0.1 (-d0.10 throws in the
+ OS-dependent defines). The old semantic of -d0.1 to not
+ run the daemon in background has been moved to -d99.100,
+ and the old 52.5 flag (to avoid disconnect() from closing
+ all output files) has been moved to 52.100. This makes
+ things more consistent (flags below .100 don't change
+ semantics) and separates out the backgrounding so that
+ it doesn't happen automatically on other unrelated debugging
+ flags.
+ If -t is used but no addresses are found in the header, give an
+ error message rather than just doing nothing. Fix from
+ Motonori Nakamura.
+ On systems (like SunOS) where the effective gid is not necessarily
+ included in the group list returned by getgroups(), the
+ `restrictmailq' option could sometimes cause an authorized
+ user to not be able to use `mailq'. Fix from Charles Hannum
+ of MIT.
+ Allow symbolic service names for [IPC] mailers. Suggested by
+ Gerry Magennis of Logica International.
+ Add DontExpandCnames option to prevent $[ ... $] from expanding CNAMEs
+ when running DNS. For example, if the name FTP.Foo.ORG is
+ a CNAME for Cruft.Foo.ORG, then when sitting on a machine in
+ the Foo.ORG domain a lookup of "FTP" returns "Cruft.Foo.ORG"
+ if this option is not set, or "FTP.Foo.ORG" if it is set.
+ This is technically illegal under RFC 822 and 1123, but the
+ IETF is moving toward legalizing it. Note that turning on
+ this option is not sufficient to guarantee that a downstream
+ neighbor won't rewrite the address for you.
+ Add "-m" flag to makesendmail script -- this tells you what object
+ directory and Makefile it will use, but doesn't actually do
+ the make.
+ Do some additional checking on the contents of the qf file to try
+ to detect attacks against the qf file. In particular,
+ abort on any line beginning "From ", and add an "end of
+ file" line -- any data after that line is prohibited.
+ If /etc/sendmail.cf exists, use it regardless of the compile-time
+ setting of _PATH_SENDMAILCF. This allows sendmail 8 to
+ have consistent install instructions.
+ PORTABILITY FIXES:
+ Solaris 2 from Rob McMahon <cudcv@csv.warwick.ac.uk>.
+ System V Release 4 from Motonori Nakamura of Ritsumeikan
+ University. This expands the disk size
+ checking to include all (?) SVR4 configurations.
+ System V Release 4 from Kimmo Suominen -- initgroups(3)
+ and setrlimit(2) are both available.
+ System V Release 4 from sob@sculley.ffg.com -- some versions
+ apparently "have EX_OK defined in other headerfiles."
+ Linux Makefile typo.
+ Linux getusershell(3) is broken in Slackware 2.0 --
+ from Andrew Pam of Xanadu Australia.
+ More Linux tweaking from John Kennedy of California State
+ University, Chico.
+ Cray changes from Eric Wassenaar: ``On Cray, shorts,
+ ints, and longs are all 64 bits, and all structs
+ are multiples of 64 bits. This means that the
+ sizeof operator returns only multiples of 8.
+ This requires adaptation of code that really
+ deals with 32 bit or 16 bit fields, such as IP
+ addresses or nameserver fields.''
+ DG/UX 5.4.3 from Mark T. Robinson <mtr@ornl.gov>. To
+ get the old behaviour, use -DDGUX_5_4_2.
+ DG/UX hack: add _FORCE_MAIL_LOCAL_=yes environment
+ variable to fix bogus /bin/mail behaviour.
+ Tandem NonStop-UX from Rick McCarty <mccarty@mpd.tandem.com>.
+ This also cleans up some System V Release 4 compile
+ problems.
+ Solaris 2: sendmail.cw file should be in /etc/mail to
+ match all the other configuration files. Fix
+ from Glenn Barry of Emory University.
+ Solaris 2.3: compile problem in conf.c. Fix from Alain
+ Nissen of the University of Liege, Belgium.
+ Ultrix: freespace calculation was incorrect. Fix from
+ Takashi Kizu of Osaka University.
+ SVR4: running in background gets a SIGTTOU because the
+ emulation code doesn't realize that "getpeername"
+ doesn't require reading the file. Fix from Peter
+ Wemm of DIALix.
+ Solaris 2.3: due to an apparent bug in the socket emulation
+ library, sockets can get into a "wedged" state where
+ they just return EPROTO; closing and re-opening the
+ socket clears the problem. Fix from Bob Manson
+ of Ohio State University.
+ Hitachi 3050R & 3050RX running HI-UX/WE2: portability
+ fixes from Akihiro Hashimoto ("Hash") of Chiba
+ University.
+ AIX changes to allow setproctitle to work from Rainer Schöpf
+ of Zentrum für Datenverarbeitung der Universität
+ Mainz.
+ AIX changes for load average from Ed Ravin of NASA/Goddard.
+ SCO Unix from Chip Rosenthal of Unicom (code was using the
+ wrong statfs call).
+ ANSI C fixes from Adam Glass (NetBSD project).
+ Stardent Titan/ANSI C fixes from Kate Hedstrom of Rutgers
+ University.
+ DG-UX fixes from Bruce Nagel of Data General.
+ IRIX64 updates from Mark Levinson of the University of
+ Rochester Medical Center.
+ Altos System V (``the first UNIX/XENIX merge the Altos
+ did for their Series 1000 & Series 2000 line;
+ their merged code was licenced back to AT&T and
+ Microsoft and became System V release 3.2'') from
+ Tim Rice <timr@crl.com>.
+ OSF/1 running on Intel Paragon from Jeff A. Earickson
+ <jeff@ssd.intel.com> of Intel Scalable Systems
+ Divison.
+ Amdahl UTS System V 2.1.5 (SVr3-based) from Janet Jackson
+ <janet@dialix.oz.au>.
+ System V Release 4 (statvfs semantic fix) from Alain
+ Durand of I.M.A.G.
+ HP-UX 10.x multiprocessor load average changes from
+ Scott Hutton and Jeff Sumler of Indiana University.
+ Cray CSOS from Scott Bolte of Cray Computer Corporation.
+ Unicos 8.0 from Douglas K. Rand of the University of North
+ Dakota, Scientific Computing Center.
+ Solaris 2.4 fixes from Sanjay Dani of Dani Communications.
+ ConvexOS 11.0 from Christophe Wolfhugel.
+ IRIX 4.0.5 from David Ashton-Reader of CADcentre.
+ ISC UNIX from J. J. Bailey.
+ HP-UX 9.xx on the 8xx series machines from Remy Giraud
+ of Meteo France.
+ HP-UX configuration from Tom Lane <tgl@sss.pgh.pa.us>.
+ IRIX 5.2 and 5.3 from Kari E. Hurtta.
+ FreeBSD 2.0 from Mike Hickey of Federal Data Corporation.
+ Sony NEWS-OS 4.2.1R and 6.0.3 from Motonori Nakamura.
+ Omron LUNA unios-b, mach from Motonori Nakamura.
+ NEC EWS-UX/V 4.2 from Motonori Nakamura.
+ NeXT 2.1 from Bryan Costales.
+ AUX patch thanks to Mike Erwin of Apple Computer.
+ HP-UX 10.0 from John Beck of Hewlett-Packard.
+ Ultrix: allow -DBROKEN_RES_SEARCH=0 if you are using a
+ non-DEC resolver. Suggested by Allan Johannesen.
+ UnixWare 2.0 fixes from Petr Lampa of the Technical
+ University of Brno (Czech Republic).
+ MAKEMAP: allow -d flag to allow insertion of duplicate aliases
+ in type ``btree'' maps. The semantics of this are undefined
+ for regular maps, but it can be useful for the user database.
+ MAKEMAP: lock database file while rebuilding to avoid sendmail
+ lookups while the rebuild is going on. There is a race
+ condition between the open(... O_TRUNC ...) and the lock
+ on the file, but it should be quite small.
+ SMRSH: sendmail restricted shell added to the release. This can
+ be used as an alternative to /bin/sh for the "prog" mailer,
+ giving the local administrator more control over what
+ programs can be run from sendmail.
+ MAIL.LOCAL: add this local mailer to the tape. It is not really
+ part of the release proper, and isn't fully supported; in
+ particular, it does not run on System V based systems and
+ never will.
+ CONTRIB: a patch to rmail.c from Bill Gianopoulos of Raytheon
+ to allow rmail to compile on systems that don't have
+ function prototypes and systems that don't have snprintf.
+ CONTRIB: add the "mailprio" scripts that will help you sort mailing
+ lists by transaction delay times so that addresses that
+ respond quickly get sent first. This is to prevent very
+ sluggish servers from delaying other peoples' mail.
+ Contributed by Tony Sanders of BSDI.
+ CONTRIB: add the "bsdi.mc" file as contributed by Tony Sanders
+ of BSDI. This has a lot of comments to help people out.
+ CONFIG: fix mail from <> so it will properly convert to
+ MAILER-DAEMON on local addresses.
+ CONFIG: fix code that was supposed to catch colons in host
+ names. Problem noted by John Gardiner Myers of CMU.
+ CONFIG: allow use of SMTP_MAILER_MAX in nullclient configuration.
+ From Paul Riddle of the University of Maryland, Baltimore
+ County.
+ CONFIG: Catch and reject "." as a host address.
+ CONFIG: Generalize domaintable to look up all domains, not
+ just unqualified ones.
+ CONFIG: Delete OLD_SENDMAIL support -- as near as I can tell, it
+ was never used and didn't work anyway.
+ CONFIG: Set flags A, w, 5, :, /, |, and @ on the "local" mailer
+ and d on all mailers in the UUCP class.
+ CONFIG: Allow "user+detail" to be aliased specially: it will first
+ look for an alias for "user+detail", then for "user+*", and
+ finally for "user". This is intended for forwarding mail
+ for system aliases such as root and postmaster to a
+ centralized hub.
+ CONFIG: add confEIGHT_BIT_HANDLING to set option 8 (see above).
+ CONFIG: add smtp8 mailer; this has the F=8 (just-send-8) flag set.
+ The F=8 flag is also set on the "relay" mailer, since
+ this is expected to be another sendmail.
+ CONFIG: avoid qualifying all UUCP addresses sent via SMTP with
+ the name of the UUCP_RELAY -- in some cases, this is the
+ wrong value (e.g., when we have local UUCP connections),
+ and this can create unreplyable addresses. From Chip
+ Rosenthal of Unicom.
+ CONFIG: add confRECEIVED_HEADER to change the format of the
+ Received: header inserted into all messages. Suggested by
+ Gary Mills of the University of Manitoba.
+ CONFIG: Make "notsticky" the default; use FEATURE(stickyhost)
+ to get the old behaviour. I did this upon observing
+ that almost everyone needed this feature, and that the
+ concept I was trying to make happen didn't work with
+ some user agents anyway. FEATURE(notsticky) still works,
+ but it is a no-op.
+ CONFIG: Add LUSER_RELAY -- the host to which unrecognized user
+ names are sent, rather than immediately diagnosing them
+ as User Unknown.
+ CONFIG: Add SMTP_MAILER_ARGS, ESMTP_MAILER_ARGS, SMTP8_MAILER_ARGS,
+ and RELAY_MAILER_ARGS to set the arguments for the
+ indicated mailers. All default to "IPC $h". Patch from
+ Larry Parmelee of Cornell University.
+ CONFIG: pop mailer needs F=n flag to avoid "annoying side effects
+ on the client side" and F=P to get an appropriate
+ return-path. From Kimmo Suominen.
+ CONFIG: add FEATURE(local_procmail) to use the procmail program
+ as the local mailer. For addresses of the form "user+detail"
+ the "detail" part is passed to procmail via the -a flag.
+ Contributed by Kimmo Suominen.
+ CONFIG: add MAILER(procmail) to add an interface to procmail for
+ use from mailertables. This lets you execute arbitrary
+ procmail scripts. Contributed by Kimmo Suominen.
+ CONFIG: add T= fields (MTS type) to local, smtp, and uucp mailers.
+ CONFIG: add OSTYPE(ptx2) for DYNIX/ptx 2.x from Sequent. From
+ Paul Southworth of CICNet Systems Support.
+ CONFIG: use -a$g as default to UUCP mailers, instead of -a$f.
+ This causes the null return path to be rewritten as
+ MAILER-DAEMON; otherwise UUCP gets horribly confused.
+ From Michael Hohmuth of Technische Universitat Dresden.
+ CONFIG: Add FEATURE(bestmx_is_local) to cause any hosts that
+ list us as the best possible MX record to be treated as
+ though they were local (essentially, assume that they
+ are included in $=w). This can cause additional DNS
+ traffic, but is easier to administer if this fits your
+ local model. It does not work reliably if there are
+ multiple hosts that share the best MX preference.
+ Code contributed by John Oleynick of Rutgers.
+ CONFIG: Add FEATURE(smrsh) to use smrsh (the SendMail Restricted
+ SHell) instead of /bin/sh as the program used for delivery
+ to programs. If an argument is included, it is used as
+ the path to smrsh; otherwise, /usr/local/etc/smrsh is
+ assumed.
+ CONFIG: Add LOCAL_MAILER_MAX and PROCMAILER_MAILER_MAX to limit the
+ size of messages to the local and procmail mailers
+ respectively. Contributed by Brad Knowles of the Defense
+ Information Systems Agency.
+ CONFIG: Handle leading ``phrase:'' and trailing ``;'' as comments
+ (just like text outside of angle brackets) in order to
+ properly deal with ``group: addr1, ... addrN;'' syntax.
+ CONFIG: Require OSTYPE macro (the defaults really don't apply to
+ any real systems any more) and tweak the DOMAIN macro
+ so that it is less likely that users will accidently use
+ the Berkeley defaults. Also, create some generic files
+ that really can be used in the real world.
+ CONFIG: Add new configuration macros to set character sets for
+ messages _arriving from_ various mailers: LOCAL_MAILER_CHARSET,
+ SMTP_MAILER_CHARSET, and UUCP_MAILER_CHARSET.
+ CONFIG: Change UUCP_MAX_SIZE to UUCP_MAILER_MAX for consistency.
+ The old name will still be accepted for a while at least.
+ CONFIG: Implement DECNET_RELAY as spec for host to which DECNET
+ mail (.DECNET pseudo-domain or node::user) will be sent.
+ As with all relays, it can be ``mailer:hostname''. Suggested
+ by Scott Hutton.
+ CONFIG: Add MAILER(mail11) to get DECnet support. Code contributed
+ by Barb Dijker of Labyrinth Computer Services.
+ CONFIG: change confCHECK_ALIASES to default to False -- it has poor
+ performance for large alias files, and this confused many
+ people.
+ CONFIG: Add confCF_VERSION to append local information to the
+ configuration version number displayed during SMTP startup.
+ CONFIG: fix some.newsgroup.usenet@local.host syntax (previously it
+ would only work when locally addressed. Fix from
+ Edvard Tuinder of Cistron Internet Services.
+ NEW FILES:
+ cf/cf/cs-hpux10.mc
+ cf/cf/cs-solaris2.mc
+ cf/cf/generic-hpux10.mc
+ cf/cf/generic-hpux9.mc
+ cf/cf/generic-osf1.mc
+ cf/cf/generic-solaris2.mc
+ cf/cf/generic-sunos4.1.mc
+ cf/cf/generic-ultrix4.mc
+ cf/cf/huginn.cs.mc
+ cf/domain/berkeley-only.m4
+ cf/domain/generic.m4
+ cf/feature/bestmx_is_local.m4
+ cf/feature/local_procmail.m4
+ cf/feature/smrsh.m4
+ cf/feature/stickydomain.m4
+ cf/mailer/mail11.m4
+ cf/mailer/procmail.m4
+ cf/ostype/amdahl-uts.m4
+ cf/ostype/hpux10.m4
+ cf/ostype/isc4.1.m4
+ cf/ostype/ptx2.m4
+ cf/ostype/unknown.m4
+ contrib/bsdi.mc
+ contrib/mailprio
+ contrib/rmail.oldsys.patch
+ smrsh/README
+ smrsh/smrsh.8
+ smrsh/smrsh.c
+ src/Makefiles/Makefile.CSOS
+ src/Makefiles/Makefile.EWS-UX_V
+ src/Makefiles/Makefile.HP-UX.10
+ src/Makefiles/Makefile.IRIX.5.x
+ src/Makefiles/Makefile.IRIX64
+ src/Makefiles/Makefile.ISC
+ src/Makefiles/Makefile.NEWS-OS.4.x
+ src/Makefiles/Makefile.NEWS-OS.6.x
+ src/Makefiles/Makefile.NonStop-UX
+ src/Makefiles/Makefile.Paragon
+ src/Makefiles/Makefile.SunOS.5.3
+ src/Makefiles/Makefile.SunOS.5.4
+ src/Makefiles/Makefile.SunOS.5.5
+ src/Makefiles/Makefile.UNIX_SV.4.x.i386
+ src/Makefiles/Makefile.uts.systemV
+ src/mime.c
+ test/t_seteuid.c
+ RENAMED FILES:
+ cf/cf/alpha.mc => cf/cf/s2k-osf1.mc
+ cf/cf/chez.mc => cf/cf/chez.cs.mc
+ cf/cf/hpux-cs-exposed.mc => cf/cf/cs-hpux9.mc
+ cf/cf/osf1-cs-exposed.mc => cf/cf/cs-osf1.mc
+ cf/cf/s2k.mc => cf/cf/s2k-ultrix4.mc
+ cf/cf/sunos4.1-cs-exposed.mc => cf/cf/cs-sunos4.1.mc
+ cf/cf/ultrix4.1-cs-exposed.mc => cf/cf/cs-ultrix4.mc
+ cf/cf/vangogh.mc => cf/cf/vangogh.cs.mc
+ cf/domain/Berkeley.m4 => cf/domain/Berkeley.EDU.m4
+ cf/domain/cs-exposed.m4 => cf/domain/CS.Berkeley.EDU.m4
+ cf/domain/eecs-hidden.m4 => cf/domain/EECS.Berkeley.EDU.m4
+ cf/domain/s2k.m4 => cf/domain/S2K.Berkeley.EDU.m4
+ cf/ostype/hpux.m4 => cf/ostype/hpux9.m4
+ cf/ostype/ultrix4.1.m4 => cf/ostype/ultrix4.m4
+ src/Makefile.* => src/Makefiles/Makefile.*
+ src/Makefile.BSDI => src/Makefiles/Makefile.BSD-OS
+ src/Makefile.SunOS.4.0.3 => src/Makefiles/Makefile.SunOS.4.0
+ OBSOLETED FILES:
+ cf/cf/cogsci.mc
+ cf/cf/cs-exposed.mc
+ cf/cf/cs-hidden.mc
+ cf/cf/hpux-cs-hidden.mc
+ cf/cf/knecht.mc
+ cf/cf/osf1-cs-hidden.mc
+ cf/cf/sunos3.5-cs-exposed.mc
+ cf/cf/sunos3.5-cs-hidden.mc
+ cf/cf/sunos4.1-cs-hidden.mc
+ cf/cf/ultrix4.1-cs-hidden.mc
+ cf/domain/cs-hidden.m4
+ contrib/rcpt-streaming
+ src/Makefiles/Makefile.SunOS.5.x
+
+8.6.12/8.6.12 95/03/28
+ Fix to IDENT code (it was getting the size of the reply buffer
+ too small, so nothing was ever accepted). Fix from several
+ people, including Allan Johannesen, Shane Castle of the
+ Boulder County Information Services, and Jeff Smith of
+ Warwick University (all arrived within a few hours of
+ each other!).
+ Fix a problem that could cause large jobs to run out of
+ file descriptors on systems that use vfork() rather
+ than fork().
+
+8.6.11/8.6.11 95/03/08
+ The ``possible attack'' message would be logged more often
+ than necessary if you are using Pine as a user agent.
+ The wrong host would be reported in the ``possible attack''
+ message when attempted from IDENT.
+ In some cases the syslog buffer could be overflowed when
+ reporting the ``possible attack'' message. This can
+ cause denial of service attacks. Truncate the message
+ to 80 characters to prevent this problem.
+ When reading the IDENT response a loop is needed around the
+ read from the network to ensure that you don't get
+ partial lines.
+ Password entries without any shell listed (that is, a null
+ shell) wouldn't match as "ok". Problem noted by
+ Rob McMahon.
+ When running BIND 4.9.x a problem could occur because the
+ _res.options field is initialized differently than it
+ was historically -- this requires that sendmail call
+ res_init before it tweaks any bits.
+ Fix an incompatibility in openxscript() between the file open mode
+ and the stdio mode passed to fdopen. This caused UnixWare
+ 2.0 to have conniptions. Fix from Martin Sohnius of
+ Novell Labs Europe.
+ Fix problem with static linking of local getopt routine when
+ using GNU's ld command. Fix from John Kennedy of
+ Cal State Chico.
+ It was possible to turn off privacy flags. Problem noted by
+ *Hobbit*.
+ Be more paranoid about writing files. Suggestions by *Hobbit*
+ and Liudvikas Bukys.
+ MAKEMAP: fixes for 64 bit machines (DEC Alphas in particular)
+ from Spider Boardman.
+ CONFIG: No changes (version number only, to keep it in sync
+ with the binaries).
+
+8.6.10/8.6.10 95/02/10
+ SECURITY: Diagnose bogus values to some command line flags that
+ could allow trash to get into headers and qf files.
+ Validate the name of the user returned by the IDENT protocol.
+ Some systems that really dislike IDENT send intentionally
+ bogus information. Problem pointed out by Michael Bushnell
+ of the Free Software Foundation. Has some security
+ implications.
+ Fix a problem causing error messages about DNS problems when
+ the host name contained a percent sign to act oddly
+ because it was passed as a printf-style format string.
+ In some cases this could cause core dumps.
+ Avoid possible buffer overrun in returntosender() if error
+ message is quite ling. From Fletcher Mattox of the
+ University of Texas.
+ Fix a problem that would silently drop "too many hops" error
+ messages if and only if you were sending to an alias.
+ From Jon Giltner of the University of Colorado and
+ Dan Harton of Oak Ridge National Laboratory.
+ Fix a bug that caused core dumps on some systems if -d11.2 was
+ set and e->e_message was null. Fix from Bruce Nagel of
+ Data General.
+ Fix problem that can still cause df files to be left around
+ after "hop count exceeded" messages. Fix from Andrew
+ Chang and Shau-Ping Lo of SunSoft.
+ Fix a problem that can cause buffer overflows on very long
+ user names (as might occur if you piped to a program
+ with a lot of arguments).
+ Avoid returning an error and re-queueing if the host signature
+ is null; this can occur on addresses like ``user@.''.
+ Problem noted by Wesley Craig and the University of
+ Michigan.
+ Avoid possible calls to malloc(0) if MCI caching is turned
+ off. Bug fix from Pierre David of the Laboratoire
+ Parallelisme, Reseaux, Systemes et Modelisation (PRiSM),
+ Universite de Versailles - St Quentin, and Jacky
+ Thibault.
+ Make a local copy of the line being sent via senttolist() -- in
+ some cases, buffers could get trashed by map lookups
+ causing it to do unexpected things. This also simplifies
+ some of the map code.
+ CONFIG: No changes (version number only, to keep it in sync
+ with the binaries).
+
+8.6.9/8.6.9 94/04/19
+ Do all mail delivery completely disconnected from any terminal.
+ This provides consistency with daemon delivery and
+ may have some security implications.
+ Make sure that malloc doesn't get called with zero size,
+ since that fails on some systems. Reported by Ed
+ Hill of the University of Iowa.
+ Fix multi-line values for $e (SMTP greeting message). Reported
+ by Mike O'Connor of Ford Motor Company.
+ Avoid syserr if no NIS domain name is defined, but the map it
+ is trying to open is optional. From Win Bent of USC.
+ Changes for picky compilers from Ed Gould of Digital Equipment.
+ Hesiod support for UDB from Todd Miller of the University of
+ Colorado. Use "hesiod" as the service name in the U
+ option.
+ Fix a problem that failed to set the "authentic" host name (that
+ is, the one derived from the socket info) if you called
+ sendmail -bs from inetd. Based on code contributed by
+ Todd Miller (this problem was also reported by Guy Helmer
+ of Dakota State University). This also fixes a related
+ problem reported by Liudvikas Bukys of the University of
+ Rochester.
+ Parameterize "nroff -h" in all the Makefiles so people with
+ variant versions can use them easily. Suggested by
+ Peter Collinson of Hillside Systems.
+ SMTP "MAIL" commands with multiple ESMTP parameters required two
+ spaces between parameters instead of one. Reported by
+ Valdis Kletnieks of Virginia Tech.
+ Reduce the number of system calls during message collection by
+ using global timeouts around the collect() loop. This
+ code was contributed by Eric Wassenaar.
+ If the initial hostname name gathering results in a name
+ without a dot (usually caused by NIS misconfiguration)
+ and BIND is compiled in, directly access DNS to get
+ the canonical name. This should make life easier for
+ Solaris systems. If it still can't be resolved, and
+ if the name server is listed as "required", try again
+ in 30 seconds. If that also fails, exit immediately to
+ avoid bogus "config error: mail loops back to myself"
+ messages.
+ Improve the "MAIL DELETED BECAUSE OF LACK OF DISK SPACE" error
+ message to explain how much space was available and
+ sound a bit less threatening. Suggested by Stan Janet
+ of the National Institute of Standards and Technology.
+ If mail is delivered to an alias that has an owner, deliver any
+ requested return-receipt immediately, and strip the
+ Return-Receipt-To: header from the subsequent message.
+ This prevents a certain class of denial of service
+ attack, arguably gives more reasonable semantics, and
+ moves things more towards what will probably become a
+ network standard. Suggested by Christopher Davis of
+ Kapor Enterprises.
+ Add a "noreceipts" privacy flag to turn off all return receipts
+ without recompiling.
+ Avoid printing ESMTP parameters as part of the error message
+ if there are errors during parsing. This change is
+ purely cosmetic.
+ Avoid sending out error messages during the collect phase of
+ SMTP; there is an MVS mailer from UCLA that gets
+ confused by this. Of course, I think it's their bug....
+ Check for the $j macro getting undefined, losing a dot, or getting
+ lost from $=w in the daemon before accepting a connection;
+ if it is, it dumps state, prints a LOG_ALERT message,
+ and drops core for debugging. This is an attempt to
+ track down a bug that I thought was long since gone.
+ If you see this, please forward the log fragment to
+ sendmail@CS.Berkeley.EDU.
+ Change OLD_NEWDB from a #ifdef to a #if so it can be turned off
+ with -DOLD_NEWDB=0 on the command line. From Christophe
+ Wolfhugel.
+ Instead of trying to truncate the listen queue for the server
+ SMTP port when the load average is too high, just close
+ the port completely and reopen it later as needed.
+ This ensures that the other end gets a quick "connection
+ refused" response, and that the connection can be
+ recovered later. In particular, some socket emulations
+ seem to get confused if you tweak the listen queue
+ size around and can never start listening to connections
+ again. The down side is that someone could start up
+ another daemon process in the interim, so you could
+ have multiple daemons all not listening to connections;
+ this could in turn cause the sendmail.pid file to be
+ incorrect. A better approach might be to accept the
+ connection and give a 421 code, but that could break
+ other mailers in mysterious ways and have paging behaviour
+ implications.
+ Fix a glitch in TCP-level debugging that caused flag 16.101 to
+ set debugging on the wrong socket. From Eric Wassenaar.
+ When creating a df* temporary file, be sure you truncate any
+ existing data in the file -- otherwise system crashes
+ and the like could result in extra data being sent.
+ DOC: Replace the CHANGES-R5-R8 readme file with a paper in the
+ doc directory. This includes some additional
+ information.
+ CONFIG: change UUCP rules to never add $U! or $k! on the front
+ of recipient envelope addresses. This should have been
+ handled by the $&h trick, but broke if people were
+ mixing domainized and UUCP addresses. They should
+ probably have converted all the way over to uucp-uudom
+ instead of uucp-{new,old}, but the failure mode was to
+ loop the mail, which was bad news.
+ Portability fixes:
+ Newer BSDI systems (several people).
+ Older BSDI systems from Christophe Wolfhugel.
+ Intergraph CLIX, from Paul Southworth of CICNet.
+ UnixWare, from Evan Champion.
+ NetBSD from Adam Glass.
+ Solaris from Quentin Campbell of the University of
+ Newcastle upon Tyne.
+ IRIX from Dean Cookson and Bill Driscoll of Mitre
+ Corporation.
+ NCR 3000 from Kevin Darcy of Chrysler Financial Corporation.
+ SunOS (it has setsid() and setvbuf() calls) from
+ Jonathan Kamens of OpenVision Technologies.
+ HP-UX from Tor Lillqvist.
+ New Files:
+ src/Makefile.CLIX
+ src/Makefile.NCR3000
+ doc/changes/Makefile
+ doc/changes/changes.me
+ doc/changes/changes.ps
+
+8.6.8/8.6.6 94/03/21
+ SECURITY: it was possible to read any file as root using the
+ E (error message) option. Reported by Richard Jones;
+ fixed by Michael Corrigan and Christophe Wolfhugel.
+
+8.6.7/8.6.6 94/03/14
+ SECURITY: it was possible to get root access by using wierd
+ values to the -d flag. Thanks to Alain Durand of
+ INRIA for forwarding me the notice from the bugtraq
+ list.
+
+8.6.6/8.6.6 94/03/13
+ SECURITY: the ability to give files away on System V-based
+ systems proved dangerous -- don't run as the owner
+ of a :include: file on a system that allows giveaways.
+ Unfortunately, this also applies to determining a
+ valid shell.
+ IMPORTANT: Previous versions weren't expiring old connections
+ in the connection cache for a long time under some
+ circumstances. This could result in resource exhaustion,
+ both at your end and at the other end. This checks the
+ connections for timeouts much more frequently. From
+ Doug Anderson of NCSC.
+ Fix a glitch that snuck in that caused programs to be run as
+ the sender instead of the recipient if the mail was
+ from a local user to another local user. From
+ Motonori Nakamura of Kyoto University.
+ Fix "wildcard" on /etc/shell matching -- instead of looking
+ for "*", look for "/SENDMAIL/ANY/SHELL/". From
+ Bryan Costales of ICSI.
+ Change the method used to declare the "statfs" availability;
+ instead of HASSTATFS and/or HASUSTAT with a ton of
+ tweaking in conf.c, there is a single #define called
+ SFS_TYPE which takes on one of six values (SFS_NONE
+ for no statfs availability, SFS_USTAT for the ustat(2)
+ syscall, SFS_4ARGS for a four argument statfs(2) call,
+ and SFS_VFS, SFS_MOUNT, or SFS_STATFS for a two argument
+ statfs(2) call with the declarations in <sys/vfs.h>,
+ <sys/mount.h>, or <sys/statfs.h> respectively).
+ Fix glitch in NetInfo support that could return garbage if
+ there was no "/locations/sendmail" property. From
+ David Meyer of the University of Virginia.
+ Change HASFLOCK from defined/not-defined to a 0/1 definition
+ to allow Linux to turn it off even though it is a
+ BSD-like system.
+ Allow setting of "ident" timeout to zero to turn off the ident
+ protocol entirely.
+ Make 7-bit stripping local to a connection (instead of to a
+ mailer); this allows you to specify that SMTP is a
+ 7-bit channel, but revert to 8-bit should it advertise
+ that it supports 8BITMIME. You still have to specify
+ mailer flag 7 to get this stripping at all.
+ Improve makesendmail script so it handles more cases automatically.
+ Tighten up restrictions on taking ownership of :include: files
+ to avoid problems on systems that allow you to give away
+ files.
+ Fix a problem that made it impossible to rebuild the alias
+ file if it was on a read-only file system. From
+ Harry Edmon of the University of Washington.
+ Improve MX randomization function. From John Gardiner Myers
+ of CMU.
+ Fix a minor glitch causing a bogus message to be printed (used
+ %s instead of %d in a printf string for the line number)
+ when a bad queue file was read. From Harry Edmon.
+ Allow $s to remain NULL on locally generated mail. I'm not
+ sure this is necessary, but a lot of people have complained
+ about it, and there is a legitimate question as to whether
+ "localhost" is legal as an 822-style domain.
+ Fix a problem with very short line lengths (mailer L= flag) in
+ headers. This causes a leading space to be added onto
+ continuation lines (including in the body!), and also
+ tries to wrap headers containing addresses (From:, To:,
+ etc) intelligently at the shorter line lengths. Problem
+ Reported by Lars-Johan Liman of SUNET Operations Center.
+ Log the real user name when logging syserrs, since these can have
+ security implications. Suggested by several people.
+ Fix address logging of cached connections -- it used to always
+ log the numeric address as zero. This is a somewhat
+ bogus implementation in that it does an extra system
+ call, but it should be an inexpensive one. Fix from
+ Motonori Nakamura.
+ Tighten up handling of short syslog buffers even more -- there
+ were cases where the outgoing relay= name was too long
+ to share a line with delay= and mailer= logging.
+ Limit the overhead on split envelopes to one open file descriptor
+ per envelope -- previously the overhead was three
+ descriptors. This was in response to a problem reported
+ by P{r (Pell) Emanuelsson.
+ Fixes to better handle the case of unexpected connection closes;
+ this redirects the output to the transcript so the info
+ is not lost. From Eric Wassenaar.
+ Fix potential string overrun if you macro evaluate a string that
+ has a naked $ at the end. Problem noted by James Matheson
+ <jmrm@eng.cam.ac.uk>.
+ Make default error number on $#error messages 553 (``Requested
+ action not taken: mailbox name not allowed'') instead of
+ 501 (``Syntax error in parameters or arguments'') to
+ avoid bogus "protocol error" messages.
+ Strip off any existing trailing dot on names during $[ ... $]
+ lookup. This prevents it from ending up with two dots
+ on the end of dot terminated names. From Wesley Craig
+ of the University of Michigan and Bryan Costales of ICSI.
+ Clean up file class reading so that the debugging information is
+ more informative. It hadn't been using setclass, so you
+ didn't see the class items being added.
+ Avoid core dump if you are running a version of sendmail where
+ NIS is compiled in, and you specify an NIS map, but
+ NIS is not running. Fix from John Oleynick of
+ Rutgers.
+ Diagnose bizarre case where res_search returns a failure value,
+ but sets h_errno to a success value.
+ Make sure that "too many hops" messages are considered important
+ enough to send an error to the Postmaster (that is, the
+ address specified in the P option). This fix should
+ help problems that cause the df file to be left around
+ sometimes -- unfortunately, I can't seem to reproduce
+ the problem myself.
+ Avoid core dump (null pointer reference) on EXPN command; this
+ only occurred if your log level was set to 10 or higher
+ and the target account was an alias or had a .forward file.
+ Problem noted by Janne Himanka.
+ Avoid "denial of service" attacks by someone who is flooding your
+ SMTP port with bad commands by shutting the connection
+ after 25 bad commands are issued. From Kyle Jones of
+ UUNET.
+ Fix core dump on error messages with very long "to" buffers;
+ fmtmsg overflows the message buffer. Fixed by trimming
+ the to address to 203 characters. Problem reported by
+ John Oleynick.
+ Fix configuration for HASFLOCK -- there were some spots where
+ a #ifndef was incorrectly #ifdef. Pointed out by
+ George Baltz of the University of Maryland.
+ Fix a typo in savemail() that could cause the error message To:
+ lists to be incorrect in some places. From Motonori
+ Nakamura.
+ Fix a glitch that can cause duplicate error messages on split
+ envelopes where an address on one of the lists has a
+ name server failure. Fix from Voradesh Yenbut of the
+ University of Washington.
+ Fix possible bogus pointer reference on ESMTP parameters that
+ don't have an ``=value'' part.
+ CNAME loops caused an error message to be generated, but also
+ re-queued the message. Changed to just re-queue the
+ message (it's really hard to just bounce it because
+ of the wierd way the name server works in the presence
+ of CNAME loops). Problem noted by James M.R.Matheson
+ of Cambridge University.
+ Avoid giving ``warning: foo owned process doing -bs'' messages
+ if they use ``MAIL FROM:<foo>'' where foo is their true
+ user name. Suggested by Andreas Stolcke of ICSI.
+ Change the NAMED_BIND compile flag to be a 0/1 flag so you can
+ override it easily in the Makefile -- that is, you can
+ turn it off using -DNAMED_BIND=0.
+ If a gethostbyname(...) of an address with a trailing dot fails,
+ try it without the trailing dot. This is because if
+ you have a version of gethostbyname() that falls back
+ to NIS or the /etc/hosts file it will fail to find
+ perfectly reasonable names that just don't happen to
+ be dot terminated in the hosts file. You don't want to
+ strip the dot first though because we're trying to ensure
+ that country names that match one of your subdomains get
+ a chance.
+ PRALIASES: fix bogus output on non-null-terminated strings.
+ From Bill Gianopoulos of Raytheon.
+ CONFIG: Avoid rewriting anything that matches $w to be $j.
+ This was in code intended to only catch the self-literal
+ address (that is, [1.2.3.4], where 1.2.3.4 is your
+ IP address), but the code was broken. However, it will
+ still do this if $M is defined; this is necessary to
+ get client configurations to work (sigh). Note that this
+ means that $M overrides :mailname entries in the user
+ database! Problem noted by Paul Southworth.
+ CONFIG: Fix definition of Solaris help file location. From
+ Steve Cliffe <steve@gorgon.cs.uow.edu.au>.
+ CONFIG: Fix bug that broke news.group.USENET mappings.
+ CONFIG: Allow declaration of SMTP_MAILER_MAX, FAX_MAILER_MAX,
+ and USENET_MAILER_MAX to tweak the maximum message
+ size for various mailers.
+ CONFIG: Change definition of USENET_MAILER_ARGS to include argv[0]
+ instead of assuming that it is "inews" for consistency
+ with other mailers. From Michael Corrigan of UC San Diego.
+ CONFIG: When mail is forwarded to a LOCAL_RELAY or a MAIL_HUB,
+ qualify the address in the SMTP envelope as user@{relay|hub}
+ instead of user@$j. From Bill Wisner of The Well.
+ CONFIG: Fix route-addr syntax in nullrelay configuration set.
+ CONFIG: Don't turn off case mapping of user names in the local
+ mailer for IRIX. This was different than most every other
+ system.
+ CONFIG: Avoid infinite loops on certainly list:; syntaxes in
+ envelope. Noted by Thierry Besancon
+ <besancon@excalibur.ens.fr>.
+ CONFIG: Don't include -z by default on uux line -- most systems
+ don't want it set by default. Pointed out by Philippe
+ Michel of Thomson CSF.
+ CONFIG: Fix some bugs with mailertables -- for example, if your
+ host name was foo.bar.ray.com and you matched against
+ ".ray.com", the old implementation bound %1 to "bar"
+ instead of "foo.bar". Also, allow "." in the mailertable
+ to match anything -- essentially, take over SMART_HOST.
+ This also moves matching of explicit local host names
+ before the mailertable so they don't have to be special
+ cased in the mailertable data. Reported by Bill
+ Gianopoulos of Raytheon; the fix for the %1 binding
+ problem was contributed by Nicholas Comanos of the
+ University of Sydney.
+ CONFIG: Don't include "root" in class $=L (users to deliver
+ locally, even if a hub or relay exists) by default.
+ This is because of the known bug where definition of
+ both a LOCAL_RELAY and a MAIL_HUB causes $=L to ignore
+ both and deliver into the local mailbox.
+ CONFIG: Move up bitdomain and uudomain handling so that they
+ are done before .UUCP class matching; uudomain was
+ reported as ineffective before. This also frees up
+ diversion 8 for future use. Problem reported by Kimmo
+ Suominen.
+ CONFIG: Don't try to convert dotted IP address (e.g., [1.2.3.4])
+ into host names. As pointed out by Jonathan Kamens,
+ these are often used because either the forward or reverse
+ mapping is broken; this translation makes it broken again.
+ DOC: Clarify $@ and $: in the Install & Op Guide. From Kimmo
+ Suominen.
+ Portability fixes:
+ Unicos from David L. Kensiski of Sterling Sofware.
+ DomainOS from Don Lewis of Silicon Systems.
+ GNU m4 1.0.3 from Karst Koymans of Utrecht University.
+ Convex from Kimmo Suominen <kim@tac.nyc.ny.us>.
+ NetBSD from Adam Glass <glass@sun-lamp.cs.berkeley.edu>.
+ BSD/386 from Tony Sanders of BSDI.
+ Apollo from Eric Wassenaar.
+ DGUX from Doug Anderson.
+ Sequent DYNIX/ptx 2.0 from Tim Wright of Sequent.
+ NEW FILES:
+ src/Makefile.DomainOS
+ src/Makefile.PTX
+ src/Makefile.SunOS.5.1
+ src/Makefile.SunOS.5.2
+ src/Makefile.SunOS.5.x
+ src/mailq.1
+ cf/ostype/domainos.m4
+ doc/op/Makefile
+ doc/intro/Makefile
+ doc/usenix/Makefile
+
+8.6.5/8.6.5 94/01/13
+ Security fix: /.forward could be owned by anyone (the test
+ to allow root to own any file was backwards). From
+ Bob Campbell at U.C. Berkeley.
+ Security fix: group ids were not completely set when programs
+ were invoked. This caused programs to have group
+ permissions they should not have had (usually group
+ daemon instead of their own group). In particular,
+ Perl scripts would refuse to run.
+ Security: check to make sure files that are written are not
+ symbolic links (at least under some circumstances).
+ Although this does not respond to a specific known
+ attack, it's just a good idea. Suggested by
+ Christian Wettergren.
+ Security fix: if a user had an NFS mounted home directory on
+ a system with a restricted shell listed in their
+ /etc/passwd entry, they could still execute any
+ program by putting that in their .forward file.
+ This fix prevents that by insisting that their shell
+ appear in /etc/shells before allowing a .forward to
+ execute a program or write a file. You can disable
+ this by putting "*" in /etc/shells. It also won't
+ permit world-writable :include: files to reference
+ programs or files (there's no way to disable this).
+ These behaviours are only one level deep -- for
+ example, it is legal for a world-writable :include:
+ file to reference an alias that writes a file, on
+ the assumption that the alias file is well controlled.
+ Security fix: root was not treated suspiciously enough when
+ looking into subdirectories. This would potentially
+ allow a cracker to examine files that were publically
+ readable but in a non-publically searchable directory.
+ Fix a problem that causes an error on QUIT on a cached
+ connection to create problems on the current job.
+ These are typically unrelated, so errors occur in
+ the wrong place.
+ Reset CurrentLA in sendall() -- this makes sendmail queue
+ runs more responsive to load average, and fixes a
+ problem that ignored the load average in locally
+ generated mail. From Eric Wassenaar.
+ Fix possible core dump on aliases with null LHS. From
+ John Orthoefer of BB&N.
+ Revert to using flock() whenever possible -- there are just
+ too many bugs in fcntl() locking, particularly over
+ NFS, that cause sendmail to fail in perverse ways.
+ Fix a bug that causes the connection cache to get confused
+ when sending error messages. This resulted in
+ "unexpected close" messages. It should fix itself
+ on the following queue run. Problem noted by
+ Liudvikas Bukys of the University of Rochester.
+ Include $k in $=k as documented in the Install & Op Guide.
+ This seems odd, but it was documented.... From
+ Michael Corrigan of UCSD.
+ Fix problem that caused :include:s from alias files to be
+ forced to be owned by root instead of daemon
+ (actually DefUid). From Tim Irvin.
+ Diagnose unrecognized I option values -- from Mortin Forssen
+ of the Chalmers University of Technology.
+ Make "error" mailer work consistently when there is no error
+ code associated with it -- previously it returned OK
+ even though there was a real problem. Now it assumes
+ EX_UNAVAILABLE.
+ Fix bug that caused the last header line of messages that had
+ no body and which were terminated with EOF instead of
+ "." to be discarded. Problem noted by Liudvikas Bukys.
+ Fix core dump on SMTP mail to programs that failed -- it tried
+ to go to a "next MX host" when none existed, causing
+ a core dump. From der Mouse at McGill University.
+ Change IDENTPROTO from a defined/not defined to a 0/1 switch;
+ this makes it easier to turn it off (using
+ -DIDENTPROTO=0 in the Makefile). From der Mouse.
+ Fix YP_MASTER_NAME store to use the unupdated result of
+ gethostname() (instead of myhostname(), which tries
+ to fully qualify the name) to be consistent with
+ SunOS. If your hostname is unqualified, this fixes
+ transfers to slave servers. Bug noted by Keith
+ McMillan of Ameritech Services, Inc.
+ Fix Ultrix problem: gethostbyname() can return a very large
+ (> 500) h_length field, which causes the sockaddr
+ to be trashed. Use the size of the sockaddr instead.
+ Fix from Bob Manson of Ohio State.
+ Don't assume "-a." on host lookups if NAMED_BIND is not
+ defined -- this confuses gethostbyname on hosts
+ file lookups, which doesn't understand the trailing
+ dot convention.
+ Log SMTP server subprocesses that die with a signal instead
+ of from a clean exit.
+ If you don't have option "I" set, don't assume that a DNS
+ "host unknown" message is authoritative -- it
+ might still be found in /etc/hosts.
+ Fix a problem that would cause Deferred: messages to be sent
+ as the subject of an error message, even though the
+ actual cause of a message was more severe than that.
+ Problem noted by Chris Seabrook of OSSI.
+ Fix race condition in DBM alias file locking. From Kyle
+ Jones of UUNET.
+ Limit delivery syslog line length to avoid bugs in some
+ versions of syslog(3). This adds a new compile time
+ variable SYSLOG_BUFSIZE. From Jay Plett of Princeton
+ University, which is in turn derived from IDA.
+ Fix quotes inside of comments in addresses -- previously
+ it insisted that they be balanced, but the 822 spec
+ says that they should be ignored.
+ Dump open file state to syslog upon receiving SIGUSR1 (for
+ debugging). This also evaluates ruleset 89, if set
+ (with the null input), and logs the result. This
+ should be used sparingly, since the rewrite process
+ is not reentrant.
+ Change -qI, -qR, and -qS flags to be case-insensitive as
+ documented in the Bat Book.
+ If the mailer returned EX_IOERR or EX_OSERR, sendmail did not
+ return an error message and did not requeue the message.
+ Fix based on code from Roland Dirlewanger of
+ Reseau Regional Aquarel, Bordeaux, France.
+ Fix a problem that caused a seg fault if you got a 421 error
+ code during some parts of connection initialization.
+ I've only seen this when talking to buggy mailers on
+ the other end, but it shouldn't give a seg fault in
+ any case. From Amir Plivatsky.
+ Fix core dump caused by a ruleset call that returns null.
+ Fix from Bryan Costales of ICSI.
+ Full-Name: field was being ignored. Fix from Motonori Nakamura
+ of Kyoto University.
+ Fix a possible problem with very long input lines in setproctitle.
+ From P{r Emanuelsson.
+ Avoid putting "This is a warning message" out on return receipts.
+ Suggested by Douglas Anderson.
+ Detect loops caused by recursive ruleset calls. Suggested by
+ Bryan Costales.
+ Initialize non-alias maps during alias rebuilds -- they may be
+ needed for parsing. Problem noted by Douglas Anderson.
+ Log sender address even if no message was collected in SMTP
+ (e.g., if all RCPTs failed). Suggested by Motonori
+ Nakamura.
+ Don't reflect the owner-list contents into the envelope sender
+ address if the value contains ", :, /, or | (to avoid
+ illegal addresses appearing there).
+ Efficiency hack for toktype macro -- from Craig Partridge of
+ BB&N.
+ Clean up DNS error printing so that a host name is always
+ included.
+ Remember to set $i during queue runs. Reported by Stephen
+ Campbell of Dartmouth University.
+ If ${HOSTALIASES} is set, use it during canonification so that
+ headers are properly mapped. Reported by Anne Bennett
+ of Concordia University.
+ Avoid printing misleading error message if SMTP mailer (not
+ using [IPC]) should die on a core dump.
+ Avoid incorrect diagnosis of "file 1 closed" when it is caused
+ by the other end closing the connection. From
+ Dave Morrison of Oracle.
+ Improve several of the error messages printed by "mailq"
+ to include a host name or other useful information.
+ Add NetInfo preliminary support for NeXT systems. From Vince
+ DeMarco.
+ Fix a glitch that sometimes caused :include:s that pointed to
+ NFS filesystems that were down to give an "aliasing/
+ forwarding loop broken" message instead of queueing
+ the message for retry. Noted by William C Fenner of
+ the NRL Connection Machine Facility.
+ Fix a problem that could cause a core dump if the input sequence
+ had (or somehow acquired) a \231 character.
+ Make sure that route-addrs always have <angle brackets> around
+ them in non-SMTP envelopes (SMTP envelopes already do
+ this properly).
+ Avoid wierd headers on unbalanced punctuation of the form:
+ ``Joe User <user)'' -- this caused reference to the
+ null macro. Fix from Rick McCarty of IO.COM.
+ Fix a problem that caused an alias "user: user@local.host" to
+ not have the QNOTREMOTE bit set; this caused configs
+ to act as if FEATURE(notsticky) was defined even when
+ it was not. The effect of the problem was to make it
+ very hard to to set up satellite sites that had a few
+ local accounts, with everything else forwarded to a
+ corporate hub. Reported by Detlef Drewanz of the
+ University of Rostock and Mark Frost of NCD.
+ Change queuing to not call rulesets 3, {1 or 2}, 4 on header
+ addresses. This is more efficient (fewer name server
+ calls) and fixes certain unusual configurations, such
+ as those that have ruleset 4 do something that is
+ non-idempotent unless a mailer-specific ruleset did
+ something else. Problem reported by Brian J. Coan
+ of the Institute for Global Communications.
+ Fix the "obsolete argument" routine in main to better understand
+ new arguments. For example, if you used ``sendmail
+ -C config -v -q'' it would choke on the -q because
+ the -C would stop looking for old-format arguments.
+ Fix the code that was intended to allow two users to forward their
+ mail to the same program and have them appear unique.
+ Portability fixes for:
+ SCO UNIX from Murray Kucherawy.
+ SCO Open Server 3.2v4 from Philippe Brand.
+ System V Release 4 from Rick Ellis and others.
+ OSF/1 from Steve Campbell.
+ DG/UX from Ben Mesander of the USGS and Bryan Curnutt
+ of Stoner Associates.
+ Motorola SysV88 from Kevin Johnson of Motorola.
+ Solaris 2.3 from Casper H.S. Dik of the University
+ of Amsterdam and John Caruso of University
+ of Maryland.
+ FreeBSD from Ollivier Robert.
+ NetBSD from Adam Glass.
+ TitanOS from Kate Hedstrom of Rutgers University.
+ Irix from Bryan Curnutt.
+ Dynix from Jim Davis of the University of Arizona.
+ RISC/os.
+ Linux from John Kennedy of California State University
+ at Chico.
+ Solaris 2.x from Tony Boner of the U.S. Air Force.
+ NEXTSTEP 3.x from Vince DeMarco.
+ HP-UX from various people. NOTA BENE: the location
+ of the config file has moved to /usr/lib
+ to match the HP-UX version of sendmail.
+ CONFIG: Don't do any recipient rewriting on relay mailer;
+ since this is intended only for internal use, the
+ usual RFC 821/822/1123 rules can be relaxed. The
+ main point of this is to avoid munging (ugh) UUCP
+ addresses when relaying internally.
+ CONFIG: fix typo in mailer/uucp.m4 that mutilates list:;
+ syntax addresses delivered via UUCP. Solution
+ provided by Peter Wemm.
+ CONFIG: fix thumb-fumble in default UUCP relaying in ruleset
+ zero; it caused double @ signs in addresses. From
+ Irving Reid of the University of Toronto.
+ CONFIG: Portability fixes for SCO Unix 3.2 with TCP/IP 1.2.1
+ from Markku Toijala of ICL Personal Systems Oy.
+ CONFIG: Add trailing "." on pseudo-domains for consistency;
+ this fixes a problem (noted by Al Whaley of Sunnyside)
+ that made it hard to recognize your own pseudodomain
+ names.
+ CONFIG: catch "@host" syntax errors (i.e., null local-parts)
+ rather than letting them get "local configuration
+ error"s. Problem noted by John Gardiner Myers.
+ CONFIG: add uucp-uudom mailer variant, based on code posted
+ by Spider Boardman <spider@Orb.Nashua.NH.US>; this
+ has uucp-dom semantics but old UUCP syntax. This
+ also permits "uucp-old" as an alias for "uucp" and
+ "uucp-new" as a synonym for "suucp" for consistency.
+ CONFIG: add POP mailer support (from Kimmo Suominen
+ <kim@grendel.lut.fi>).
+ CONFIG: drop CSNET_RELAY support -- CSNET is long gone.
+ CONFIG: fix bug caused with domain literal addresses (e.g.,
+ ``[128.32.131.12]'') when FEATURE(allmasquerade)
+ was set; it would get an additional @masquerade.host
+ added to the address. Problem noted by Peter Wan
+ of Georgia Tech.
+ CONFIG: make sure that the local UUCP name is in $=w. From
+ Jim Murray of Stratus.
+ CONFIG: changes to UUCP rewriting to simulate IDA-style "V"
+ mailer flag. Briefly, if you are sending to host
+ "foo", then it rewrites "foo!...!baz" to "...!baz",
+ "foo!baz" remains "foo!baz", and anything else has
+ the local name prepended.
+ CONFIG: portability fixes for HP-UX.
+ DOC: several minor problems fixed in the Install & Op Guide.
+ MAKEMAP: fix core dump problem on lines that are too long or
+ which lack newline. From Mark Delany.
+ MAILSTATS: print sums of columns (total messages & kbytes
+ in and out of the system). From Tom Ferrin of UC
+ San Francisco Computer Graphics Lab.
+ SIGNIFICANT USER- OR SYSAD-VISIBLE CHANGES:
+ On HP-UX, /etc/sendmail.cf has been moved to
+ /usr/lib/sendmail.cf to match HP sendmail.
+ Permissions have been tightened up on world-writable
+ :include: files and accounts that have shells
+ that are not listed in /etc/shells. This may
+ cause some .forward files that have worked
+ before to start failing.
+ SIGUSR1 dumps some state to the log.
+ NEW FILES:
+ src/Makefile.DGUX
+ src/Makefile.Dynix
+ src/Makefile.FreeBSD
+ src/Makefile.Mach386
+ src/Makefile.NetBSD
+ src/Makefile.RISCos
+ src/Makefile.SCO
+ src/Makefile.SVR4
+ src/Makefile.Titan
+ cf/mailer/pop.m4
+ cf/ostype/bsdi1.0.m4
+ cf/ostype/dgux.m4
+ cf/ostype/dynix3.2.m4
+ cf/ostype/sco3.2.m4
+ makemap/Makefile.dist
+ praliases/Makefile.dist
+
+8.6.4/8.6.4 93/10/31
+ Repair core-dump problem (write to read-only memory segment)
+ if you fall back to the return-to-Postmaster case in
+ savemail. Problem reported by Richard Liu.
+ Immediately diagnose bogus sender addresses in SMTP. This
+ makes quite certain that crackers can't use this
+ class of attack.
+ Reliability Fix: check return value from fclose() and fsync()
+ in a few critical places.
+ Minor problem in initsys() that reversed a condition for
+ redirecting the output channel on queue runs. It's
+ not clear this code even does anything. From Eric
+ Wassenaar of the Dutch National Institute for Nuclear
+ and High-Energy Physics.
+ Fix some problems that caused queue runs to do "too much work",
+ such as double-reading the Errors-To: header. From
+ Eric Wassenaar.
+ Error messages on writing the temporary file (including the
+ data file) were getting suppressed in SMTP -- this
+ fix causes them to be properly reported. From Eric
+ Wassenaar.
+ Some changes to support AF_UNIX sockets -- this will only
+ really become relevant in the next release, but some
+ people need it for local patches. From Michael
+ Corrigan of UC San Diego.
+ Use dynamically allocated memory (instead of static buffers)
+ for macros defined in initsys() and settime(); since
+ these can have different values depending on which
+ envelope they are in. From Eric Wassenaar.
+ Improve logging to show ctladdr on to= logging; this tells you
+ what uid/gid processes ran as.
+ Fix a problem that caused error messages to be discarded if
+ the sender address was unparseable for some reason;
+ this was supposed to fall back to the "return to
+ postmaster" case.
+ Improve aliaswait backoff algorithm.
+ Portability patches for Linux (8.6.3 required another header
+ file) (from Karl London) and SCO UNIX.
+ CONFIG: patch prog mailer to not strip host name off of envelope
+ addresses (so that it matches local again). From
+ Christopher Davis.
+ CONFIG: change uucp-dom mailer so that "<>" translates to $n;
+ this prevents uux from seeing lines with null names like
+ ``From Sat Oct 30 14:55:31 1993''. From Motonori
+ Nakamura of Kyoto University.
+ CONFIG: handle <list:;> syntax correctly. This isn't legal, but
+ it shouldn't fail miserably. From Motonori Nakamura.
+
+8.6.3/8.6.3 93/10/24
+ IMPORTANT FIX: Fix several problems that caused open files to
+ be "lost" during queue runs; this overflowed the open
+ file table on large runs. An assumption that fdopen
+ always succeeds sometimes resulted in core dumps when
+ this happens; sometimes the message is delivered twice,
+ sometimes (probably) infinite times. This problem in
+ various form was reported by P{r (Pell) Emanuelsson and
+ Robert Campbell of U.C. Berkeley.
+ Special diagnosis of EMFILE error conditions -- it now prints
+ the known open file descriptors so you can figure out
+ what is consuming so much resources.
+ Fix a couple of problems caused by early address parsing
+ errors -- one caused it to return a "this is only a
+ warning" when it really wasn't, and the other started
+ parsing through a random pointer. The first was
+ noted by Eric Wassenaar.
+ Fix an infinite loop problem caused by null components in the
+ host signature. Problem noted by Jan Sorensen.
+ Be sure to reset the "current date" when sending an error
+ message -- PostMasterCopy messages were being sent
+ with an old Date: header.
+ Fix a problem that caused duplicated mail when sendmail was
+ (1) compiled without HASFLOCK, (2) you are sending to
+ an alias that has an owner-* alias, (3) you execute
+ sendmail with -t flag, (4) you run in -odb mode, and
+ (5) the sender specifies both the alias name and
+ another alias [i.e., the envelope is split], then
+ duplicate messages are sent. The problem description
+ and one-line fix are from Motonori Nakamura of Kyoto
+ University.
+ Avoid a problem that causes error messages to be discarded
+ in some cases -- this was the result of a "fix" to
+ avoid duplicate error messages, but two are better
+ than zero. Reported by Tim Rylance.
+ Fix a minor botch in checkfd012() -- fix from Dave Hill of
+ Computervision R&D Ltd.
+ Remove "X-Authentication-Warning: <user> set sender to <address>
+ using -f" entirely -- it is far too eager to include
+ this, and it is confusing folks. I'll try to make it
+ work "right" in 8.7. Problem noted by Yoshitaka
+ Tokugawa of dit Co., Ltd.
+ Fix a race condition with the errno value in tick() and
+ reapchild() -- this caused occasional misdiagnosis
+ of problems. Kyle Jones of UUNET helped this along.
+ Repair rule loop-detection code. From Michael Corrigan of
+ U.C. San Diego.
+ Fix a problem that caused sender domain addition (C mailer
+ flag to be ignored if you use -odq or use -odb with
+ a high load average. Problem reported by Jim Murray
+ of Stratus.
+ Fix ident protocol on multi-homed machines. It was not
+ always using the correct interface. Fix from J.R.
+ Oldroyd of Opal.
+ Previously, sendmail assumed that any SMTP greeting message
+ that wasn't 2xx was a temporary failure -- it should
+ only take 4xx as a temporary failure, and return a
+ solid error message on anything else -- for example,
+ to allow you to reject connections on a workstation
+ that is MXed to a mail server.
+ Portability enhancements for 386BSD/FreeBSD/NetBSD from
+ Ollivier Robert.
+ CONFIG: FEATURE(always_add_domain) didn't always add the domain;
+ in particular, on local mail it modified the header sender
+ but not the header recipient address(es). Reported by
+ Jeffrey Honig of Cornell University. Also, strip
+ any host from envelope recipient address(es), since
+ local mailers don't understand host names -- this is
+ to help mailertable entries. From Christopher Davis.
+ CONFIG: masquerading didn't apply to addresses that already
+ had a domain. This change replaces a local hostname
+ by the masquerade name in the SMTP mailer (previously
+ it only added the masquerade name if it didn't already
+ have a domain name). Several people complained about
+ this.
+
+8.6.2/8.6.2 93/10/15
+ Put a "successful delivery" message in the transcript for
+ addresses that get return-receipts.
+ Put a prominent "this is only a warning" message in warning
+ messages -- some people don't read carefully enough
+ and end up sending the message several times.
+ Include reason for temporary failure in the "warning" return
+ message. Currently, it just says "cannot send for
+ four hours".
+ Fix the "Original message received" time generated for
+ returntosender messages. It was previously listed as
+ the current time. Bug reported by Eric Hagberg of
+ Cornell University Medical College.
+ If there is an error when writing the body of a message,
+ don't send the trailing dot and wait for a response
+ in sender SMTP, as this could cause the connection to
+ hang up under some bizarre circumstances. From Eric
+ Wassenaar.
+ Fix some server SMTP synchronization problems caused when
+ connections fail during message collection. From
+ Eric Wassenaar.
+ Fix a problem that can cause srvrsmtp to reject mail if the
+ name server is down -- it accepts the RCPT but rejects
+ the DATA command. Problem reported by Jim Murray of
+ Stratus.
+ Fix a problem that can cause core dumps if the config file
+ incorrectly resolves to a null hostname. Reported by
+ Allan Johannesen of WPI.
+ Non-root use of -C flag, dangerous -f flags, and use of -oQ
+ by non-root users were not put into
+ X-Authentication-Warning:s as intended because the
+ config file hadn't set the PrivacyFlags yet. Fix
+ from Sven-Ove Westberg of the University of Lulea.
+ Under very odd circumstances, the alias file rebuild code
+ could get confused as to whether a database was
+ open or not.
+ Check "vendor code" on the end of V lines -- this is
+ intended to provide a hook for vendor-specific
+ configuration syntax. (This is a "new feature",
+ but I've made an exception to my rule in a belief
+ that this is a highly exceptional case.)
+ Portability fixes for DG/UX (from Douglas Anderson of NCSC),
+ SCO Unix (from Murray Kucherawy), A/UX, and OSF/1
+ (from Jon Forrest of UC Berkeley)
+ CONFIG: fix ``mailer:host'' form of UUCP relay naming.
+
+8.6.1/8.6 93/10/08
+ Portability fixes for A/UX and Encore UMAX V.
+ Fix error message handling -- if you had a name server down
+ causing an error during parsing, that message was never
+ propogated to the queue file.
+