+8.7/8.7 95/xx/xx CURRENTLY IN BETA PRERELEASE!!!
+ Fix a problem that could cause sendmail to run out of file
+ descriptors due to a trashed data structure after a
+ vfork. Fix from Brian Coan of the Institute for
+ Global Communications.
+ Change the VRFY response if you have disabled VRFY -- some
+ people seemed to think that it was too rude.
+ Avoid reference to uninitialized file descriptor if HASFLOCK
+ was not defined. This was used "safely" in the sense
+ that it only did a stat, but it would have set the
+ map modification time improperly. Problem pointed out
+ by Roy Mongiovi of Georgia Tech.
+ Clean up the Subject: line on warning messages and return
+ receipts so that they don't say "Returned mail:"; this
+ can be confusing.
+ Move ruleset entry/exit debugging from 21.2 to 21.1 -- this is
+ useful enough to make it worthwhile printing on "-d".
+ Avoid logging alias statistics every time you read the alias
+ file on systems with no database method compiled in.
+ If you have a name with a trailing dot, and you try looking it
+ up using gethostbyname without the dot (for /etc/hosts
+ compatibility), be sure to turn off RES_DEFNAMES and
+ RES_DNSRCH to avoid finding the wrong name accidently.
+ Problem noted by Charles Amos of the University of
+ Maryland.
+ Don't do timeouts in collect if you are not running SMTP.
+ There is nothing that says you can't have a long
+ running program piped into sendmail (possibly via
+ /bin/mail, which just execs sendmail). Problem reported
+ by Don "Truck" Lewis of Silicon Systems.
+ Try gethostbyname() even if the DNS lookup fails iff option I
+ is not set. This allows you to have hosts listed in
+ NIS or /etc/hosts that are not known to DNS. It's normally
+ a bad idea, but can be useful on firewall machines. This
+ should really be broken out on a separate flag, I suppose.
+ Avoid compile warnings against BIND 4.9.3, which uses function
+ prototypes. From Don Lewis of Silicon Systems.
+ Avoid possible incorrect diagnosis of DNS-related errors caused
+ by things like attempts to resolve uucp names using
+ $[ ... $] -- the fix is to clear h_errno at appropriate
+ times. From Kyle Jones of UUNET.
+ SECURITY: avoid denial-of-service attacks possible by destroying
+ the alias database file by setting resource limits low.
+ This involves adding two new compile-time options:
+ HASSETRLIMIT (indicating that setrlimit(2) support is
+ available) and HASULIMIT (indicating that ulimit(2) support
+ is available -- the Release 3 form is used). The former
+ is assumed on BSD-based systems, the latter on System
+ V-based systems. Attack noted by Phil Brandenberger of
+ Swarthmore University.
+ New syntaxes in test (-bt) mode:
+ ``.Dmvalue'' will define macro "m" to "value".
+ ``.Ccvalue'' will add "value" to class "c".
+ ``.Sruleset'' will dump the contents of the indicated
+ ruleset.
+ ``-ddebug-spec'' is equivalent to the command-line
+ -d debug flag.
+ ``$m'' will print the value of macro "m".
+ ``/mx host'' returns the MX records for ``host''.
+ ``/try address'' will parse address, returning the value of
+ crackaddr (essentially, the comment information)
+ and the parsed address (the same as -bv).
+ Somewhat better handling of UNIX-domain socket addresses -- it
+ should show the pathname rather than hex bytes.
+ Restore ``-ba'' mode -- this reads a file from stdin and parses
+ the header for envelope sender information and uses
+ CR-LF as message terminators. It was thought to be
+ obsolete (used only for Arpanet NCP protocols), but it
+ turns out that the UK ``Grey Book'' protocols require
+ that functionality.
+ Fix a fix in previous release -- if gethostname and gethostbyname
+ return a name without dots, and if an attempt to canonify
+ that name fails, wait one minute and try again. This can
+ result in an extra 60 second delay on startup if your system
+ hostname (as returned by hostname(1)) has no dot and no names
+ listed in /etc/hosts or your NIS map have a dot.
+ Check for proper domain name on HELO and EHLO commands per
+ RFC 1123 section 5.2.5. Problem noted by Thomas Dwyer III
+ of Michigan Technological University.
+ Relax chownsafe rules slightly -- old version said that if you
+ can't tell if _POSIX_CHOWN_RESTRICTED is set (that is,
+ if fpathconf returned EINVAL or ENOSYS), assume that
+ chown is not safe. The new version falls back to whether
+ you are on a BSD system or not. This is important for
+ SunOS, which apparently always returns one of those
+ error codes. This impacts whether you can mail to files
+ or not.
+ Syntax errors such as unbalanced parentheses in the configuration
+ file could be omitted if you had "Oem" prior to the
+ syntax error in the config file. Change to always print
+ the error message. It was especially wierd because it
+ would cause a "warning" message to be sent to the Postmaster
+ for every message sent (but with no transcript). Problem
+ noted by Gregory Paris of Motorola.
+ Rewrite collect and putbody to handle full 8-bit data, including
+ zero bytes. These changes are internally extensive, but
+ should have minimal impact on external function.
+ Allow full words for option names -- if the option letter is
+ (apparently) a space, then take the word following -- e.g.,
+ O MatchGECOS=TRUE
+ The full list of old and new names is as follows:
+ 7 SevenBitInput
+ 8 EightBitMode
+ A AliasFile
+ a AliasWait
+ B BlankSub
+ b MinFreeBlocks/MaxMessageSize
+ C CheckpointInterval
+ c HoldExpensive
+ D AutoRebuildAliases
+ d DeliveryMode
+ E ErrorHeader
+ e ErrorMode
+ f SaveFromLine
+ F TempFileMode
+ G MatchGECOS
+ H HelpFile
+ h MaxHopCount
+ i IgnoreDots
+ I ResolverOptions
+ J ForwardPath
+ j SendMimeErrors
+ k ConnectionCacheSize
+ K ConnectionCacheTimeout
+ L LogLevel
+ l UseErrorsTo
+ m MeToo
+ n CheckAliases
+ O DaemonPortOptions
+ o OldStyleHeaders
+ P PostmasterCopy
+ p PrivacyOptions
+ Q QueueDirectory
+ q QueueFactor
+ R DontPruneRoutes
+ r, T Timeout
+ S StatusFile
+ s SuperSafe
+ t TimeZoneSpec
+ u DefaultUser
+ U UserDatabaseSpec
+ V FallbackMXhost
+ v Verbose
+ w TryNullMXList
+ x QueueLA
+ X RefuseLA
+ Y ForkEachJob
+ y RecipientFactor
+ z ClassFactor
+ Z RetryFactor
+ To avoid possible problems with an older sendmail,
+ configuration level 6 is accepted by this version of
+ sendmail; any config file using the new names should
+ specify "V6" in the configuration.
+ Change address parsing to properly note that a phrase before a
+ colon and a trailing semicolon are essentially the same
+ as text outside of angle brackets (i.e., sendmail should
+ treat them as comments). This is to handle the
+ ``group name: addr1, addr2, ..., addrN;'' syntax (it will
+ assume that ``group name:'' is a comment on the first
+ address and the ``;'' is a comment on the last address).
+ This requires config file support to get right. It does
+ understand that :: is NOT this syntax, and can be turned
+ off completely by setting the ColonOkInAddresses option.
+ Level 6 config files added with new mailer flags:
+ A Addresses are aliasable.
+ i Do udb rewriting on envelope as well as header
+ sender lines. Applies to the from address mailer
+ flags rather than the recipient mailer flags.
+ j Do udb rewriting on header recipient addresses.
+ Applies to the sender mailer flags rather than the
+ recipient mailer flags.
+ k Disable check for loops when doing HELO command.
+ o Always run as the mail recipient, even on local
+ delivery.
+ w Check for an /etc/passwd entry for this user.
+ 5 Pass addresses through ruleset 5.
+ : Check for :include: on this address.
+ | Check for |program on this address.
+ / Check for /file on this address.
+ @ Look up sender header addresses in the user
+ database. Applies to the mailer flags for the
+ mailer corresponding to the envelope sender
+ address, rather than to recipient mailer flags.
+ Pre-level 6 configuration files set A, w, 5, :, |, /, and @
+ on the "local" mailer, the o flag on the "prog" and "*file*"
+ mailers, and the ColonOkInAddresses option.
+ Eight-to-seven bit MIME conversions. This borrows ideas from
+ John Beck of Hewlett-Packard, who generously contributed
+ their implementation to me, which I then didn't use (see
+ mime.c for an explanation of why). This adds the
+ EightBitMode option (a.k.a. `8') and an F=8 mailer flag
+ to control handling of 8-bit data. These have to cope with
+ two types of 8-bit data: unlabelled 8-bit data (that is,
+ 8-bit data that is entered without declaring it as 8-bit
+ MIME -- technically this is illegal according to the
+ specs) and labelled 8-bit data (that is, it was declared
+ as 8BITMIME in the ESMTP session or by using the
+ -B8BITMIME command line flag). If the F=8 mailer flag is
+ set then 8-bit data is sent to non-8BITMIME machines
+ instead of converting to 7 bit (essentially using
+ just-send-8 semantics). The values for EightBitMode are:
+ m convert unlabelled 8-bit input to 8BITMIME, and do
+ any necessary conversion of 8BITMIME to 7BIT
+ (essentially, the full MIME option).
+ p pass unlabelled 8-bit input, but convert labelled
+ 8BITMIME input to 7BIT as required (default).
+ s strict adherence: reject unlabelled 8-bit input,
+ convert 8BITMIME to 7BIT as required. The F=8
+ flag is ignored.
+ Unlabelled 8-bit data is rejected in mode `s' regardless of
+ the setting of F=8.
+ Add new internal class 'n', which is the set of MIME Content-Types
+ which can not be 8 to 7 bit encoded because of other
+ considerations. Types "multipart/*" and "message/*" are
+ never directly encoded (although their components can be).
+ Add new internal class 'e'. This is the set of MIME
+ Content-Transfer-Encodings that can be converted to
+ a seven bit format (Quoted-Printable or Base64). It is
+ preinitialized to contain "7bit", "8bit", and "binary".
+ Add C=charset mailer parameter and the the DefaultCharSet option (no
+ short name) to set the default character set to use in the
+ Content-Type: header when doing encoding of an 8-bit message
+ which isn't marked as MIME into MIME format. If the C=
+ parameter is set on the Envelope From address, use that as
+ the default encoding; else use the DefaultCharSet option.
+ If neither is set, it defaults to "unknown-8bit" as
+ suggested by RFC 1428 section 3.
+ Allow ``U=user:group'' field in mailer definition to set a default
+ user and group that a mailer will be executed as. This
+ overrides the 'u' and 'g' options, and if the `F=S' flag is
+ also set, it is the uid/gid that will always be used (that
+ is, the controlling address is ignored). The values may be
+ numeric or symbolic; if only a symbolic user is given (no
+ group) that user's default group in the passwd file is used
+ as the group. Based on code donated by Chip Rosenthal of
+ Unicom.
+ Allow `u' option to also accept user:group as a value, in the same
+ fashion as the U= mailer option.
+ Add the symbolic time zone name in the Arpanet format dates (as
+ a comment). This adds a new compile-time configuration
+ flag: TZ_TYPE can be set to TZ_TM_NAME (use the value
+ of (struct tm *)->tm_name), TZ_TM_ZONE (use the value
+ of (struct tm *)->tm_zone), TZ_TZNAME (use extern char
+ *tzname[(struct tm *)->tm_isdst]), TZ_TIMEZONE (use
+ timezone()), or TZ_NONE (don't include the comment). Code
+ from Chip Rosenthal.
+ The "Timeout" option (formerly "r") is extended to allow suboptions.
+ For example,
+ O Timeout.helo = 2m
+ There are also two new suboptions "queuereturn" and
+ "queuewarn"; these subsume the old T option. Thus, to
+ set them both the preferred new syntax is
+ O Timeout.queuereturn = 5d
+ O Timeout.queuewarn = 4h
+ Sort queue by host name instead of by message priority if the
+ QueueSortOrder option (no short name) is set is set to
+ ``host''. This makes better use of the connection cache,
+ but may delay more ``interactive'' messages behind large
+ backlogs under some circumstances. This is probably a
+ good option if you have high speed links or don't do lots
+ of ``batch'' messages, but less good if you are using
+ something like PPP on a 14.4 modem. Based on code
+ contributed by Roy Mongiovi of Georgia Tech (my main
+ contribution was to make it configurable).
+ Save i-number of df file in qf file to simplify rebuilding of queue
+ after disasterous disk crash. Suggested by Kyle Jones of
+ UUNET; closely based on code from KJS DECWRL code written
+ by Paul Vixie. NOTA BENE: The qf files produced by 8.7
+ are NOT back compatible with 8.6 -- that is, you can convert
+ from 8.6 to 8.7, but not the other direction.
+ Add ``F=d'' mailer flag to disable all use of angle brackets in
+ route-addrs in envelopes; this is because in some cases
+ they can be sent to the shell, which interprets them as
+ I/O redirection.
+ Don't include error file (option E) with return-receipts; this
+ can be confusing.
+ Don't send "Warning: cannot send" messages to owner-* or
+ *-request addresses. Suggested by Christophe Wolfhugel
+ of the Institut Pasteur, Paris.
+ Allow -O command line flag to set long form options.
+ Add "MinQueueAge" option to set the minimum time between attempts
+ to run the queue. For example, if the queue interval
+ (-q value) is five minutes, but the minimum queue age
+ is fifteen minutes, jobs won't be tried more often than
+ once every fifteen minutes. This can be used to give
+ you more responsiveness if your delivery mode is set to
+ queue-only.
+ Allow "fileopen" timeout (default: 60 seconds) for opening
+ :include: and .forward files.
+ Add "-k", "-v", and "-z" flags to map definitions; these set the
+ key field name, the value field name, and the field
+ delimiter. The field delimiter can be a single character
+ or the sequence "\t" or "\n" for tab or newline.
+ These are for use by NIS+ and similar access methods.
+ Change maps to always strip quotes before lookups; the -q flag
+ turns off this behaviour. Suggested by Motonori Nakamura.
+ Add "nisplus" map class. Takes -k and -v flags to choose the
+ key and value field names respectively. Code donated by
+ Sun Microsystems.
+ Add "hesiod" map class. The "file name" is used as the
+ "HesiodNameType" parameter to hes_resolve(3). Returns the
+ first value found for the match. Code donated by Scott
+ Hutton of Indiana University.
+ Add "netinfo" (NeXT NetInfo) map class. Maps can have a -k flag to
+ specify the name of the property that is searched as the
+ key and a -v flag to specify the name of the property that
+ is returned as the value (defaults to "members"). The
+ default map is "/aliases".
+ Add "text" map class. This does slow, linear searches through
+ text files. The -z flag specifies a column delimiter
+ (defaults to any sequence of white space), the -k flag
+ sets the key column number, and the -v flag sets the
+ value column number. Lines beginning with `#' are treated
+ as comments.
+ Add "program" map class to execute arbitrary programs. The search
+ key is presented as the last argument; the output is one
+ line read from the programs standard output. Exit statuses
+ are from sysexits.h.
+ Add "sequence" map class -- searches maps in sequence until it
+ finds a match. For example, the declarations:
+ Kmap1 ...
+ Kmap2 ...
+ Kmapseq sequence map1 map2
+ defines a map "mapseq" that first searches map1; if the
+ value is found it is returned immediately, otherwise
+ map2 is searched and the value returned.
+ Add "switch" map class. This is much like "sequence" except that
+ the ordering is fetched from an external file, usually
+ the system service switch. The parameter is the name of
+ the service to switch on, and the maps that it will use
+ are this name followed by ".service_type". For example,
+ if the declaration of the map is
+ Ksample switch hosts
+ and the system service switch specifies that hosts are
+ looked up using dns and nis in that order, then this is
+ equivalent to
+ Ksample sequence hosts.dns hosts.nis
+ The subordinate maps must already be defined.
+ Add "user" map class -- looks up users using getpwnam. Takes a
+ "-v field" flag on the definition that tells what passwd
+ entry to return -- legal values are name, passwd, uid, gid,
+ gecos, dir, and shell. Generally expected to be used with
+ the -m (matchonly) flag.
+ Add "bestmx" map class -- returns the best MX value for the host
+ listed as the value. If there are several "best" MX records
+ for this host, one will be chosen at random.
+ Add "userdb" map class -- looks up entries in the user database.
+ The "file name" is actually the tag that will be used,
+ typically "mailname". If there are multiple entries
+ matching the name, the one chosen is undefined.
+ Add multiple queue timeouts (both return and warning). These are
+ set by the Precedence: or Priority: header fields to one of
+ three values. If a Priority: is set and has value "normal",
+ "urgent", or "non-urgent" the corresponding timeouts are
+ used. If no priority is set, the Precedence: is consulted;
+ if negative, non-urgent timeouts are used; if greater than
+ zero, urgent timeouts are used. Otherwise, normal timeouts
+ are used. The timeouts are set by setting the six timeouts
+ queue{warn,return}.{urgent,normal,non-urgent}.
+ Fix problem when a mail address is resolved to a $#error mailer
+ with a temporary failure indication; it works in SMTP,
+ but when delivering locally the mail is silently discarded.
+ This patch, from Kyle Jones of UUNET, bounces it instead
+ of queueing it (queueing is very hard).
+ When using /etc/hosts or NIS-style lookups, don't assume that
+ the first name in the list is the best one -- instead,
+ search for the first one with a dot. For example, if
+ an /etc/hosts entry reads
+ 128.32.149.68 mammoth mammoth.CS.Berkeley.EDU
+ this change will use the second name as the canonical
+ machine name instead of the initial, unqualified name.
+ Change dequote map to replace spaces in quoted text with a value
+ indicated by the -s flag on the dequote map definition.
+ For example, ``Mdequote dequote -s_'' will change
+ "Foo Bar" into an unquoted Foo_Bar instead of leaving it
+ quoted (because of the space character). Suggested by Dan
+ Oscarsson for use in X.400 addresses.
+ Implement long macro names as ${name}; long class names can
+ be similarly referenced as $={name} and $~{name}.
+ Definitions are (e.g.) ``D{name}value''. Names that have
+ a leading lower case letter or punctuation characters are
+ reserved for internal use by sendmail; i.e., config files
+ should use names that begin with a capital letter. Based
+ on code contributed by Dan Oscarsson.
+ Fix core dump if getgrgid returns a null group list (as opposed
+ to an empty group list, that is, a pointer to a list
+ with no members). Fix from Andrew Chang of Sun Microsystems.
+ Fix possible core dump if malloc fails -- if the malloc in xalloc
+ failed, it called syserr which called newstr which called
+ xalloc.... The newstr is now avoided for "panic" messages.
+ Reported by Stuart Kemp of James Cook University.
+ Improve connection cache timeouts; previously, they were not even
+ checked if you were delivering to anything other than an
+ IPC-connected host, so a series of (say) local mail
+ deliveries could cause cached connections to be open
+ much longer than the specified timeout.
+ If an incoming message exceeds the maximum message size, stop
+ writing the incoming bytes to the queue data file, since
+ this can fill your mqueue partition -- this is a possible
+ denial-of-service attack.
+ Don't reject all numeric local user names unless HESIOD is
+ defined. It turns out that Posix allows all-numeric
+ user names. Fix from Tony Sanders of BSDI.
+ Add service switch support. If the local OS has a service
+ switch (e.g., /etc/nsswitch.conf on Solaris or /etc/svc.conf
+ on DEC systems) that will be used; otherwise, it falls back
+ to using a local mechanism based on the ServiceSwitchFile
+ option (default: /etc/service.switch). For example, if the
+ service switch lists "files" and "nis" for the aliases
+ service, that will be the default lookup order. the "files"
+ ("local" on DEC) service type expands to any alias files
+ you listed in the configuration file, even if they aren't
+ actually file lookups.
+ Option I (NameServerOptions) no longer sets the "UseNameServer"
+ variable which tells whether or not DNS should be considered
+ canonical. This is now determined based on whether or not
+ "dns" is in the service list for "hosts".
+ Add preliminary support for the ESMTP "DSN" extension (Delivery
+ Status Notifications). This is not yet a standard
+ and the implementation is for experimentation only.
+ For this reason it only announces itself as "X-DSN-0"
+ instead of "DSN". DSN notifications override
+ Return-Receipt-To:.
+ Add T=mtstype keyletter to mailer definitions to define the value
+ for the Final-MTS-Type: and Remote-MTS-Type: fields in the
+ DSN-standard return message.
+ Extend heuristic to force running in ESMTP mode to look for the
+ six-character string "ESMTP " anywhere in the 220 greeting
+ message (not just the second line). This is to provide
+ better compatibility with other ESMTP servers.
+ Print sequence number of job when running the queue so you can
+ easily see how much progress you have made. Suggested
+ by Peter Wemm of DIALix.
+ Map newlines to spaces in logged message-ids; some versions of
+ syslog truncate the rest of the line after newlines.
+ Suggested by Fletcher Mattox of U. Texas.
+ Move up forking for job runs so that if a message is split into
+ multiple envelopes you don't get "fork storms" -- this
+ also improves the connection cache utilization.
+ Accept "<<>>", "<<<>>>", and so forth as equivalent to "<>" for
+ the purposes of refusing to send error returns. Suggested
+ by Motonori Nakamura of Ritsumeikan University.
+ Relax rules on when a file can be written when referenced from
+ the aliases file: use the default uid/gid instead of the
+ real uid/gid. This allows you to create a file owned by
+ and writable only by the default uid/gid that will work
+ all the time (without having the setuid bit set). Change
+ suggested by Shau-Ping Lo and Andrew Cheng of Sun
+ Microsystems.
+ Add "DialDelay" option (no short name) to provide an "extra"
+ delay for dial on demand systems. If this is non-zero
+ and a connect fails, sendmail will wait this long and
+ then try again. If it takes longer than the kernel
+ timeout interval to establish the connection, this
+ option can give the network software time to establish
+ the link. The default units are seconds.
+ Move logging of sender information to be as early as possible;
+ previously, it could be delayed a while for SMTP mail
+ sent to aliases. Suggested by Brad Knowles of the
+ Defense Information Systems Agency.
+ Call res_init() before setting RES_DEBUG; this is required by
+ BIND 4.9.3, or so I'm told. From Douglas Anderson of
+ the National Computer Security Center.
+ Add xdelay= field in logs -- this is a transaction delay, telling
+ you how long it took to deliver to this address on the
+ last try. It is intended to be used for sorting mailing
+ lists to favor "quick" addresses. Provided for use by
+ the mailprio scripts (see below).
+ If a map cannot be opened, and that map is non-optional, and
+ an address requires that map for resolution, queue the
+ map instead of bouncing it. This involves creating a
+ pseudo-class of maps called "bogus-map" -- if a required
+ map cannot be opened, the class is changed to bogus-map;
+ all queries against bogus-map return "tempfail". The
+ bogus-map class is not directly accessible. A sample
+ implementation was donated by Jem Taylor of Glasgow
+ University Computing Service.
+ Don't make a bad ``MAIL FROM:'' address on one message blow away
+ other messages to the same host later in the queue.
+ Problem noted by Eric Prestemon of American University.
+ Fix a possible core dump when mailing to a program that talks
+ SMTP on its standard input. Fix from Keith Moore of
+ the University of Kentucky.
+ Make it possible to resolve filenames to $#local $: @ /filename;
+ previously, the "@" would cause it to not be recognized
+ as a file. Problem noted by Brian Hill of U.C. Davis.
+ Accept a -1 signal to re-exec the daemon. This only works if
+ argv[0] is a full path to sendmail.
+ Fix bug in "addr=..." field in O option on little-endian machines
+ -- the network number wasn't being converted to network
+ byte order. Patch from Kurt Lidl of Pix Technologies
+ Corporation.
+ Pre-initialize the resolver early on; this is to avoid a bug with
+ BIND 4.9.3 that can cause the _res.retry field to get
+ reset to zero, causing all name server lookups to time
+ out. Fix from Matt Day of Artisoft.
+ Restore T line (trusted users) in config file -- but instead of
+ locking out the -f flag, they just tell whether or not
+ an X-Authentication-Warning: will be added. This really
+ just creates new entries in class 't', so "Ft/file/name"
+ can be used to read trusted user names from a file.
+ Trusted users are also allowed to execute programs even
+ if they have a shell that isn't in /etc/shells.
+ Improve NEWDB alias file rebuilding so it will create them
+ properly if they do not already exist. This had been
+ a MAYBENEXTRELEASE feature in 8.6.9.
+ Check for @:@ entry in NIS maps before starting up to avoid
+ (but not prevent, sigh) race conditions. This ought to
+ be handled properly in ypserv, but isn't. Suggested by
+ Michael Beirne of Motorola.
+ Refuse connections if there isn't enough space on the filesystem
+ holding the queue. Contributed by Robert Dana of Wolf
+ Communications.
+ Skip checking for directory permissions in the path to a file
+ when checking for file permissions iff setreuid()
+ succeeded -- it is unnecessary in that case. This avoids
+ significant performance problems when looking for .forward
+ files. Based on a suggestion by Win Bent of USC.
+ Allow symbolic ruleset names. Syntax can be "Sname" to get an
+ arbitrary ruleset number assigned or "Sname = integer"
+ to assign a specific ruleset number. Reference is
+ $>name_or_number. Names can be composed of alphas, digits,
+ underscore, or hyphen (first character must be non-numeric).
+ Allow -o flag on AliasFile lines to make the alias file optional.
+ From Bryan Costales of ICSI.
+ Add NoRecipientAction option to handle the case where there is
+ no legal recipient header in the message. It can take
+ on values:
+ None Leave the message as is. The
+ message will be passed on even
+ though it is in technically
+ illegal syntax.
+ Add-To Add a To: header with any
+ recipients that it can find from
+ the envelope. This risks exposing
+ Bcc: recipients.
+ Add-Apparently-To Add an Apparently-To: header. This
+ has almost no redeeming social value,
+ and is provided only for back
+ compatibility.
+ Add-To-Undisclosed Add a header reading
+ To: undisclosed-recipients:;
+ which will have the effect of
+ making the message legal without
+ exposing Bcc: recipients.
+ Add-Bcc To add an empty Bcc: header.
+ There is a chance that mailers down
+ the line will delete this header,
+ which could cause exposure of Bcc:
+ recipients.
+ The default is NoRecipientAction=None.
+ Truncate (rather than delete) Bcc: lines in the header. This
+ should prevent later sendmails (at least, those that don't
+ themselves delete Bcc:) from considering this message to
+ be non-conforming -- although it does imply that non-blind
+ recipients can see that a Bcc: was sent, albeit not to whom.
+ Add SafeFileEnvironment option. If declared, files named as delivery
+ targets must be regular files in addition to the regular
+ checks. Also, if the option is non-null then it is used as
+ the name of a directory that is used as a chroot(2)
+ environment for the delivery; the file names listed in an
+ alias or forward should include the name of this root.
+ For example, if you run with
+ O SafeFileEnvironment=/arch
+ then aliases should reference "/arch/rest/of/path". If a
+ value is given, sendmail also won't try to save to
+ /usr/tmp/dead.letter (instead it just leaves the job in the
+ queue as Qfxxxxxx). Inspired by *Hobbit*'s sendmail patch kit.
+ Support -A flag for alias files; this will comma concatenate like
+ entries. For example, given the aliases:
+ list: member1
+ list: member2
+ and an alias file declared as:
+ OAhash:-A /etc/aliases
+ the final alias inserted will be "list: member1,member2";
+ without -A you will get an error on the second and subsequent
+ alias for "list". Contributed by Bryan Costales of ICSI.
+ Line-buffer transcript file. Suggested by Liudvikas Bukys.
+ Fix a problem that could cause very long addresses to core dump in
+ some special circumstances. Problem pointed out by Allan
+ Johannesen.
+ (Internal change.) Change interface to expand() (macro expansion)
+ to be simpler and more consistent.
+ Delete check for funny qf file names. This didn't really give
+ any extra security and caused some people some problems.
+ (If you -really- want this, define PICKY_QF_NAME_CHECK
+ at compile time.) Suggested by Kyle Jones of UUNET.
+ (Internal change.) Change EF_NORETURN to EF_NO_BODY_RETN and
+ merge with DSN code; this is simpler and more consistent.
+ This may affect some people who have written their own
+ checkcompat() routine.
+ (Internal change.) Eliminate `D' line in qf file. The df file
+ is now assumed to be the same name as the qf file (with
+ the `q' changed to a `d', of course).
+ Avoid forking for delivery if all recipient mailers are marked as
+ "expensive" -- this can be a major cost on some systems.
+ Essentially, this forces sendmail into "queue only" mode
+ if all it is going to do is queue anyway.
+ Avoid sending a null message in some rather unusual circumstances
+ (specifically, the RCPT command returns a temporary
+ failure but the connection is lost before the DATA
+ command). Fix from Scott Hammond of Secure Computing
+ Corporation.
+ Change makesendmail to use a somewhat more rational naming scheme:
+ Makefiles and obj directories are named $os.$rel.$arch,
+ where $os is the operating system (e.g., SunOS), $rel is
+ the release number (e.g., 5.3), and $arch is the machine
+ architecture (e.g., sun4). Any of these can be omitted,
+ and anything after the first dot in a release number can
+ be replaced with "x" (e.g., SunOS.4.x.sun4). The previous
+ version used $os.$arch.$rel and was rather less general.
+ Ignore IDENT return value if the OSTYPE field returns "OTHER",
+ as indicated by RFC 1413. Pointed out by Kari Hurtta
+ of the Finnish Meteorological Institute.
+ Fix problem that could cause multiple responses to DATA command
+ on header syntax errors (e.g., lines beginning with colons).
+ Problem noted by Jens Thomassen of the University of Oslo.
+ Don't let null bytes in headers cause truncation of the rest of
+ the header.
+ Log Authentication-Warning:s. Suggested by Motonori Nakamura.
+ Increase timeouts on message data puts to allow time for receivers
+ to canonify addresses in headers on the fly. This is still
+ a rather ugly heuristic. From Motonori Nakamura.
+ Add "HasWildcardMX" suboption to ResolverOptions; if set, MX
+ records are not used when canonifying names. This is
+ useful if you have a wildcard MX record, although it
+ may cause other problems. In general, don't use wildcard
+ MX records. Patch from Motonori Nakamura.
+ Eliminate default two-line SMTP greeting message. Instead of
+ adding an extra "ESMTP spoken here" line, the word "ESMTP"
+ is added between the first and second word of the first
+ line of the greeting message (i.e., immediately after the
+ host name). This eliminates the need for the BROKEN_SMTP_PEERS
+ compile flag. Old sendmails won't see the ESMTP, but that's
+ acceptable because SIZE was the only useful extension that
+ old sendmails understand.
+ Avoid gethostbyname calls on UNIX domain sockets during SIGUSR1
+ invoked state dumps. From Masaharu Onishi.
+ Allow on-line comments in .forward and :include: files; they are
+ introduced by the string "<LWSP>#@#<LWSP>", where <LWSP>
+ is a space or a tab. This is intended for native
+ representation of non-ASCII sets such as Japanese, where
+ existing encodings would be unreadable or would lose
+ data -- for example,
+ <motonori@cs.ritsumei.ac.jp> NAKAMURA Motonori
+ (romanized/less information)
+ <motonori@cs.ritsumei.ac.jp> =?ISO-2022-JP?B?GyRCQ2ZCPBsoQg==?=
+ =?ISO-2022-JP?B?GyRCQUdFNRsoQg==?=
+ (with MIME encoding, not human readable)
+ <motonori@cs.ritsumei.ac.jp> #@# ^[$BCfB<^[(B ^[$BAGE5^[(B
+ (native encoding with ISO-2022-JP)
+ The last form is human readable in the Japanese environment.
+ Based on a fix from (surprise!) Motonori Nakamura.
+ Don't make SMTP error returns on MAIL FROM: line be "sticky" for all
+ messages to that host; these are most frequently associated
+ with addresses rather than the host, with the exception of
+ 421 (service shutting down). The effect was to cause queues
+ to sometimes take an excessive time to flush. Reported by
+ Robert Sargent of Southern Geographics Technologies.
+ Add Nice=N mailer option to set the niceness at which a mailer will
+ run.
+ When looking for a default config file (that is, not specified using
+ a -C flag), try a configuration file name extended by the
+ binary version number -- e.g., sendmail.8.7.Alpha.9.cf,
+ sendmail.8.7.Alpha.cf, sendmail.8.7.cf, sendmail.8.cf, and
+ sendmail.cf in that order. This should make it easier to
+ test new versions in a shared environment.
+ Log queue runs that are skipped due to high loads. They are logged
+ at LOG_INFO priority iff the log level is > 8. Contributed
+ by Bruce Nagel of Data General.
+ Allow the error mailer to accept a DSN-style error status code
+ instead of an sysexits status code in the host part.
+ Anything with a dot will be interpreted as a DSN-style code.
+ Add new mailer flag: F=3 will tell translations to Quoted-Printable
+ to encode characters that might be munged by an EBCDIC system
+ in addition to the set required by RFC 1521. The additional
+ characters are !, ", #, $, @, [, \, ], ^, `, {, |, }, and ~.
+ (Think of "IBM 360" as the mnemonic for this flag.)
+ Change check for mailing to files to look for a pathname of [FILE]
+ rather than looking for the mailer named *file*. The mapping
+ of leading slashes still goes to the *file* mailer. This
+ allows you to implement the *file* mailer as a separate
+ program, for example, to insert a Content-Length: header
+ or do special security policy. However, note that the usual
+ initial checking for the file permissions is still done, and
+ the program in question needs to be very careful about how
+ it does the file write to avoid security problems.
+ Be able to read ~root/.forward even if the path isn't accessible to
+ regular users. This is disrecommended because sendmail
+ sometimes does not run as root (e.g., when an unsafe option
+ is specified on the command line), but should otherwise be
+ safe because .forward files must be owned by the user for
+ whom mail is being forwarded, and cannot be a symbolic link.
+ Suggested by Forrest Aldrich of Wang Laboratories.
+ Add new "HostsFile" option that is the pathname to the /etc/hosts
+ file. This is used for canonifying hostnames when the
+ service type is "files".
+ Implement programs on F (read class from file) line. The syntax is
+ Fc|/path/to/program to read the output from the program
+ into class "c".
+ Probe the network interfaces to find alternate names for this
+ host. Requires the SIOCGIFCONF ioctl call. Code
+ contributed by SunSoft.
+ Add "E" configuration line to set or propogate environment
+ variables into children. "E<envar>" will propogate
+ the named variable from the environment when sendmail
+ was invoked into any children it calls; "E<envar>=<value>"
+ sets the named variable to the indicated value. Any
+ variables not explicitly named will not be in the child
+ environment. However, sendmail still forces an
+ "AGENT=sendmail" environment variable, in part to enforce
+ at least one environment variable, since many programs and
+ libraries die horribly if this is not guaranteed.
+ Change heuristic for rebuilding both NEWDB and NDBM versions of
+ alias databases -- new algorithm looks for the substring
+ "/yp/" in the file name. This is more portable and involves
+ less overhead. Suggested by Motonori Nakamura.
+ Dynamically allocate the queue work list so that you don't lose
+ jobs in large queue runs. The old QUEUESIZE compile parameter
+ is replaced by QUEUESEGSIZE (the unit of allocation, which
+ should not need to be changed) and the MaxQueueRunSize option,
+ which is the absolute maximum number of jobs that will ever
+ be handled in a single queue run. Based on code contributed
+ by Brian Coan of the Institute for Global Communications.
+ Log message when a message is dropped because it exceeds the maximum
+ message size. Suggested by Leo Bicknell of Virginia Tech.
+ Allow trusted users (those on a T line or in $=t) to use -bs without
+ an X-Authentication-Warning: added. Suggested by Mark Thomas
+ of Mark G. Thomas Consulting.
+ Announce state of compile flags on -d0.1 (-d0.10 throws in the
+ OS-dependent defines). The old semantic of -d0.1 to not
+ run the daemon in background has been moved to -d99.100,
+ and the old 52.5 flag (to avoid disconnect() from closing
+ all output files) has been moved to 52.100. This makes
+ things more consistent (flags below .100 don't change
+ semantics) and separates out the backgrounding so that
+ it doesn't happen automatically on other unrelated debugging
+ flags.
+ If -t is used but no addresses are found in the header, give an
+ error message rather than just doing nothing. Fix from
+ Motonori Nakamura.
+ On systems (like SunOS) where the effective gid is not necessarily
+ included in the group list returned by getgroups(), the
+ `restrictmailq' option could sometimes cause an authorized
+ user to not be able to use `mailq'. Fix from Charles Hannum
+ of MIT.
+ Allow symbolic service names for [IPC] mailers. Suggested by
+ Gerry Magennis of Logica International.
+ Add DontExpandCnames option to prevent $[ ... $] from expanding CNAMEs
+ when running DNS. For example, if the name FTP.Foo.ORG is
+ a CNAME for Cruft.Foo.ORG, then when sitting on a machine in
+ the Foo.ORG domain a lookup of "FTP" returns "Cruft.Foo.ORG"
+ if this option is not set, or "FTP.Foo.ORG" if it is set.
+ This is technically illegal under RFC 822 and 1123, but the
+ IETF is moving toward legalizing it. Note that turning on
+ this option is not sufficient to guarantee that a downstream
+ neighbor won't rewrite the address for you.
+ Add "-m" flag to makesendmail script -- this tells you what object
+ directory and Makefile it will use, but doesn't actually do
+ the make.
+ Do some additional checking on the contents of the qf file to try
+ to detect attacks against the qf file. In particular,
+ abort on any line beginning "From ", and add an "end of
+ file" line -- any data after that line is prohibited.
+ If /etc/sendmail.cf exists, use it regardless of the compile-time
+ setting of _PATH_SENDMAILCF. This allows sendmail 8 to
+ have consistent install instructions.
+ PORTABILITY FIXES:
+ Solaris 2 from Rob McMahon <cudcv@csv.warwick.ac.uk>.
+ System V Release 4 from Motonori Nakamura of Ritsumeikan
+ University. This expands the disk size
+ checking to include all (?) SVR4 configurations.
+ System V Release 4 from Kimmo Suominen -- initgroups(3)
+ and setrlimit(2) are both available.
+ System V Release 4 from sob@sculley.ffg.com -- some versions
+ apparently "have EX_OK defined in other headerfiles."
+ Linux Makefile typo.
+ Linux getusershell(3) is broken in Slackware 2.0 --
+ from Andrew Pam of Xanadu Australia.
+ More Linux tweaking from John Kennedy of California State
+ University, Chico.
+ Cray changes from Eric Wassenaar: ``On Cray, shorts,
+ ints, and longs are all 64 bits, and all structs
+ are multiples of 64 bits. This means that the
+ sizeof operator returns only multiples of 8.
+ This requires adaptation of code that really
+ deals with 32 bit or 16 bit fields, such as IP
+ addresses or nameserver fields.''
+ DG/UX 5.4.3 from Mark T. Robinson <mtr@ornl.gov>. To
+ get the old behaviour, use -DDGUX_5_4_2.
+ DG/UX hack: add _FORCE_MAIL_LOCAL_=yes environment
+ variable to fix bogus /bin/mail behaviour.
+ Tandem NonStop-UX from Rick McCarty <mccarty@mpd.tandem.com>.
+ This also cleans up some System V Release 4 compile
+ problems.
+ Solaris 2: sendmail.cw file should be in /etc/mail to
+ match all the other configuration files. Fix
+ from Glenn Barry of Emory University.
+ Solaris 2.3: compile problem in conf.c. Fix from Alain
+ Nissen of the University of Liege, Belgium.
+ Ultrix: freespace calculation was incorrect. Fix from
+ Takashi Kizu of Osaka University.
+ SVR4: running in background gets a SIGTTOU because the
+ emulation code doesn't realize that "getpeername"
+ doesn't require reading the file. Fix from Peter
+ Wemm of DIALix.
+ Solaris 2.3: due to an apparent bug in the socket emulation
+ library, sockets can get into a "wedged" state where
+ they just return EPROTO; closing and re-opening the
+ socket clears the problem. Fix from Bob Manson
+ of Ohio State University.
+ Hitachi 3050R & 3050RX running HI-UX/WE2: portability
+ fixes from Akihiro Hashimoto ("Hash") of Chiba
+ University.
+ AIX changes to allow setproctitle to work from Rainer Schöpf
+ of Zentrum für Datenverarbeitung der Universität
+ Mainz.
+ AIX changes for load average from Ed Ravin of NASA/Goddard.
+ SCO Unix from Chip Rosenthal of Unicom (code was using the
+ wrong statfs call).
+ ANSI C fixes from Adam Glass (NetBSD project).
+ Stardent Titan/ANSI C fixes from Kate Hedstrom of Rutgers
+ University.
+ DG-UX fixes from Bruce Nagel of Data General.
+ IRIX64 updates from Mark Levinson of the University of
+ Rochester Medical Center.
+ Altos System V (``the first UNIX/XENIX merge the Altos
+ did for their Series 1000 & Series 2000 line;
+ their merged code was licenced back to AT&T and
+ Microsoft and became System V release 3.2'') from
+ Tim Rice <timr@crl.com>.
+ OSF/1 running on Intel Paragon from Jeff A. Earickson
+ <jeff@ssd.intel.com> of Intel Scalable Systems
+ Divison.
+ Amdahl UTS System V 2.1.5 (SVr3-based) from Janet Jackson
+ <janet@dialix.oz.au>.
+ System V Release 4 (statvfs semantic fix) from Alain
+ Durand of I.M.A.G.
+ HP-UX 10.x multiprocessor load average changes from
+ Scott Hutton and Jeff Sumler of Indiana University.
+ Cray CSOS from Scott Bolte of Cray Computer Corporation.
+ Unicos 8.0 from Douglas K. Rand of the University of North
+ Dakota, Scientific Computing Center.
+ Solaris 2.4 fixes from Sanjay Dani of Dani Communications.
+ ConvexOS 11.0 from Christophe Wolfhugel.
+ IRIX 4.0.5 from David Ashton-Reader of CADcentre.
+ ISC UNIX from J. J. Bailey.
+ HP-UX 9.xx on the 8xx series machines from Remy Giraud
+ of Meteo France.
+ HP-UX configuration from Tom Lane <tgl@sss.pgh.pa.us>.
+ IRIX 5.2 and 5.3 from Kari E. Hurtta.
+ FreeBSD 2.0 from Mike Hickey of Federal Data Corporation.
+ Sony NEWS-OS 4.2.1R and 6.0.3 from Motonori Nakamura.
+ Omron LUNA unios-b, mach from Motonori Nakamura.
+ NEC EWS-UX/V 4.2 from Motonori Nakamura.
+ NeXT 2.1 from Bryan Costales.
+ AUX patch thanks to Mike Erwin of Apple Computer.
+ HP-UX 10.0 from John Beck of Hewlett-Packard.
+ Ultrix: allow -DBROKEN_RES_SEARCH=0 if you are using a
+ non-DEC resolver. Suggested by Allan Johannesen.
+ UnixWare 2.0 fixes from Petr Lampa of the Technical
+ University of Brno (Czech Republic).
+ MAKEMAP: allow -d flag to allow insertion of duplicate aliases
+ in type ``btree'' maps. The semantics of this are undefined
+ for regular maps, but it can be useful for the user database.
+ MAKEMAP: lock database file while rebuilding to avoid sendmail
+ lookups while the rebuild is going on. There is a race
+ condition between the open(... O_TRUNC ...) and the lock
+ on the file, but it should be quite small.
+ SMRSH: sendmail restricted shell added to the release. This can
+ be used as an alternative to /bin/sh for the "prog" mailer,
+ giving the local administrator more control over what
+ programs can be run from sendmail.
+ MAIL.LOCAL: add this local mailer to the tape. It is not really
+ part of the release proper, and isn't fully supported; in
+ particular, it does not run on System V based systems and
+ never will.
+ CONTRIB: a patch to rmail.c from Bill Gianopoulos of Raytheon
+ to allow rmail to compile on systems that don't have
+ function prototypes and systems that don't have snprintf.
+ CONTRIB: add the "mailprio" scripts that will help you sort mailing
+ lists by transaction delay times so that addresses that
+ respond quickly get sent first. This is to prevent very
+ sluggish servers from delaying other peoples' mail.
+ Contributed by Tony Sanders of BSDI.
+ CONTRIB: add the "bsdi.mc" file as contributed by Tony Sanders
+ of BSDI. This has a lot of comments to help people out.
+ CONFIG: fix mail from <> so it will properly convert to
+ MAILER-DAEMON on local addresses.
+ CONFIG: fix code that was supposed to catch colons in host
+ names. Problem noted by John Gardiner Myers of CMU.
+ CONFIG: allow use of SMTP_MAILER_MAX in nullclient configuration.
+ From Paul Riddle of the University of Maryland, Baltimore
+ County.
+ CONFIG: Catch and reject "." as a host address.
+ CONFIG: Generalize domaintable to look up all domains, not
+ just unqualified ones.
+ CONFIG: Delete OLD_SENDMAIL support -- as near as I can tell, it
+ was never used and didn't work anyway.
+ CONFIG: Set flags A, w, 5, :, /, |, and @ on the "local" mailer
+ and d on all mailers in the UUCP class.
+ CONFIG: Allow "user+detail" to be aliased specially: it will first
+ look for an alias for "user+detail", then for "user+*", and
+ finally for "user". This is intended for forwarding mail
+ for system aliases such as root and postmaster to a
+ centralized hub.
+ CONFIG: add confEIGHT_BIT_HANDLING to set option 8 (see above).
+ CONFIG: add smtp8 mailer; this has the F=8 (just-send-8) flag set.
+ The F=8 flag is also set on the "relay" mailer, since
+ this is expected to be another sendmail.
+ CONFIG: avoid qualifying all UUCP addresses sent via SMTP with
+ the name of the UUCP_RELAY -- in some cases, this is the
+ wrong value (e.g., when we have local UUCP connections),
+ and this can create unreplyable addresses. From Chip
+ Rosenthal of Unicom.
+ CONFIG: add confRECEIVED_HEADER to change the format of the
+ Received: header inserted into all messages. Suggested by
+ Gary Mills of the University of Manitoba.
+ CONFIG: Make "notsticky" the default; use FEATURE(stickyhost)
+ to get the old behaviour. I did this upon observing
+ that almost everyone needed this feature, and that the
+ concept I was trying to make happen didn't work with
+ some user agents anyway. FEATURE(notsticky) still works,
+ but it is a no-op.
+ CONFIG: Add LUSER_RELAY -- the host to which unrecognized user
+ names are sent, rather than immediately diagnosing them
+ as User Unknown.
+ CONFIG: Add SMTP_MAILER_ARGS, ESMTP_MAILER_ARGS, SMTP8_MAILER_ARGS,
+ and RELAY_MAILER_ARGS to set the arguments for the
+ indicated mailers. All default to "IPC $h". Patch from
+ Larry Parmelee of Cornell University.
+ CONFIG: pop mailer needs F=n flag to avoid "annoying side effects
+ on the client side" and F=P to get an appropriate
+ return-path. From Kimmo Suominen.
+ CONFIG: add FEATURE(local_procmail) to use the procmail program
+ as the local mailer. For addresses of the form "user+detail"
+ the "detail" part is passed to procmail via the -a flag.
+ Contributed by Kimmo Suominen.
+ CONFIG: add MAILER(procmail) to add an interface to procmail for
+ use from mailertables. This lets you execute arbitrary
+ procmail scripts. Contributed by Kimmo Suominen.
+ CONFIG: add T= fields (MTS type) to local, smtp, and uucp mailers.
+ CONFIG: add OSTYPE(ptx2) for DYNIX/ptx 2.x from Sequent. From
+ Paul Southworth of CICNet Systems Support.
+ CONFIG: use -a$g as default to UUCP mailers, instead of -a$f.
+ This causes the null return path to be rewritten as
+ MAILER-DAEMON; otherwise UUCP gets horribly confused.
+ From Michael Hohmuth of Technische Universitat Dresden.
+ CONFIG: Add FEATURE(bestmx_is_local) to cause any hosts that
+ list us as the best possible MX record to be treated as
+ though they were local (essentially, assume that they
+ are included in $=w). This can cause additional DNS
+ traffic, but is easier to administer if this fits your
+ local model. It does not work reliably if there are
+ multiple hosts that share the best MX preference.
+ Code contributed by John Oleynick of Rutgers.
+ CONFIG: Add FEATURE(smrsh) to use smrsh (the SendMail Restricted
+ SHell) instead of /bin/sh as the program used for delivery
+ to programs. If an argument is included, it is used as
+ the path to smrsh; otherwise, /usr/local/etc/smrsh is
+ assumed.
+ CONFIG: Add LOCAL_MAILER_MAX and PROCMAILER_MAILER_MAX to limit the
+ size of messages to the local and procmail mailers
+ respectively. Contributed by Brad Knowles of the Defense
+ Information Systems Agency.
+ CONFIG: Handle leading ``phrase:'' and trailing ``;'' as comments
+ (just like text outside of angle brackets) in order to
+ properly deal with ``group: addr1, ... addrN;'' syntax.
+ CONFIG: Require OSTYPE macro (the defaults really don't apply to
+ any real systems any more) and tweak the DOMAIN macro
+ so that it is less likely that users will accidently use
+ the Berkeley defaults. Also, create some generic files
+ that really can be used in the real world.
+ CONFIG: Add new configuration macros to set character sets for
+ messages _arriving from_ various mailers: LOCAL_MAILER_CHARSET,
+ SMTP_MAILER_CHARSET, and UUCP_MAILER_CHARSET.
+ CONFIG: Change UUCP_MAX_SIZE to UUCP_MAILER_MAX for consistency.
+ The old name will still be accepted for a while at least.
+ CONFIG: Implement DECNET_RELAY as spec for host to which DECNET
+ mail (.DECNET pseudo-domain or node::user) will be sent.
+ As with all relays, it can be ``mailer:hostname''. Suggested
+ by Scott Hutton.
+ CONFIG: Add MAILER(mail11) to get DECnet support. Code contributed
+ by Barb Dijker of Labyrinth Computer Services.
+ CONFIG: change confCHECK_ALIASES to default to False -- it has poor
+ performance for large alias files, and this confused many
+ people.
+ CONFIG: Add confCF_VERSION to append local information to the
+ configuration version number displayed during SMTP startup.
+ CONFIG: fix some.newsgroup.usenet@local.host syntax (previously it
+ would only work when locally addressed. Fix from
+ Edvard Tuinder of Cistron Internet Services.
+ NEW FILES:
+ cf/cf/cs-hpux10.mc
+ cf/cf/cs-solaris2.mc
+ cf/cf/generic-hpux10.mc
+ cf/cf/generic-hpux9.mc
+ cf/cf/generic-osf1.mc
+ cf/cf/generic-solaris2.mc
+ cf/cf/generic-sunos4.1.mc
+ cf/cf/generic-ultrix4.mc
+ cf/cf/huginn.cs.mc
+ cf/domain/berkeley-only.m4
+ cf/domain/generic.m4
+ cf/feature/bestmx_is_local.m4
+ cf/feature/local_procmail.m4
+ cf/feature/smrsh.m4
+ cf/feature/stickydomain.m4
+ cf/mailer/mail11.m4
+ cf/mailer/procmail.m4
+ cf/ostype/amdahl-uts.m4
+ cf/ostype/hpux10.m4
+ cf/ostype/isc4.1.m4
+ cf/ostype/ptx2.m4
+ cf/ostype/unknown.m4
+ contrib/bsdi.mc
+ contrib/mailprio
+ contrib/rmail.oldsys.patch
+ smrsh/README
+ smrsh/smrsh.8
+ smrsh/smrsh.c
+ src/Makefiles/Makefile.CSOS
+ src/Makefiles/Makefile.EWS-UX_V
+ src/Makefiles/Makefile.HP-UX.10
+ src/Makefiles/Makefile.IRIX.5.x
+ src/Makefiles/Makefile.IRIX64
+ src/Makefiles/Makefile.ISC
+ src/Makefiles/Makefile.NEWS-OS.4.x
+ src/Makefiles/Makefile.NEWS-OS.6.x
+ src/Makefiles/Makefile.NonStop-UX
+ src/Makefiles/Makefile.Paragon
+ src/Makefiles/Makefile.SunOS.5.3
+ src/Makefiles/Makefile.SunOS.5.4
+ src/Makefiles/Makefile.SunOS.5.5
+ src/Makefiles/Makefile.UNIX_SV.4.x.i386
+ src/Makefiles/Makefile.uts.systemV
+ src/mime.c
+ test/t_seteuid.c
+ RENAMED FILES:
+ cf/cf/alpha.mc => cf/cf/s2k-osf1.mc
+ cf/cf/chez.mc => cf/cf/chez.cs.mc
+ cf/cf/hpux-cs-exposed.mc => cf/cf/cs-hpux9.mc
+ cf/cf/osf1-cs-exposed.mc => cf/cf/cs-osf1.mc
+ cf/cf/s2k.mc => cf/cf/s2k-ultrix4.mc
+ cf/cf/sunos4.1-cs-exposed.mc => cf/cf/cs-sunos4.1.mc
+ cf/cf/ultrix4.1-cs-exposed.mc => cf/cf/cs-ultrix4.mc
+ cf/cf/vangogh.mc => cf/cf/vangogh.cs.mc
+ cf/domain/Berkeley.m4 => cf/domain/Berkeley.EDU.m4
+ cf/domain/cs-exposed.m4 => cf/domain/CS.Berkeley.EDU.m4
+ cf/domain/eecs-hidden.m4 => cf/domain/EECS.Berkeley.EDU.m4
+ cf/domain/s2k.m4 => cf/domain/S2K.Berkeley.EDU.m4
+ cf/ostype/hpux.m4 => cf/ostype/hpux9.m4
+ cf/ostype/ultrix4.1.m4 => cf/ostype/ultrix4.m4
+ src/Makefile.* => src/Makefiles/Makefile.*
+ src/Makefile.BSDI => src/Makefiles/Makefile.BSD-OS
+ src/Makefile.SunOS.4.0.3 => src/Makefiles/Makefile.SunOS.4.0
+ OBSOLETED FILES:
+ cf/cf/cogsci.mc
+ cf/cf/cs-exposed.mc
+ cf/cf/cs-hidden.mc
+ cf/cf/hpux-cs-hidden.mc
+ cf/cf/knecht.mc
+ cf/cf/osf1-cs-hidden.mc
+ cf/cf/sunos3.5-cs-exposed.mc
+ cf/cf/sunos3.5-cs-hidden.mc
+ cf/cf/sunos4.1-cs-hidden.mc
+ cf/cf/ultrix4.1-cs-hidden.mc
+ cf/domain/cs-hidden.m4
+ contrib/rcpt-streaming
+ src/Makefiles/Makefile.SunOS.5.x
+
+8.6.12/8.6.12 95/03/28
+ Fix to IDENT code (it was getting the size of the reply buffer
+ too small, so nothing was ever accepted). Fix from several
+ people, including Allan Johannesen, Shane Castle of the
+ Boulder County Information Services, and Jeff Smith of
+ Warwick University (all arrived within a few hours of
+ each other!).
+ Fix a problem that could cause large jobs to run out of
+ file descriptors on systems that use vfork() rather
+ than fork().
+
+8.6.11/8.6.11 95/03/08
+ The ``possible attack'' message would be logged more often
+ than necessary if you are using Pine as a user agent.
+ The wrong host would be reported in the ``possible attack''
+ message when attempted from IDENT.
+ In some cases the syslog buffer could be overflowed when
+ reporting the ``possible attack'' message. This can
+ cause denial of service attacks. Truncate the message
+ to 80 characters to prevent this problem.
+ When reading the IDENT response a loop is needed around the
+ read from the network to ensure that you don't get
+ partial lines.
+ Password entries without any shell listed (that is, a null
+ shell) wouldn't match as "ok". Problem noted by
+ Rob McMahon.
+ When running BIND 4.9.x a problem could occur because the
+ _res.options field is initialized differently than it
+ was historically -- this requires that sendmail call
+ res_init before it tweaks any bits.
+ Fix an incompatibility in openxscript() between the file open mode
+ and the stdio mode passed to fdopen. This caused UnixWare
+ 2.0 to have conniptions. Fix from Martin Sohnius of
+ Novell Labs Europe.
+ Fix problem with static linking of local getopt routine when
+ using GNU's ld command. Fix from John Kennedy of
+ Cal State Chico.
+ It was possible to turn off privacy flags. Problem noted by
+ *Hobbit*.
+ Be more paranoid about writing files. Suggestions by *Hobbit*
+ and Liudvikas Bukys.
+ MAKEMAP: fixes for 64 bit machines (DEC Alphas in particular)
+ from Spider Boardman.
+ CONFIG: No changes (version number only, to keep it in sync
+ with the binaries).
+
+8.6.10/8.6.10 95/02/10
+ SECURITY: Diagnose bogus values to some command line flags that
+ could allow trash to get into headers and qf files.
+ Validate the name of the user returned by the IDENT protocol.
+ Some systems that really dislike IDENT send intentionally
+ bogus information. Problem pointed out by Michael Bushnell
+ of the Free Software Foundation. Has some security
+ implications.
+ Fix a problem causing error messages about DNS problems when
+ the host name contained a percent sign to act oddly
+ because it was passed as a printf-style format string.
+ In some cases this could cause core dumps.
+ Avoid possible buffer overrun in returntosender() if error
+ message is quite ling. From Fletcher Mattox of the
+ University of Texas.
+ Fix a problem that would silently drop "too many hops" error
+ messages if and only if you were sending to an alias.
+ From Jon Giltner of the University of Colorado and
+ Dan Harton of Oak Ridge National Laboratory.
+ Fix a bug that caused core dumps on some systems if -d11.2 was
+ set and e->e_message was null. Fix from Bruce Nagel of
+ Data General.
+ Fix problem that can still cause df files to be left around
+ after "hop count exceeded" messages. Fix from Andrew
+ Chang and Shau-Ping Lo of SunSoft.
+ Fix a problem that can cause buffer overflows on very long
+ user names (as might occur if you piped to a program
+ with a lot of arguments).
+ Avoid returning an error and re-queueing if the host signature
+ is null; this can occur on addresses like ``user@.''.
+ Problem noted by Wesley Craig and the University of
+ Michigan.
+ Avoid possible calls to malloc(0) if MCI caching is turned
+ off. Bug fix from Pierre David of the Laboratoire
+ Parallelisme, Reseaux, Systemes et Modelisation (PRiSM),
+ Universite de Versailles - St Quentin, and Jacky
+ Thibault.
+ Make a local copy of the line being sent via senttolist() -- in
+ some cases, buffers could get trashed by map lookups
+ causing it to do unexpected things. This also simplifies
+ some of the map code.
+ CONFIG: No changes (version number only, to keep it in sync
+ with the binaries).
+
+8.6.9/8.6.9 94/04/19
+ Do all mail delivery completely disconnected from any terminal.
+ This provides consistency with daemon delivery and
+ may have some security implications.
+ Make sure that malloc doesn't get called with zero size,
+ since that fails on some systems. Reported by Ed
+ Hill of the University of Iowa.
+ Fix multi-line values for $e (SMTP greeting message). Reported
+ by Mike O'Connor of Ford Motor Company.
+ Avoid syserr if no NIS domain name is defined, but the map it
+ is trying to open is optional. From Win Bent of USC.
+ Changes for picky compilers from Ed Gould of Digital Equipment.
+ Hesiod support for UDB from Todd Miller of the University of
+ Colorado. Use "hesiod" as the service name in the U
+ option.
+ Fix a problem that failed to set the "authentic" host name (that
+ is, the one derived from the socket info) if you called
+ sendmail -bs from inetd. Based on code contributed by
+ Todd Miller (this problem was also reported by Guy Helmer
+ of Dakota State University). This also fixes a related
+ problem reported by Liudvikas Bukys of the University of
+ Rochester.
+ Parameterize "nroff -h" in all the Makefiles so people with
+ variant versions can use them easily. Suggested by
+ Peter Collinson of Hillside Systems.
+ SMTP "MAIL" commands with multiple ESMTP parameters required two
+ spaces between parameters instead of one. Reported by
+ Valdis Kletnieks of Virginia Tech.
+ Reduce the number of system calls during message collection by
+ using global timeouts around the collect() loop. This
+ code was contributed by Eric Wassenaar.
+ If the initial hostname name gathering results in a name
+ without a dot (usually caused by NIS misconfiguration)
+ and BIND is compiled in, directly access DNS to get
+ the canonical name. This should make life easier for
+ Solaris systems. If it still can't be resolved, and
+ if the name server is listed as "required", try again
+ in 30 seconds. If that also fails, exit immediately to
+ avoid bogus "config error: mail loops back to myself"
+ messages.
+ Improve the "MAIL DELETED BECAUSE OF LACK OF DISK SPACE" error
+ message to explain how much space was available and
+ sound a bit less threatening. Suggested by Stan Janet
+ of the National Institute of Standards and Technology.
+ If mail is delivered to an alias that has an owner, deliver any
+ requested return-receipt immediately, and strip the
+ Return-Receipt-To: header from the subsequent message.
+ This prevents a certain class of denial of service
+ attack, arguably gives more reasonable semantics, and
+ moves things more towards what will probably become a
+ network standard. Suggested by Christopher Davis of
+ Kapor Enterprises.
+ Add a "noreceipts" privacy flag to turn off all return receipts
+ without recompiling.
+ Avoid printing ESMTP parameters as part of the error message
+ if there are errors during parsing. This change is
+ purely cosmetic.
+ Avoid sending out error messages during the collect phase of
+ SMTP; there is an MVS mailer from UCLA that gets
+ confused by this. Of course, I think it's their bug....
+ Check for the $j macro getting undefined, losing a dot, or getting
+ lost from $=w in the daemon before accepting a connection;
+ if it is, it dumps state, prints a LOG_ALERT message,
+ and drops core for debugging. This is an attempt to
+ track down a bug that I thought was long since gone.
+ If you see this, please forward the log fragment to
+ sendmail@CS.Berkeley.EDU.
+ Change OLD_NEWDB from a #ifdef to a #if so it can be turned off
+ with -DOLD_NEWDB=0 on the command line. From Christophe
+ Wolfhugel.
+ Instead of trying to truncate the listen queue for the server
+ SMTP port when the load average is too high, just close
+ the port completely and reopen it later as needed.
+ This ensures that the other end gets a quick "connection
+ refused" response, and that the connection can be
+ recovered later. In particular, some socket emulations
+ seem to get confused if you tweak the listen queue
+ size around and can never start listening to connections
+ again. The down side is that someone could start up
+ another daemon process in the interim, so you could
+ have multiple daemons all not listening to connections;
+ this could in turn cause the sendmail.pid file to be
+ incorrect. A better approach might be to accept the
+ connection and give a 421 code, but that could break
+ other mailers in mysterious ways and have paging behaviour
+ implications.
+ Fix a glitch in TCP-level debugging that caused flag 16.101 to
+ set debugging on the wrong socket. From Eric Wassenaar.
+ When creating a df* temporary file, be sure you truncate any
+ existing data in the file -- otherwise system crashes
+ and the like could result in extra data being sent.
+ DOC: Replace the CHANGES-R5-R8 readme file with a paper in the
+ doc directory. This includes some additional
+ information.
+ CONFIG: change UUCP rules to never add $U! or $k! on the front
+ of recipient envelope addresses. This should have been
+ handled by the $&h trick, but broke if people were
+ mixing domainized and UUCP addresses. They should
+ probably have converted all the way over to uucp-uudom
+ instead of uucp-{new,old}, but the failure mode was to
+ loop the mail, which was bad news.
+ Portability fixes:
+ Newer BSDI systems (several people).
+ Older BSDI systems from Christophe Wolfhugel.
+ Intergraph CLIX, from Paul Southworth of CICNet.
+ UnixWare, from Evan Champion.
+ NetBSD from Adam Glass.
+ Solaris from Quentin Campbell of the University of
+ Newcastle upon Tyne.
+ IRIX from Dean Cookson and Bill Driscoll of Mitre
+ Corporation.
+ NCR 3000 from Kevin Darcy of Chrysler Financial Corporation.
+ SunOS (it has setsid() and setvbuf() calls) from
+ Jonathan Kamens of OpenVision Technologies.
+ HP-UX from Tor Lillqvist.
+ New Files:
+ src/Makefile.CLIX
+ src/Makefile.NCR3000
+ doc/changes/Makefile
+ doc/changes/changes.me
+ doc/changes/changes.ps
+
+8.6.8/8.6.6 94/03/21
+ SECURITY: it was possible to read any file as root using the
+ E (error message) option. Reported by Richard Jones;
+ fixed by Michael Corrigan and Christophe Wolfhugel.
+
projects / unix-history / blobdiff