1 SENDMAIL RELEASE NOTES 2 @(#)RELEASE_NOTES 8.7.Beta (Berkeley) 06/21/95 3 4This listing shows the version of the sendmail binary, the version 5of the sendmail configuration files, the date of release, and a 6summary of the changes in that release. 7 88.7/8.7 95/xx/xx CURRENTLY IN BETA PRERELEASE!!! 9 Fix a problem that could cause sendmail to run out of file 10 descriptors due to a trashed data structure after a 11 vfork. Fix from Brian Coan of the Institute for 12 Global Communications. 13 Change the VRFY response if you have disabled VRFY -- some 14 people seemed to think that it was too rude. 15 Avoid reference to uninitialized file descriptor if HASFLOCK 16 was not defined. This was used "safely" in the sense 17 that it only did a stat, but it would have set the 18 map modification time improperly. Problem pointed out 19 by Roy Mongiovi of Georgia Tech. 20 Clean up the Subject: line on warning messages and return 21 receipts so that they don't say "Returned mail:"; this 22 can be confusing. 23 Move ruleset entry/exit debugging from 21.2 to 21.1 -- this is 24 useful enough to make it worthwhile printing on "-d". 25 Avoid logging alias statistics every time you read the alias 26 file on systems with no database method compiled in. 27 If you have a name with a trailing dot, and you try looking it 28 up using gethostbyname without the dot (for /etc/hosts 29 compatibility), be sure to turn off RES_DEFNAMES and 30 RES_DNSRCH to avoid finding the wrong name accidently. 31 Problem noted by Charles Amos of the University of 32 Maryland. 33 Don't do timeouts in collect if you are not running SMTP. 34 There is nothing that says you can't have a long 35 running program piped into sendmail (possibly via 36 /bin/mail, which just execs sendmail). Problem reported 37 by Don "Truck" Lewis of Silicon Systems. 38 Try gethostbyname() even if the DNS lookup fails iff option I 39 is not set. This allows you to have hosts listed in 40 NIS or /etc/hosts that are not known to DNS. It's normally 41 a bad idea, but can be useful on firewall machines. This 42 should really be broken out on a separate flag, I suppose. 43 Avoid compile warnings against BIND 4.9.3, which uses function 44 prototypes. From Don Lewis of Silicon Systems. 45 Avoid possible incorrect diagnosis of DNS-related errors caused 46 by things like attempts to resolve uucp names using 47 $[ ... $] -- the fix is to clear h_errno at appropriate 48 times. From Kyle Jones of UUNET. 49 SECURITY: avoid denial-of-service attacks possible by destroying 50 the alias database file by setting resource limits low. 51 This involves adding two new compile-time options: 52 HASSETRLIMIT (indicating that setrlimit(2) support is 53 available) and HASULIMIT (indicating that ulimit(2) support 54 is available -- the Release 3 form is used). The former 55 is assumed on BSD-based systems, the latter on System 56 V-based systems. Attack noted by Phil Brandenberger of 57 Swarthmore University. 58 New syntaxes in test (-bt) mode: 59 ``.Dmvalue'' will define macro "m" to "value". 60 ``.Ccvalue'' will add "value" to class "c". 61 ``.Sruleset'' will dump the contents of the indicated 62 ruleset. 63 ``-ddebug-spec'' is equivalent to the command-line 64 -d debug flag. 65 ``$m'' will print the value of macro "m". 66 ``/mx host'' returns the MX records for ``host''. 67 ``/try address'' will parse address, returning the value of 68 crackaddr (essentially, the comment information) 69 and the parsed address (the same as -bv). 70 ``/tryflags flags'' will set flags used by parsing. The 71 flags can be `H' for header or `E' for envelope, 72 and `S' for sender or `R' for recipient. These 73 can be combined, so `HR' sets flags for header 74 recipients. 75 Somewhat better handling of UNIX-domain socket addresses -- it 76 should show the pathname rather than hex bytes. 77 Restore ``-ba'' mode -- this reads a file from stdin and parses 78 the header for envelope sender information and uses 79 CR-LF as message terminators. It was thought to be 80 obsolete (used only for Arpanet NCP protocols), but it 81 turns out that the UK ``Grey Book'' protocols require 82 that functionality. 83 Fix a fix in previous release -- if gethostname and gethostbyname 84 return a name without dots, and if an attempt to canonify 85 that name fails, wait one minute and try again. This can 86 result in an extra 60 second delay on startup if your system 87 hostname (as returned by hostname(1)) has no dot and no names 88 listed in /etc/hosts or your NIS map have a dot. 89 Check for proper domain name on HELO and EHLO commands per 90 RFC 1123 section 5.2.5. Problem noted by Thomas Dwyer III 91 of Michigan Technological University. 92 Relax chownsafe rules slightly -- old version said that if you 93 can't tell if _POSIX_CHOWN_RESTRICTED is set (that is, 94 if fpathconf returned EINVAL or ENOSYS), assume that 95 chown is not safe. The new version falls back to whether 96 you are on a BSD system or not. This is important for 97 SunOS, which apparently always returns one of those 98 error codes. This impacts whether you can mail to files 99 or not. 100 Syntax errors such as unbalanced parentheses in the configuration 101 file could be omitted if you had "Oem" prior to the 102 syntax error in the config file. Change to always print 103 the error message. It was especially wierd because it 104 would cause a "warning" message to be sent to the Postmaster 105 for every message sent (but with no transcript). Problem 106 noted by Gregory Paris of Motorola. 107 Rewrite collect and putbody to handle full 8-bit data, including 108 zero bytes. These changes are internally extensive, but 109 should have minimal impact on external function. 110 Allow full words for option names -- if the option letter is 111 (apparently) a space, then take the word following -- e.g., 112 O MatchGECOS=TRUE 113 The full list of old and new names is as follows: 114 7 SevenBitInput 115 8 EightBitMode 116 A AliasFile 117 a AliasWait 118 B BlankSub 119 b MinFreeBlocks/MaxMessageSize 120 C CheckpointInterval 121 c HoldExpensive 122 D AutoRebuildAliases 123 d DeliveryMode 124 E ErrorHeader 125 e ErrorMode 126 f SaveFromLine 127 F TempFileMode 128 G MatchGECOS 129 H HelpFile 130 h MaxHopCount 131 i IgnoreDots 132 I ResolverOptions 133 J ForwardPath 134 j SendMimeErrors 135 k ConnectionCacheSize 136 K ConnectionCacheTimeout 137 L LogLevel 138 l UseErrorsTo 139 m MeToo 140 n CheckAliases 141 O DaemonPortOptions 142 o OldStyleHeaders 143 P PostmasterCopy 144 p PrivacyOptions 145 Q QueueDirectory 146 q QueueFactor 147 R DontPruneRoutes 148 r, T Timeout 149 S StatusFile 150 s SuperSafe 151 t TimeZoneSpec 152 u DefaultUser 153 U UserDatabaseSpec 154 V FallbackMXhost 155 v Verbose 156 w TryNullMXList 157 x QueueLA 158 X RefuseLA 159 Y ForkEachJob 160 y RecipientFactor 161 z ClassFactor 162 Z RetryFactor 163 To avoid possible problems with an older sendmail, 164 configuration level 6 is accepted by this version of 165 sendmail; any config file using the new names should 166 specify "V6" in the configuration. 167 Change address parsing to properly note that a phrase before a 168 colon and a trailing semicolon are essentially the same 169 as text outside of angle brackets (i.e., sendmail should 170 treat them as comments). This is to handle the 171 ``group name: addr1, addr2, ..., addrN;'' syntax (it will 172 assume that ``group name:'' is a comment on the first 173 address and the ``;'' is a comment on the last address). 174 This requires config file support to get right. It does 175 understand that :: is NOT this syntax, and can be turned 176 off completely by setting the ColonOkInAddresses option. 177 Level 6 config files added with new mailer flags: 178 A Addresses are aliasable. 179 i Do udb rewriting on envelope as well as header 180 sender lines. Applies to the from address mailer 181 flags rather than the recipient mailer flags. 182 j Do udb rewriting on header recipient addresses. 183 Applies to the sender mailer flags rather than the 184 recipient mailer flags. 185 k Disable check for loops when doing HELO command. 186 o Always run as the mail recipient, even on local 187 delivery. 188 w Check for an /etc/passwd entry for this user. 189 5 Pass addresses through ruleset 5. 190 : Check for :include: on this address. 191 | Check for |program on this address. 192 / Check for /file on this address. 193 @ Look up sender header addresses in the user 194 database. Applies to the mailer flags for the 195 mailer corresponding to the envelope sender 196 address, rather than to recipient mailer flags. 197 Pre-level 6 configuration files set A, w, 5, :, |, /, and @ 198 on the "local" mailer, the o flag on the "prog" and "*file*" 199 mailers, and the ColonOkInAddresses option. 200 Eight-to-seven bit MIME conversions. This borrows ideas from 201 John Beck of Hewlett-Packard, who generously contributed 202 their implementation to me, which I then didn't use (see 203 mime.c for an explanation of why). This adds the 204 EightBitMode option (a.k.a. `8') and an F=8 mailer flag 205 to control handling of 8-bit data. These have to cope with 206 two types of 8-bit data: unlabelled 8-bit data (that is, 207 8-bit data that is entered without declaring it as 8-bit 208 MIME -- technically this is illegal according to the 209 specs) and labelled 8-bit data (that is, it was declared 210 as 8BITMIME in the ESMTP session or by using the 211 -B8BITMIME command line flag). If the F=8 mailer flag is 212 set then 8-bit data is sent to non-8BITMIME machines 213 instead of converting to 7 bit (essentially using 214 just-send-8 semantics). The values for EightBitMode are: 215 m convert unlabelled 8-bit input to 8BITMIME, and do 216 any necessary conversion of 8BITMIME to 7BIT 217 (essentially, the full MIME option). 218 p pass unlabelled 8-bit input, but convert labelled 219 8BITMIME input to 7BIT as required (default). 220 s strict adherence: reject unlabelled 8-bit input, 221 convert 8BITMIME to 7BIT as required. The F=8 222 flag is ignored. 223 Unlabelled 8-bit data is rejected in mode `s' regardless of 224 the setting of F=8. 225 Add new internal class 'n', which is the set of MIME Content-Types 226 which can not be 8 to 7 bit encoded because of other 227 considerations. Types "multipart/*" and "message/*" are 228 never directly encoded (although their components can be). 229 Add new internal class 'm', which is the set of subtypes of the 230 MIME message/* content type that can be treated as though 231 they are an RFC822 message. It is predefined to have 232 "rfc822". Suggested By Kari Hurtta. 233 Add new internal class 'e'. This is the set of MIME 234 Content-Transfer-Encodings that can be converted to 235 a seven bit format (Quoted-Printable or Base64). It is 236 preinitialized to contain "7bit", "8bit", and "binary". 237 Add C=charset mailer parameter and the the DefaultCharSet option (no 238 short name) to set the default character set to use in the 239 Content-Type: header when doing encoding of an 8-bit message 240 which isn't marked as MIME into MIME format. If the C= 241 parameter is set on the Envelope From address, use that as 242 the default encoding; else use the DefaultCharSet option. 243 If neither is set, it defaults to "unknown-8bit" as 244 suggested by RFC 1428 section 3. 245 Allow ``U=user:group'' field in mailer definition to set a default 246 user and group that a mailer will be executed as. This 247 overrides the 'u' and 'g' options, and if the `F=S' flag is 248 also set, it is the uid/gid that will always be used (that 249 is, the controlling address is ignored). The values may be 250 numeric or symbolic; if only a symbolic user is given (no 251 group) that user's default group in the passwd file is used 252 as the group. Based on code donated by Chip Rosenthal of 253 Unicom. 254 Allow `u' option to also accept user:group as a value, in the same 255 fashion as the U= mailer option. 256 Add the symbolic time zone name in the Arpanet format dates (as 257 a comment). This adds a new compile-time configuration 258 flag: TZ_TYPE can be set to TZ_TM_NAME (use the value 259 of (struct tm *)->tm_name), TZ_TM_ZONE (use the value 260 of (struct tm *)->tm_zone), TZ_TZNAME (use extern char 261 *tzname[(struct tm *)->tm_isdst]), TZ_TIMEZONE (use 262 timezone()), or TZ_NONE (don't include the comment). Code 263 from Chip Rosenthal. 264 The "Timeout" option (formerly "r") is extended to allow suboptions. 265 For example, 266 O Timeout.helo = 2m 267 There are also two new suboptions "queuereturn" and 268 "queuewarn"; these subsume the old T option. Thus, to 269 set them both the preferred new syntax is 270 O Timeout.queuereturn = 5d 271 O Timeout.queuewarn = 4h 272 Sort queue by host name instead of by message priority if the 273 QueueSortOrder option (no short name) is set is set to 274 ``host''. This makes better use of the connection cache, 275 but may delay more ``interactive'' messages behind large 276 backlogs under some circumstances. This is probably a 277 good option if you have high speed links or don't do lots 278 of ``batch'' messages, but less good if you are using 279 something like PPP on a 14.4 modem. Based on code 280 contributed by Roy Mongiovi of Georgia Tech (my main 281 contribution was to make it configurable). 282 Save i-number of df file in qf file to simplify rebuilding of queue 283 after disasterous disk crash. Suggested by Kyle Jones of 284 UUNET; closely based on code from KJS DECWRL code written 285 by Paul Vixie. NOTA BENE: The qf files produced by 8.7 286 are NOT back compatible with 8.6 -- that is, you can convert 287 from 8.6 to 8.7, but not the other direction. 288 Add ``F=d'' mailer flag to disable all use of angle brackets in 289 route-addrs in envelopes; this is because in some cases 290 they can be sent to the shell, which interprets them as 291 I/O redirection. 292 Don't include error file (option E) with return-receipts; this 293 can be confusing. 294 Don't send "Warning: cannot send" messages to owner-* or 295 *-request addresses. Suggested by Christophe Wolfhugel 296 of the Institut Pasteur, Paris. 297 Allow -O command line flag to set long form options. 298 Add "MinQueueAge" option to set the minimum time between attempts 299 to run the queue. For example, if the queue interval 300 (-q value) is five minutes, but the minimum queue age 301 is fifteen minutes, jobs won't be tried more often than 302 once every fifteen minutes. This can be used to give 303 you more responsiveness if your delivery mode is set to 304 queue-only. 305 Allow "fileopen" timeout (default: 60 seconds) for opening 306 :include: and .forward files. 307 Add "-k", "-v", and "-z" flags to map definitions; these set the 308 key field name, the value field name, and the field 309 delimiter. The field delimiter can be a single character 310 or the sequence "\t" or "\n" for tab or newline. 311 These are for use by NIS+ and similar access methods. 312 Change maps to always strip quotes before lookups; the -q flag 313 turns off this behaviour. Suggested by Motonori Nakamura. 314 Add "nisplus" map class. Takes -k and -v flags to choose the 315 key and value field names respectively. Code donated by 316 Sun Microsystems. 317 Add "hesiod" map class. The "file name" is used as the 318 "HesiodNameType" parameter to hes_resolve(3). Returns the 319 first value found for the match. Code donated by Scott 320 Hutton of Indiana University. 321 Add "netinfo" (NeXT NetInfo) map class. Maps can have a -k flag to 322 specify the name of the property that is searched as the 323 key and a -v flag to specify the name of the property that 324 is returned as the value (defaults to "members"). The 325 default map is "/aliases". 326 Add "text" map class. This does slow, linear searches through 327 text files. The -z flag specifies a column delimiter 328 (defaults to any sequence of white space), the -k flag 329 sets the key column number, and the -v flag sets the 330 value column number. Lines beginning with `#' are treated 331 as comments. 332 Add "program" map class to execute arbitrary programs. The search 333 key is presented as the last argument; the output is one 334 line read from the programs standard output. Exit statuses 335 are from sysexits.h. 336 Add "sequence" map class -- searches maps in sequence until it 337 finds a match. For example, the declarations: 338 Kmap1 ... 339 Kmap2 ... 340 Kmapseq sequence map1 map2 341 defines a map "mapseq" that first searches map1; if the 342 value is found it is returned immediately, otherwise 343 map2 is searched and the value returned. 344 Add "switch" map class. This is much like "sequence" except that 345 the ordering is fetched from an external file, usually 346 the system service switch. The parameter is the name of 347 the service to switch on, and the maps that it will use 348 are this name followed by ".service_type". For example, 349 if the declaration of the map is 350 Ksample switch hosts 351 and the system service switch specifies that hosts are 352 looked up using dns and nis in that order, then this is 353 equivalent to 354 Ksample sequence hosts.dns hosts.nis 355 The subordinate maps must already be defined. 356 Add "user" map class -- looks up users using getpwnam. Takes a 357 "-v field" flag on the definition that tells what passwd 358 entry to return -- legal values are name, passwd, uid, gid, 359 gecos, dir, and shell. Generally expected to be used with 360 the -m (matchonly) flag. 361 Add "bestmx" map class -- returns the best MX value for the host 362 listed as the value. If there are several "best" MX records 363 for this host, one will be chosen at random. 364 Add "userdb" map class -- looks up entries in the user database. 365 The "file name" is actually the tag that will be used, 366 typically "mailname". If there are multiple entries 367 matching the name, the one chosen is undefined. 368 Add multiple queue timeouts (both return and warning). These are 369 set by the Precedence: or Priority: header fields to one of 370 three values. If a Priority: is set and has value "normal", 371 "urgent", or "non-urgent" the corresponding timeouts are 372 used. If no priority is set, the Precedence: is consulted; 373 if negative, non-urgent timeouts are used; if greater than 374 zero, urgent timeouts are used. Otherwise, normal timeouts 375 are used. The timeouts are set by setting the six timeouts 376 queue{warn,return}.{urgent,normal,non-urgent}. 377 Fix problem when a mail address is resolved to a $#error mailer 378 with a temporary failure indication; it works in SMTP, 379 but when delivering locally the mail is silently discarded. 380 This patch, from Kyle Jones of UUNET, bounces it instead 381 of queueing it (queueing is very hard). 382 When using /etc/hosts or NIS-style lookups, don't assume that 383 the first name in the list is the best one -- instead, 384 search for the first one with a dot. For example, if 385 an /etc/hosts entry reads 386 128.32.149.68 mammoth mammoth.CS.Berkeley.EDU 387 this change will use the second name as the canonical 388 machine name instead of the initial, unqualified name. 389 Change dequote map to replace spaces in quoted text with a value 390 indicated by the -s flag on the dequote map definition. 391 For example, ``Mdequote dequote -s_'' will change 392 "Foo Bar" into an unquoted Foo_Bar instead of leaving it 393 quoted (because of the space character). Suggested by Dan 394 Oscarsson for use in X.400 addresses. 395 Implement long macro names as ${name}; long class names can 396 be similarly referenced as $={name} and $~{name}. 397 Definitions are (e.g.) ``D{name}value''. Names that have 398 a leading lower case letter or punctuation characters are 399 reserved for internal use by sendmail; i.e., config files 400 should use names that begin with a capital letter. Based 401 on code contributed by Dan Oscarsson. 402 Fix core dump if getgrgid returns a null group list (as opposed 403 to an empty group list, that is, a pointer to a list 404 with no members). Fix from Andrew Chang of Sun Microsystems. 405 Fix possible core dump if malloc fails -- if the malloc in xalloc 406 failed, it called syserr which called newstr which called 407 xalloc.... The newstr is now avoided for "panic" messages. 408 Reported by Stuart Kemp of James Cook University. 409 Improve connection cache timeouts; previously, they were not even 410 checked if you were delivering to anything other than an 411 IPC-connected host, so a series of (say) local mail 412 deliveries could cause cached connections to be open 413 much longer than the specified timeout. 414 If an incoming message exceeds the maximum message size, stop 415 writing the incoming bytes to the queue data file, since 416 this can fill your mqueue partition -- this is a possible 417 denial-of-service attack. 418 Don't reject all numeric local user names unless HESIOD is 419 defined. It turns out that Posix allows all-numeric 420 user names. Fix from Tony Sanders of BSDI. 421 Add service switch support. If the local OS has a service 422 switch (e.g., /etc/nsswitch.conf on Solaris or /etc/svc.conf 423 on DEC systems) that will be used; otherwise, it falls back 424 to using a local mechanism based on the ServiceSwitchFile 425 option (default: /etc/service.switch). For example, if the 426 service switch lists "files" and "nis" for the aliases 427 service, that will be the default lookup order. the "files" 428 ("local" on DEC) service type expands to any alias files 429 you listed in the configuration file, even if they aren't 430 actually file lookups. 431 Option I (NameServerOptions) no longer sets the "UseNameServer" 432 variable which tells whether or not DNS should be considered 433 canonical. This is now determined based on whether or not 434 "dns" is in the service list for "hosts". 435 Add preliminary support for the ESMTP "DSN" extension (Delivery 436 Status Notifications). This is not yet a standard 437 and the implementation is for experimentation only. 438 For this reason it only announces itself as "X-DSN-0" 439 instead of "DSN". DSN notifications override 440 Return-Receipt-To:. 441 Add T=mtstype keyletter to mailer definitions to define the value 442 for the Final-MTS-Type: and Remote-MTS-Type: fields in the 443 DSN-standard return message. 444 Extend heuristic to force running in ESMTP mode to look for the 445 six-character string "ESMTP " anywhere in the 220 greeting 446 message (not just the second line). This is to provide 447 better compatibility with other ESMTP servers. 448 Print sequence number of job when running the queue so you can 449 easily see how much progress you have made. Suggested 450 by Peter Wemm of DIALix. 451 Map newlines to spaces in logged message-ids; some versions of 452 syslog truncate the rest of the line after newlines. 453 Suggested by Fletcher Mattox of U. Texas. 454 Move up forking for job runs so that if a message is split into 455 multiple envelopes you don't get "fork storms" -- this 456 also improves the connection cache utilization. 457 Accept "<<>>", "<<<>>>", and so forth as equivalent to "<>" for 458 the purposes of refusing to send error returns. Suggested 459 by Motonori Nakamura of Ritsumeikan University. 460 Relax rules on when a file can be written when referenced from 461 the aliases file: use the default uid/gid instead of the 462 real uid/gid. This allows you to create a file owned by 463 and writable only by the default uid/gid that will work 464 all the time (without having the setuid bit set). Change 465 suggested by Shau-Ping Lo and Andrew Cheng of Sun 466 Microsystems. 467 Add "DialDelay" option (no short name) to provide an "extra" 468 delay for dial on demand systems. If this is non-zero 469 and a connect fails, sendmail will wait this long and 470 then try again. If it takes longer than the kernel 471 timeout interval to establish the connection, this 472 option can give the network software time to establish 473 the link. The default units are seconds. 474 Move logging of sender information to be as early as possible; 475 previously, it could be delayed a while for SMTP mail 476 sent to aliases. Suggested by Brad Knowles of the 477 Defense Information Systems Agency. 478 Call res_init() before setting RES_DEBUG; this is required by 479 BIND 4.9.3, or so I'm told. From Douglas Anderson of 480 the National Computer Security Center. 481 Add xdelay= field in logs -- this is a transaction delay, telling 482 you how long it took to deliver to this address on the 483 last try. It is intended to be used for sorting mailing 484 lists to favor "quick" addresses. Provided for use by 485 the mailprio scripts (see below). 486 If a map cannot be opened, and that map is non-optional, and 487 an address requires that map for resolution, queue the 488 map instead of bouncing it. This involves creating a 489 pseudo-class of maps called "bogus-map" -- if a required 490 map cannot be opened, the class is changed to bogus-map; 491 all queries against bogus-map return "tempfail". The 492 bogus-map class is not directly accessible. A sample 493 implementation was donated by Jem Taylor of Glasgow 494 University Computing Service. 495 Don't make a bad ``MAIL FROM:'' address on one message blow away 496 other messages to the same host later in the queue. 497 Problem noted by Eric Prestemon of American University. 498 Fix a possible core dump when mailing to a program that talks 499 SMTP on its standard input. Fix from Keith Moore of 500 the University of Kentucky. 501 Make it possible to resolve filenames to $#local $: @ /filename; 502 previously, the "@" would cause it to not be recognized 503 as a file. Problem noted by Brian Hill of U.C. Davis. 504 Accept a -1 signal to re-exec the daemon. This only works if 505 argv[0] is a full path to sendmail. 506 Fix bug in "addr=..." field in O option on little-endian machines 507 -- the network number wasn't being converted to network 508 byte order. Patch from Kurt Lidl of Pix Technologies 509 Corporation. 510 Pre-initialize the resolver early on; this is to avoid a bug with 511 BIND 4.9.3 that can cause the _res.retry field to get 512 reset to zero, causing all name server lookups to time 513 out. Fix from Matt Day of Artisoft. 514 Restore T line (trusted users) in config file -- but instead of 515 locking out the -f flag, they just tell whether or not 516 an X-Authentication-Warning: will be added. This really 517 just creates new entries in class 't', so "Ft/file/name" 518 can be used to read trusted user names from a file. 519 Trusted users are also allowed to execute programs even 520 if they have a shell that isn't in /etc/shells. 521 Improve NEWDB alias file rebuilding so it will create them 522 properly if they do not already exist. This had been 523 a MAYBENEXTRELEASE feature in 8.6.9. 524 Check for @:@ entry in NIS maps before starting up to avoid 525 (but not prevent, sigh) race conditions. This ought to 526 be handled properly in ypserv, but isn't. Suggested by 527 Michael Beirne of Motorola. 528 Refuse connections if there isn't enough space on the filesystem 529 holding the queue. Contributed by Robert Dana of Wolf 530 Communications. 531 Skip checking for directory permissions in the path to a file 532 when checking for file permissions iff setreuid() 533 succeeded -- it is unnecessary in that case. This avoids 534 significant performance problems when looking for .forward 535 files. Based on a suggestion by Win Bent of USC. 536 Allow symbolic ruleset names. Syntax can be "Sname" to get an 537 arbitrary ruleset number assigned or "Sname = integer" 538 to assign a specific ruleset number. Reference is 539 $>name_or_number. Names can be composed of alphas, digits, 540 underscore, or hyphen (first character must be non-numeric). 541 Allow -o flag on AliasFile lines to make the alias file optional. 542 From Bryan Costales of ICSI. 543 Add NoRecipientAction option to handle the case where there is 544 no legal recipient header in the message. It can take 545 on values: 546 None Leave the message as is. The 547 message will be passed on even 548 though it is in technically 549 illegal syntax. 550 Add-To Add a To: header with any 551 recipients that it can find from 552 the envelope. This risks exposing 553 Bcc: recipients. 554 Add-Apparently-To Add an Apparently-To: header. This 555 has almost no redeeming social value, 556 and is provided only for back 557 compatibility. 558 Add-To-Undisclosed Add a header reading 559 To: undisclosed-recipients:; 560 which will have the effect of 561 making the message legal without 562 exposing Bcc: recipients. 563 Add-Bcc To add an empty Bcc: header. 564 There is a chance that mailers down 565 the line will delete this header, 566 which could cause exposure of Bcc: 567 recipients. 568 The default is NoRecipientAction=None. 569 Truncate (rather than delete) Bcc: lines in the header. This 570 should prevent later sendmails (at least, those that don't 571 themselves delete Bcc:) from considering this message to 572 be non-conforming -- although it does imply that non-blind 573 recipients can see that a Bcc: was sent, albeit not to whom. 574 Add SafeFileEnvironment option. If declared, files named as delivery 575 targets must be regular files in addition to the regular 576 checks. Also, if the option is non-null then it is used as 577 the name of a directory that is used as a chroot(2) 578 environment for the delivery; the file names listed in an 579 alias or forward should include the name of this root. 580 For example, if you run with 581 O SafeFileEnvironment=/arch 582 then aliases should reference "/arch/rest/of/path". If a 583 value is given, sendmail also won't try to save to 584 /usr/tmp/dead.letter (instead it just leaves the job in the 585 queue as Qfxxxxxx). Inspired by *Hobbit*'s sendmail patch kit. 586 Support -A flag for alias files; this will comma concatenate like 587 entries. For example, given the aliases: 588 list: member1 589 list: member2 590 and an alias file declared as: 591 OAhash:-A /etc/aliases 592 the final alias inserted will be "list: member1,member2"; 593 without -A you will get an error on the second and subsequent 594 alias for "list". Contributed by Bryan Costales of ICSI. 595 Line-buffer transcript file. Suggested by Liudvikas Bukys. 596 Fix a problem that could cause very long addresses to core dump in 597 some special circumstances. Problem pointed out by Allan 598 Johannesen. 599 (Internal change.) Change interface to expand() (macro expansion) 600 to be simpler and more consistent. 601 Delete check for funny qf file names. This didn't really give 602 any extra security and caused some people some problems. 603 (If you -really- want this, define PICKY_QF_NAME_CHECK 604 at compile time.) Suggested by Kyle Jones of UUNET. 605 (Internal change.) Change EF_NORETURN to EF_NO_BODY_RETN and 606 merge with DSN code; this is simpler and more consistent. 607 This may affect some people who have written their own 608 checkcompat() routine. 609 (Internal change.) Eliminate `D' line in qf file. The df file 610 is now assumed to be the same name as the qf file (with 611 the `q' changed to a `d', of course). 612 Avoid forking for delivery if all recipient mailers are marked as 613 "expensive" -- this can be a major cost on some systems. 614 Essentially, this forces sendmail into "queue only" mode 615 if all it is going to do is queue anyway. 616 Avoid sending a null message in some rather unusual circumstances 617 (specifically, the RCPT command returns a temporary 618 failure but the connection is lost before the DATA 619 command). Fix from Scott Hammond of Secure Computing 620 Corporation. 621 Change makesendmail to use a somewhat more rational naming scheme: 622 Makefiles and obj directories are named $os.$rel.$arch, 623 where $os is the operating system (e.g., SunOS), $rel is 624 the release number (e.g., 5.3), and $arch is the machine 625 architecture (e.g., sun4). Any of these can be omitted, 626 and anything after the first dot in a release number can 627 be replaced with "x" (e.g., SunOS.4.x.sun4). The previous 628 version used $os.$arch.$rel and was rather less general. 629 Change makesendmail to do a "make depend" in the target directory 630 when it is being created. This involves adding an empty 631 "depend:" entry in most Makefiles. 632 Ignore IDENT return value if the OSTYPE field returns "OTHER", 633 as indicated by RFC 1413. Pointed out by Kari Hurtta 634 of the Finnish Meteorological Institute. 635 Fix problem that could cause multiple responses to DATA command 636 on header syntax errors (e.g., lines beginning with colons). 637 Problem noted by Jens Thomassen of the University of Oslo. 638 Don't let null bytes in headers cause truncation of the rest of 639 the header. 640 Log Authentication-Warning:s. Suggested by Motonori Nakamura. 641 Increase timeouts on message data puts to allow time for receivers 642 to canonify addresses in headers on the fly. This is still 643 a rather ugly heuristic. From Motonori Nakamura. 644 Add "HasWildcardMX" suboption to ResolverOptions; if set, MX 645 records are not used when canonifying names, and when MX 646 lookups are done for addressing they must be fully 647 qualified. This is useful if you have a wildcard MX record, 648 although it may cause other problems. In general, don't use 649 wildcard MX records. Patch from Motonori Nakamura. 650 Eliminate default two-line SMTP greeting message. Instead of 651 adding an extra "ESMTP spoken here" line, the word "ESMTP" 652 is added between the first and second word of the first 653 line of the greeting message (i.e., immediately after the 654 host name). This eliminates the need for the BROKEN_SMTP_PEERS 655 compile flag. Old sendmails won't see the ESMTP, but that's 656 acceptable because SIZE was the only useful extension that 657 old sendmails understand. 658 Avoid gethostbyname calls on UNIX domain sockets during SIGUSR1 659 invoked state dumps. From Masaharu Onishi. 660 Allow on-line comments in .forward and :include: files; they are 661 introduced by the string "<LWSP>#@#<LWSP>", where <LWSP> 662 is a space or a tab. This is intended for native 663 representation of non-ASCII sets such as Japanese, where 664 existing encodings would be unreadable or would lose 665 data -- for example, 666 <motonori@cs.ritsumei.ac.jp> NAKAMURA Motonori 667 (romanized/less information) 668 <motonori@cs.ritsumei.ac.jp> =?ISO-2022-JP?B?GyRCQ2ZCPBsoQg==?= 669 =?ISO-2022-JP?B?GyRCQUdFNRsoQg==?= 670 (with MIME encoding, not human readable) 671 <motonori@cs.ritsumei.ac.jp> #@# ^[$BCfB<^[(B ^[$BAGE5^[(B 672 (native encoding with ISO-2022-JP) 673 The last form is human readable in the Japanese environment. 674 Based on a fix from (surprise!) Motonori Nakamura. 675 Don't make SMTP error returns on MAIL FROM: line be "sticky" for all 676 messages to that host; these are most frequently associated 677 with addresses rather than the host, with the exception of 678 421 (service shutting down). The effect was to cause queues 679 to sometimes take an excessive time to flush. Reported by 680 Robert Sargent of Southern Geographics Technologies. 681 Add Nice=N mailer option to set the niceness at which a mailer will 682 run. 683 When looking for a default config file (that is, not specified using 684 a -C flag), try a configuration file name extended by the 685 binary version number -- e.g., sendmail.8.7.Alpha.9.cf, 686 sendmail.8.7.Alpha.cf, sendmail.8.7.cf, sendmail.8.cf, and 687 sendmail.cf in that order. This should make it easier to 688 test new versions in a shared environment. 689 Log queue runs that are skipped due to high loads. They are logged 690 at LOG_INFO priority iff the log level is > 8. Contributed 691 by Bruce Nagel of Data General. 692 Allow the error mailer to accept a DSN-style error status code 693 instead of an sysexits status code in the host part. 694 Anything with a dot will be interpreted as a DSN-style code. 695 Add new mailer flag: F=3 will tell translations to Quoted-Printable 696 to encode characters that might be munged by an EBCDIC system 697 in addition to the set required by RFC 1521. The additional 698 characters are !, ", #, $, @, [, \, ], ^, `, {, |, }, and ~. 699 (Think of "IBM 360" as the mnemonic for this flag.) 700 Change check for mailing to files to look for a pathname of [FILE] 701 rather than looking for the mailer named *file*. The mapping 702 of leading slashes still goes to the *file* mailer. This 703 allows you to implement the *file* mailer as a separate 704 program, for example, to insert a Content-Length: header 705 or do special security policy. However, note that the usual 706 initial checking for the file permissions is still done, and 707 the program in question needs to be very careful about how 708 it does the file write to avoid security problems. 709 Be able to read ~root/.forward even if the path isn't accessible to 710 regular users. This is disrecommended because sendmail 711 sometimes does not run as root (e.g., when an unsafe option 712 is specified on the command line), but should otherwise be 713 safe because .forward files must be owned by the user for 714 whom mail is being forwarded, and cannot be a symbolic link. 715 Suggested by Forrest Aldrich of Wang Laboratories. 716 Add new "HostsFile" option that is the pathname to the /etc/hosts 717 file. This is used for canonifying hostnames when the 718 service type is "files". 719 Implement programs on F (read class from file) line. The syntax is 720 Fc|/path/to/program to read the output from the program 721 into class "c". 722 Probe the network interfaces to find alternate names for this 723 host. Requires the SIOCGIFCONF ioctl call. Code 724 contributed by SunSoft. 725 Add "E" configuration line to set or propogate environment 726 variables into children. "E<envar>" will propogate 727 the named variable from the environment when sendmail 728 was invoked into any children it calls; "E<envar>=<value>" 729 sets the named variable to the indicated value. Any 730 variables not explicitly named will not be in the child 731 environment. However, sendmail still forces an 732 "AGENT=sendmail" environment variable, in part to enforce 733 at least one environment variable, since many programs and 734 libraries die horribly if this is not guaranteed. 735 Change heuristic for rebuilding both NEWDB and NDBM versions of 736 alias databases -- new algorithm looks for the substring 737 "/yp/" in the file name. This is more portable and involves 738 less overhead. Suggested by Motonori Nakamura. 739 Dynamically allocate the queue work list so that you don't lose 740 jobs in large queue runs. The old QUEUESIZE compile parameter 741 is replaced by QUEUESEGSIZE (the unit of allocation, which 742 should not need to be changed) and the MaxQueueRunSize option, 743 which is the absolute maximum number of jobs that will ever 744 be handled in a single queue run. Based on code contributed 745 by Brian Coan of the Institute for Global Communications. 746 Log message when a message is dropped because it exceeds the maximum 747 message size. Suggested by Leo Bicknell of Virginia Tech. 748 Allow trusted users (those on a T line or in $=t) to use -bs without 749 an X-Authentication-Warning: added. Suggested by Mark Thomas 750 of Mark G. Thomas Consulting. 751 Announce state of compile flags on -d0.1 (-d0.10 throws in the 752 OS-dependent defines). The old semantic of -d0.1 to not 753 run the daemon in background has been moved to -d99.100, 754 and the old 52.5 flag (to avoid disconnect() from closing 755 all output files) has been moved to 52.100. This makes 756 things more consistent (flags below .100 don't change 757 semantics) and separates out the backgrounding so that 758 it doesn't happen automatically on other unrelated debugging 759 flags. 760 If -t is used but no addresses are found in the header, give an 761 error message rather than just doing nothing. Fix from 762 Motonori Nakamura. 763 On systems (like SunOS) where the effective gid is not necessarily 764 included in the group list returned by getgroups(), the 765 `restrictmailq' option could sometimes cause an authorized 766 user to not be able to use `mailq'. Fix from Charles Hannum 767 of MIT. 768 Allow symbolic service names for [IPC] mailers. Suggested by 769 Gerry Magennis of Logica International. 770 Add DontExpandCnames option to prevent $[ ... $] from expanding CNAMEs 771 when running DNS. For example, if the name FTP.Foo.ORG is 772 a CNAME for Cruft.Foo.ORG, then when sitting on a machine in 773 the Foo.ORG domain a lookup of "FTP" returns "Cruft.Foo.ORG" 774 if this option is not set, or "FTP.Foo.ORG" if it is set. 775 This is technically illegal under RFC 822 and 1123, but the 776 IETF is moving toward legalizing it. Note that turning on 777 this option is not sufficient to guarantee that a downstream 778 neighbor won't rewrite the address for you. 779 Add "-m" flag to makesendmail script -- this tells you what object 780 directory and Makefile it will use, but doesn't actually do 781 the make. 782 Do some additional checking on the contents of the qf file to try 783 to detect attacks against the qf file. In particular, 784 abort on any line beginning "From ", and add an "end of 785 file" line -- any data after that line is prohibited. 786 Always use /etc/sendmail.cf, regardless of the arbitrary vendor 787 choices. This can be overridden in the Makefile by using 788 either -DUSE_VENDOR_CF_PATH to get the vendor location 789 (to the extent that we know it) or by defining 790 _PATH_SENDMAILCF (which is a "hard override"). This allows 791 sendmail 8 to have more consistent installation instructions. 792 PORTABILITY FIXES: 793 Solaris 2 from Rob McMahon <cudcv@csv.warwick.ac.uk>. 794 System V Release 4 from Motonori Nakamura of Ritsumeikan 795 University. This expands the disk size 796 checking to include all (?) SVR4 configurations. 797 System V Release 4 from Kimmo Suominen -- initgroups(3) 798 and setrlimit(2) are both available. 799 System V Release 4 from sob@sculley.ffg.com -- some versions 800 apparently "have EX_OK defined in other headerfiles." 801 Linux Makefile typo. 802 Linux getusershell(3) is broken in Slackware 2.0 -- 803 from Andrew Pam of Xanadu Australia. 804 More Linux tweaking from John Kennedy of California State 805 University, Chico. 806 Cray changes from Eric Wassenaar: ``On Cray, shorts, 807 ints, and longs are all 64 bits, and all structs 808 are multiples of 64 bits. This means that the 809 sizeof operator returns only multiples of 8. 810 This requires adaptation of code that really 811 deals with 32 bit or 16 bit fields, such as IP 812 addresses or nameserver fields.'' 813 DG/UX 5.4.3 from Mark T. Robinson <mtr@ornl.gov>. To 814 get the old behaviour, use -DDGUX_5_4_2. 815 DG/UX hack: add _FORCE_MAIL_LOCAL_=yes environment 816 variable to fix bogus /bin/mail behaviour. 817 Tandem NonStop-UX from Rick McCarty <mccarty@mpd.tandem.com>. 818 This also cleans up some System V Release 4 compile 819 problems. 820 Solaris 2: sendmail.cw file should be in /etc/mail to 821 match all the other configuration files. Fix 822 from Glenn Barry of Emory University. 823 Solaris 2.3: compile problem in conf.c. Fix from Alain 824 Nissen of the University of Liege, Belgium. 825 Ultrix: freespace calculation was incorrect. Fix from 826 Takashi Kizu of Osaka University. 827 SVR4: running in background gets a SIGTTOU because the 828 emulation code doesn't realize that "getpeername" 829 doesn't require reading the file. Fix from Peter 830 Wemm of DIALix. 831 Solaris 2.3: due to an apparent bug in the socket emulation 832 library, sockets can get into a "wedged" state where 833 they just return EPROTO; closing and re-opening the 834 socket clears the problem. Fix from Bob Manson 835 of Ohio State University. 836 Hitachi 3050R & 3050RX running HI-UX/WE2: portability 837 fixes from Akihiro Hashimoto ("Hash") of Chiba 838 University. 839 AIX changes to allow setproctitle to work from Rainer Sch�pf 840 of Zentrum f�r Datenverarbeitung der Universit�t 841 Mainz. 842 AIX changes for load average from Ed Ravin of NASA/Goddard. 843 SCO Unix from Chip Rosenthal of Unicom (code was using the 844 wrong statfs call). 845 ANSI C fixes from Adam Glass (NetBSD project). 846 Stardent Titan/ANSI C fixes from Kate Hedstrom of Rutgers 847 University. 848 DG-UX fixes from Bruce Nagel of Data General. 849 IRIX64 updates from Mark Levinson of the University of 850 Rochester Medical Center. 851 Altos System V (``the first UNIX/XENIX merge the Altos 852 did for their Series 1000 & Series 2000 line; 853 their merged code was licenced back to AT&T and 854 Microsoft and became System V release 3.2'') from 855 Tim Rice <timr@crl.com>. 856 OSF/1 running on Intel Paragon from Jeff A. Earickson 857 <jeff@ssd.intel.com> of Intel Scalable Systems 858 Divison. 859 Amdahl UTS System V 2.1.5 (SVr3-based) from Janet Jackson 860 <janet@dialix.oz.au>. 861 System V Release 4 (statvfs semantic fix) from Alain 862 Durand of I.M.A.G. 863 HP-UX 10.x multiprocessor load average changes from 864 Scott Hutton and Jeff Sumler of Indiana University. 865 Cray CSOS from Scott Bolte of Cray Computer Corporation. 866 Unicos 8.0 from Douglas K. Rand of the University of North 867 Dakota, Scientific Computing Center. 868 Solaris 2.4 fixes from Sanjay Dani of Dani Communications. 869 ConvexOS 11.0 from Christophe Wolfhugel. 870 IRIX 4.0.5 from David Ashton-Reader of CADcentre. 871 ISC UNIX from J. J. Bailey. 872 HP-UX 9.xx on the 8xx series machines from Remy Giraud 873 of Meteo France. 874 HP-UX configuration from Tom Lane <tgl@sss.pgh.pa.us>. 875 IRIX 5.2 and 5.3 from Kari E. Hurtta. 876 FreeBSD 2.0 from Mike Hickey of Federal Data Corporation. 877 Sony NEWS-OS 4.2.1R and 6.0.3 from Motonori Nakamura. 878 Omron LUNA unios-b, mach from Motonori Nakamura. 879 NEC EWS-UX/V 4.2 from Motonori Nakamura. 880 NeXT 2.1 from Bryan Costales. 881 AUX patch thanks to Mike Erwin of Apple Computer. 882 HP-UX 10.0 from John Beck of Hewlett-Packard. 883 Ultrix: allow -DBROKEN_RES_SEARCH=0 if you are using a 884 non-DEC resolver. Suggested by Allan Johannesen. 885 UnixWare 2.0 fixes from Petr Lampa of the Technical 886 University of Brno (Czech Republic). 887 KSR OS 1.2.2 support from Todd Miller of the University 888 of Colorado. 889 MAKEMAP: allow -d flag to allow insertion of duplicate aliases 890 in type ``btree'' maps. The semantics of this are undefined 891 for regular maps, but it can be useful for the user database. 892 MAKEMAP: lock database file while rebuilding to avoid sendmail 893 lookups while the rebuild is going on. There is a race 894 condition between the open(... O_TRUNC ...) and the lock 895 on the file, but it should be quite small. 896 SMRSH: sendmail restricted shell added to the release. This can 897 be used as an alternative to /bin/sh for the "prog" mailer, 898 giving the local administrator more control over what 899 programs can be run from sendmail. 900 MAIL.LOCAL: add this local mailer to the tape. It is not really 901 part of the release proper, and isn't fully supported; in 902 particular, it does not run on System V based systems and 903 never will. 904 CONTRIB: a patch to rmail.c from Bill Gianopoulos of Raytheon 905 to allow rmail to compile on systems that don't have 906 function prototypes and systems that don't have snprintf. 907 CONTRIB: add the "mailprio" scripts that will help you sort mailing 908 lists by transaction delay times so that addresses that 909 respond quickly get sent first. This is to prevent very 910 sluggish servers from delaying other peoples' mail. 911 Contributed by Tony Sanders of BSDI. 912 CONTRIB: add the "bsdi.mc" file as contributed by Tony Sanders 913 of BSDI. This has a lot of comments to help people out. 914 CONFIG: fix mail from <> so it will properly convert to 915 MAILER-DAEMON on local addresses. 916 CONFIG: fix code that was supposed to catch colons in host 917 names. Problem noted by John Gardiner Myers of CMU. 918 CONFIG: allow use of SMTP_MAILER_MAX in nullclient configuration. 919 From Paul Riddle of the University of Maryland, Baltimore 920 County. 921 CONFIG: Catch and reject "." as a host address. 922 CONFIG: Generalize domaintable to look up all domains, not 923 just unqualified ones. 924 CONFIG: Delete OLD_SENDMAIL support -- as near as I can tell, it 925 was never used and didn't work anyway. 926 CONFIG: Set flags A, w, 5, :, /, |, and @ on the "local" mailer 927 and d on all mailers in the UUCP class. 928 CONFIG: Allow "user+detail" to be aliased specially: it will first 929 look for an alias for "user+detail", then for "user+*", and 930 finally for "user". This is intended for forwarding mail 931 for system aliases such as root and postmaster to a 932 centralized hub. 933 CONFIG: add confEIGHT_BIT_HANDLING to set option 8 (see above). 934 CONFIG: add smtp8 mailer; this has the F=8 (just-send-8) flag set. 935 The F=8 flag is also set on the "relay" mailer, since 936 this is expected to be another sendmail. 937 CONFIG: avoid qualifying all UUCP addresses sent via SMTP with 938 the name of the UUCP_RELAY -- in some cases, this is the 939 wrong value (e.g., when we have local UUCP connections), 940 and this can create unreplyable addresses. From Chip 941 Rosenthal of Unicom. 942 CONFIG: add confRECEIVED_HEADER to change the format of the 943 Received: header inserted into all messages. Suggested by 944 Gary Mills of the University of Manitoba. 945 CONFIG: Make "notsticky" the default; use FEATURE(stickyhost) 946 to get the old behaviour. I did this upon observing 947 that almost everyone needed this feature, and that the 948 concept I was trying to make happen didn't work with 949 some user agents anyway. FEATURE(notsticky) still works, 950 but it is a no-op. 951 CONFIG: Add LUSER_RELAY -- the host to which unrecognized user 952 names are sent, rather than immediately diagnosing them 953 as User Unknown. 954 CONFIG: Add SMTP_MAILER_ARGS, ESMTP_MAILER_ARGS, SMTP8_MAILER_ARGS, 955 and RELAY_MAILER_ARGS to set the arguments for the 956 indicated mailers. All default to "IPC $h". Patch from 957 Larry Parmelee of Cornell University. 958 CONFIG: pop mailer needs F=n flag to avoid "annoying side effects 959 on the client side" and F=P to get an appropriate 960 return-path. From Kimmo Suominen. 961 CONFIG: add FEATURE(local_procmail) to use the procmail program 962 as the local mailer. For addresses of the form "user+detail" 963 the "detail" part is passed to procmail via the -a flag. 964 Contributed by Kimmo Suominen. 965 CONFIG: add MAILER(procmail) to add an interface to procmail for 966 use from mailertables. This lets you execute arbitrary 967 procmail scripts. Contributed by Kimmo Suominen. 968 CONFIG: add T= fields (MTS type) to local, smtp, and uucp mailers. 969 CONFIG: add OSTYPE(ptx2) for DYNIX/ptx 2.x from Sequent. From 970 Paul Southworth of CICNet Systems Support. 971 CONFIG: use -a$g as default to UUCP mailers, instead of -a$f. 972 This causes the null return path to be rewritten as 973 MAILER-DAEMON; otherwise UUCP gets horribly confused. 974 From Michael Hohmuth of Technische Universitat Dresden. 975 CONFIG: Add FEATURE(bestmx_is_local) to cause any hosts that 976 list us as the best possible MX record to be treated as 977 though they were local (essentially, assume that they 978 are included in $=w). This can cause additional DNS 979 traffic, but is easier to administer if this fits your 980 local model. It does not work reliably if there are 981 multiple hosts that share the best MX preference. 982 Code contributed by John Oleynick of Rutgers. 983 CONFIG: Add FEATURE(smrsh) to use smrsh (the SendMail Restricted 984 SHell) instead of /bin/sh as the program used for delivery 985 to programs. If an argument is included, it is used as 986 the path to smrsh; otherwise, /usr/local/etc/smrsh is 987 assumed. 988 CONFIG: Add LOCAL_MAILER_MAX and PROCMAILER_MAILER_MAX to limit the 989 size of messages to the local and procmail mailers 990 respectively. Contributed by Brad Knowles of the Defense 991 Information Systems Agency. 992 CONFIG: Handle leading ``phrase:'' and trailing ``;'' as comments 993 (just like text outside of angle brackets) in order to 994 properly deal with ``group: addr1, ... addrN;'' syntax. 995 CONFIG: Require OSTYPE macro (the defaults really don't apply to 996 any real systems any more) and tweak the DOMAIN macro 997 so that it is less likely that users will accidently use 998 the Berkeley defaults. Also, create some generic files 999 that really can be used in the real world. 1000 CONFIG: Add new configuration macros to set character sets for 1001 messages _arriving from_ various mailers: LOCAL_MAILER_CHARSET, 1002 SMTP_MAILER_CHARSET, and UUCP_MAILER_CHARSET. 1003 CONFIG: Change UUCP_MAX_SIZE to UUCP_MAILER_MAX for consistency. 1004 The old name will still be accepted for a while at least. 1005 CONFIG: Implement DECNET_RELAY as spec for host to which DECNET 1006 mail (.DECNET pseudo-domain or node::user) will be sent. 1007 As with all relays, it can be ``mailer:hostname''. Suggested 1008 by Scott Hutton. 1009 CONFIG: Add MAILER(mail11) to get DECnet support. Code contributed 1010 by Barb Dijker of Labyrinth Computer Services. 1011 CONFIG: change confCHECK_ALIASES to default to False -- it has poor 1012 performance for large alias files, and this confused many 1013 people. 1014 CONFIG: Add confCF_VERSION to append local information to the 1015 configuration version number displayed during SMTP startup. 1016 CONFIG: fix some.newsgroup.usenet@local.host syntax (previously it 1017 would only work when locally addressed. Fix from 1018 Edvard Tuinder of Cistron Internet Services. 1019 NEW FILES: 1020 cf/cf/cs-hpux10.mc 1021 cf/cf/cs-solaris2.mc 1022 cf/cf/generic-hpux10.mc 1023 cf/cf/generic-hpux9.mc 1024 cf/cf/generic-osf1.mc 1025 cf/cf/generic-solaris2.mc 1026 cf/cf/generic-sunos4.1.mc 1027 cf/cf/generic-ultrix4.mc 1028 cf/cf/huginn.cs.mc 1029 cf/domain/berkeley-only.m4 1030 cf/domain/generic.m4 1031 cf/feature/bestmx_is_local.m4 1032 cf/feature/local_procmail.m4 1033 cf/feature/smrsh.m4 1034 cf/feature/stickydomain.m4 1035 cf/mailer/mail11.m4 1036 cf/mailer/procmail.m4 1037 cf/ostype/amdahl-uts.m4 1038 cf/ostype/hpux10.m4 1039 cf/ostype/isc4.1.m4 1040 cf/ostype/ptx2.m4 1041 cf/ostype/unknown.m4 1042 contrib/bsdi.mc 1043 contrib/mailprio 1044 contrib/rmail.oldsys.patch 1045 smrsh/README 1046 smrsh/smrsh.8 1047 smrsh/smrsh.c 1048 src/Makefiles/Makefile.CSOS 1049 src/Makefiles/Makefile.EWS-UX_V 1050 src/Makefiles/Makefile.HP-UX.10 1051 src/Makefiles/Makefile.IRIX.5.x 1052 src/Makefiles/Makefile.IRIX64 1053 src/Makefiles/Makefile.ISC 1054 src/Makefiles/Makefile.KSR 1055 src/Makefiles/Makefile.NEWS-OS.4.x 1056 src/Makefiles/Makefile.NEWS-OS.6.x 1057 src/Makefiles/Makefile.NEXTSTEP 1058 src/Makefiles/Makefile.NonStop-UX 1059 src/Makefiles/Makefile.Paragon 1060 src/Makefiles/Makefile.SunOS.5.3 1061 src/Makefiles/Makefile.SunOS.5.4 1062 src/Makefiles/Makefile.SunOS.5.5 1063 src/Makefiles/Makefile.UNIX_SV.4.x.i386 1064 src/Makefiles/Makefile.uts.systemV 1065 src/mime.c 1066 test/t_seteuid.c 1067 RENAMED FILES: 1068 cf/cf/alpha.mc => cf/cf/s2k-osf1.mc 1069 cf/cf/chez.mc => cf/cf/chez.cs.mc 1070 cf/cf/hpux-cs-exposed.mc => cf/cf/cs-hpux9.mc 1071 cf/cf/osf1-cs-exposed.mc => cf/cf/cs-osf1.mc 1072 cf/cf/s2k.mc => cf/cf/s2k-ultrix4.mc 1073 cf/cf/sunos4.1-cs-exposed.mc => cf/cf/cs-sunos4.1.mc 1074 cf/cf/ultrix4.1-cs-exposed.mc => cf/cf/cs-ultrix4.mc 1075 cf/cf/vangogh.mc => cf/cf/vangogh.cs.mc 1076 cf/domain/Berkeley.m4 => cf/domain/Berkeley.EDU.m4 1077 cf/domain/cs-exposed.m4 => cf/domain/CS.Berkeley.EDU.m4 1078 cf/domain/eecs-hidden.m4 => cf/domain/EECS.Berkeley.EDU.m4 1079 cf/domain/s2k.m4 => cf/domain/S2K.Berkeley.EDU.m4 1080 cf/ostype/hpux.m4 => cf/ostype/hpux9.m4 1081 cf/ostype/ultrix4.1.m4 => cf/ostype/ultrix4.m4 1082 src/Makefile.* => src/Makefiles/Makefile.* 1083 src/Makefile.BSDI => src/Makefiles/Makefile.BSD-OS 1084 src/Makefile.DGUX => src/Makefiles/Makefile.dgux 1085 src/Makefile.SunOS.4.0.3 => src/Makefiles/Makefile.SunOS.4.0 1086 OBSOLETED FILES: 1087 cf/cf/cogsci.mc 1088 cf/cf/cs-exposed.mc 1089 cf/cf/cs-hidden.mc 1090 cf/cf/hpux-cs-hidden.mc 1091 cf/cf/knecht.mc 1092 cf/cf/osf1-cs-hidden.mc 1093 cf/cf/sunos3.5-cs-exposed.mc 1094 cf/cf/sunos3.5-cs-hidden.mc 1095 cf/cf/sunos4.1-cs-hidden.mc 1096 cf/cf/ultrix4.1-cs-hidden.mc 1097 cf/domain/cs-hidden.m4 1098 contrib/rcpt-streaming 1099 src/Makefiles/Makefile.SunOS.5.x 1100 11018.6.12/8.6.12 95/03/28 1102 Fix to IDENT code (it was getting the size of the reply buffer 1103 too small, so nothing was ever accepted). Fix from several 1104 people, including Allan Johannesen, Shane Castle of the 1105 Boulder County Information Services, and Jeff Smith of 1106 Warwick University (all arrived within a few hours of 1107 each other!). 1108 Fix a problem that could cause large jobs to run out of 1109 file descriptors on systems that use vfork() rather 1110 than fork(). 1111 11128.6.11/8.6.11 95/03/08 1113 The ``possible attack'' message would be logged more often 1114 than necessary if you are using Pine as a user agent. 1115 The wrong host would be reported in the ``possible attack'' 1116 message when attempted from IDENT. 1117 In some cases the syslog buffer could be overflowed when 1118 reporting the ``possible attack'' message. This can 1119 cause denial of service attacks. Truncate the message 1120 to 80 characters to prevent this problem. 1121 When reading the IDENT response a loop is needed around the 1122 read from the network to ensure that you don't get 1123 partial lines. 1124 Password entries without any shell listed (that is, a null 1125 shell) wouldn't match as "ok". Problem noted by 1126 Rob McMahon. 1127 When running BIND 4.9.x a problem could occur because the 1128 _res.options field is initialized differently than it 1129 was historically -- this requires that sendmail call 1130 res_init before it tweaks any bits. 1131 Fix an incompatibility in openxscript() between the file open mode 1132 and the stdio mode passed to fdopen. This caused UnixWare 1133 2.0 to have conniptions. Fix from Martin Sohnius of 1134 Novell Labs Europe. 1135 Fix problem with static linking of local getopt routine when 1136 using GNU's ld command. Fix from John Kennedy of 1137 Cal State Chico. 1138 It was possible to turn off privacy flags. Problem noted by 1139 *Hobbit*. 1140 Be more paranoid about writing files. Suggestions by *Hobbit* 1141 and Liudvikas Bukys. 1142 MAKEMAP: fixes for 64 bit machines (DEC Alphas in particular) 1143 from Spider Boardman. 1144 CONFIG: No changes (version number only, to keep it in sync 1145 with the binaries). 1146 11478.6.10/8.6.10 95/02/10 1148 SECURITY: Diagnose bogus values to some command line flags that 1149 could allow trash to get into headers and qf files. 1150 Validate the name of the user returned by the IDENT protocol. 1151 Some systems that really dislike IDENT send intentionally 1152 bogus information. Problem pointed out by Michael Bushnell 1153 of the Free Software Foundation. Has some security 1154 implications. 1155 Fix a problem causing error messages about DNS problems when 1156 the host name contained a percent sign to act oddly 1157 because it was passed as a printf-style format string. 1158 In some cases this could cause core dumps. 1159 Avoid possible buffer overrun in returntosender() if error 1160 message is quite ling. From Fletcher Mattox of the 1161 University of Texas. 1162 Fix a problem that would silently drop "too many hops" error 1163 messages if and only if you were sending to an alias. 1164 From Jon Giltner of the University of Colorado and 1165 Dan Harton of Oak Ridge National Laboratory. 1166 Fix a bug that caused core dumps on some systems if -d11.2 was 1167 set and e->e_message was null. Fix from Bruce Nagel of 1168 Data General. 1169 Fix problem that can still cause df files to be left around 1170 after "hop count exceeded" messages. Fix from Andrew 1171 Chang and Shau-Ping Lo of SunSoft. 1172 Fix a problem that can cause buffer overflows on very long 1173 user names (as might occur if you piped to a program 1174 with a lot of arguments). 1175 Avoid returning an error and re-queueing if the host signature 1176 is null; this can occur on addresses like ``user@.''. 1177 Problem noted by Wesley Craig and the University of 1178 Michigan. 1179 Avoid possible calls to malloc(0) if MCI caching is turned 1180 off. Bug fix from Pierre David of the Laboratoire 1181 Parallelisme, Reseaux, Systemes et Modelisation (PRiSM), 1182 Universite de Versailles - St Quentin, and Jacky 1183 Thibault. 1184 Make a local copy of the line being sent via senttolist() -- in 1185 some cases, buffers could get trashed by map lookups 1186 causing it to do unexpected things. This also simplifies 1187 some of the map code. 1188 CONFIG: No changes (version number only, to keep it in sync 1189 with the binaries). 1190 11918.6.9/8.6.9 94/04/19 1192 Do all mail delivery completely disconnected from any terminal. 1193 This provides consistency with daemon delivery and 1194 may have some security implications. 1195 Make sure that malloc doesn't get called with zero size, 1196 since that fails on some systems. Reported by Ed 1197 Hill of the University of Iowa. 1198 Fix multi-line values for $e (SMTP greeting message). Reported 1199 by Mike O'Connor of Ford Motor Company. 1200 Avoid syserr if no NIS domain name is defined, but the map it 1201 is trying to open is optional. From Win Bent of USC. 1202 Changes for picky compilers from Ed Gould of Digital Equipment. 1203 Hesiod support for UDB from Todd Miller of the University of 1204 Colorado. Use "hesiod" as the service name in the U 1205 option. 1206 Fix a problem that failed to set the "authentic" host name (that 1207 is, the one derived from the socket info) if you called 1208 sendmail -bs from inetd. Based on code contributed by 1209 Todd Miller (this problem was also reported by Guy Helmer 1210 of Dakota State University). This also fixes a related 1211 problem reported by Liudvikas Bukys of the University of 1212 Rochester. 1213 Parameterize "nroff -h" in all the Makefiles so people with 1214 variant versions can use them easily. Suggested by 1215 Peter Collinson of Hillside Systems. 1216 SMTP "MAIL" commands with multiple ESMTP parameters required two 1217 spaces between parameters instead of one. Reported by 1218 Valdis Kletnieks of Virginia Tech. 1219 Reduce the number of system calls during message collection by 1220 using global timeouts around the collect() loop. This 1221 code was contributed by Eric Wassenaar. 1222 If the initial hostname name gathering results in a name 1223 without a dot (usually caused by NIS misconfiguration) 1224 and BIND is compiled in, directly access DNS to get 1225 the canonical name. This should make life easier for 1226 Solaris systems. If it still can't be resolved, and 1227 if the name server is listed as "required", try again 1228 in 30 seconds. If that also fails, exit immediately to 1229 avoid bogus "config error: mail loops back to myself" 1230 messages. 1231 Improve the "MAIL DELETED BECAUSE OF LACK OF DISK SPACE" error 1232 message to explain how much space was available and 1233 sound a bit less threatening. Suggested by Stan Janet 1234 of the National Institute of Standards and Technology. 1235 If mail is delivered to an alias that has an owner, deliver any 1236 requested return-receipt immediately, and strip the 1237 Return-Receipt-To: header from the subsequent message. 1238 This prevents a certain class of denial of service 1239 attack, arguably gives more reasonable semantics, and 1240 moves things more towards what will probably become a 1241 network standard. Suggested by Christopher Davis of 1242 Kapor Enterprises. 1243 Add a "noreceipts" privacy flag to turn off all return receipts 1244 without recompiling. 1245 Avoid printing ESMTP parameters as part of the error message 1246 if there are errors during parsing. This change is 1247 purely cosmetic. 1248 Avoid sending out error messages during the collect phase of 1249 SMTP; there is an MVS mailer from UCLA that gets 1250 confused by this. Of course, I think it's their bug.... 1251 Check for the $j macro getting undefined, losing a dot, or getting 1252 lost from $=w in the daemon before accepting a connection; 1253 if it is, it dumps state, prints a LOG_ALERT message, 1254 and drops core for debugging. This is an attempt to 1255 track down a bug that I thought was long since gone. 1256 If you see this, please forward the log fragment to 1257 sendmail@CS.Berkeley.EDU. 1258 Change OLD_NEWDB from a #ifdef to a #if so it can be turned off 1259 with -DOLD_NEWDB=0 on the command line. From Christophe 1260 Wolfhugel. 1261 Instead of trying to truncate the listen queue for the server 1262 SMTP port when the load average is too high, just close 1263 the port completely and reopen it later as needed. 1264 This ensures that the other end gets a quick "connection 1265 refused" response, and that the connection can be 1266 recovered later. In particular, some socket emulations 1267 seem to get confused if you tweak the listen queue 1268 size around and can never start listening to connections 1269 again. The down side is that someone could start up 1270 another daemon process in the interim, so you could 1271 have multiple daemons all not listening to connections; 1272 this could in turn cause the sendmail.pid file to be 1273 incorrect. A better approach might be to accept the 1274 connection and give a 421 code, but that could break 1275 other mailers in mysterious ways and have paging behaviour 1276 implications. 1277 Fix a glitch in TCP-level debugging that caused flag 16.101 to 1278 set debugging on the wrong socket. From Eric Wassenaar. 1279 When creating a df* temporary file, be sure you truncate any 1280 existing data in the file -- otherwise system crashes 1281 and the like could result in extra data being sent. 1282 DOC: Replace the CHANGES-R5-R8 readme file with a paper in the 1283 doc directory. This includes some additional 1284 information. 1285 CONFIG: change UUCP rules to never add $U! or $k! on the front 1286 of recipient envelope addresses. This should have been 1287 handled by the $&h trick, but broke if people were 1288 mixing domainized and UUCP addresses. They should 1289 probably have converted all the way over to uucp-uudom 1290 instead of uucp-{new,old}, but the failure mode was to 1291 loop the mail, which was bad news. 1292 Portability fixes: 1293 Newer BSDI systems (several people). 1294 Older BSDI systems from Christophe Wolfhugel. 1295 Intergraph CLIX, from Paul Southworth of CICNet. 1296 UnixWare, from Evan Champion. 1297 NetBSD from Adam Glass. 1298 Solaris from Quentin Campbell of the University of 1299 Newcastle upon Tyne. 1300 IRIX from Dean Cookson and Bill Driscoll of Mitre 1301 Corporation. 1302 NCR 3000 from Kevin Darcy of Chrysler Financial Corporation. 1303 SunOS (it has setsid() and setvbuf() calls) from 1304 Jonathan Kamens of OpenVision Technologies. 1305 HP-UX from Tor Lillqvist. 1306 New Files: 1307 src/Makefile.CLIX 1308 src/Makefile.NCR3000 1309 doc/changes/Makefile 1310 doc/changes/changes.me 1311 doc/changes/changes.ps 1312 13138.6.8/8.6.6 94/03/21 1314 SECURITY: it was possible to read any file as root using the 1315 E (error message) option. Reported by Richard Jones; 1316 fixed by Michael Corrigan and Christophe Wolfhugel. 1317 13188.6.7/8.6.6 94/03/14 1319 SECURITY: it was possible to get root access by using wierd 1320 values to the -d flag. Thanks to Alain Durand of 1321 INRIA for forwarding me the notice from the bugtraq 1322 list. 1323 13248.6.6/8.6.6 94/03/13 1325 SECURITY: the ability to give files away on System V-based 1326 systems proved dangerous -- don't run as the owner 1327 of a :include: file on a system that allows giveaways. 1328 Unfortunately, this also applies to determining a 1329 valid shell. 1330 IMPORTANT: Previous versions weren't expiring old connections 1331 in the connection cache for a long time under some 1332 circumstances. This could result in resource exhaustion, 1333 both at your end and at the other end. This checks the 1334 connections for timeouts much more frequently. From 1335 Doug Anderson of NCSC. 1336 Fix a glitch that snuck in that caused programs to be run as 1337 the sender instead of the recipient if the mail was 1338 from a local user to another local user. From 1339 Motonori Nakamura of Kyoto University. 1340 Fix "wildcard" on /etc/shell matching -- instead of looking 1341 for "*", look for "/SENDMAIL/ANY/SHELL/". From 1342 Bryan Costales of ICSI. 1343 Change the method used to declare the "statfs" availability; 1344 instead of HASSTATFS and/or HASUSTAT with a ton of 1345 tweaking in conf.c, there is a single #define called 1346 SFS_TYPE which takes on one of six values (SFS_NONE 1347 for no statfs availability, SFS_USTAT for the ustat(2) 1348 syscall, SFS_4ARGS for a four argument statfs(2) call, 1349 and SFS_VFS, SFS_MOUNT, or SFS_STATFS for a two argument 1350 statfs(2) call with the declarations in <sys/vfs.h>, 1351 <sys/mount.h>, or <sys/statfs.h> respectively). 1352 Fix glitch in NetInfo support that could return garbage if 1353 there was no "/locations/sendmail" property. From 1354 David Meyer of the University of Virginia. 1355 Change HASFLOCK from defined/not-defined to a 0/1 definition 1356 to allow Linux to turn it off even though it is a 1357 BSD-like system. 1358 Allow setting of "ident" timeout to zero to turn off the ident 1359 protocol entirely. 1360 Make 7-bit stripping local to a connection (instead of to a 1361 mailer); this allows you to specify that SMTP is a 1362 7-bit channel, but revert to 8-bit should it advertise 1363 that it supports 8BITMIME. You still have to specify 1364 mailer flag 7 to get this stripping at all. 1365 Improve makesendmail script so it handles more cases automatically. 1366 Tighten up restrictions on taking ownership of :include: files 1367 to avoid problems on systems that allow you to give away 1368 files. 1369 Fix a problem that made it impossible to rebuild the alias 1370 file if it was on a read-only file system. From 1371 Harry Edmon of the University of Washington. 1372 Improve MX randomization function. From John Gardiner Myers 1373 of CMU. 1374 Fix a minor glitch causing a bogus message to be printed (used 1375 %s instead of %d in a printf string for the line number) 1376 when a bad queue file was read. From Harry Edmon. 1377 Allow $s to remain NULL on locally generated mail. I'm not 1378 sure this is necessary, but a lot of people have complained 1379 about it, and there is a legitimate question as to whether 1380 "localhost" is legal as an 822-style domain. 1381 Fix a problem with very short line lengths (mailer L= flag) in 1382 headers. This causes a leading space to be added onto 1383 continuation lines (including in the body!), and also 1384 tries to wrap headers containing addresses (From:, To:, 1385 etc) intelligently at the shorter line lengths. Problem 1386 Reported by Lars-Johan Liman of SUNET Operations Center. 1387 Log the real user name when logging syserrs, since these can have 1388 security implications. Suggested by several people. 1389 Fix address logging of cached connections -- it used to always 1390 log the numeric address as zero. This is a somewhat 1391 bogus implementation in that it does an extra system 1392 call, but it should be an inexpensive one. Fix from 1393 Motonori Nakamura. 1394 Tighten up handling of short syslog buffers even more -- there 1395 were cases where the outgoing relay= name was too long 1396 to share a line with delay= and mailer= logging. 1397 Limit the overhead on split envelopes to one open file descriptor 1398 per envelope -- previously the overhead was three 1399 descriptors. This was in response to a problem reported 1400 by P{r (Pell) Emanuelsson. 1401 Fixes to better handle the case of unexpected connection closes; 1402 this redirects the output to the transcript so the info 1403 is not lost. From Eric Wassenaar. 1404 Fix potential string overrun if you macro evaluate a string that 1405 has a naked $ at the end. Problem noted by James Matheson 1406 <jmrm@eng.cam.ac.uk>. 1407 Make default error number on $#error messages 553 (``Requested 1408 action not taken: mailbox name not allowed'') instead of 1409 501 (``Syntax error in parameters or arguments'') to 1410 avoid bogus "protocol error" messages. 1411 Strip off any existing trailing dot on names during $[ ... $] 1412 lookup. This prevents it from ending up with two dots 1413 on the end of dot terminated names. From Wesley Craig 1414 of the University of Michigan and Bryan Costales of ICSI. 1415 Clean up file class reading so that the debugging information is 1416 more informative. It hadn't been using setclass, so you 1417 didn't see the class items being added. 1418 Avoid core dump if you are running a version of sendmail where 1419 NIS is compiled in, and you specify an NIS map, but 1420 NIS is not running. Fix from John Oleynick of 1421 Rutgers. 1422 Diagnose bizarre case where res_search returns a failure value, 1423 but sets h_errno to a success value. 1424 Make sure that "too many hops" messages are considered important 1425 enough to send an error to the Postmaster (that is, the 1426 address specified in the P option). This fix should 1427 help problems that cause the df file to be left around 1428 sometimes -- unfortunately, I can't seem to reproduce 1429 the problem myself. 1430 Avoid core dump (null pointer reference) on EXPN command; this 1431 only occurred if your log level was set to 10 or higher 1432 and the target account was an alias or had a .forward file. 1433 Problem noted by Janne Himanka. 1434 Avoid "denial of service" attacks by someone who is flooding your 1435 SMTP port with bad commands by shutting the connection 1436 after 25 bad commands are issued. From Kyle Jones of 1437 UUNET. 1438 Fix core dump on error messages with very long "to" buffers; 1439 fmtmsg overflows the message buffer. Fixed by trimming 1440 the to address to 203 characters. Problem reported by 1441 John Oleynick. 1442 Fix configuration for HASFLOCK -- there were some spots where 1443 a #ifndef was incorrectly #ifdef. Pointed out by 1444 George Baltz of the University of Maryland. 1445 Fix a typo in savemail() that could cause the error message To: 1446 lists to be incorrect in some places. From Motonori 1447 Nakamura. 1448 Fix a glitch that can cause duplicate error messages on split 1449 envelopes where an address on one of the lists has a 1450 name server failure. Fix from Voradesh Yenbut of the 1451 University of Washington. 1452 Fix possible bogus pointer reference on ESMTP parameters that 1453 don't have an ``=value'' part. 1454 CNAME loops caused an error message to be generated, but also 1455 re-queued the message. Changed to just re-queue the 1456 message (it's really hard to just bounce it because 1457 of the wierd way the name server works in the presence 1458 of CNAME loops). Problem noted by James M.R.Matheson 1459 of Cambridge University. 1460 Avoid giving ``warning: foo owned process doing -bs'' messages 1461 if they use ``MAIL FROM:<foo>'' where foo is their true 1462 user name. Suggested by Andreas Stolcke of ICSI. 1463 Change the NAMED_BIND compile flag to be a 0/1 flag so you can 1464 override it easily in the Makefile -- that is, you can 1465 turn it off using -DNAMED_BIND=0. 1466 If a gethostbyname(...) of an address with a trailing dot fails, 1467 try it without the trailing dot. This is because if 1468 you have a version of gethostbyname() that falls back 1469 to NIS or the /etc/hosts file it will fail to find 1470 perfectly reasonable names that just don't happen to 1471 be dot terminated in the hosts file. You don't want to 1472 strip the dot first though because we're trying to ensure 1473 that country names that match one of your subdomains get 1474 a chance. 1475 PRALIASES: fix bogus output on non-null-terminated strings. 1476 From Bill Gianopoulos of Raytheon. 1477 CONFIG: Avoid rewriting anything that matches $w to be $j. 1478 This was in code intended to only catch the self-literal 1479 address (that is, [1.2.3.4], where 1.2.3.4 is your 1480 IP address), but the code was broken. However, it will 1481 still do this if $M is defined; this is necessary to 1482 get client configurations to work (sigh). Note that this 1483 means that $M overrides :mailname entries in the user 1484 database! Problem noted by Paul Southworth. 1485 CONFIG: Fix definition of Solaris help file location. From 1486 Steve Cliffe <steve@gorgon.cs.uow.edu.au>. 1487 CONFIG: Fix bug that broke news.group.USENET mappings. 1488 CONFIG: Allow declaration of SMTP_MAILER_MAX, FAX_MAILER_MAX, 1489 and USENET_MAILER_MAX to tweak the maximum message 1490 size for various mailers. 1491 CONFIG: Change definition of USENET_MAILER_ARGS to include argv[0] 1492 instead of assuming that it is "inews" for consistency 1493 with other mailers. From Michael Corrigan of UC San Diego. 1494 CONFIG: When mail is forwarded to a LOCAL_RELAY or a MAIL_HUB, 1495 qualify the address in the SMTP envelope as user@{relay|hub} 1496 instead of user@$j. From Bill Wisner of The Well. 1497 CONFIG: Fix route-addr syntax in nullrelay configuration set. 1498 CONFIG: Don't turn off case mapping of user names in the local 1499 mailer for IRIX. This was different than most every other 1500 system. 1501 CONFIG: Avoid infinite loops on certainly list:; syntaxes in 1502 envelope. Noted by Thierry Besancon 1503 <besancon@excalibur.ens.fr>. 1504 CONFIG: Don't include -z by default on uux line -- most systems 1505 don't want it set by default. Pointed out by Philippe 1506 Michel of Thomson CSF. 1507 CONFIG: Fix some bugs with mailertables -- for example, if your 1508 host name was foo.bar.ray.com and you matched against 1509 ".ray.com", the old implementation bound %1 to "bar" 1510 instead of "foo.bar". Also, allow "." in the mailertable 1511 to match anything -- essentially, take over SMART_HOST. 1512 This also moves matching of explicit local host names 1513 before the mailertable so they don't have to be special 1514 cased in the mailertable data. Reported by Bill 1515 Gianopoulos of Raytheon; the fix for the %1 binding 1516 problem was contributed by Nicholas Comanos of the 1517 University of Sydney. 1518 CONFIG: Don't include "root" in class $=L (users to deliver 1519 locally, even if a hub or relay exists) by default. 1520 This is because of the known bug where definition of 1521 both a LOCAL_RELAY and a MAIL_HUB causes $=L to ignore 1522 both and deliver into the local mailbox. 1523 CONFIG: Move up bitdomain and uudomain handling so that they 1524 are done before .UUCP class matching; uudomain was 1525 reported as ineffective before. This also frees up 1526 diversion 8 for future use. Problem reported by Kimmo 1527 Suominen. 1528 CONFIG: Don't try to convert dotted IP address (e.g., [1.2.3.4]) 1529 into host names. As pointed out by Jonathan Kamens, 1530 these are often used because either the forward or reverse 1531 mapping is broken; this translation makes it broken again. 1532 DOC: Clarify $@ and $: in the Install & Op Guide. From Kimmo 1533 Suominen. 1534 Portability fixes: 1535 Unicos from David L. Kensiski of Sterling Sofware. 1536 DomainOS from Don Lewis of Silicon Systems. 1537 GNU m4 1.0.3 from Karst Koymans of Utrecht University. 1538 Convex from Kimmo Suominen <kim@tac.nyc.ny.us>. 1539 NetBSD from Adam Glass <glass@sun-lamp.cs.berkeley.edu>. 1540 BSD/386 from Tony Sanders of BSDI. 1541 Apollo from Eric Wassenaar. 1542 DGUX from Doug Anderson. 1543 Sequent DYNIX/ptx 2.0 from Tim Wright of Sequent. 1544 NEW FILES: 1545 src/Makefile.DomainOS 1546 src/Makefile.PTX 1547 src/Makefile.SunOS.5.1 1548 src/Makefile.SunOS.5.2 1549 src/Makefile.SunOS.5.x 1550 src/mailq.1 1551 cf/ostype/domainos.m4 1552 doc/op/Makefile 1553 doc/intro/Makefile 1554 doc/usenix/Makefile 1555 15568.6.5/8.6.5 94/01/13 1557 Security fix: /.forward could be owned by anyone (the test 1558 to allow root to own any file was backwards). From 1559 Bob Campbell at U.C. Berkeley. 1560 Security fix: group ids were not completely set when programs 1561 were invoked. This caused programs to have group 1562 permissions they should not have had (usually group 1563 daemon instead of their own group). In particular, 1564 Perl scripts would refuse to run. 1565 Security: check to make sure files that are written are not 1566 symbolic links (at least under some circumstances). 1567 Although this does not respond to a specific known 1568 attack, it's just a good idea. Suggested by 1569 Christian Wettergren. 1570 Security fix: if a user had an NFS mounted home directory on 1571 a system with a restricted shell listed in their 1572 /etc/passwd entry, they could still execute any 1573 program by putting that in their .forward file. 1574 This fix prevents that by insisting that their shell 1575 appear in /etc/shells before allowing a .forward to 1576 execute a program or write a file. You can disable 1577 this by putting "*" in /etc/shells. It also won't 1578 permit world-writable :include: files to reference 1579 programs or files (there's no way to disable this). 1580 These behaviours are only one level deep -- for 1581 example, it is legal for a world-writable :include: 1582 file to reference an alias that writes a file, on 1583 the assumption that the alias file is well controlled. 1584 Security fix: root was not treated suspiciously enough when 1585 looking into subdirectories. This would potentially 1586 allow a cracker to examine files that were publically 1587 readable but in a non-publically searchable directory. 1588 Fix a problem that causes an error on QUIT on a cached 1589 connection to create problems on the current job. 1590 These are typically unrelated, so errors occur in 1591 the wrong place. 1592 Reset CurrentLA in sendall() -- this makes sendmail queue 1593 runs more responsive to load average, and fixes a 1594 problem that ignored the load average in locally 1595 generated mail. From Eric Wassenaar. 1596 Fix possible core dump on aliases with null LHS. From 1597 John Orthoefer of BB&N. 1598 Revert to using flock() whenever possible -- there are just 1599 too many bugs in fcntl() locking, particularly over 1600 NFS, that cause sendmail to fail in perverse ways. 1601 Fix a bug that causes the connection cache to get confused 1602 when sending error messages. This resulted in 1603 "unexpected close" messages. It should fix itself 1604 on the following queue run. Problem noted by 1605 Liudvikas Bukys of the University of Rochester. 1606 Include $k in $=k as documented in the Install & Op Guide. 1607 This seems odd, but it was documented.... From 1608 Michael Corrigan of UCSD. 1609 Fix problem that caused :include:s from alias files to be 1610 forced to be owned by root instead of daemon 1611 (actually DefUid). From Tim Irvin. 1612 Diagnose unrecognized I option values -- from Mortin Forssen 1613 of the Chalmers University of Technology. 1614 Make "error" mailer work consistently when there is no error 1615 code associated with it -- previously it returned OK 1616 even though there was a real problem. Now it assumes 1617 EX_UNAVAILABLE. 1618 Fix bug that caused the last header line of messages that had 1619 no body and which were terminated with EOF instead of 1620 "." to be discarded. Problem noted by Liudvikas Bukys. 1621 Fix core dump on SMTP mail to programs that failed -- it tried 1622 to go to a "next MX host" when none existed, causing 1623 a core dump. From der Mouse at McGill University. 1624 Change IDENTPROTO from a defined/not defined to a 0/1 switch; 1625 this makes it easier to turn it off (using 1626 -DIDENTPROTO=0 in the Makefile). From der Mouse. 1627 Fix YP_MASTER_NAME store to use the unupdated result of 1628 gethostname() (instead of myhostname(), which tries 1629 to fully qualify the name) to be consistent with 1630 SunOS. If your hostname is unqualified, this fixes 1631 transfers to slave servers. Bug noted by Keith 1632 McMillan of Ameritech Services, Inc. 1633 Fix Ultrix problem: gethostbyname() can return a very large 1634 (> 500) h_length field, which causes the sockaddr 1635 to be trashed. Use the size of the sockaddr instead. 1636 Fix from Bob Manson of Ohio State. 1637 Don't assume "-a." on host lookups if NAMED_BIND is not 1638 defined -- this confuses gethostbyname on hosts 1639 file lookups, which doesn't understand the trailing 1640 dot convention. 1641 Log SMTP server subprocesses that die with a signal instead 1642 of from a clean exit. 1643 If you don't have option "I" set, don't assume that a DNS 1644 "host unknown" message is authoritative -- it 1645 might still be found in /etc/hosts. 1646 Fix a problem that would cause Deferred: messages to be sent 1647 as the subject of an error message, even though the 1648 actual cause of a message was more severe than that. 1649 Problem noted by Chris Seabrook of OSSI. 1650 Fix race condition in DBM alias file locking. From Kyle 1651 Jones of UUNET. 1652 Limit delivery syslog line length to avoid bugs in some 1653 versions of syslog(3). This adds a new compile time 1654 variable SYSLOG_BUFSIZE. From Jay Plett of Princeton 1655 University, which is in turn derived from IDA. 1656 Fix quotes inside of comments in addresses -- previously 1657 it insisted that they be balanced, but the 822 spec 1658 says that they should be ignored. 1659 Dump open file state to syslog upon receiving SIGUSR1 (for 1660 debugging). This also evaluates ruleset 89, if set 1661 (with the null input), and logs the result. This 1662 should be used sparingly, since the rewrite process 1663 is not reentrant. 1664 Change -qI, -qR, and -qS flags to be case-insensitive as 1665 documented in the Bat Book. 1666 If the mailer returned EX_IOERR or EX_OSERR, sendmail did not 1667 return an error message and did not requeue the message. 1668 Fix based on code from Roland Dirlewanger of 1669 Reseau Regional Aquarel, Bordeaux, France. 1670 Fix a problem that caused a seg fault if you got a 421 error 1671 code during some parts of connection initialization. 1672 I've only seen this when talking to buggy mailers on 1673 the other end, but it shouldn't give a seg fault in 1674 any case. From Amir Plivatsky. 1675 Fix core dump caused by a ruleset call that returns null. 1676 Fix from Bryan Costales of ICSI. 1677 Full-Name: field was being ignored. Fix from Motonori Nakamura 1678 of Kyoto University. 1679 Fix a possible problem with very long input lines in setproctitle. 1680 From P{r Emanuelsson. 1681 Avoid putting "This is a warning message" out on return receipts. 1682 Suggested by Douglas Anderson. 1683 Detect loops caused by recursive ruleset calls. Suggested by 1684 Bryan Costales. 1685 Initialize non-alias maps during alias rebuilds -- they may be 1686 needed for parsing. Problem noted by Douglas Anderson. 1687 Log sender address even if no message was collected in SMTP 1688 (e.g., if all RCPTs failed). Suggested by Motonori 1689 Nakamura. 1690 Don't reflect the owner-list contents into the envelope sender 1691 address if the value contains ", :, /, or | (to avoid 1692 illegal addresses appearing there). 1693 Efficiency hack for toktype macro -- from Craig Partridge of 1694 BB&N. 1695 Clean up DNS error printing so that a host name is always 1696 included. 1697 Remember to set $i during queue runs. Reported by Stephen 1698 Campbell of Dartmouth University. 1699 If ${HOSTALIASES} is set, use it during canonification so that 1700 headers are properly mapped. Reported by Anne Bennett 1701 of Concordia University. 1702 Avoid printing misleading error message if SMTP mailer (not 1703 using [IPC]) should die on a core dump. 1704 Avoid incorrect diagnosis of "file 1 closed" when it is caused 1705 by the other end closing the connection. From 1706 Dave Morrison of Oracle. 1707 Improve several of the error messages printed by "mailq" 1708 to include a host name or other useful information. 1709 Add NetInfo preliminary support for NeXT systems. From Vince 1710 DeMarco. 1711 Fix a glitch that sometimes caused :include:s that pointed to 1712 NFS filesystems that were down to give an "aliasing/ 1713 forwarding loop broken" message instead of queueing 1714 the message for retry. Noted by William C Fenner of 1715 the NRL Connection Machine Facility. 1716 Fix a problem that could cause a core dump if the input sequence 1717 had (or somehow acquired) a \231 character. 1718 Make sure that route-addrs always have <angle brackets> around 1719 them in non-SMTP envelopes (SMTP envelopes already do 1720 this properly). 1721 Avoid wierd headers on unbalanced punctuation of the form: 1722 ``Joe User <user)'' -- this caused reference to the 1723 null macro. Fix from Rick McCarty of IO.COM. 1724 Fix a problem that caused an alias "user: user@local.host" to 1725 not have the QNOTREMOTE bit set; this caused configs 1726 to act as if FEATURE(notsticky) was defined even when 1727 it was not. The effect of the problem was to make it 1728 very hard to to set up satellite sites that had a few 1729 local accounts, with everything else forwarded to a 1730 corporate hub. Reported by Detlef Drewanz of the 1731 University of Rostock and Mark Frost of NCD. 1732 Change queuing to not call rulesets 3, {1 or 2}, 4 on header 1733 addresses. This is more efficient (fewer name server 1734 calls) and fixes certain unusual configurations, such 1735 as those that have ruleset 4 do something that is 1736 non-idempotent unless a mailer-specific ruleset did 1737 something else. Problem reported by Brian J. Coan 1738 of the Institute for Global Communications. 1739 Fix the "obsolete argument" routine in main to better understand 1740 new arguments. For example, if you used ``sendmail 1741 -C config -v -q'' it would choke on the -q because 1742 the -C would stop looking for old-format arguments. 1743 Fix the code that was intended to allow two users to forward their 1744 mail to the same program and have them appear unique. 1745 Portability fixes for: 1746 SCO UNIX from Murray Kucherawy. 1747 SCO Open Server 3.2v4 from Philippe Brand. 1748 System V Release 4 from Rick Ellis and others. 1749 OSF/1 from Steve Campbell. 1750 DG/UX from Ben Mesander of the USGS and Bryan Curnutt 1751 of Stoner Associates. 1752 Motorola SysV88 from Kevin Johnson of Motorola. 1753 Solaris 2.3 from Casper H.S. Dik of the University 1754 of Amsterdam and John Caruso of University 1755 of Maryland. 1756 FreeBSD from Ollivier Robert. 1757 NetBSD from Adam Glass. 1758 TitanOS from Kate Hedstrom of Rutgers University. 1759 Irix from Bryan Curnutt. 1760 Dynix from Jim Davis of the University of Arizona. 1761 RISC/os. 1762 Linux from John Kennedy of California State University 1763 at Chico. 1764 Solaris 2.x from Tony Boner of the U.S. Air Force. 1765 NEXTSTEP 3.x from Vince DeMarco. 1766 HP-UX from various people. NOTA BENE: the location 1767 of the config file has moved to /usr/lib 1768 to match the HP-UX version of sendmail. 1769 CONFIG: Don't do any recipient rewriting on relay mailer; 1770 since this is intended only for internal use, the 1771 usual RFC 821/822/1123 rules can be relaxed. The 1772 main point of this is to avoid munging (ugh) UUCP 1773 addresses when relaying internally. 1774 CONFIG: fix typo in mailer/uucp.m4 that mutilates list:; 1775 syntax addresses delivered via UUCP. Solution 1776 provided by Peter Wemm. 1777 CONFIG: fix thumb-fumble in default UUCP relaying in ruleset 1778 zero; it caused double @ signs in addresses. From 1779 Irving Reid of the University of Toronto. 1780 CONFIG: Portability fixes for SCO Unix 3.2 with TCP/IP 1.2.1 1781 from Markku Toijala of ICL Personal Systems Oy. 1782 CONFIG: Add trailing "." on pseudo-domains for consistency; 1783 this fixes a problem (noted by Al Whaley of Sunnyside) 1784 that made it hard to recognize your own pseudodomain 1785 names. 1786 CONFIG: catch "@host" syntax errors (i.e., null local-parts) 1787 rather than letting them get "local configuration 1788 error"s. Problem noted by John Gardiner Myers. 1789 CONFIG: add uucp-uudom mailer variant, based on code posted 1790 by Spider Boardman <spider@Orb.Nashua.NH.US>; this 1791 has uucp-dom semantics but old UUCP syntax. This 1792 also permits "uucp-old" as an alias for "uucp" and 1793 "uucp-new" as a synonym for "suucp" for consistency. 1794 CONFIG: add POP mailer support (from Kimmo Suominen 1795 <kim@grendel.lut.fi>). 1796 CONFIG: drop CSNET_RELAY support -- CSNET is long gone. 1797 CONFIG: fix bug caused with domain literal addresses (e.g., 1798 ``[128.32.131.12]'') when FEATURE(allmasquerade) 1799 was set; it would get an additional @masquerade.host 1800 added to the address. Problem noted by Peter Wan 1801 of Georgia Tech. 1802 CONFIG: make sure that the local UUCP name is in $=w. From 1803 Jim Murray of Stratus. 1804 CONFIG: changes to UUCP rewriting to simulate IDA-style "V" 1805 mailer flag. Briefly, if you are sending to host 1806 "foo", then it rewrites "foo!...!baz" to "...!baz", 1807 "foo!baz" remains "foo!baz", and anything else has 1808 the local name prepended. 1809 CONFIG: portability fixes for HP-UX. 1810 DOC: several minor problems fixed in the Install & Op Guide. 1811 MAKEMAP: fix core dump problem on lines that are too long or 1812 which lack newline. From Mark Delany. 1813 MAILSTATS: print sums of columns (total messages & kbytes 1814 in and out of the system). From Tom Ferrin of UC 1815 San Francisco Computer Graphics Lab. 1816 SIGNIFICANT USER- OR SYSAD-VISIBLE CHANGES: 1817 On HP-UX, /etc/sendmail.cf has been moved to 1818 /usr/lib/sendmail.cf to match HP sendmail. 1819 Permissions have been tightened up on world-writable 1820 :include: files and accounts that have shells 1821 that are not listed in /etc/shells. This may 1822 cause some .forward files that have worked 1823 before to start failing. 1824 SIGUSR1 dumps some state to the log. 1825 NEW FILES: 1826 src/Makefile.DGUX 1827 src/Makefile.Dynix 1828 src/Makefile.FreeBSD 1829 src/Makefile.Mach386 1830 src/Makefile.NetBSD 1831 src/Makefile.RISCos 1832 src/Makefile.SCO 1833 src/Makefile.SVR4 1834 src/Makefile.Titan 1835 cf/mailer/pop.m4 1836 cf/ostype/bsdi1.0.m4 1837 cf/ostype/dgux.m4 1838 cf/ostype/dynix3.2.m4 1839 cf/ostype/sco3.2.m4 1840 makemap/Makefile.dist 1841 praliases/Makefile.dist 1842 18438.6.4/8.6.4 93/10/31 1844 Repair core-dump problem (write to read-only memory segment) 1845 if you fall back to the return-to-Postmaster case in 1846 savemail. Problem reported by Richard Liu. 1847 Immediately diagnose bogus sender addresses in SMTP. This 1848 makes quite certain that crackers can't use this 1849 class of attack. 1850 Reliability Fix: check return value from fclose() and fsync() 1851 in a few critical places. 1852 Minor problem in initsys() that reversed a condition for 1853 redirecting the output channel on queue runs. It's 1854 not clear this code even does anything. From Eric 1855 Wassenaar of the Dutch National Institute for Nuclear 1856 and High-Energy Physics. 1857 Fix some problems that caused queue runs to do "too much work", 1858 such as double-reading the Errors-To: header. From 1859 Eric Wassenaar. 1860 Error messages on writing the temporary file (including the 1861 data file) were getting suppressed in SMTP -- this 1862 fix causes them to be properly reported. From Eric 1863 Wassenaar. 1864 Some changes to support AF_UNIX sockets -- this will only 1865 really become relevant in the next release, but some 1866 people need it for local patches. From Michael 1867 Corrigan of UC San Diego. 1868 Use dynamically allocated memory (instead of static buffers) 1869 for macros defined in initsys() and settime(); since 1870 these can have different values depending on which 1871 envelope they are in. From Eric Wassenaar. 1872 Improve logging to show ctladdr on to= logging; this tells you 1873 what uid/gid processes ran as. 1874 Fix a problem that caused error messages to be discarded if 1875 the sender address was unparseable for some reason; 1876 this was supposed to fall back to the "return to 1877 postmaster" case. 1878 Improve aliaswait backoff algorithm. 1879 Portability patches for Linux (8.6.3 required another header 1880 file) (from Karl London) and SCO UNIX. 1881 CONFIG: patch prog mailer to not strip host name off of envelope 1882 addresses (so that it matches local again). From 1883 Christopher Davis. 1884 CONFIG: change uucp-dom mailer so that "<>" translates to $n; 1885 this prevents uux from seeing lines with null names like 1886 ``From Sat Oct 30 14:55:31 1993''. From Motonori 1887 Nakamura of Kyoto University. 1888 CONFIG: handle <list:;> syntax correctly. This isn't legal, but 1889 it shouldn't fail miserably. From Motonori Nakamura. 1890 18918.6.3/8.6.3 93/10/24 1892 IMPORTANT FIX: Fix several problems that caused open files to 1893 be "lost" during queue runs; this overflowed the open 1894 file table on large runs. An assumption that fdopen 1895 always succeeds sometimes resulted in core dumps when 1896 this happens; sometimes the message is delivered twice, 1897 sometimes (probably) infinite times. This problem in 1898 various form was reported by P{r (Pell) Emanuelsson and 1899 Robert Campbell of U.C. Berkeley. 1900 Special diagnosis of EMFILE error conditions -- it now prints 1901 the known open file descriptors so you can figure out 1902 what is consuming so much resources. 1903 Fix a couple of problems caused by early address parsing 1904 errors -- one caused it to return a "this is only a 1905 warning" when it really wasn't, and the other started 1906 parsing through a random pointer. The first was 1907 noted by Eric Wassenaar. 1908 Fix an infinite loop problem caused by null components in the 1909 host signature. Problem noted by Jan Sorensen. 1910 Be sure to reset the "current date" when sending an error 1911 message -- PostMasterCopy messages were being sent 1912 with an old Date: header. 1913 Fix a problem that caused duplicated mail when sendmail was 1914 (1) compiled without HASFLOCK, (2) you are sending to 1915 an alias that has an owner-* alias, (3) you execute 1916 sendmail with -t flag, (4) you run in -odb mode, and 1917 (5) the sender specifies both the alias name and 1918 another alias [i.e., the envelope is split], then 1919 duplicate messages are sent. The problem description 1920 and one-line fix are from Motonori Nakamura of Kyoto 1921 University. 1922 Avoid a problem that causes error messages to be discarded 1923 in some cases -- this was the result of a "fix" to 1924 avoid duplicate error messages, but two are better 1925 than zero. Reported by Tim Rylance. 1926 Fix a minor botch in checkfd012() -- fix from Dave Hill of 1927 Computervision R&D Ltd. 1928 Remove "X-Authentication-Warning: <user> set sender to <address> 1929 using -f" entirely -- it is far too eager to include 1930 this, and it is confusing folks. I'll try to make it 1931 work "right" in 8.7. Problem noted by Yoshitaka 1932 Tokugawa of dit Co., Ltd. 1933 Fix a race condition with the errno value in tick() and 1934 reapchild() -- this caused occasional misdiagnosis 1935 of problems. Kyle Jones of UUNET helped this along. 1936 Repair rule loop-detection code. From Michael Corrigan of 1937 U.C. San Diego. 1938 Fix a problem that caused sender domain addition (C mailer 1939 flag to be ignored if you use -odq or use -odb with 1940 a high load average. Problem reported by Jim Murray 1941 of Stratus. 1942 Fix ident protocol on multi-homed machines. It was not 1943 always using the correct interface. Fix from J.R. 1944 Oldroyd of Opal. 1945 Previously, sendmail assumed that any SMTP greeting message 1946 that wasn't 2xx was a temporary failure -- it should 1947 only take 4xx as a temporary failure, and return a 1948 solid error message on anything else -- for example, 1949 to allow you to reject connections on a workstation 1950 that is MXed to a mail server. 1951 Portability enhancements for 386BSD/FreeBSD/NetBSD from 1952 Ollivier Robert. 1953 CONFIG: FEATURE(always_add_domain) didn't always add the domain; 1954 in particular, on local mail it modified the header sender 1955 but not the header recipient address(es). Reported by 1956 Jeffrey Honig of Cornell University. Also, strip 1957 any host from envelope recipient address(es), since 1958 local mailers don't understand host names -- this is 1959 to help mailertable entries. From Christopher Davis. 1960 CONFIG: masquerading didn't apply to addresses that already 1961 had a domain. This change replaces a local hostname 1962 by the masquerade name in the SMTP mailer (previously 1963 it only added the masquerade name if it didn't already 1964 have a domain name). Several people complained about 1965 this. 1966 19678.6.2/8.6.2 93/10/15 1968 Put a "successful delivery" message in the transcript for 1969 addresses that get return-receipts. 1970 Put a prominent "this is only a warning" message in warning 1971 messages -- some people don't read carefully enough 1972 and end up sending the message several times. 1973 Include reason for temporary failure in the "warning" return 1974 message. Currently, it just says "cannot send for 1975 four hours". 1976 Fix the "Original message received" time generated for 1977 returntosender messages. It was previously listed as 1978 the current time. Bug reported by Eric Hagberg of 1979 Cornell University Medical College. 1980 If there is an error when writing the body of a message, 1981 don't send the trailing dot and wait for a response 1982 in sender SMTP, as this could cause the connection to 1983 hang up under some bizarre circumstances. From Eric 1984 Wassenaar. 1985 Fix some server SMTP synchronization problems caused when 1986 connections fail during message collection. From 1987 Eric Wassenaar. 1988 Fix a problem that can cause srvrsmtp to reject mail if the 1989 name server is down -- it accepts the RCPT but rejects 1990 the DATA command. Problem reported by Jim Murray of 1991 Stratus. 1992 Fix a problem that can cause core dumps if the config file 1993 incorrectly resolves to a null hostname. Reported by 1994 Allan Johannesen of WPI. 1995 Non-root use of -C flag, dangerous -f flags, and use of -oQ 1996 by non-root users were not put into 1997 X-Authentication-Warning:s as intended because the 1998 config file hadn't set the PrivacyFlags yet. Fix 1999 from Sven-Ove Westberg of the University of Lulea. 2000 Under very odd circumstances, the alias file rebuild code 2001 could get confused as to whether a database was 2002 open or not. 2003 Check "vendor code" on the end of V lines -- this is 2004 intended to provide a hook for vendor-specific 2005 configuration syntax. (This is a "new feature", 2006 but I've made an exception to my rule in a belief 2007 that this is a highly exceptional case.) 2008 Portability fixes for DG/UX (from Douglas Anderson of NCSC), 2009 SCO Unix (from Murray Kucherawy), A/UX, and OSF/1 2010 (from Jon Forrest of UC Berkeley) 2011 CONFIG: fix ``mailer:host'' form of UUCP relay naming. 2012 20138.6.1/8.6 93/10/08 2014 Portability fixes for A/UX and Encore UMAX V. 2015 Fix error message handling -- if you had a name server down 2016 causing an error during parsing, that message was never 2017 propogated to the queue file. 2018 20198.6/8.6 93/10/05 2020 Configuration cleanup: make it easier to undo IDENTPROTO in 2021 conf.h (other systems have the same bug). 2022 If HASGETDTABLESIZE and _SC_OPEN_MAX are both defined, assume 2023 getdtablesize() instead of sysconf(); a disturbingly 2024 large number of systems defined _SC_OPEN_MAX in the 2025 header files but don't have the syscall. 2026 Another patch to really truly ignore MX records in getcanonname 2027 if trymx == FALSE. 2028 Fix problem that caused the "250 IAA25499 Message accepted for 2029 delivery" message to be omitted if there was an error 2030 in the header of the message (e.g., a bad Errors-To: 2031 line). Pointed out by Michael Corrigan of UCSD. 2032 Announce name of host we are chatting when we get errors; this 2033 is an IDA-ism suggested by Christophe Wolfhugel. 2034 Portability fixes for Alpha OSF/1 (from Anthony Baxter of the 2035 Australian Artificial Intelligence Institute), SCO Unix 2036 (from Murray Kucherawy of Hookup Communication Corp.), 2037 NeXT (from Vince DeMarco and myself), Linux (from 2038 Karl London <karl@borg.demon.co.uk>), BSDI (from 2039 Christophe Wolfhugel, and SVR4 on Dell (from Kimmo 2040 Suominen), AUX 3.0 on Macintosh, and ANSI C compilers. 2041 Some changes to get around gcc optimizer bugs. From Takahiro 2042 Kanbe. 2043 Fix error recovery in queueup if another tf file of the same 2044 name already exists. Problem stumbled over by Bill 2045 Wisner of The Well. 2046 Output YP_MASTER_NAME and YP_LAST_MODIFIED without null bytes. 2047 Problem noted by Keith McMillan of Ameritech Services. 2048 Deal with group permissions properly when opening .forward and 2049 :include: files. This relaxes the 8.1C restrictions 2050 slightly more. This includes proper setting of groups 2051 when reading :include: files, allowing you to read some 2052 files that you should be able to read but have previously 2053 been denied unless you owned them or they had "other" 2054 read permission. 2055 Make certain that $j is in $=w (after the .cf is read) so that 2056 if the user is forced to override some silly system, 2057 MX suppression will still work. 2058 Fix a couple of efficiency problems where newstr was double- 2059 calling expensive routines. In at least one case, it 2060 wasn't guaranteed that they would always return the 2061 same result. Problem noted by Christophe Wolfhugel. 2062 Fix null pointer dereference in putoutmsg -- only on an error 2063 condition from a non-SMTP mailer. From Motonori 2064 Nakamura. 2065 Macro expand "C" line class definitions before scanning so that 2066 "CX $Z" works. 2067 Fix problem that caused error message to be sent while still 2068 trying to send the original message if the connection 2069 is closed during a DATA command after getting an error 2070 on an RCPT command (pretty obscure). Problem reported 2071 by John Myers of CMU. 2072 Fix reply to NOOP to be 250 instead of 200 -- this is a long 2073 term bug. 2074 Fix a nasty bug causing core dumps when returning the "warning: 2075 cannot deliver for N hours -- will keep trying" message; 2076 it only occurred if you had PostMasterCopy set and 2077 only on some architectures. Although sendmail would 2078 keep trying, it would send error messages on each 2079 queue interval. This is an important fix. 2080 Allow u and g options to take user and group names respectively. 2081 Don't do a chdir into the queue directory in -bt mode to make 2082 ruleset testing a bit easier. 2083 Don't allow users to turn off logging (using -oL) on the command 2084 line -- command line can only raise, not lower, logging 2085 level. 2086 Set $u to the original recipient on the SMTP transaction or on 2087 the command line. This is only done if there is exactly 2088 one recipient. Technically, this does not meet the 2089 specs, because it does not guarantee a domain on the 2090 address. 2091 Fix a problem that dumped error messages on bad addresses if 2092 you used the -t flag. Problem noted by Josh Smith of 2093 Harvey Mudd College. 2094 Given an address such as ``<foo> <bar>'', auto-quote the first 2095 ``<foo>'' part, giving ``"<foo>" <bar>''. This is to 2096 avoid the problem of people who use angle brackets in 2097 their full name information. 2098 Fix a null pointer dereference if you set option "l", have 2099 an Errors-To: header in the message, and have Errors-To: 2100 defined in the config file H lines. From J.R. Oldroyd. 2101 Put YPCOMPAT on #ifdef NIS instead -- it's one less thing to get 2102 wrong when compiling. Suggested by Rick McCarty of TI. 2103 Fix a problem that could pass negative SIZE parameter if the 2104 df file got lost; this would cause servers to always 2105 give a temporary failure, making the problem even worse. 2106 Problem noted by Allan Johannesen of WPI. 2107 Add "ident" timeout (one of the "r" option selectors) for IDENT 2108 protocol timeouts (30s default). Requested by Murray 2109 Kucherawy of HookUp Communication Corp. to handle bogus 2110 PC TCP/IP implementations. 2111 Change $w default definition to be just the first component of 2112 the domain name on config level 5. The $j macro defaults 2113 to the FQDN; $m remains as before. This lets well-behaved 2114 config files use any of the short, long, or subdomain 2115 names. 2116 Add makesendmail script in src to try to automate multi-architecture 2117 builds. I know, this is sub-optimal, but it is still 2118 helpful. 2119 Fix very obscure race condition that can cause a queue run to 2120 get a queue file for an already completed job. This 2121 problem has existed for years. Problem noted by the 2122 long suffering Allan Johannesen of WPI. 2123 Fix a problem that caused the raw sender name to be passed to 2124 udbsender instead of the canonified name -- this caused 2125 it to sometimes miss records that it should have found. 2126 Relax check of name on HELO packet so that a program using -bs 2127 that claims to be itself works properly. 2128 Restore rewriting of $: part of address through 2, R, 4 in 2129 buildaddr -- this requires passing a lot of flags to get 2130 it right. Unlike old versions, this ONLY rewrites 2131 recipient addresses, not sender addresses. 2132 Fix a bug that caused core dumps in config files that cannot 2133 resolve /file/name style addresses. Fix from Jonathan 2134 Kamens of OpenVision Technologies. 2135 Fix problem with fcntl locking that can cause error returns to 2136 be lost if the lock is lost; this required fully 2137 queueing everything, dropping the envelope (so errors 2138 would get returned), and then re-reading the queue from 2139 scratch. 2140 Fix a problem that caused aliases that redefine an otherwise 2141 true address to still send to the original address 2142 if and only if the alias failed in certain bizarre 2143 ways (e.g, if they pointed at a list:; syntax address). 2144 Problem pointed out by Jonathan Kamens. 2145 Remove support for frozen configuration files. They caused 2146 more trouble than it was worth. 2147 Fix problem that can cause error messages to get ignored when 2148 using both -odb and -t flags. Problem noted by Rob 2149 McNicholas at U.C. Berkeley. 2150 Include all "normal" variations on hostname in $=w. For example, 2151 if the host name is vangogh.cs.berkeley.edu, $=w will 2152 contain vangogh, vangogh.cs, and vangogh.cs.berkeley.edu. 2153 Add "restrictqrun" privacy flag -- without this, anyone can run 2154 the queue. 2155 Reset SmtpPhase global on initial connection creation so that 2156 messages don't come out with stale information. 2157 Pass an "ext" argument to lockfile so that error/log messages 2158 will properly reflect the true filename being locked. 2159 Put all [...] address forms into $=w -- this eliminates the need 2160 for MAXIPADDR in conf.h. Suggested by John Gardiner 2161 Myers of CMU. 2162 Fix a bug that can cause qf files to be left around even after 2163 an SMTP RSET command. Problem and fix from Michael 2164 Corrigan. 2165 Don't send a PostMasterCopy to errors when the Precedence: is 2166 negative. Error reports still go to the envelope 2167 sender address. 2168 Add LA_SHORT for load averages. 2169 Lock sendmail.st file when posting statistics. 2170 Add "SendBufSize" and "RcvBufSize" suboptions to "O" option to 2171 set the size of the TCP send and receive buffers; if you 2172 run over a slow slip line you may need to set these down 2173 (although it would be better to fix the SLIP implementation 2174 so that it's not necessary to recompile every program 2175 that does bulk data transfer). 2176 Allow null defaults on $( ... $) lookups. Problem reported by 2177 Amir Plivatsky. 2178 Diagnose crufty S and V config lines. This resulted from an 2179 observation that some people were using the SITE macro 2180 without the SITECONFIG macro first, which was causing 2181 bogus config files that were not caught. 2182 Fix makemap -f flag to turn off case folding (it was turning it 2183 on instead). THIS IS A USER VISIBLE CHANGE!!! 2184 Fix a problem that caused multiple error messages to be sent if 2185 you used "sendmail -t -oem -odb", your system uses fcntl 2186 locking, and one of the recipient addresses is unknown. 2187 Reset uid earlier in include() so that recursive .forwards or 2188 :include:s don't use the wrong uid. 2189 If file descriptor 0, 1, or 2 was closed when sendmail was 2190 called, the code to recover the descriptor was broken. 2191 This sometimes (only sometimes) caused problems with the 2192 alias file. Fix from Motonori Nakamura. 2193 Fix a problem that caused aliaswait to go into infinite recursion 2194 if the @:@ metasymbol wasn't found in the alias file. 2195 Improve error message on newaliases if database files cannot be 2196 opened or if running with no database format defined. 2197 Do a better estimation of the size of error messages when NoReturn 2198 is set. Problem noted by P{r (Pell) Emanuelsson. 2199 Fix a problem causing the "c" option (don't connect to expensive 2200 mailers) to be ignored in SMTP. Problem noted and the 2201 solution suggested by Robert Elz of Munnari University. 2202 Improve connection caching algorithm by passing "[host]" to 2203 hostsignature, which strips the square brackets and 2204 returns the real name. This allows mailertable entries 2205 to match regular entries. 2206 Re-enable Return-Receipt-To: -- people seem to want this stupid 2207 feature, even if it doesn't work right. 2208 Catch and log attempts to try the "wiz" command in server SMTP. 2209 This also ups the log level from LOG_NOTICE to LOG_CRIT. 2210 Be more generous at assigning $z to the home directory -- do this 2211 for programs that are specified through a .forward file. 2212 Fix from Andrew Chang of Sun Microsystems. 2213 Always save a fatal error message in preference to a non-fatal 2214 error message so that the "subject" line of return 2215 messages is the best possible. 2216 CONFIG: reduce the number of quotes needed to quote configuration 2217 parameters with commas: two quotes should work now, e.g., 2218 define(ALIAS_FILE, ``/etc/aliases,/etc/aliases.local''). 2219 CONFIG: class $=Z is a set of UUCP hosts that use uucp-dom 2220 connections (domain-ized UUCP). 2221 CONFIG: fix bug in default maps (-o must be before database file 2222 name). Pointed out by Christophe Wolfhugel. 2223 CONFIG: add FEATURE(nodns) to state that we are not relying on 2224 DNS. This would presumably be used in UUCP islands. 2225 CONFIG: add OSTYPE(nextstep) and OSTYPE(linux). 2226 CONFIG: log $u in Received: line. This is in technical violation 2227 of the standards, since it doesn't guarantee a domain 2228 on the address. 2229 CONFIG: don't assume "m" in local mailer flags -- this means that 2230 if you redefine LOCAL_MAILER_FLAGS you will have to include 2231 the "m" flag should you want it. Apparently some Solaris 2.2 2232 installations can't handle multiple local recipients. 2233 Problem noted by Josh Smith. 2234 CONFIG: add confDOMAIN_NAME to set $j (if undefined, $j defaults). 2235 CONFIG: change default version level from 4 to 5. 2236 CONFIG: add FEATURE(nullclient) to create a config file that 2237 forwards all mail to a hub without ever looking at the 2238 addresses in any detail. 2239 CONFIG: properly strip mailer: information off of relays when 2240 used to change .BITNET form into %-hack form. 2241 CONFIG: fix a problem that caused infinite loops if presented 2242 with an address such as "!foo". 2243 CONFIG: check for self literal (e.g., [128.32.131.12]) even if 2244 the reverse "PTR" mapping is broken. There's a better 2245 way to do this, but the change is fairly major and I 2246 want to hold it for another release. Problem noted by 2247 Bret Marquis. 2248 22498.5/8.5 93/07/23 2250 Serious bug: if you used a command line recipient that was unknown 2251 sendmail would not send a return message (it was treating 2252 everything as though it had an SMTP-style client that 2253 would do the return itself). Problem noted by Josh Smith. 2254 Change "trymx" option in getcanonname() to ignore all MX data, 2255 even during a T_ANY query. This actually didn't break 2256 anything, because the only time you called getcanonname 2257 with !trymx was if you already knew there were no MX 2258 records, but it is somewhat cleaner. From Motonori 2259 Nakamura. 2260 Don't call getcanonname from getmxrr if you already know there 2261 are no DNS records matching the name. 2262 Fix a problem causing error messages to always include "The 2263 original message was received ... from localhost". 2264 The correct original host information is now included. 2265 Previous change to cf/sh/makeinfo.sh doesn't port to Ultrix (their 2266 version of "test" doesn't have the -x flag). Change it 2267 to use -f instead. From John Myers. 2268 CONFIG: 8.4 mistakenly set the default SMTP-style mailer to 2269 esmtp -- it should be smtp. 2270 CONFIG: send all relayed mail using confRELAY_MAILER (defaults 2271 to "relay" (a variant of "smtp") if MAILER(smtp) is used, 2272 else "suucp" if MAILER(uucp) is used, else "unknown"); 2273 this cleans up the configs somewhat. This fixes a serious 2274 problem that caused route-addrs to get mistaken as relays, 2275 pointed out by John Myers. WARNING: this also causes 2276 the default on SMART_HOST to change from "suucp" to 2277 "relay" if you have MAILER(smtp) specified. 2278 22798.4/8.4 93/07/22 2280 Add option `w'. If you receive a message that comes to you because 2281 you are the best (lowest preference) target of an MX, and 2282 you haven't explicitly recognized the source MX host in 2283 your .cf file, this option will cause you to try the target 2284 host directly (as if there were no MX for it at all). If 2285 `w' is not set, this case is a configuration error. 2286 Beware: if `w' is set, senders may get bogus errors like 2287 "message timed out" or "host unknown" for problems that 2288 are really configuration errors. This option is 2289 disrecommended, provided only for compatibility with 2290 UIUC sendmail. 2291 Fix a problem that caused the incoming socket to be left open 2292 when sendmail forks after the DATA command. This caused 2293 calling systems to wait in FIN_WAIT_2 state until the 2294 entire list was processed and the child closed -- a 2295 potentially prodigious amount of time. Problem noted 2296 by Neil Rickert. 2297 Fix problem (created in 6.64) that caused mail sent to multiple 2298 addresses, one of which was a bad address, to completely 2299 suppress the sending of the message. This changes 2300 handling of EF_FATALERRS somewhat, and adds an 2301 EF_GLOBALERRS flag. This also fixes a potential problem 2302 with duplicate error messages if there is a syntax error 2303 in the header of a message that isn't noticed until late 2304 in processing. Original problem pointed out by Josh Smith 2305 of Harvey Mudd College. This release includes quite a bit 2306 of dickering with error handling (see below). 2307 Back out SMTP transaction if MAIL gets nested 501 error. This 2308 will only hurt already-broken software and should help 2309 humans. 2310 Fix a problem that broke aliases when neither NDBM nor NEWDB were 2311 compiled in. It would never read the alias file. 2312 Repair unbalanced `)' and `>' (the "open" versions are already 2313 repaired). 2314 Logging of "done" in dropenvelope() was incorrect: it would 2315 log this even when the queue file still existed. Change 2316 this to only log "done" (at log level 11) when the 2317 queue file is actually removed. From John Myers. 2318 Log "lost connection" in server SMTP at log level 20 if there 2319 is no pending transaction. Some senders just close the 2320 connection rather than sending QUIT. 2321 Fix a bug causing getmxrr to add a dot to the end of unqualified 2322 domains that do not have MX records -- this would cause 2323 the subsequent host name lookup to fail. The problem 2324 only occurred if you had FEATURE(nocanonify) set. 2325 Problem noted by Rick McCarty of Texas Instruments. 2326 Fix invocation of setvbuf when passed a -X flag -- I had 2327 unwittingly used an ANSI C extension, and this caused 2328 core dumps on some machines. 2329 Diagnose self-destructive alias loops on RCPT as well as EXPN. 2330 Previously it just gave an empty send queue, which 2331 then gave either "Need RCPT (recipient)" at the DATA 2332 (confusing, since you had given an RCPT command which 2333 returned 250) or just dropped the email, depending on 2334 whether you were running VERBose mode. Now it usually 2335 diagnoses this case as "aliasing/forwarding loop broken". 2336 Unfortunately, it still doesn't adequately diagnose 2337 some true error conditions. 2338 Add internal concept of "warning messages" using 6xx codes. 2339 These are not reported only to Postmaster. Unbalanced 2340 parens, brackets, and quotes are printed as 653 codes. 2341 They are always mapped to 5xx codes before use in SMTP. 2342 Clean up error messages to tell both the actual address that 2343 failed and the alias they arose from. This makes it 2344 somewhat easier to diagnose problems. Difficulty noted 2345 by Motonori Nakamura. 2346 Fix a problem that inappropriately added a ctladdr to addresses 2347 that shouldn't have had one during a queue run. This 2348 caused error messages to be handled differently during 2349 a queue run than a direct run. 2350 Don't print the qf name and line number if you get errors during 2351 the direct run of the queue from srvrsmtp -- this was 2352 just extra stuff for users to crawl through. 2353 Put command line flags on second line of pid file so you can 2354 auto-restart the daemon with all appropriate arguments. 2355 Use "kill `head -1 /etc/sendmail.pid`" to stop the 2356 daemon, and "eval `tail -1 /etc/sendmail.pid`" to 2357 restart it. 2358 Remove the ``setuid(getuid())'' in main -- this caused the 2359 IDENT daemon to screw up. This required that I change 2360 HASSETEUID to HASSETREUID and complicate the mode 2361 changing somewhat because both Ultrix and SunOS seem 2362 to have a bug causing seteuid() to set the saved uid 2363 as well as the effective. The program test/t_setreuid.c 2364 will test to see if your implementation of setreuid(2) 2365 is appropriately functional. 2366 The FallBackMX (option V) handling failed to properly identify 2367 fallback to yourself -- most of the code was there, 2368 but it wasn't being enabled. Problem noted by Murray 2369 Kucherawy of the University of Waterloo. 2370 Change :include: open timeout from ETIMEDOUT to an internal 2371 code EOPENTIMEOUT; this avoids adding "during SmtpPhase 2372 with CurHostName" in error messages, which can be 2373 confusing. Reported by Jonathan Kamens of OpenVision 2374 Technologies. 2375 Back out setpgrp (setpgid on POSIX systems) call to reset the 2376 process group id. The original fix was to get around 2377 some problems with recalcitrant MUAs, but it breaks 2378 any call from a shell that creates a process group id 2379 different from the process id. I could try to fix 2380 this by diddling the tty owner (using tcsetpgrp or 2381 equivalent) but this is too likely to break other 2382 things. 2383 Portability changes: 2384 Support -M as equivalent to -oM on Ultrix -- apparently 2385 DECnet calls sendmail with -MrDECnet -Ms<HOST> -bs 2386 instead of using standard flags. Oh joy. This 2387 behaviour reported by Jon Giltner of University 2388 of Colorado. 2389 SGI IRIX -- this includes several changes that should 2390 help other strict ANSI compilers. 2391 SCO Unix -- from Murray Kucherawy of HookUp Communication 2392 Corporation. 2393 Solaris running the Sun C compiler (which despite the 2394 documentation apparently doesn't define 2395 __STDC__ by default). 2396 ConvexOS from Eric Schnoebelen of Convex. 2397 Sony NEWS workstations and Omron LUNA workstations from 2398 Motonori Nakamura. 2399 CONFIG: add confTRY_NULL_MX_LIST to set option `w'. 2400 CONFIG: delete `C' and `e' from default SMTP mailers flags; 2401 several people have made a good argument that this 2402 creates more problems than it solves (although this 2403 may prove painful in the short run). 2404 CONFIG: generalize all the relays to accept a "mailer:host" 2405 format. 2406 CONFIG: move local processing in ruleset 0 into a new ruleset 2407 98 (8 on old sendmail). Domain literal [a.b.c.d] 2408 addresses are also passed through this ruleset. 2409 CONFIG: if neither SMART_HOST nor MAILER(smtp) were defined, 2410 internet-style addresses would "fall off the end" of 2411 ruleset zero and be interpreted as local -- however, 2412 the angle brackets confused the recursive call. 2413 These are now diagnosed as "Unrecognized host name". 2414 CONFIG: USENET rules weren't included in S0 because of a mistaken 2415 ifdef(`_MAILER_USENET_') instead of 2416 ifdef(`_MAILER_usenet_'). Problem found by Rein Tollevik 2417 of SINTEF RUNIT, Oslo. 2418 CONFIG: move up LOCAL_RULE_0 processing so that it happens very 2419 early in ruleset 0; this allows .mc authors to bypass 2420 things like the "short circuit" code for local addresses. 2421 Prompted by a comment by Bill Wisner of The Well. 2422 CONFIG: add confSMTP_MAILER to define the mailer used (smtp or 2423 esmtp) to send SMTP mail. This allows you to default 2424 to esmtp but use a mailertable or other override to 2425 deal with broken servers. This logic was pointed out 2426 to me by Bill Wisner. Ditto for confLOCAL_MAILER. 2427 Changes to cf/sh/makeinfo.sh to make it portable to SVR4 2428 environments. Ugly as sin. 2429 24308.3/8.3 93/07/13 2431 Fix setuid problems introduced in 8.2 that caused messages 2432 like "Cannot create qfXXXXXX: Invalid argument" 2433 or "Cannot reopen dfXXXXXX: Permission denied". This 2434 involved a new compile flag "HASSETEUID" that takes 2435 the place of the old _POSIX_SAVED_IDS -- it turns out 2436 that the POSIX interface is broken enough to break 2437 some systems badly. This includes some fixes for 2438 HP-UX. Also fixes problems where the real uid is 2439 not reset properly on startup (from Neil Rickert). 2440 Fix a problem that caused timed out messages to not report the 2441 addresses that timed out. Error messages are also more 2442 "user friendly". 2443 Drop required bandwidth on connections from 64 bytes/sec to 2444 16 bytes/sec. 2445 Further Solaris portability changes -- doesn't require the BSD 2446 compatibility library. This also adds a new 2447 "HASGETDTABLESIZE" compile flag which can be used if 2448 you want to use getdtablesize(2) instead of sysconf(2). 2449 These are loosely based on changes from David Meyer at 2450 University of Oregon. This now seems to work, at least 2451 for quick test cases. 2452 Fix a problem that can cause duplicate error messages to be 2453 sent if you are in SMTP, you send to multiple addresses, 2454 and at least one of those addresses is good and points 2455 to an account that has a .forward file (whew!). 2456 Fix a problem causing messages to be discarded if checkcompat() 2457 returned EX_TEMPFAIL (because it didn't properly mark 2458 the "to" address). Problem noted by John Myers. 2459 Fix dfopen to return NULL if the open failed; I was depending 2460 on fdopen(-1) returning NULL, which isn't the case. This 2461 isn't serious, but does result in wierd error diagnoses. 2462 From Michael Corrigan. 2463 CONFIG: add UUCP_MAX_SIZE M4 macro to set the maximum size of 2464 messages sent through UUCP-family mailers. Suggested 2465 by Bill Wisner of The Well. 2466 CONFIG: if both MAILER(uucp) and MAILER(smtp) are specified, 2467 include a "uucp-dom" mailer that uses domain-style 2468 addressing. Suggested by Bill Wisner. 2469 CONFIG: Add LOCAL_SHELL_FLAGS and LOCAL_SHELL_ARGS to match 2470 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS. Suggested by 2471 Christophe Wolfhugel. 2472 CONFIG: Add OSTYPE(aix3). From Christophe Wolfhugel. 2473 24748.2/8.2 93/07/11 2475 Don't drop out on config file parse errors in -bt mode. 2476 On older configuration files, assume option "l" (use Errors-To 2477 header) for back compatibility. NOTE: this DOES NOT 2478 imply an endorsement of the Errors-To: header in any way. 2479 Accept -x flag on AIX-3 as well as OSF/1. Why, why, why??? 2480 Don't log errors on EHLO -- it isn't a "real" error for an old 2481 SMTP server to give an error on this command, and 2482 logging it in the transcript can be confusing. Fix 2483 from Bill Wisner. 2484 IRIX compatibility changes provided by Dan Rich 2485 <drich@sandman.lerc.nasa.gov>. 2486 Solaris 2 compatibility changes. Provided by Bob Cunningham 2487 <bob@kahala.soest.hawaii.edu>, John Oleynick 2488 <juo@klinzhai.rutgers.edu> 2489 Debugging: -d17 was overloaded (hostsignature and usersmtp.c); 2490 move usersmtp (smtpinit and smtpmailfrom) to -d18 to 2491 match the other flags in that file. 2492 Flush transcript before fork in mailfile(). From Eric Wassenaar. 2493 Save h_errno in mci struct and improve error message display. 2494 Changes from Eric Wassenaar. 2495 Open /dev/null for the transcript if the create of the xf file 2496 failed; this avoids at least one possible null pointer 2497 reference in very wierd cases. From Eric Wassenaar. 2498 Clean up statistics gathering; it was over-reporting because of 2499 forks. From Eric Wassenaar. 2500 Fix problem that causes old Return-Path: line to override new 2501 Return-Path: line (conf.c needs H_FORCE to avoid 2502 re-using old value). From Motonori Nakamura. 2503 Fix broken -m flag in K definition -- even if -m (match only) 2504 was specified, it would still replace the key with the 2505 value. Noted by Rick McCarty of Texas Instruments. 2506 If the name server timed out over several days, no "timed out" 2507 message would ever be sent back. The timeout code 2508 has been moved from markfailure() to dropenvelope() 2509 so that all such failures should be diagnosted. Pointed 2510 out by Christophe Wolfhugel and others. 2511 Relax safefile() constraints: directories in an include or 2512 forward path must be readable by self if the controlling 2513 user owns the entry, readable by all otherwise (e.g., 2514 when reading your .forward file, you have to own and 2515 have X permssion in it; everyone needs X permission in 2516 the root and directories leading up to your home); 2517 include files must be readable by anyone, but need not 2518 be owned by you. 2519 If _POSIX_SAVED_IDS is defined, setuid to the owner before 2520 reading a .forward file; this gets around some problems 2521 on NFS mounts if root permission is not exported and 2522 the user's home directory isn't x'able. 2523 Additional NeXT portability enhancements from Axel Zinser. 2524 Additional HP-UX portability enhancements from Brian Bullen. 2525 Add a timeout around SMTP message writes; this assumes you can 2526 get throughput of at least 64 bytes/second. Note that 2527 this does not impact the "datafinal" default, which 2528 is separate; this is just intended to work around 2529 network clogs that will occur before the final dot 2530 is sent. From Eric Wassenaar. 2531 Change map code to set the "include null" flag adaptively -- 2532 it initially tries both, but if it finds anything 2533 matching without a null it never tries again with a 2534 null and vice versa. If -N is specified, it never 2535 tries without the null and creates new maps with a 2536 null byte. If -O is specified, it never tries with 2537 the null (for efficiency). If -N and -O are specified, 2538 you get -NO (get it?) lookup at all, so this would 2539 be a bad idea. If you don't specify either -N or -O, 2540 it adapts. 2541 Fix recognition of "same from address" so that MH submissions 2542 will insert the appropriate full name information; 2543 this used to work and got broken somewhere along the 2544 way. 2545 Some changes to eliminate some unnecessary SYSERRs in the 2546 log. For example, if you lost a connection, don't 2547 bother reporting that fact on the connection you lost. 2548 Add some "extended debugging" flags to try to track down 2549 why we get occassional problems with file descriptor 2550 one being closed when execing a mailer; it seems to 2551 only happen when there has been another error in the 2552 same transaction. This requires XDEBUG, defined 2553 by default in conf.h. 2554 Add "-X filename" command line flag, which logs both sides of 2555 all SMTP transactions. This is intended ONLY for 2556 debugging bad implementations of other mailers; start 2557 it up, send a message from a mailer that is failing, 2558 and then kill it off and examine the indicated log. 2559 This output is not intended to be particularly human 2560 readable. This also adds the HASSETVBUF compile 2561 flag, defaulted on if your compiler defines __STDC__. 2562 CONFIG: change SMART_HOST to override an SMTP mailer. If you 2563 have a local net that should get direct connects, you 2564 will need to use LOCAL_NET_CONFIG to catch these hosts. 2565 See cf/README for an example. 2566 CONFIG: add LOCAL_MAILER_ARGS (default: `mail -d $u') to handle 2567 sites that don't use the -d flag. 2568 CONFIG: hide recipient addresses as well as sender addresses 2569 behind $M if FEATURE(allmasquerade) is specified; this 2570 has been requested by several people, but can break 2571 local aliases. For example, if you mail to "localalias" 2572 this will be rewritten as "localalias@masqueradehost"; 2573 although initial delivery will work, replies will be 2574 broken. Use it sparingly. 2575 CONFIG: add FEATURE(domaintable). This maps unqualified domains 2576 to qualified domains in headers. I believe this is 2577 largely equivalent to the IDA feature of the same name. 2578 CONFIG: use $U as UUCP name instead of $k. This permits you 2579 to override the "system name" as your UUCP name -- 2580 in particular, to use domain-ized UUCP names. From 2581 Bill Wisner of The Well. 2582 CONFIG: create new mailer "esmtp" that always tries EHLO 2583 first. This is currently unused in the config files, 2584 but could be used in a mailertable entry. 2585 25868.1C/8.1B 93/06/27 2587 Serious security bug fix: it was possible to read any file on 2588 the system, regardless of ownership and permissions. 2589 If a subroutine returns a fully qualified address, return it 2590 immediately instead of feeding it back into rewriting. 2591 This fixes a problem with mailertable lookups. 2592 CONFIG: fix some M4 frotz (concat => CONCAT) 2593 25948.1B/8.1A 93/06/12 2595 Serious bug fix: pattern matching backup algorithm stepped by 2596 two tokens in classes instead of one. Found by Claus 2597 Assmann at University of Kiel, Germany. 2598 25998.1A/8.1A 93/06/08 2600 Another mailertable fix.... 2601 26028.1/8.1 93/06/07 2603 4.4BSD freeze. No semantic changes. 2604 26056.65/6.34 93/06/06 2606 Fix some lintish problems. 2607 Fix some cases where server SMTP behaved poorly when handed bogus 2608 input, pointed out by Eric Wassenaar. 2609 CONFIG: fix some more (sigh) mailertable bugs -- thanks to 2610 Motonori Nakamura of Kyoto University (again). 2611 26126.64/6.33 93/06/05 2613 Don't send 050 (-v) information after the 250 response to a QUIT 2614 command in srvrsmtp -- clients usually close the connection 2615 at this point, and it causes bogus error messages. 2616 Don't send messages that have errors on input (such as unbalanced 2617 parentheses) during SMTP transactions, since a return 2618 message has (probably) already been sent. 2619 Give better diagnostics on timeouts during network reads, including 2620 information similar to the SMTP phase. 2621 Fix bug that caused SMTP messages to deliver synchronously; this 2622 happened after the DATA 250, and hence caused reading the 2623 next command to be delayed. 2624 Ignore Errors-To: header unless 'l' (lower case el) header is 2625 specified. The Errors-To: header violates RFC 1123. 2626 Errors-To: was only needed to take the place of the 2627 envelope sender in the days when most Unix mailers 2628 didn't understand about the two kinds of senders. 2629 Don't send warning messages in response to automatically generated 2630 messages (that is, those From:<>). 2631 CONFIG: fix some rather stupid typos in the mailertable code 2632 pointed out by Motonori Nakamura of Kyoto University. 2633 CONFIG: add confUSE_ERRORS_TO configuration option. 2634 CONFIG: if ALWAYS_ADD_DOMAIN is selected, try to use $M 2635 (masquerade name) instead of $j. 2636 CONFIG: don't add dots to relay names (added in 6.29); it breaks 2637 several things, and can be simulated by dot terminating 2638 the names of relays. For example, use: 2639 DBbit.net.relay. 2640 (note the trailing dot). 2641 26426.63/6.32 93/06/01 2643 Fix prototypes to eliminate chars in argument lists -- some 2644 compilers are pissy about this. 2645 Log protocol ($r) and body type if set so we can determine if 2646 the adaptive algorithms are working. 2647 Pessimize on locking of database files (particularly for NEWDB 2648 databases) during opens. There were problems with 2649 processes opening the file while it was rebuilt; since 2650 NEWDB caches heavily, the reader opened an empty file, 2651 which is an error. If your system has the ability to 2652 lock atomically on open, this works properly; otherwise, 2653 there are race conditions. 2654 Check mod time on .pag file instead of .dir in NDBM aliases 2655 because the .dir file doesn't get updated for small 2656 alias files. From John Gardiner Myers of CMU. 2657 More Solaris portability -- it now compiles on Solaris, but 2658 hangs up in gethostbyname(). 2659 Move setting of RES_DEBUG flag before first myhostname() call 2660 so we can see name server traffic on that call. 2661 Fsync() queue files. 2662 Fix a problem that causes -bi to try to rebuild maps other than 2663 the alias file(s). 2664 Fix a problem that caused udb to reject entries from any but 2665 the first database listed. 2666 Rearrange doc subdirectory for 4.4BSD release tape. 2667 CONFIG: put $r into the Received line. This was an oversight. 2668 CONFIG: fix typo (call to ruleset 99 should have been rulset 90). 2669 CONFIG: move "auxiliary" subroutines to be in ruleset 90-99 2670 range -- in the long run, single digit rulesets may 2671 become reserved for builtin use by sendmail. 2672 CONFIG: fix major problem that causes host aliases (that is, 2673 anything in $=w != $j) to not be recognized. This has 2674 been around since 6.30. 2675 26766.62/6.31 93/05/28 2677 BETA RELEASE 2678 Fix recursive syserr (if there is an error printing a syserr 2679 message). This makes the code much less eager to consider 2680 a write error as serious. This also includes some 2681 heuristics to be clever about closed connections. 2682 Lock NEWDB files during gets. This requires version 1.5 or later 2683 of the db library. If you have an older version, you 2684 can use -DOLD_NEWDB. This will go away in a few weeks. 2685 Fix problem causing aliases that use host maps to get overwritten. 2686 Do appropriate byte swapping on port numbers in ident protocol 2687 code. Fix from Allan Johannesen of WPI. 2688 Defer opening of map files to the same time as alias files so that 2689 the daemon will tend to pick up new versions more promptly. 2690 Prototype a bunch more functions. 2691 Some Solaris 2.1 changes (still doesn't link though). 2692 Try to simplify Makefiles by including more subordinate #defines 2693 in conf.h (based on OS type). 2694 CONFIG: check for domains if FEATURE(mailertable) is defined. 2695 For example, if the host name is "knecht.cs.berkeley.edu" 2696 it will search the following mailertable keys: 2697 knecht.cs.berkeley.edu 2698 .cs.berkeley.edu 2699 .berkeley.edu 2700 .edu 2701 This could be used to replace the special relays for bitnet 2702 and similar nets. 2703 27046.61/6.30 93/05/24 2705 Fix problem that prevented appending dots on canonified host 2706 names. This breaks tons of config files -- very 2707 important fix. 2708 Fix improper pointer dereference in response to HELO command. 2709 Fix core dump if debugging set in map_rewrite. 2710 CONFIG: add FEATURE(always_add_domain) to always attach the 2711 local domain (only impacts local mail). 2712 CONFIG: try to avoid turning names into $j -- although 2713 technically a host can only have one "canonical name", 2714 it seems to be common practice to have several. 2715 27166.60/6.29 93/05/22 2717 Major change: merge alias databases with maps. This expands and 2718 changes the map class interface but fixes a bunch of bugs. 2719 The important user-visible change is that the file name 2720 in a K line now does not include the ".db" extension; this 2721 is added automatically. Also, the -d (NIS domain) flag is 2722 missing from the K config line; use @domain instead. 2723 When compiling, the *_MAP names are gone -- just compile 2724 in NDBM, NEWDB, and/or NIS support. 2725 Announce mailer/host/user triple on -bv flag -- from Brian 2726 Bullen of Stirling University. 2727 Don't send more than one line in response to HELO -- it confuses 2728 Pony Express, which then behaves very badly. However, 2729 this change does send two line 220 greetings, with the 2730 second line reading "ESMTP spoken here". The usersmtp 2731 module recognizes this and goes into ESMTP mode regardless 2732 of the setting of the "a" mailer flag. Thus, "a" means 2733 "always try EHLO". 2734 AIX portability changes (thanks to Christophe Wolfhugel of 2735 Herve Schauer Consultants (Paris) for providing me with 2736 an INSA account for this purpose). Lightly tested. Use 2737 -D_AIX3. This probably breaks compatibility with some 2738 older systems (e.g., 4.2bsd) but still works on SunOS 2739 4.1.2, Ultrix 4.2A, HP-UX 8.07, OSF/1 T1.3, and AIX 3.2.3. 2740 Fix a problem causing an error message loop if the output channel 2741 is hosed. 2742 Add the Makefiles that I use for various environments -- some are 2743 Berkeley make versions and some are old make versions. 2744 My makefile for the NeXT box has gotten lost, alas! 2745 PRALIASES: support for printing NEWDB databases. From 2746 Michael J. Corrigan of U.C. San Diego. 2747 CONFIG: don't pass pseudo-domains to $[ ... $] (if you have 2748 a wildcard MX it can have wierd results). From 2749 Christophe Wolfhugel. 2750 CONFIG: dot terminate relay hostnames in S0. From Christophe 2751 Wolfhugel. 2752 27536.59/6.28 93/05/13 2754 Log version with SMTP daemon startup message. 2755 Adjust setproctitle to work on NetBSD and BSD/386. 2756 Fix null pointer reference in MX fallback code. 2757 A bunch of minor fixes from Eric Wassenaar: 2758 If deliver cannot execv the mailer, return EX_OSERR 2759 instead of EX_TEMPFAIL (to give better 2760 error messages). 2761 Consistently malloc e_message. 2762 Catch degenerate case of calling returntosender() 2763 with an empty returnq. 2764 MIME reformatting. 2765 27666.58/6.28 93/05/13 2767 Fix bug that can cause incorrect verbose display of user smtp 2768 messages. 2769 Disable SMTP VERB command if PRIV_NOEXPN is set (since this 2770 could reveal the same information. 2771 Allow failure when reading SMTP greeting message to go on to 2772 next MX host. 2773 Add "MIME-Version: 1.0" header if using MIME (this was NOT 2774 included in RFC 1344, but Bill King of Allan-Bradley 2775 Company forwarded me email from Nathaniel Borenstein 2776 claiming that it was an inadvertent omission). 2777 Don't use Content-Type: X-message-header. According to John 2778 Myers of CMU, many MIME readers will completely ignore 2779 the data if they don't recognize it. Instead, just 2780 add a blank line to make it a legal (empty) message. 2781 Fix problem causing dots to keep getting appended to cached 2782 hostnames. This can cause buffer overrun conditions. 2783 The problem was found by Erik Forsberg of Retix, 2784 although I used a different bug fix than he provided. 2785 Fix parsing of split header/envelope rewriting specs -- from 2786 Eric Forsberg. 2787 Fix from Eric Wassenaar to correct To: lists in error messages. 2788 27896.57/6.28 93/05/11 2790 Fix minor glitch causing extra ctladdrs to be output to queue 2791 file. Just an annoyance. 2792 Cache results of name server canonification lookups to avoid 2793 backed up queue runs. 2794 Major rewrite of alias.c: considerable cleanup, plus sample 2795 (untested) support for NIS aliases. The "A" option 2796 can now be a comma separated list (or be repeated) -- 2797 that is, you can have multiple alias databases. Each 2798 database can have the syntax ``class:file''; if no class 2799 is specified, the "implicit" class is assumed. Implicit 2800 searches through a list of compiled in types -- hash, 2801 dbm, nis, and stab. Alias files are searched in the 2802 order they are listed. For example: 2803 OAhash:/etc/aliases.local,/etc/aliases 2804 OAnis:mail.aliases@my.nis.domain 2805 first searches the hash database /etc/aliases.local, 2806 then the regular /etc/aliases database, then the NIS 2807 map "mail.aliases" in the NIS domain "my.nis.domain". 2808 If in Verbose mode (probably from VERB command) run SMTP job 2809 in foreground and don't do RCPT optimizations. 2810 Add udb :mailsender as equivalent to owner- for regular aliases. 2811 Delete option 8; add option 7 that means the opposite. That is, 2812 default to 8-bit mode; a special option is needed to 2813 force sendmail into 7 bit mode. 2814 Send error messages in encapsulated MIME format. 2815 New compile flag "NIS" that turns on NIS alias and NIS map 2816 support. 2817 Add "j" option to send error messages in MIME (RFC 1341) 2818 encapsulated message format per RFC 1344. The 2819 syntax is pretty ugly if you don't have MIME-aware 2820 user agents. 2821 Clean up message handling (for display in mailq output). 2822 New setproctitle implementation for 4.4bsd. 2823 Create files (such as ~/dead.letter) using mode FileMode (the 2824 F option value) instead of 0666. 2825 Fix bug causing output of EXPN command to not be fully qualified. 2826 This may cause some problems with UUCP addresses that 2827 will require some config file assistance -- specifically, 2828 the $: part has to include the host name for this output 2829 to make sense. 2830 Fix a problem that sometimes diagnosed errors and still sent the 2831 message if the header syntax was bad. 2832 Fix a bug that caused an error message to be emailed when sendmail 2833 was operating in -bv mode. 2834 Add "ListenQueueSize" keyword to daemon options option (OO) to 2835 set the queue size parameter passed to listen(). You 2836 will normally have to tweak your kernel to up this. 2837 Strip spaces off of beginning of message-id before logging (in 2838 case it was folded across lines). 2839 Tweak compile flags in daemon.c -- there were some cases where 2840 it wouldn't work without NETINET. 2841 Change *file* mailer to output all the usual default headers 2842 (From, Date, Message-Id). It gets used when sending 2843 back error messages. 2844 CONFIG: explicitly catch and diagnose list:; syntax in ruleset 2845 zero -- this is not a valid recipient syntax according 2846 to RFC 821. 2847 CONFIG: add confMIME_FORMAT_ERRORS to send error messages in 2848 MIME format. Defaults to on. 2849 CONFIG: add SMTP_MAILER_FLAGS and UUCP_MAILER_FLAGS to augment 2850 the flags for those mailers. 2851 28526.56/6.27 93/05/01 2853 Fix problem that causes the fallback mail to postmaster 2854 (case ESM_POSTMASTER in savemail()) to not look at 2855 aliases (ugh). 2856 Some more HPUX tweaking (compile flag hpux => __hpux so it 2857 still works in ANSI mode). 2858 Don't try to flock non-regular files when mailing to a file. 2859 In particular, this was a problem if you tried to 2860 send to /dev/null. 2861 Fix a wierd bug that can cause senders to be queued as 2862 recipients if the name server is down when the mail 2863 is initially sent. This hack just ignores sender 2864 deletion (essentially, it sets the MeToo flag) if there 2865 is a TEMPFAIL during processing of the sender address. 2866 Obscure. 2867 Fix a dangling else problem -- from Brian Bullen from University 2868 of Stirling, UK. 2869 Add the "b" mailer flag to force a blank line on the end of 2870 messages. Some brilliant versions of /bin/mail insist 2871 on this but do not add it themselves. 2872 Add the "g" mailer flag to prevent user SMTP from sending 2873 "MAIL From:<>". This is only intended to be a 2874 transitional gesture, and should not be used if at 2875 all possible. It appears that Berkeley and IDA 2876 config files have always handled this properly; the 2877 UK config kit apparently does not. 2878 Don't lowercase and then capitalize header field names -- leave 2879 them with original capitalization. Fixes from Bill 2880 King of Allen-Bradley Company. 2881 Further cleanup and improved reporting of error messages, 2882 particularly conditions that cause messages to be 2883 requeued for future delivery. 2884 Tweak syslog priorities in some cases. 2885 CONFIG: clean up route-addr on UUCP addresses. 2886 28876.55/6.25 93/04/27 2888 HPUX 8.07 compatibility changes in getla() -- I had to make 2889 these changes to get it to work at Berkeley, although 2890 others seem to have been working before (???). 2891 Various patches to XLA code. 2892 Fix problem that causes setuid bit on files to be ignored from 2893 SMTP or in queue runs. Problem noted by Jason Ornstein 2894 of Under The Wire, Inc. 2895 Fix problem that can cause CNAMEs to be ignored. 2896 Generalize getmxrr to match local host in $=w instead of a 2897 single name passed in. 2898 Some cleanup from Eric Wassenaar: 2899 Use FileMailer instead of ProgMailer in two places. 2900 Eliminate duplicate 8th-bit stripping in commaize. 2901 Fix a problem with mis-parsing of backslash escapes 2902 under some circumstances. 2903 NIS map fix (was always including trailing null character) 2904 from Mike Glendinning of Ingres UK. 2905 Add "a" mailer flag to try using ESMTP. It tries the EHLO 2906 command and if that fails falls back to regular SMTP. 2907 Also parses EHLO option keywords. If host supports 2908 SIZE extension, this is added to the MAIL FROM: 2909 command. 2910 Extend "b" option to include a second value which is the 2911 maximum message size this server is willing to accept. 2912 For example, a value of "10/1000000" says that there 2913 must be ten blocks free, and sendmail will reject 2914 any message larger than one megabyte. 2915 Some portability hooks for NeXT (this could be applicable 2916 to Mach in general). You have to create an empty 2917 file called "unistd.h" to get it to compile. 2918 Adjust config values (MAXLINE, MAXATOM, and PSBUFSIZE) to 2919 be more generous. 2920 Add X400-Received: to the list of headers tagged with H_TRACE 2921 in conf.c. From Bill King, Allen-Bradley Co. 2922 29236.54/6.25 93/04/19 2924 Fix problem that caused redefinition of SMTP and QUEUE compile 2925 flags. Pointed out by Jon Forrest of the Sequoia 2000 2926 project at Berkeley. 2927 Properly handle \! hack -- it was treating host\!user as one 2928 token (host!user) instead of three (host, !, user). 2929 Fix from Eric Wassenaar of NIKHEF-H. 2930 Fix compilation problem in getauthinfo() if IDENTPROTO is off. 2931 Turn off DEFNAMES and DNSRCH when getting the hostsignature 2932 (i.e., MX records) in level 1 configuration files; this 2933 matches the old behaviour. From Motonori Nakamura of 2934 Kyoto University. 2935 Improve error message printing -- if sent through an alias, 2936 error messages include the name of the alias in the 2937 message. Unfortunately, in order to make this work 2938 properly in queue runs, this changes the format of the 2939 C line in the qf file. The relatively uselessness of 2940 the previous information was pointed out to me by 2941 Allan E Johannesen of WPI. 2942 Add XLA compile flag to add hooks to Christophe Wolfhugel's 2943 extended load average code. This is still in very early 2944 form. For information regarding the guts of the xla 2945 code, contact Christophe.Wolfhugel@grasp.insa-lyon.fr. 2946 Additional hooks for detecting tempfails in rewriting rules 2947 (that is, in map lookups). 2948 29496.53/6.25 93/04/15 2950 Properly diagnose ruleset zero returning null (instead of a mailer 2951 triple). From Motonori Nakamura of Kyoto University. 2952 More generalization of socket code for other protocols. 2953 Shorten timeouts on reverse name lookups -- since they are done 2954 during connection establishment, long timeouts here can 2955 cause higher level timeouts. This mainly serves to accept 2956 mail from hosts that do not have proper reverse (PTR) DNS 2957 records set up. 2958 Reset e_statmsg before each mailer invocation to avoid bogus 2959 messages in the log. 2960 Redefine $r, $s, and $_ in error envelopes so you don't get 2961 incorrect cruft in the error message. Problem noted by 2962 Motonori Nakamura of Kyoto University. 2963 Fix a problem that can cause failure to return errors to Postmaster 2964 in certain cases. From Motonori Nakamura. 2965 Fix a problem that can cause some systems to give duplicate error 2966 messages when a bad syntax address such as "<a" is presented 2967 to an SMTP server. It doesn't seem to occur on all 2968 machines. From Motonori Nakamura. 2969 Default IDENTPROTO off for Ultrix and HPUX, which apparently have 2970 the interesting "feature" that when they receive a "Host 2971 unreachable" message they closes all open connections to 2972 that host. However, some firewall gateways send this message 2973 if you try to connect to an unauthorized port, such as the 2974 IDENT port (113). Thus, no email can be received from such 2975 hosts. There is some evidence that versions of Ultrix before 2976 4.3 do not have this problem. Thanks to Tom Ivar Helbekkmo 2977 for pointing out this behaviour to me and to Michael Corrigan 2978 of U.C. San Diego for informing me about the HPUX problem. 2979 Allow IPC mailers to return a colon-separated list of hosts in the 2980 $@ clause; these are searched in order as though they were 2981 MX records. 2982 When sending an error report, print the list of addresses tagged 2983 as bad. Requested by Allan E Johannesen of WPI. 2984 Change map function calls to return a status code. This gets 2985 passed back as the result of rewrite. Parseaddr marks 2986 the address as a QUEUEUP address if the return code is 2987 EX_TEMPFAIL. All this to queue properly if the name 2988 server is down. This code is not well tested. This code 2989 changes the interface to map lookup functions (a fifth 2990 parameter, int *statp, is added). Feature requested by 2991 Dan Oscarsson. 2992 Don't delete quotes (in the dequote map) if there are spaces in 2993 the string, since this would cause them to be replaced by 2994 the SpaceSub character. 2995 Accept BODY=8BITMIME on SMTP MAIL command. This isn't advertised 2996 because the 8BIT to 7BIT translation doesn't exist yet. 2997 This does add a "bodytype" field to both envelope and 2998 queue file and a -B command line flag to pass the type in 2999 during direct invocations. 3000 Discard return error messages only on responses to responses to 3001 responses, not on responses to responses. That is, the 3002 algorithm is to try return to sender, then return to 3003 postmaster, then discard. Previously it discarded 3004 immediately if the return to sender pass failed. 3005 CONFIG: back out change to hide unqualified hostnames behind %-hack. 3006 This screws up local aliases and .forward files. 3007 CONFIG: add FEATURE(nocanonify) to turn off calls to $[ ... $]; 3008 some sites only handle completely canonified names. 3009 Requested by John Gardiner Myers of CMU. 3010 CONFIG: some UUCP code was still included even if FEATURE(nouucp) 3011 was specified. 3012 30136.52/6.24 93/04/10 3014 Clean up some minor glitches on error return messages pointed out 3015 by Motonori Nakamura of Kyoto University. 3016 Fix reply() to not reset SmtpReplyBuffer on fatal errors; this 3017 was supposed to reset SmtpMsg Buffer. This makes the 3018 client side code virtually useless. Reported by Allan 3019 E Johannesen of WPI and Phil Brandenberger of Swarthmore. 3020 Better debug messages if fuzzy is disabled, suggested by Allan 3021 E Johannesen of WPI. 3022 Offset SmtpReplyBuffer by four in usersmtp when checking for 3023 loopback. From Eric Wassenaar. 3024 Don't set $s until after runinchild in srvrsmtp -- otherwise 3025 it gets cleared. From Eric Wassenaar. 3026 Implement IDA-style $&x for deferred macro expansion. 3027 More POSIX compatibility. 3028 CONFIG: Hide unqualified hostnames behind %-hack using $s as the 3029 actual sender. This is only done if $r is non-null, that 3030 is, if this is not locally submitted mail. 3031 CONFIG: Add FEATURE(bitdomain) allowing mapping of BITNET host 3032 names to internet domains. A program contributed by 3033 John Gardiner Myers of CMU to create the maps is included 3034 in the contrib directory (in the "misc" tar file). 3035 CONFIG: Add FEATURE(uucpdomain) for a similar mapping for UUCP 3036 hosts. There is currently no tool to create this map. 3037 30386.51/6.23 93/04/04 3039 Add D= mailer flag to specify a path of possible working directories 3040 in which to execute the mailer. This is intended for the 3041 prog mailer; some shells can get upset if they don't have 3042 access to the current directory. 3043 Add RFC 1413 (IDENT) protocol support. This is only very loosely 3044 tested. This adds a $_ macro to be the authenticated 3045 info (in ``user@domain [address]'' form) and debug flag 3046 9 to trace the protocol. 3047 Check for loopbacks in usersmtp instead of srvrsmtp -- there is no 3048 reason for a local agent to not be talking to the localhost 3049 (although the inverse is not true). 3050 Add a few hooks for automated map rebuilding. This is certainly 3051 not done yet. 3052 CONFIG: Have prog mailer specify a path of ``D=$z:/'' -- that is, 3053 user's home directory then the root. 3054 CONFIG: Log RFC 1413 identification in Received: line. 3055 30566.50/6.22 93/04/01 3057 Fixes to requeueing code to make it compute priority, nrcpts, 3058 and the like properly. 3059 30606.49/6.22 93/04/01 3061 Diagnose incorrect privacy flags. Suggested by Bryan Costales 3062 of ICSI. 3063 Some ANSI C fixes. 3064 Arrange to quote backslashes as well as other special characters 3065 in the phrase part of a route-addr. 3066 Some fixes to FallBackMX code suggested by Motonori Nakamura of 3067 Kyoto University. 3068 More vigorous zeroing of CurHostAddr to avoid logging of bogus 3069 host addresses when you are actually just printing 3070 information from the MCI structure; problem noted by 3071 Michael Corrigan of U.C. San Diego. 3072 Don't ignore rest of queue if any job is not runnable. This can 3073 also cause an incorrect job to be lost. Fix from 3074 Eric Wassenaar. 3075 Always respond "quickly" to RCPT command; do alias expansion and 3076 the like later. This also means that mail for lists that 3077 have errors will be acccepted, and an error sent back 3078 later. This is done by instantiating the queue file 3079 and then immediately running and requeueing it. 3080 30816.48/6.22 93/03/30 3082 Fix incorrect diagnosis of infinite loop in ruleset. Problem noted 3083 by several people. 3084 Improve information printed when infinite loops are discovered. 3085 Zero CurHostAddr to fix erroneous internet addresses in log when no 3086 addresses can be bound. Pointed out by Motonori Nakamura 3087 of Kyoto University. 3088 "Probe" SMTP connections using RSET instead of NOOP "just in case". 3089 Suggested by John Gardiner Myers of CMU. 3090 Don't warn about -f if you are setting sender to yourself. 3091 30926.47/6.22 93/03/29 3093 Fix incompatible call to endmailer in smtpquit which causes core 3094 dumps. Noted by Allan E Johannesen of WPI. 3095 HPUX portability changes from Michael J. Corrigan of UC San Diego. 3096 Require MAIL before RCPT command in srvrsmtp.c. This had been 3097 intentional from the 821 draft days when the order wasn't 3098 clear, but is silly now. 3099 Fix bug in nis_magic routine that was initializing parameters 3100 incorrectly. Fix from Takahiro Kanbe of Fuji Xerox 3101 Information Systems Co., Ltd. 3102 Change default for PrivacyFlags in conf.c to 0 -- since it always 3103 "or"s in new values, there was no way to turn off the 3104 AuthWarning stuff. 3105 Add O option to set SMTP daemon options. 3106 Add V option to set fallback MX host. This always sorts at lower 3107 priority than anything it gets from the name server. It 3108 should only be used for environments with very bad network 3109 connectivity. Requested by several people. 3110 Log sending info. It's not clear this is a good idea. 3111 CONFIG: fix typo in mailertable code. Noted by Phil Brandenberger 3112 of Swarthmore. 3113 CONFIG: add confDAEMON_OPTIONS and confFALLBACK_MX to set options 3114 O and V, respectively. 3115 31166.46/6.21 93/03/26 3117 Fix botch in server SMTP that broke transactions that did not 3118 use HELO first (like MH). Fix from Michael Corrigan 3119 of U.C. San Diego. 3120 Fall back to other MX records if there is an error anywhere 3121 in delivery (actually on MAIL or DATA -- RCPT is harder). 3122 Suggested by John Gardiner Myers and Motonori Nakamura. 3123 Revert to non-prototypes -- it turns out that our ANSI C 3124 compiler is more forgiving than most others about 3125 mixing prototyped extern declarations with non-prototyped 3126 function definitions. 3127 Fix a problem with multi-word class matching pointed out by 3128 Neil Rickert. Given: 3129 CX b a.b.c 3130 R$+ $=X $+ $: $1 < $2 > $3 3131 the input "user@a.b.c" failed instead of being properly 3132 rewritten as "user@a.<b>.c". 3133 Neil also convinced me that it was correct that $~ should match 3134 only one token -- the problem is that it's always possible 3135 to add another token, so $~ matches far too eagerly. 3136 31376.45/6.21 93/03/25 3138 Implement multi-word classes (properly!). 3139 31406.44/6.21 93/03/25 3141 Add X-Authentication-Warning: headers to clue users into possible 3142 attempts to forge mail. This is on the authwarnings 3143 privacy flag, but is the default. Suggested by Bryan 3144 Costales of ICSI. 3145 Pass default units for convtime in so they can be more reasonable. 3146 Allow config files to always add a new Comments: header (i.e., 3147 they will be added even if an old one already exists). 3148 Suggested by Bryan Costales of ICSI. 3149 Allow config files to delete an existing Return-Path: header. 3150 These should only be added at final delivery. Suggested 3151 by Bryan Costales of ICSI. 3152 Some debugging additions. Suggested by Bryan Costales of ICSI. 3153 Clean up logging of Family 0 addresses. Noted by David Muir 3154 Sharnoff and others. 3155 Add a "dequote" map class. This allows config files to strip 3156 quotes off of addresses. Note that this is not a builtin 3157 map, just a class -- so you have to define the map 3158 using the K line. 3159 Fix a bug in the queueup() loop getting a locked tf where in 3160 very odd cases it can fall off the bottom and core dump. 3161 Of course, it was P{r Emanuelsson who found it.... 3162 Open a new transcript when splitting an envelope. Problem found 3163 by Allan E Johannesen of WPI. 3164 Improved error output in endmailer if the mailer core dumps. 3165 CONFIG: Fix typo in UUCP mailer definition. 3166 CONFIG: Default several of the new options on: eight bit input, 3167 privacy flags set to "authwarnings", and message warning 3168 set to 4h. 3169 CONFIG: Use dequote map. 3170 31716.43/6.20 93/03/23 3172 Fix problem with assumption of an sa_len field in a generic 3173 sockaddr -- it turns out that most vendors haven't 3174 picked up this (very important) fix. 3175 Change compilation flags for daemon code -- select one or both 3176 of NETINET or NETISO, but don't ever set DAEMON manually. 3177 CONFIG: add FEATURE(mailertable) to do IDA-style mailertables. 3178 31796.42/6.19 93/03/19 3180 Use Postmaster as default fallback return address, not root. 3181 POSIX changes for file descriptor handling. 3182 Diagnose errors writing new queue file. 3183 If you change the owner using an owner- alias, also change the 3184 error mode to EM_MAIL so that errors don't get dropped 3185 into an inappropriate directory. Problem noted by 3186 Allan E Johannesen of WPI. 3187 If you are su'ed to root, send email as who you really are, not 3188 as root. From Brian Kantor of U.C. San Diego. 3189 Allow warning messages to be sent after a configurable interval 3190 has passed without delivery. The message is sent only 3191 once per envelope. This changes the format of the qf 3192 file to have an F line, and the format of the T option 3193 to accept take the format "return/warn" (both intervals). 3194 Don't force all local names to lower case -- this was left over 3195 from the wierd handling of case mapping on aliases. It 3196 is now driven (as expected) by the "u" mailer flag. 3197 Problem noted by P{r Emanuelsson. 3198 Fix problem that caused headers on returned email to be trashed; 3199 they were getting freed, but are still accessible via 3200 BlankEnvelope. 3201 Fix problem that caused bogus ids to be created on returned 3202 mail. 3203 Add support for ISO and other non-INET networking. This is by 3204 no means finished yet. This does assume a lot of other 3205 system support, like a version of gethostbyname that 3206 returns non-AF_INET addresses. 3207 CONFIG: change default on prog mailer to keep upper case in 3208 user names (i.e., in the program command line). 3209 CONFIG: strip trailing dots off of hosts in uucp mailer before 3210 convert to bang format. 3211 CONFIG: create new "relay" mailer for $R (LOCAL_RELAY) and $H 3212 (MAIL_HUB) delivery that doesn't add local domain. Note 3213 that this violates 821, but is probably "more correct" 3214 for what we are trying to do. Problem pointed out by 3215 Michael Graff of Iowa State. 3216 32176.41/6.18 93/03/18 3218 Clean up unnecessary creates of queue ids (i.e., empty qf files) 3219 when not needed, such as when starting up an SMTP 3220 connection. 3221 Fix problem where split envelopes aren't instantiated in the queue. 3222 This is quite a serious bug. 3223 Owner- aliases had problems with leading spaces causing a 3224 premature delimitation. 3225 32266.40/6.18 93/03/18 3227 Have ending 250 (after DATA) include the id; suggested by 3228 Brian Kantor of UC San Diego. 3229 Add logging on envelope splitting. 3230 Change queue ids to have one more letter encoding the hour of 3231 the day so that during a single day there is a greater 3232 likelihood of uniqueness; requested by Brian Kantor. 3233 32346.39/6.18 93/03/18 3235 Fix minor compile problem if LOCKF is defined. 3236 Define size of tobuf in conf.h. Observed by Toshinari Takahashi 3237 of Toshiba. 3238 Restore e_sender -- this is equivalent to e_from.q_paddr without 3239 decorations such as angle brackets and comments. 3240 OSF/1 on Alpha changes from Allan E Johannesen of WPI. 3241 CONFIG: fix typo in S3 for list syntax (;: => :;). Thanks to 3242 Christopher Hoover for noting the problem. 3243 32446.38/6.17 93/03/17 3245 Pass envelope to disconnect to avoid another use of CurEnv, which 3246 can apparently end up being null at inopportune times. 3247 Log "received from" as "relay=" for consistency (suggested by 3248 John Gardiner Myers). 3249 Fix major bug in header handling: if no From: line existed in 3250 the header (so sendmail inserts one), and the sender is 3251 an alias that has an owner, the From: line shows the 3252 owner (as well as the envelope). Fixed by early binding 3253 the headers (which will change debugging output). 3254 HPUX portability patches from Michael J. Corrigan of UC San Diego. 3255 Some attempts to adapt better to out of open file conditions. 3256 Some changes to ctladdr handling in queue files. 3257 32586.37/6.17 93/03/16 3259 MAJOR CHANGE: delete e_sender and e_returnpath (why are these 3260 different from e_from?) and $< macro. 3261 Log correct IP address in relay= field even if the connection 3262 times out. 3263 Log "received from [RESPONSE]" on EF_RESPONSE messages (from 3264 John Gardiner Myers). 3265 Fixes to SysExMsg logging (sometimes just got "message: %s" 3266 instead of "message: error message"), noted by Eric 3267 Wassenaar. Also reported by Motonori Nakamura. 3268 Improvements to MX piggybacking code, from Motonori Nakamura. 3269 Fix case where CurHostName points to an auto variable that has 3270 been deallocated (from Motonori Nakamura). 3271 Fix bug causing newlines to be included in aliases if option 3272 "n" (check alias RHS) is set; bug noted by David Muir 3273 Sharnoff. 3274 Fix problem causing user names that should be mapped to lower 3275 case to not be mapped if they are sent during a queue 3276 run. This greatly simplifies the case mapping code. 3277 Problem noted by Allan E Johannesen of WPI. 3278 Don't do recipient address rewriting in buildaddr. This 3279 improperly did recipient rewriting on sender addresses, 3280 and just seems bogus in general -- but the change could 3281 break some .cf files. 3282 Pass TZ envariable to child processes for System V. 3283 CONFIG: allow LOCAL_RULE_1 and LOCAL_RULE_2 if you want to 3284 define those rulesets. 3285 KNOWN PROBLEM: I have seen some problems on SunOS that causes 3286 the User Data Base to give errors on some addresses. I 3287 have tracked the problem back at least as far as 93.02.15 3288 (version 6.22). Running with debugging on makes it 3289 go away, so I conclude that it is referencing uninitialized 3290 stack data. I haven't been able to track this down yet. 3291 32926.36/6.16 93/03/08 3293 Allow local mailer to specify $@host -- this lets you assign the 3294 "foo" part of jgm+foo to $h for passing in to the local 3295 mailer. 3296 Additional debug printing in getcanonname (show query type). 3297 Don't add the e_fromdomain on sender addresses -- this interacts 3298 wierdly with the owner- code. 3299 Improve delivery logging to not log obvious or meaningless stuff. 3300 Include numeric IP address in Received: lines per RFC 1123 section 3301 5.2.8. 3302 Fixed a bug in checking stat() return value if restrictmailq is 3303 set. Also, check the entire group set instead of just the 3304 primary group. Both from John Gardiner Myers. 3305 Don't have usrerr automatically print errno, since this is often 3306 misleading. 3307 Use transienterror() in makeconnection after connect() fails and 3308 in openmailer after execve() fails (from Eric Wassenaar). 3309 Also moved transienterror() from util.c to conf.c. 3310 Clean up from= logging on response messages. 3311 Undo patch allowing prescan to return a null vector -- it breaks 3312 too many things. 3313 Config: FEATURE(notsticky) lets you use UDB for everything coming 3314 in to the machine, even if it is specifically targetted 3315 to this machine. Without it, UDB is bypassed if the user 3316 name is fully qualified. 3317 Config: fix another minor botch with <> (local mailer wasn't 3318 mapping them properly). 3319 33206.35/6.15 93/03/05 3321 Fix getrealhostname to return null if sinlen <= 0 -- this can 3322 occur if stdin is a pipe. 3323 Avoid infinite loop in getcanonname if name server return 3324 NO_DATA (for example). 3325 Config: avoid having C flag qualify list syntax and error syntax. 3326 33276.34/6.14 93/03/05 3328 Fix logging in deliver to not pass too many parameters to Ultrix 3329 versions of syslog. 3330 Don't write the pid file until after the daemon has actually 3331 opened and conditioned the connection. 3332 Consider addresses "different" if their q_uids differ (so that 3333 two users forwarding to the same program will be seen 3334 as different, rather than the same). 3335 Fix problem with bad parameters in main() -- they set ExitStat 3336 but don't exit. 3337 Fix null pointer references through RealHostName -- painfully 3338 discovered by Allan E Johannesen of WPI. 3339 Fix bug causing user@@localhost to core dump (yuch). 3340 Config: don't put two @host.dom.ain on users in $=E in SMTP 3341 mailer. Also, catch user@ (no host) in ruleset 0. 3342 33436.33/6.13 93/03/03 3344 Config: add confCW_FILE as the name of the cw configuration file 3345 (defaults to /etc/sendmail.cw). From P{r Emanuelsson. 3346 Allow prescan to return a pointer to an empty list -- this is 3347 not an error. Also, clean up error reporting to avoid 3348 double errors (prescan reports once, then the caller 3349 reports again). 3350 Changes to avoid trusting T_ANY queries -- run them, but if you 3351 don't get the info you expected, do T_A and T_MX queries 3352 anyhow. This also fixes an oversight where _res.options 3353 bits were being ignored. 3354 If PRIV_NOVRFY is set, use 252 response code instead of 502 per 3355 RFC 1123 section 5.2.3. It's not 100% clear that this 3356 is correct, but it probably works better with stupid 3357 mailers that do a VRFY and only check the first digit. 3358 33596.32/6.12 93/03/02 3360 Fix uninitialized variable "protocol" in smtp code. 3361 Include <unistd.h> in sendmail.h -- move towards POSIX/ANSI. 3362 Additional hooks for RFC 1427 (ESMTP SIZE extension). This 3363 includes requiring that enoughspace() know the system 3364 block size, which will undoubtedly break most ports. 3365 Trace flag 19 in use for srvrsmtp.c. 3366 Additional logging -- notably the sending mailer name. This 3367 also changes the delivery logging to strict field=value 3368 syntax. 3369 Fix some problems with messages getting sent even to addresses 3370 that had been marked bad -- from Eric Wassenaar. 3371 More WIDE changes: accept host name inside [...] as non-MXed 3372 host. This is intended ONLY for use inside firewalled 3373 environments, where the MX points at the gateway. 3374 Change .cf file conventions so that mapping for <> addresses 3375 don't have an @ in them (to avoid confusing the C mailer 3376 flag). Pointed out by Neil Rickert. 3377 Config extensions for Sam Leffler's FlexFAX software. 3378 33796.31/6.10 93/02/28 3380 Fix some more bugs in alias owner code -- there were some wierd 3381 cases where an error in a non-aliased name would override 3382 the return info in an aliased name with an owner. 3383 Changes from WIDE Project, forwarded to me by Motonori Nakamura: 3384 Log actual delivery host (after MX et al); from 3385 yasuhiro@dcl.co.jp. 3386 Log daemon startup. 3387 Deliver Postmaster copies without a body. 3388 Better logging of SMTP senders. 3389 Send all program email as daemon even when local. 3390 As requested in various forms from many people, accept -qIstring 3391 to limit queue runs to jobs with queue-id matching string. 3392 Similarly for -qRstring for recipients, -qSstring for 3393 senders. 3394 Initial hooks for ESMTP support (see RFC 1425). 3395 Fixed a syntax error in the UUCP mailer specification that caused 3396 core dumps on startup. 3397 Check for missing A= or P= arguments in mailer definitions. 3398 33996.30/6.10 93/02/27 3400 Require FROZENCONFIG compilation flag to include frozen 3401 configuration code. Frozen configuration is really 3402 not a very good idea any more, particularly in shared 3403 library environments. 3404 Do better checking of errno after opens of :include: and .forward 3405 files to defer delivery on network and other transient 3406 errors. Suggestion from Craig Everhart. 3407 Fix minor botch in read timeout macro processing. 3408 Add FEATURE(nouucp) to config files for sites that know absolutely 3409 nothing about UUCP. 3410 Add built cf files to distribution tape and clarify how to build 3411 them if you don't have the Berkeley make. 3412 Some sizeof(long) portability changes for the Alpha, from Allan 3413 E Johannesen. 3414 Add "restrictmailq" privacy flag -- if set, only people in the same 3415 group as your queue directory can print the queue. If you 3416 set this, be sure you also restrict access to log files.... 3417 Fix another bug in owner-list stuff that can cause data files to 3418 be "lost". 3419 Fix a bug with queue runs that cause forwards to yourself to go 3420 into alias/forwarding loops. I'm still iffy about this 3421 fix. 3422 Fix from Eric Wassenaar for suppression of return message code. 3423 34246.29/6.9 93/02/24 3425 Fix yet another problem in alias owner code -- put the wrong return 3426 address on the enclosed return-to-sender letter. 3427 34286.28/6.9 93/02/24 3429 Fix botch in alias owner code that caused it to not operate if the 3430 error was detected locally. 3431 34326.27/6.9 93/02/24 3433 M_LOCAL => M_LOCALMAILER to avoid conflict with Ultrix include 3434 file <sys/mount.h>. 3435 Miscellaneous bug fixes from Eric Wassenaar: 3436 sendmail -bv -t logs the from line even though in verify 3437 mode only. 3438 sendmail -v can go into queue mode if shouldqueue returns 3439 TRUE. 3440 Add route-addr pruning per RFC 1123 section 5.3.3. This can be 3441 disabled using the "R" option. 3442 Delete (always undocumented) -R flag (save original recipients); 3443 there are ways to syslog(3) these now. 3444 Clean up SMTP reply codes -- specify them as needed in the code, 3445 instead of in conf.c -- this was needed during the NCP to 3446 TCP transition, but seems silly now. This also changes 3447 parameters to message and nmessage. 3448 Have mailstats read the .cf file to find the sendmail.st file and 3449 get text versions of mailer names. An initial version of 3450 this code was provided by Tuominen Keijo (although the 3451 comments indicate the good bits were written by "E.V."). 3452 Add yet more System V compatibility hacks. 3453 Fix bug in VRFY code (assumes everything must be a local user). 3454 Allow specification of any of the hard-wired pathnames in the 3455 Makefile. 3456 Delete concept of "trusted users" -- this really didn't provide 3457 any security anyway, and caused some problems. 3458 Delete last vestige of support for the word "at" as an equivalent 3459 to the character "@". 3460 Propagate owner-foo alias information into the envelope sender. 3461 Based on code from John Gardiner Myers. This is a major 3462 semantic change -- beware! 3463 Allow $@ on LHS to indicate "match zero" -- this is used to match 3464 the null expression. 3465 34666.26/6.8 93/02/21 3467 Don't "lose" queue runs. Very important fix from (who else?) 3468 Eric Wassenaar. 3469 Completely reset state on RSET command -- from Eric Wassenaar. 3470 Send error messages and return receipts using an envelope sender 3471 of <> regardless of the setting of $n. Rewriting rules 3472 can undo this if they feel the necessity, as might be 3473 needed for networks that don't understand the syntax. 3474 This is permitted by RFC 821 section 3.6 and required by 3475 RFC 1123 section 5.3.3. THIS REQUIRES VERSION 4 CONFIG 3476 FILES because the rulesets must be able to parse <> 3477 properly. 3478 Don't ever send error messages to "<>" -- they will get sent to 3479 the local postmaster or dumped in /usr/tmp/dead.letter 3480 instead. Per RFC 1123 section 5.3.3. 3481 Explicitly check for email to yourself as a dotted quad. You 3482 have to call $[ [ ... ] $] to get this. 3483 Up the message timeout to five days per RFC 1123 section 5.3.1.1. 3484 Make all read timeouts individually configurable, as strongly 3485 recommended by RFC 1123 section 5.3.2. 3486 Use f_bavail (blocks available to regular users) instead of f_bfree 3487 (blocks available to superuser) in free block checks. 3488 Change $d macro to be the current time, not the origination time, 3489 since this is consistent with how it is used now. 3490 Generalization of enoughspace from Eric Wassenaar covering 3491 SGI, Apollo, HPUX, Ultrix, and SunOS. 3492 Ignore process group signals -- some front ends can do this if 3493 you kill a window too quickly. From Eric Wassenaar. 3494 Change umask to 022. 3495 34966.25/6.8 93/02/20 3497 Close all cached connections before calling mailers and after 3498 forking for delivery (caused double closes which resulted 3499 in false errors). 3500 Add FEATURE(redirect) in config files -- this allows you to alias 3501 old addresses to a pointer to the new address that will 3502 give a 551 error message, but not deliver the mail. 3503 Some code changes to make the 551 errors look pretty. 3504 Names of M4 program paths in config files have changed -- they 3505 are all XXX_MAILER_PATH now, to match XXX_MAILER_FLAGS. 3506 Fix a bug in the QSELFREF code having to do with empty .forward 3507 files, reported by Eric Wassenaar. 3508 Add option "p" (privacy flags); this allows you to tune how 3509 picky the SMTP server will be. This also adds the 3510 confPRIVACY_FLAGS M4 macro in the config files. 3511 Add option "b" (minimum blocks free). If there are fewer than 3512 this number of blocks free on the filesystem containing 3513 the queue directory, the SMTP MAIL command will return 3514 a 452 response and ask you to try again later. This 3515 also adds the confMIN_FREE_BLOCKS M4 macro in the config 3516 files. 3517 Made VRFY just verify (doesn't expand aliases and .forward files); 3518 EXPN does full expansion. RCPT in queue-only mode also 3519 doesn't chase aliases and .forward. 3520 35216.24/6.7 93/02/19 3522 Increase the number of domain search entries in domain.c to allow 3523 for the extra "" entry indicating the root domain. 3524 Reported by Motonori Nakamura of Kyoto U. 3525 Add a "SMART_HOST" in the configs for UUCP-connected sites that 3526 want to forward all mail with extra "@"s to that site. 3527 Also allows SMART_HOST, LOCAL_RELAY, and MAIL_HUB to 3528 be specified as ``mailer:hostname'' to use an alternate 3529 mailer. 3530 Clarified and updated some wording in the Operations Guide. 3531 Add the "c" mailer flag -- this suppresses all comment parts of 3532 addresses (requested by John Curran of NEARnet). 3533 Have -v print prompts in -bt mode even if stdin is not a terminal 3534 (default behaviour is to be silent if not reading from 3535 a terminal). Suggested by Bryan Costales, ICSI. 3536 Move the metacharacters from C0 space (\001-\037) into C1 space 3537 (\201-\237). This also fixes a bunch of potential bugs 3538 with G1 characters (\240-\276) in headers relating to 3539 negative numbers passed to isspace() et al. 3540 Add YP_LAST_MODIFIED and YP_MASTER_NAME to DBM version of alias 3541 database if YPCOMPAT is #defined. Enhancement from 3542 Takahiro Kanbe of Fuji Xerox Information Systems Co., Ltd. 3543 Add "list" Precedence (-30); this can be used with old sendmails 3544 which will map to precedence 0 (which will return error 3545 messages). Suggested by Stephen R. van den Berg. 3546 Many bug fixes from Eric Wassenaar of the National Institute for 3547 Nuclear and High-Energy Physics, Amsterdam: 3548 Clear timeouts properly on open failures in include(). 3549 Don't dereference through NULL if no home directory found. 3550 Re-establish SIGCHLD signal on System 5 in reapchild(). 3551 Avoid NULL pointer reference on -pFOO flag. 3552 Properly handle backslash escapes in comments. 3553 Correctly check reply status on SMTP NOOP command. 3554 Properly save SMTP error message if peer gives 3555 "Service Shutting Down" message. 3556 Avoid writing to the transcript if it couldn't be opened. 3557 Signal errors in SMTP children to parent properly. 3558 Handle self references in a list more globally (include a 3559 QSELFREF bit in the address flags). This enhancement 3560 was suggested by Eric Wassenaar. 3561 Use initgroups() in hpux, even though it's System-V based. The 3562 HASINITGROUPS compile flag can set this on other systems. 3563 This HPUX behaviour was pointed out by Eric Wassenaar. 3564 35656.23/6.6 93/02/16 3566 Clean up handling of LogLevel to make it easier to figure out 3567 what's on what level. 3568 Change log levels to have some consistency: 3569 1 serious system failures, security problems 3570 2 lost communications, protocol failures 3571 3 other serious failures 3572 4 minor errors 3573 5 message collection 3574 6 vrfy logging, creation of return-to-sender 3575 7 delivery failures 3576 8 delivery successes 3577 9 delivery tempfails (queue ups) 3578 10 database expansion 3579 >64 debugging 3580 Allow IDA-style separated processing on S= and R= in Mailer 3581 definition lines. Note that rulesets 1 and 2 are 3582 still used for both addresses as before. Bruce Lilly 3583 gave a convincing argument that RFC976 insists on 3584 this behaviour. 3585 Added some time zones to arpatounix -- they may not be in the 3586 standards, but they are in use. However, I may delete 3587 arpatounix entirely -- there appears to be no reason 3588 for it to exist. 3589 Change to UUCP mailer (in cf directory) to try to do a saner job. 3590 I'm still not certain about this mailer in general. 3591 35926.22/6.5 93/02/15 3593 Fix bug that prevents saving letters in ~/dead.letter. 3594 Don't add angle brackets in VRFY command if angle brackets already 3595 exist in the address. 3596 Fix bogus error message in udbexpand. 3597 Null terminate host buffers in buildaddr (broken in 6.21) -- 3598 IMPORTANT FIX!! 3599 36006.21/6.5 93/02/15 3601 Fix another incorrect error message in alias.c, found by Azuma 3602 Okamoto. 3603 Fix a couple of problems in the more-configurable config files, 3604 found by Tom Ivar Helbekkmo. 3605 Fix problem with quoted :include: entries. 3606 Don't duplicate the filename on verbose printing of .forward and 3607 :include: contents. 3608 Extend size of prescan buffer (to allow bigger addresses). Also, 3609 detect some buffer overflows. 3610 Log user SMTP protocol errors (log level 4). 3611 36126.20/6.4 93/02/14 3613 Fix another problem in the MCI state machine caused when there 3614 were errors generated from the other end to commands 3615 other than RCPT. 3616 36176.19/6.4 93/02/14 3618 Include load average support for DEC Alpha running OSF/1. 3619 Fix multiple-response problem with errors in MAIL From: line. 3620 Fix SMTP reply codes for invalid address syntaxes (give 501; 3621 never give multiple error messages for a single message). 3622 Fix problem where a cached connection timeout rejects all 3623 later connects to that host. 3624 Fix incorrect error message if alias.c is compiled with DBM only. 3625 Additional changes to fix nested conditionals (from Bruce Lilly). 3626 Recover more gracefully from operating system failures, particularly 3627 NULL returns from openmailer (from Noritoshi Demizu, 3628 OMRON Corporation). 3629 Log forward, alias, and userdb expand operations on log level 10; 3630 concept suggested by P{r (Pell) Emanuelsson. 3631 Changes for HPUX 8.07 compatibility. 3632 36336.18/6.4 93/02/12 3634 Allow any config option to be set using an M4 define. 3635 Change UNAME compile flag to HASUNAME for IDA compatibility 3636 (besides, it's a better name). 3637 Note in README that on SunOS it must be linked -Bstatic. 3638 Fairly major change in domain.c to handle wildcard MX records 3639 more rationally. NOTE: the "w" option (no wildcard MX 3640 records match local domain) has been eliminated. 3641 Fix some unset variable references pointed out by Bruce Lilly. 3642 Fix host name in process titles when using cached connection. 3643 36446.17/6.3 93/01/28 3645 Fix System 5 compatibility changes to be compatible with the rest 3646 of the world. 3647 36486.16/6.3 93/01/28 3649 Experimental fix for problem handling errors in the SMTP 3650 protocol in conjunction with connection caching. 3651 System 5 compatibility changes. 3652 36536.15/6.3 93/01/26 3654 Fix a bug that causes local mail delivered using -odq to be 3655 eliminated as a duplicate (because it matched the 3656 ctladdr, now passed in as a C line). These changes 3657 are pretty tricky...... 3658 36596.14/6.3 93/01/25 3660 Add debugging for some MCI errors. 3661 36626.13/6.3 93/01/22 3663 Fix -e compatibility flag to take a value. 3664 Fix a couple of minor compilation warnings on Sun cc. 3665 Improve error messages in a few cases to be more self-explanatory. 3666 36676.12/6.3 93/01/21 3668 Fix yet-another problem with environment handling, pointed out 3669 by Yoshitaka Tokugawa and Tom Ivar Helbekkmo. 3670 Some heuristics to try to limit resource exhaustion problems 3671 if a downstream host has been down for a long time. 3672 Fix problem with incorrect host name being logged in "Connection 3673 timed out" messages (from Tom Ivar Helbekkmo). 3674 Fix some ANSI C problems (from Takahiro Kanbe). 3675 Properly log message sender on returned mail during queue run. 3676 Count number of recipients properly. 3677 Fix a problem in yp map code. 3678 Diagnose "message timed out" (from Motonori Nakamura). 3679 36806.11/6.3 93/01/20 3681 Fix problem with address delimitor inside quotes. 3682 Define $k and $=k to be the UUCP name (from the uname call) 3683 based on code from Bruce Lilly. 3684 36856.10/6.2 93/01/18 3686 Implement arpatounix (largely code from Bruce Lilly). 3687 Log more info (suggested by John Myers). 3688 Allow nested $?...$|...$. (inspired by code from Bruce Lilly of 3689 Sony US). 3690 POSIX compatibility (noted by Keith Bostic). 3691 Handle SMTP MAIL command errors properly (urged by several people, 3692 notably John Myers of CMU). 3693 Do early diagnosis of .cf errors (notably referencing a RHS 3694 substitution that isn't on the LHS). 3695 Adjust checkpointing to better handle batched recipients, suggested 3696 by John Myers. 3697 Fix miscellaneous bugs. 3698 (config files:) Implement MAIL_HUB for all local mail (to handle 3699 NFS-mounted directories) as urged by Tom Ivar Helbekkmo 3700 of the Norwegian School of Economics. 3701 37026.9/6.1 93/01/13 3703 Environment handling simplification/bug fix -- child processes 3704 get a minimal, fixed environment. This avoids different 3705 behaviour in queue runs. 3706 Handle commas inside comments properly. 3707 Properly limit large messages submitted in -obq mode. 3708 37096.8/6.1 93/01/10 3710 Check mtime of thaw file against .cf and sendmail binary, based on 3711 code from John Myers. 3712 37136.7/6.1 93/01/10 3714 MX piggybacking, based on code from John Myers@CMU. 3715 Allow checkcompat to return -1 to mean tempfail. 3716 Bug fix in m_mno computation. 3717 37186.6/6.1 93/01/09 3719 Tuning of queueing functions as recommended by John Gardiner Myers. 3720 Return mail headers (no body) on messages with negative precedence. 3721 Minor other bug fixes. 3722 37236.5/6.1 93/01/03 3724 Fix botch causing queued headers to have ?XX? prefixes. 3725 37266.4/6.1 93/01/02 3727 Changes to recognize special mailer types (e.g., file) early. 3728 37296.3/6.1 93/01/01 3730 Pass timeouts to sfgets. 3731 Check for control characters in addresses. 3732 Fixed deferred error reporting. 3733 Report duplicate aliases. 3734 Handle mixed case recursive aliases. 3735 Misc bug fixes. 3736 37376.2/6.1 92/12/30 3738 Put return-receipt-to on a conf.c flag (but don't set it). 3739 Fix minor syslog problem. 3740