usr.sbin/sendmail/RELEASE_NOTES

			SENDMAIL RELEASE NOTES
	     @(#)RELEASE_NOTES	8.6.7.1 (Berkeley) 03/14/94

This listing shows the version of the sendmail binary, the version
of the sendmail configuration files, the date of release, and a
summary of the changes in that release.

8.6.7/8.6.6	94/03/14
	SECURITY: it was possible to get root access by using wierd
		values to the -d flag.  Thanks to Alain Durand of
		INRIA for forwarding me the notice from the bugtraq
		list.

8.6.6/8.6.6	94/03/13
	SECURITY: the ability to give files away on System V-based
		systems proved dangerous -- don't run as the owner
		of a :include: file on a system that allows giveaways.
		Unfortunately, this also applies to determining a
		valid shell.
	IMPORTANT: Previous versions weren't expiring old connections
		in the connection cache for a long time under some
		circumstances.  This could result in resource exhaustion,
		both at your end and at the other end.  This checks the
		connections for timeouts much more frequently.  From
		Doug Anderson of NCSC.
	Fix a glitch that snuck in that caused programs to be run as
		the sender instead of the recipient if the mail was
		from a local user to another local user.  From
		Motonori Nakamura of Kyoto University.
	Fix "wildcard" on /etc/shell matching -- instead of looking
		for "*", look for "/SENDMAIL/ANY/SHELL/".  From
		Bryan Costales of ICSI.
	Change the method used to declare the "statfs" availability;
		instead of HASSTATFS and/or HASUSTAT with a ton of
		tweaking in conf.c, there is a single #define called
		SFS_TYPE which takes on one of six values (SFS_NONE
		for no statfs availability, SFS_USTAT for the ustat(2)
		syscall, SFS_4ARGS for a four argument statfs(2) call,
		and SFS_VFS, SFS_MOUNT, or SFS_STATFS for a two argument
		statfs(2) call with the declarations in <sys/vfs.h>,
		<sys/mount.h>, or <sys/statfs.h> respectively).
	Fix glitch in NetInfo support that could return garbage if
		there was no "/locations/sendmail" property.  From
		David Meyer of the University of Virginia.
	Change HASFLOCK from defined/not-defined to a 0/1 definition
		to allow Linux to turn it off even though it is a
		BSD-like system.
	Allow setting of "ident" timeout to zero to turn off the ident
		protocol entirely.
	Make 7-bit stripping local to a connection (instead of to a
		mailer); this allows you to specify that SMTP is a
		7-bit channel, but revert to 8-bit should it advertise
		that it supports 8BITMIME.  You still have to specify
		mailer flag 7 to get this stripping at all.
	Improve makesendmail script so it handles more cases automatically.
	Tighten up restrictions on taking ownership of :include: files
		to avoid problems on systems that allow you to give away
		files.
	Fix a problem that made it impossible to rebuild the alias
		file if it was on a read-only file system.  From
		Harry Edmon of the University of Washington.
	Improve MX randomization function.  From John Gardiner Myers
		of CMU.
	Fix a minor glitch causing a bogus message to be printed (used
		%s instead of %d in a printf string for the line number)
		when a bad queue file was read.  From Harry Edmon.
	Allow $s to remain NULL on locally generated mail.  I'm not
		sure this is necessary, but a lot of people have complained
		about it, and there is a legitimate question as to whether
		"localhost" is legal as an 822-style domain.
	Fix a problem with very short line lengths (mailer L= flag) in
		headers.  This causes a leading space to be added onto
		continuation lines (including in the body!), and also
		tries to wrap headers containing addresses (From:, To:,
		etc) intelligently at the shorter line lengths.  Problem
		Reported by Lars-Johan Liman of SUNET Operations Center.
	Log the real user name when logging syserrs, since these can have
		security implications.  Suggested by several people.
	Fix address logging of cached connections -- it used to always
		log the numeric address as zero.  This is a somewhat
		bogus implementation in that it does an extra system
		call, but it should be an inexpensive one.  Fix from
		Motonori Nakamura.
	Tighten up handling of short syslog buffers even more -- there
		were cases where the outgoing relay= name was too long
		to share a line with delay= and mailer= logging.
	Limit the overhead on split envelopes to one open file descriptor
		per envelope -- previously the overhead was three
		descriptors.  This was in response to a problem reported
		by P{r (Pell) Emanuelsson.
	Fixes to better handle the case of unexpected connection closes;
		this redirects the output to the transcript so the info
		is not lost.  From Eric Wassenaar.
	Fix potential string overrun if you macro evaluate a string that
		has a naked $ at the end.  Problem noted by James Matheson
		<jmrm@eng.cam.ac.uk>.
	Make default error number on $#error messages 553 (``Requested
		action not taken: mailbox name not allowed'') instead of
		501 (``Syntax error in parameters or arguments'') to
		avoid bogus "protocol error" messages.
	Strip off any existing trailing dot on names during $[ ... $]
		lookup.  This prevents it from ending up with two dots
		on the end of dot terminated names.  From Wesley Craig
		of the University of Michigan and Bryan Costales of ICSI.
	Clean up file class reading so that the debugging information is
		more informative.  It hadn't been using setclass, so you
		didn't see the class items being added.
	Avoid core dump if you are running a version of sendmail where
		NIS is compiled in, and you specify an NIS map, but
		NIS is not running.  Fix from John Oleynick of
		Rutgers.
	Diagnose bizarre case where res_search returns a failure value,
		but sets h_errno to a success value.
	Make sure that "too many hops" messages are considered important
		enough to send an error to the Postmaster (that is, the
		address specified in the P option).  This fix should
		help problems that cause the df file to be left around
		sometimes -- unfortunately, I can't seem to reproduce
		the problem myself.
	Avoid core dump (null pointer reference) on EXPN command; this
		only occurred if your log level was set to 10 or higher
		and the target account was an alias or had a .forward file.
		Problem noted by Janne Himanka.
	Avoid "denial of service" attacks by someone who is flooding your
		SMTP port with bad commands by shutting the connection
		after 25 bad commands are issued.  From Kyle Jones of
		UUNET.
	Fix core dump on error messages with very long "to" buffers;
		fmtmsg overflows the message buffer.  Fixed by trimming
		the to address to 203 characters.  Problem reported by
		John Oleynick.
	Fix configuration for HASFLOCK -- there were some spots where
		a #ifndef was incorrectly #ifdef.  Pointed out by
		George Baltz of the University of Maryland.
	Fix a typo in savemail() that could cause the error message To:
		lists to be incorrect in some places.  From Motonori
		Nakamura.
	Fix a glitch that can cause duplicate error messages on split
		envelopes where an address on one of the lists has a
		name server failure.  Fix from Voradesh Yenbut of the
		University of Washington.
	Fix possible bogus pointer reference on ESMTP parameters that
		don't have an ``=value'' part.
	CNAME loops caused an error message to be generated, but also
		re-queued the message.  Changed to just re-queue the
		message (it's really hard to just bounce it because
		of the wierd way the name server works in the presence
		of CNAME loops).  Problem noted by James M.R.Matheson
		of Cambridge University.
	Avoid giving ``warning: foo owned process doing -bs'' messages
		if they use ``MAIL FROM:<foo>'' where foo is their true
		user name.  Suggested by Andreas Stolcke of ICSI.
	Change the NAMED_BIND compile flag to be a 0/1 flag so you can
		override it easily in the Makefile -- that is, you can
		turn it off using -DNAMED_BIND=0.
	If a gethostbyname(...) of an address with a trailing dot fails,
		try it without the trailing dot.  This is because if
		you have a version of gethostbyname() that falls back
		to NIS or the /etc/hosts file it will fail to find
		perfectly reasonable names that just don't happen to
		be dot terminated in the hosts file.  You don't want to
		strip the dot first though because we're trying to ensure
		that country names that match one of your subdomains get
		a chance.
	PRALIASES: fix bogus output on non-null-terminated strings.
		From Bill Gianopoulos of Raytheon.
	CONFIG: Avoid rewriting anything that matches $w to be $j.
		This was in code intended to only catch the self-literal
		address (that is, [1.2.3.4], where 1.2.3.4 is your
		IP address), but the code was broken.  However, it will
		still do this if $M is defined; this is necessary to
		get client configurations to work (sigh).  Note that this
		means that $M overrides :mailname entries in the user
		database!  Problem noted by Paul Southworth.
	CONFIG: Fix definition of Solaris help file location.  From
		Steve Cliffe <steve@gorgon.cs.uow.edu.au>.
	CONFIG: Fix bug that broke news.group.USENET mappings.
	CONFIG: Allow declaration of SMTP_MAILER_MAX, FAX_MAILER_MAX,
		and USENET_MAILER_MAX to tweak the maximum message
		size for various mailers.
	CONFIG: Change definition of USENET_MAILER_ARGS to include argv[0]
		instead of assuming that it is "inews" for consistency
		with other mailers.  From Michael Corrigan of UC San Diego.
	CONFIG: When mail is forwarded to a LOCAL_RELAY or a MAIL_HUB,
		qualify the address in the SMTP envelope as user@{relay|hub}
		instead of user@$j.  From Bill Wisner of The Well.
	CONFIG: Fix route-addr syntax in nullrelay configuration set.
	CONFIG: Don't turn off case mapping of user names in the local
		mailer for IRIX.  This was different than most every other
		system.
	CONFIG: Avoid infinite loops on certainly list:; syntaxes in
		envelope.  Noted by Thierry Besancon
		<besancon@excalibur.ens.fr>.
	CONFIG: Don't include -z by default on uux line -- most systems
		don't want it set by default.  Pointed out by Philippe
		Michel of Thomson CSF.
	CONFIG: Fix some bugs with mailertables -- for example, if your
		host name was foo.bar.ray.com and you matched against
		".ray.com", the old implementation bound %1 to "bar"
		instead of "foo.bar".  Also, allow "." in the mailertable
		to match anything -- essentially, take over SMART_HOST.
		This also moves matching of explicit local host names
		before the mailertable so they don't have to be special
		cased in the mailertable data.  Reported by Bill
		Gianopoulos of Raytheon; the fix for the %1 binding
		problem was contributed by Nicholas Comanos of the
		University of Sydney.
	CONFIG: Don't include "root" in class $=L (users to deliver
		locally, even if a hub or relay exists) by default.
		This is because of the known bug where definition of
		both a LOCAL_RELAY and a MAIL_HUB causes $=L to ignore
		both and deliver into the local mailbox.
	CONFIG: Move up bitdomain and uudomain handling so that they
		are done before .UUCP class matching; uudomain was
		reported as ineffective before.  This also frees up
		diversion 8 for future use.  Problem reported by Kimmo
		Suominen.
	CONFIG: Don't try to convert dotted IP address (e.g., [1.2.3.4])
		into host names.  As pointed out by Jonathan Kamens,
		these are often used because either the forward or reverse
		mapping is broken; this translation makes it broken again.
	DOC: Clarify $@ and $: in the Install & Op Guide.  From Kimmo
		Suominen.
	Portability fixes:
		Unicos from David L. Kensiski of Sterling Sofware.
		DomainOS from Don Lewis of Silicon Systems.
		GNU m4 1.0.3 from Karst Koymans of Utrecht University.
		Convex from Kimmo Suominen <kim@tac.nyc.ny.us>.
		NetBSD from Adam Glass <glass@sun-lamp.cs.berkeley.edu>.
		BSD/386 from Tony Sanders of BSDI.
		Apollo from Eric Wassenaar.
		DGUX from Doug Anderson.
		Sequent DYNIX/ptx 2.0 from Tim Wright of Sequent.
	NEW FILES:
		src/Makefile.DomainOS
		src/Makefile.PTX
		src/Makefile.SunOS.5.1
		src/Makefile.SunOS.5.2
		src/Makefile.SunOS.5.x
		src/mailq.1
		cf/ostype/domainos.m4
		doc/op/Makefile
		doc/intro/Makefile
		doc/usenix/Makefile

8.6.5/8.6.5	94/01/13
	Security fix:  /.forward could be owned by anyone (the test
		to allow root to own any file was backwards).  From
		Bob Campbell at U.C. Berkeley.
	Security fix: group ids were not completely set when programs
		were invoked.  This caused programs to have group
		permissions they should not have had (usually group
		daemon instead of their own group).  In particular,
		Perl scripts would refuse to run.
	Security: check to make sure files that are written are not
		symbolic links (at least under some circumstances).
		Although this does not respond to a specific known
		attack, it's just a good idea.  Suggested by
		Christian Wettergren.
	Security fix: if a user had an NFS mounted home directory on
		a system with a restricted shell listed in their
		/etc/passwd entry, they could still execute any
		program by putting that in their .forward file.
		This fix prevents that by insisting that their shell
		appear in /etc/shells before allowing a .forward to
		execute a program or write a file.  You can disable
		this by putting "*" in /etc/shells.  It also won't
		permit world-writable :include: files to reference
		programs or files (there's no way to disable this).
		These behaviours are only one level deep -- for
		example, it is legal for a world-writable :include:
		file to reference an alias that writes a file, on
		the assumption that the alias file is well controlled.
	Security fix: root was not treated suspiciously enough when
		looking into subdirectories.  This would potentially
		allow a cracker to examine files that were publically
		readable but in a non-publically searchable directory.
	Fix a problem that causes an error on QUIT on a cached
		connection to create problems on the current job.
		These are typically unrelated, so errors occur in
		the wrong place.
	Reset CurrentLA in sendall() -- this makes sendmail queue
		runs more responsive to load average, and fixes a
		problem that ignored the load average in locally
		generated mail.  From Eric Wassenaar.
	Fix possible core dump on aliases with null LHS.  From
		John Orthoefer of BB&N.
	Revert to using flock() whenever possible -- there are just
		too many bugs in fcntl() locking, particularly over
		NFS, that cause sendmail to fail in perverse ways.
	Fix a bug that causes the connection cache to get confused
		when sending error messages.  This resulted in
		"unexpected close" messages.  It should fix itself
		on the following queue run.  Problem noted by
		Liudvikas Bukys of Rochester University.
	Include $k in $=k as documented in the Install & Op Guide.
		This seems odd, but it was documented....  From
		Michael Corrigan of UCSD.
	Fix problem that caused :include:s from alias files to be
		forced to be owned by root instead of daemon
		(actually DefUid).  From Tim Irvin.
	Diagnose unrecognized I option values -- from Mortin Forssen
		of the Chalmers University of Technology.
	Make "error" mailer work consistently when there is no error
		code associated with it -- previously it returned OK
		even though there was a real problem.  Now it assumes
		EX_UNAVAILABLE.
	Fix bug that caused the last header line of messages that had
		no body and which were terminated with EOF instead of
		"." to be discarded.  Problem noted by Liudvikas Bukys.
	Fix core dump on SMTP mail to programs that failed -- it tried
		to go to a "next MX host" when none existed, causing
		a core dump.  From der Mouse at McGill University.
	Change IDENTPROTO from a defined/not defined to a 0/1 switch;
		this makes it easier to turn it off (using
		-DIDENTPROTO=0 in the Makefile).  From der Mouse.
	Fix YP_MASTER_NAME store to use the unupdated result of
		gethostname() (instead of myhostname(), which tries
		to fully qualify the name) to be consistent with
		SunOS.  If your hostname is unqualified, this fixes
		transfers to slave servers.  Bug noted by Keith
		McMillan of Ameritech Services, Inc.
	Fix Ultrix problem: gethostbyname() can return a very large
		(> 500) h_length field, which causes the sockaddr
		to be trashed.  Use the size of the sockaddr instead.
		Fix from Bob Manson of Ohio State.
	Don't assume "-a." on host lookups if NAMED_BIND is not
		defined -- this confuses gethostbyname on hosts
		file lookups, which doesn't understand the trailing
		dot convention.
	Log SMTP server subprocesses that die with a signal instead
		of from a clean exit.
	If you don't have option "I" set, don't assume that a DNS
		"host unknown" message is authoritative -- it
		might still be found in /etc/hosts.
	Fix a problem that would cause Deferred: messages to be sent
		as the subject of an error message, even though the
		actual cause of a message was more severe than that.
		Problem noted by Chris Seabrook of OSSI.
	Fix race condition in DBM alias file locking.  From Kyle
		Jones of UUNET.
	Limit delivery syslog line length to avoid bugs in some
		versions of syslog(3).  This adds a new compile time
		variable SYSLOG_BUFSIZE.  From Jay Plett of Princeton
		University, which is in turn derived from IDA.
	Fix quotes inside of comments in addresses -- previously
		it insisted that they be balanced, but the 822 spec
		says that they should be ignored.
	Dump open file state to syslog upon receiving SIGUSR1 (for
		debugging).  This also evaluates ruleset 89, if set
		(with the null input), and logs the result.  This
		should be used sparingly, since the rewrite process
		is not reentrant.
	Change -qI, -qR, and -qS flags to be case-insensitive as
		documented in the Bat Book.
	If the mailer returned EX_IOERR or EX_OSERR, sendmail did not
		return an error message and did not requeue the message.
		Fix based on code from Roland Dirlewanger of
		Reseau Regional Aquarel, Bordeaux, France.
	Fix a problem that caused a seg fault if you got a 421 error
		code during some parts of connection initialization.
		I've only seen this when talking to buggy mailers on
		the other end, but it shouldn't give a seg fault in
		any case.  From Amir Plivatsky.
	Fix core dump caused by a ruleset call that returns null.
		Fix from Bryan Costales of ICSI.
	Full-Name: field was being ignored.  Fix from Motonori Nakamura
		of Kyoto University.
	Fix a possible problem with very long input lines in setproctitle.
		From P{r Emanuelsson.
	Avoid putting "This is a warning message" out on return receipts.
		Suggested by Douglas Anderson.
	Detect loops caused by recursive ruleset calls.  Suggested by
		Bryan Costales.
	Initialize non-alias maps during alias rebuilds -- they may be
		needed for parsing.  Problem noted by Douglas Anderson.
	Log sender address even if no message was collected in SMTP
		(e.g., if all RCPTs failed).  Suggested by Motonori
		Nakamura.
	Don't reflect the owner-list contents into the envelope sender
		address if the value contains ", :, /, or | (to avoid
		illegal addresses appearing there).
	Efficiency hack for toktype macro -- from Craig Partridge of
		BB&N.
	Clean up DNS error printing so that a host name is always
		included.
	Remember to set $i during queue runs.  Reported by Stephen
		Campbell of Dartmouth University.
	If ${HOSTALIASES} is set, use it during canonification so that
		headers are properly mapped.  Reported by Anne Bennett
		of Concordia University.
	Avoid printing misleading error message if SMTP mailer (not
		using [IPC]) should die on a core dump.
	Avoid incorrect diagnosis of "file 1 closed" when it is caused
		by the other end closing the connection.  From
		Dave Morrison of Oracle.
	Improve several of the error messages printed by "mailq"
		to include a host name or other useful information.
	Add NetInfo preliminary support for NeXT systems.  From Vince
		DeMarco.
	Fix a glitch that sometimes caused :include:s that pointed to
		NFS filesystems that were down to give an "aliasing/
		forwarding loop broken" message instead of queueing
		the message for retry.  Noted by William C Fenner of
		the NRL Connection Machine Facility.
	Fix a problem that could cause a core dump if the input sequence
		had (or somehow acquired) a \231 character.
	Make sure that route-addrs always have <angle brackets> around
		them in non-SMTP envelopes (SMTP envelopes already do
		this properly).
	Avoid wierd headers on unbalanced punctuation of the form:
		``Joe User <user)'' -- this caused reference to the
		null macro.  Fix from Rick McCarty of IO.COM.
	Fix a problem that caused an alias "user: user@local.host" to
		not have the QNOTREMOTE bit set; this caused configs
		to act as if FEATURE(notsticky) was defined even when
		it was not.  The effect of the problem was to make it
		very hard to to set up satellite sites that had a few
		local accounts, with everything else forwarded to a
		corporate hub.  Reported by Detlef Drewanz of the
		University of Rostock and Mark Frost of NCD.
	Change queuing to not call rulesets 3, {1 or 2}, 4 on header
		addresses.  This is more efficient (fewer name server
		calls) and fixes certain unusual configurations, such
		as those that have ruleset 4 do something that is
		non-idempotent unless a mailer-specific ruleset did
		something else.  Problem reported by Brian J. Coan
		of the Institute for Global Communications.
	Fix the "obsolete argument" routine in main to better understand
		new arguments.  For example, if you used ``sendmail
		-C config -v -q'' it would choke on the -q because
		the -C would stop looking for old-format arguments.
	Fix the code that was intended to allow two users to forward their
		mail to the same program and have them appear unique.
	Portability fixes for:
		SCO UNIX from Murray Kucherawy.
		SCO Open Server 3.2v4 from Philippe Brand.
		System V Release 4 from Rick Ellis and others.
		OSF/1 from Steve Campbell.
		DG/UX from Ben Mesander of the USGS and Bryan Curnutt
			of Stoner Associates.
		Motorola SysV88 from Kevin Johnson of Motorola.
		Solaris 2.3 from Casper H.S. Dik of the University
			of Amsterdam and John Caruso of University
			of Maryland.
		FreeBSD from Ollivier Robert.
		NetBSD from Adam Glass.
		TitanOS from Kate Hedstrom of Rutgers University.
		Irix from Bryan Curnutt.
		Dynix from Jim Davis of the University of Arizona.
		RISC/os.
		Linux from John Kennedy of California State University
			at Chico.
		Solaris 2.x from Tony Boner of the U.S. Air Force.
		NEXTSTEP 3.x from Vince DeMarco.
		HP-UX from various people.  NOTA BENE:  the location
			of the config file has moved to /usr/lib
			to match the HP-UX version of sendmail.
	CONFIG: Don't do any recipient rewriting on relay mailer;
		since this is intended only for internal use, the
		usual RFC 821/822/1123 rules can be relaxed.  The
		main point of this is to avoid munging (ugh) UUCP
		addresses when relaying internally.
	CONFIG: fix typo in mailer/uucp.m4 that mutilates list:;
		syntax addresses delivered via UUCP.  Solution
		provided by Peter Wemm.
	CONFIG: fix thumb-fumble in default UUCP relaying in ruleset
		zero; it caused double @ signs in addresses.  From
		Irving Reid of the University of Toronto.
	CONFIG: Portability fixes for SCO Unix 3.2 with TCP/IP 1.2.1
		from Markku Toijala of ICL Personal Systems Oy.
	CONFIG: Add trailing "." on pseudo-domains for consistency;
		this fixes a problem (noted by Al Whaley of Sunnyside)
		that made it hard to recognize your own pseudodomain
		names.
	CONFIG: catch "@host" syntax errors (i.e., null local-parts)
		rather than letting them get "local configuration
		error"s.  Problem noted by John Gardiner Myers.
	CONFIG: add uucp-uudom mailer variant, based on code posted
		by Spider Boardman <spider@Orb.Nashua.NH.US>; this
		has uucp-dom semantics but old UUCP syntax.  This
		also permits "uucp-old" as an alias for "uucp" and
		"uucp-new" as a synonym for "suucp" for consistency.
	CONFIG: add POP mailer support (from Kimmo Suominen
		<kim@grendel.lut.fi>).
	CONFIG: drop CSNET_RELAY support -- CSNET is long gone.
	CONFIG: fix bug caused with domain literal addresses (e.g.,
		``[128.32.131.12]'') when FEATURE(allmasquerade)
		was set; it would get an additional @masquerade.host
		added to the address.  Problem noted by Peter Wan
		of Georgia Tech.
	CONFIG: make sure that the local UUCP name is in $=w.  From
		Jim Murray of Stratus.
	CONFIG: changes to UUCP rewriting to simulate IDA-style "V"
		mailer flag.  Briefly, if you are sending to host
		"foo", then it rewrites "foo!...!baz" to "...!baz",
		"foo!baz" remains "foo!baz", and anything else has
		the local name prepended.
	CONFIG: portability fixes for HP-UX.
	DOC: several minor problems fixed in the Install & Op Guide.
	MAKEMAP: fix core dump problem on lines that are too long or
		which lack newline.  From Mark Delany.
	MAILSTATS: print sums of columns (total messages & kbytes
		in and out of the system).  From Tom Ferrin of UC
		San Francisco Computer Graphics Lab.
	SIGNIFICANT USER- OR SYSAD-VISIBLE CHANGES:
		On HP-UX, /etc/sendmail.cf has been moved to
			/usr/lib/sendmail.cf to match HP sendmail.
		Permissions have been tightened up on world-writable
			:include: files and accounts that have shells
			that are not listed in /etc/shells.  This may
			cause some .forward files that have worked
			before to start failing.
		SIGUSR1 dumps some state to the log.
	NEW FILES:
		src/Makefile.DGUX
		src/Makefile.Dynix
		src/Makefile.FreeBSD
		src/Makefile.Mach386
		src/Makefile.NetBSD
		src/Makefile.RISCos
		src/Makefile.SCO
		src/Makefile.SVR4
		src/Makefile.Titan
		cf/mailer/pop.m4
		cf/ostype/bsdi1.0.m4
		cf/ostype/dgux.m4
		cf/ostype/dynix3.2.m4
		cf/ostype/sco3.2.m4
		makemap/Makefile.dist
		praliases/Makefile.dist

8.6.4/8.6.4	93/10/31
	Repair core-dump problem (write to read-only memory segment)
		if you fall back to the return-to-Postmaster case in
		savemail.  Problem reported by Richard Liu.
	Immediately diagnose bogus sender addresses in SMTP.  This
		makes quite certain that crackers can't use this
		class of attack.
	Reliability Fix:  check return value from fclose() and fsync()
		in a few critical places.
	Minor problem in initsys() that reversed a condition for
		redirecting the output channel on queue runs.  It's
		not clear this code even does anything.  From Eric
		Wassenaar of the Dutch National Institute for Nuclear
		and High-Energy Physics.
	Fix some problems that caused queue runs to do "too much work",
		such as double-reading the Errors-To: header.  From
		Eric Wassenaar.
	Error messages on writing the temporary file (including the
		data file) were getting suppressed in SMTP -- this
		fix causes them to be properly reported.  From Eric
		Wassenaar.
	Some changes to support AF_UNIX sockets -- this will only
		really become relevant in the next release, but some
		people need it for local patches.  From Michael
		Corrigan of UC San Diego.
	Use dynamically allocated memory (instead of static buffers)
		for macros defined in initsys() and settime(); since
		these can have different values depending on which
		envelope they are in.  From Eric Wassenaar.
	Improve logging to show ctladdr on to= logging; this tells you
		what uid/gid processes ran as.
	Fix a problem that caused error messages to be discarded if
		the sender address was unparseable for some reason;
		this was supposed to fall back to the "return to
		postmaster" case.
	Improve aliaswait backoff algorithm.
	Portability patches for Linux (8.6.3 required another header
		file) (from Karl London) and SCO UNIX.
	CONFIG: patch prog mailer to not strip host name off of envelope
		addresses (so that it matches local again).  From
		Christopher Davis.
	CONFIG: change uucp-dom mailer so that "<>" translates to $n;
		this prevents uux from seeing lines with null names like
		``From   Sat Oct 30 14:55:31 1993''.  From Motonori
		Nakamura of Kyoto University.
	CONFIG: handle <list:;> syntax correctly.  This isn't legal, but
		it shouldn't fail miserably.  From Motonori Nakamura.

8.6.3/8.6.3	93/10/24
	IMPORTANT FIX: Fix several problems that caused open files to
		be "lost" during queue runs; this overflowed the open
		file table on large runs.  An assumption that fdopen
		always succeeds sometimes resulted in core dumps when
		this happens; sometimes the message is delivered twice,
		sometimes (probably) infinite times.  This problem in
		various form was reported by P{r (Pell) Emanuelsson and
		Robert Campbell of U.C. Berkeley.
	Special diagnosis of EMFILE error conditions -- it now prints
		the known open file descriptors so you can figure out
		what is consuming so much resources.
	Fix a couple of problems caused by early address parsing
		errors -- one caused it to return a "this is only a
		warning" when it really wasn't, and the other started
		parsing through a random pointer.  The first was
		noted by Eric Wassenaar.
	Fix an infinite loop problem caused by null components in the
		host signature.  Problem noted by Jan Sorensen.
	Be sure to reset the "current date" when sending an error
		message -- PostMasterCopy messages were being sent
		with an old Date: header.
	Fix a problem that caused duplicated mail when sendmail was
		(1) compiled without HASFLOCK, (2) you are sending to
		an alias that has an owner-* alias, (3) you execute
		sendmail with -t flag, (4) you run in -odb mode, and
		(5) the sender specifies both the alias name and
		another alias [i.e., the envelope is split], then
		duplicate messages are sent.  The problem description
		and one-line fix are from Motonori Nakamura of Kyoto
		University.
	Avoid a problem that causes error messages to be discarded
		in some cases -- this was the result of a "fix" to
		avoid duplicate error messages, but two are better
		than zero.  Reported by Tim Rylance.
	Fix a minor botch in checkfd012() -- fix from Dave Hill of
		Computervision R&D Ltd.
	Remove "X-Authentication-Warning: <user> set sender to <address>
		using -f" entirely -- it is far too eager to include
		this, and it is confusing folks.  I'll try to make it
		work "right" in 8.7.  Problem noted by Yoshitaka
		Tokugawa of dit Co., Ltd.
	Fix a race condition with the errno value in tick() and
		reapchild() -- this caused occasional misdiagnosis
		of problems.  Kyle Jones of UUNET helped this along.
	Repair rule loop-detection code.  From Michael Corrigan of
		U.C. San Diego.
	Fix a problem that caused sender domain addition (C mailer
		flag to be ignored if you use -odq or use -odb with
		a high load average.  Problem reported by Jim Murray
		of Stratus.
	Fix ident protocol on multi-homed machines.  It was not
		always using the correct interface.  Fix from J.R.
		Oldroyd of Opal.
	Previously, sendmail assumed that any SMTP greeting message
		that wasn't 2xx was a temporary failure -- it should
		only take 4xx as a temporary failure, and return a
		solid error message on anything else -- for example,
		to allow you to reject connections on a workstation
		that is MXed to a mail server.
	Portability enhancements for 386BSD/FreeBSD/NetBSD from
		Ollivier Robert.
	CONFIG: FEATURE(always_add_domain) didn't always add the domain;
		in particular, on local mail it modified the header sender
		but not the header recipient address(es).  Reported by
		Jeffrey Honig of Cornell University.  Also, strip
		any host from envelope recipient address(es), since
		local mailers don't understand host names -- this is
		to help mailertable entries.  From Christopher Davis.
	CONFIG: masquerading didn't apply to addresses that already
		had a domain.  This change replaces a local hostname
		by the masquerade name in the SMTP mailer (previously
		it only added the masquerade name if it didn't already
		have a domain name).  Several people complained about
		this.

8.6.2/8.6.2	93/10/15
	Put a "successful delivery" message in the transcript for
		addresses that get return-receipts.
	Put a prominent "this is only a warning" message in warning
		messages -- some people don't read carefully enough
		and end up sending the message several times.
	Include reason for temporary failure in the "warning" return
		message.  Currently, it just says "cannot send for
		four hours".
	Fix the "Original message received" time generated for
		returntosender messages.  It was previously listed as
		the current time.  Bug reported by Eric Hagberg of
		Cornell University Medical College.
	If there is an error when writing the body of a message,
		don't send the trailing dot and wait for a response
		in sender SMTP, as this could cause the connection to
		hang up under some bizarre circumstances.  From Eric
		Wassenaar.
	Fix some server SMTP synchronization problems caused when
		connections fail during message collection.  From
		Eric Wassenaar.
	Fix a problem that can cause srvrsmtp to reject mail if the
		name server is down -- it accepts the RCPT but rejects
		the DATA command.  Problem reported by Jim Murray of
		Stratus.
	Fix a problem that can cause core dumps if the config file
		incorrectly resolves to a null hostname.  Reported by
		Allan Johannesen of WPI.
	Non-root use of -C flag, dangerous -f flags, and use of -oQ
		by non-root users were not put into
		X-Authentication-Warning:s as intended because the
		config file hadn't set the PrivacyFlags yet.  Fix
		from Sven-Ove Westberg of the University of Lulea.
	Under very odd circumstances, the alias file rebuild code
		could get confused as to whether a database was
		open or not.
	Check "vendor code" on the end of V lines -- this is
		intended to provide a hook for vendor-specific
		configuration syntax.  (This is a "new feature",
		but I've made an exception to my rule in a belief
		that this is a highly exceptional case.)
	Portability fixes for DG/UX (from Douglas Anderson of NCSC),
		SCO Unix (from Murray Kucherawy), A/UX, and OSF/1
		(from Jon Forrest of UC Berkeley)
	CONFIG: fix ``mailer:host'' form of UUCP relay naming.

8.6.1/8.6	93/10/08
	Portability fixes for A/UX and Encore UMAX V.
	Fix error message handling -- if you had a name server down
		causing an error during parsing, that message was never
		propogated to the queue file.

8.6/8.6		93/10/05
	Configuration cleanup: make it easier to undo IDENTPROTO in
		conf.h (other systems have the same bug).
	If HASGETDTABLESIZE and _SC_OPEN_MAX are both defined, assume
		getdtablesize() instead of sysconf(); a disturbingly
		large number of systems defined _SC_OPEN_MAX in the
		header files but don't have the syscall.
	Another patch to really truly ignore MX records in getcanonname
		if trymx == FALSE.
	Fix problem that caused the "250 IAA25499 Message accepted for
		delivery" message to be omitted if there was an error
		in the header of the message (e.g., a bad Errors-To:
		line).  Pointed out by Michael Corrigan of UCSD.
	Announce name of host we are chatting when we get errors; this
		is an IDA-ism suggested by Christophe Wolfhugel.
	Portability fixes for Alpha OSF/1 (from Anthony Baxter of the
		Australian Artificial Intelligence Institute), SCO Unix
		(from Murray Kucherawy of Hookup Communication Corp.),
		NeXT (from Vince DeMarco and myself), Linux (from
		Karl London <karl@borg.demon.co.uk>), BSDI (from
		Christophe Wolfhugel, and SVR4 on Dell (from Kimmo
		Suominen), AUX 3.0 on Macintosh, and ANSI C compilers.
	Some changes to get around gcc optimizer bugs.  From Takahiro
		Kanbe.
	Fix error recovery in queueup if another tf file of the same
		name already exists.  Problem stumbled over by Bill
		Wisner of The Well.
	Output YP_MASTER_NAME and YP_LAST_MODIFIED without null bytes.
		Problem noted by Keith McMillan of Ameritech Services.
	Deal with group permissions properly when opening .forward and
		:include: files.  This relaxes the 8.1C restrictions
		slightly more.  This includes proper setting of groups
		when reading :include: files, allowing you to read some
		files that you should be able to read but have previously
		been denied unless you owned them or they had "other"
		read permission.
	Make certain that $j is in $=w (after the .cf is read) so that
		if the user is forced to override some silly system,
		MX suppression will still work.
	Fix a couple of efficiency problems where newstr was double-
		calling expensive routines.  In at least one case, it
		wasn't guaranteed that they would always return the
		same result.  Problem noted by Christophe Wolfhugel.
	Fix null pointer dereference in putoutmsg -- only on an error
		condition from a non-SMTP mailer.  From Motonori
		Nakamura.
	Macro expand "C" line class definitions before scanning so that
		"CX $Z" works.
	Fix problem that caused error message to be sent while still
		trying to send the original message if the connection
		is closed during a DATA command after getting an error
		on an RCPT command (pretty obscure).  Problem reported
		by John Myers of CMU.
	Fix reply to NOOP to be 250 instead of 200 -- this is a long
		term bug.
	Fix a nasty bug causing core dumps when returning the "warning:
		cannot deliver for N hours -- will keep trying" message;
		it only occurred if you had PostMasterCopy set and
		only on some architectures.  Although sendmail would
		keep trying, it would send error messages on each
		queue interval.  This is an important fix.
	Allow u and g options to take user and group names respectively.
	Don't do a chdir into the queue directory in -bt mode to make
		ruleset testing a bit easier.
	Don't allow users to turn off logging (using -oL) on the command
		line -- command line can only raise, not lower, logging
		level.
	Set $u to the original recipient on the SMTP transaction or on
		the command line.  This is only done if there is exactly
		one recipient.  Technically, this does not meet the
		specs, because it does not guarantee a domain on the
		address.
	Fix a problem that dumped error messages on bad addresses if
		you used the -t flag.  Problem noted by Josh Smith of
		Harvey Mudd College.
	Given an address such as ``<foo> <bar>'', auto-quote the first
		``<foo>'' part, giving ``"<foo>" <bar>''.  This is to
		avoid the problem of people who use angle brackets in
		their full name information.
	Fix a null pointer dereference if you set option "l", have
		an Errors-To: header in the message, and have Errors-To:
		defined in the config file H lines.  From J.R. Oldroyd.
	Put YPCOMPAT on #ifdef NIS instead -- it's one less thing to get
		wrong when compiling.  Suggested by Rick McCarty of TI.
	Fix a problem that could pass negative SIZE parameter if the
		df file got lost; this would cause servers to always
		give a temporary failure, making the problem even worse.
		Problem noted by Allan Johannesen of WPI.
	Add "ident" timeout (one of the "r" option selectors) for IDENT
		protocol timeouts (30s default).  Requested by Murray
		Kucherawy of HookUp Communication Corp. to handle bogus
		PC TCP/IP implementations.
	Change $w default definition to be just the first component of
		the domain name on config level 5.  The $j macro defaults
		to the FQDN; $m remains as before.  This lets well-behaved
		config files use any of the short, long, or subdomain
		names.
	Add makesendmail script in src to try to automate multi-architecture
		builds.  I know, this is sub-optimal, but it is still
		helpful.
	Fix very obscure race condition that can cause a queue run to
		get a queue file for an already completed job.  This
		problem has existed for years.  Problem noted by the
		long suffering Allan Johannesen of WPI.
	Fix a problem that caused the raw sender name to be passed to
		udbsender instead of the canonified name -- this caused
		it to sometimes miss records that it should have found.
	Relax check of name on HELO packet so that a program using -bs
		that claims to be itself works properly.
	Restore rewriting of $: part of address through 2, R, 4 in
		buildaddr -- this requires passing a lot of flags to get
		it right.  Unlike old versions, this ONLY rewrites
		recipient addresses, not sender addresses.
	Fix a bug that caused core dumps in config files that cannot
		resolve /file/name style addresses.  Fix from Jonathan
		Kamens of OpenVision Technologies.
	Fix problem with fcntl locking that can cause error returns to
		be lost if the lock is lost; this required fully
		queueing everything, dropping the envelope (so errors
		would get returned), and then re-reading the queue from
		scratch.
	Fix a problem that caused aliases that redefine an otherwise
		true address to still send to the original address
		if and only if the alias failed in certain bizarre
		ways (e.g, if they pointed at a list:; syntax address).
		Problem pointed out by Jonathan Kamens.
	Remove support for frozen configuration files.  They caused
		more trouble than it was worth.
	Fix problem that can cause error messages to get ignored when
		using both -odb and -t flags.  Problem noted by Rob
		McNicholas at U.C. Berkeley.
	Include all "normal" variations on hostname in $=w.  For example,
		if the host name is vangogh.cs.berkeley.edu, $=w will
		contain vangogh, vangogh.cs, and vangogh.cs.berkeley.edu.
	Add "restrictqrun" privacy flag -- without this, anyone can run
		the queue.
	Reset SmtpPhase global on initial connection creation so that
		messages don't come out with stale information.
	Pass an "ext" argument to lockfile so that error/log messages
		will properly reflect the true filename being locked.
	Put all [...] address forms into $=w -- this eliminates the need
		for MAXIPADDR in conf.h.  Suggested by John Gardiner
		Myers of CMU.
	Fix a bug that can cause qf files to be left around even after
		an SMTP RSET command.  Problem and fix from Michael
		Corrigan.
	Don't send a PostMasterCopy to errors when the Precedence: is
		negative.  Error reports still go to the envelope
		sender address.
	Add LA_SHORT for load averages.
	Lock sendmail.st file when posting statistics.
	Add "SendBufSize" and "RcvBufSize" suboptions to "O" option to
		set the size of the TCP send and receive buffers; if you
		run over a slow slip line you may need to set these down
		(although it would be better to fix the SLIP implementation
		so that it's not necessary to recompile every program
		that does bulk data transfer).
	Allow null defaults on $( ... $) lookups.  Problem reported by
		Amir Plivatsky.
	Diagnose crufty S and V config lines.  This resulted from an
		observation that some people were using the SITE macro
		without the SITECONFIG macro first, which was causing
		bogus config files that were not caught.
	Fix makemap -f flag to turn off case folding (it was turning it
		on instead).  THIS IS A USER VISIBLE CHANGE!!!
	Fix a problem that caused multiple error messages to be sent if
		you used "sendmail -t -oem -odb", your system uses fcntl
		locking, and one of the recipient addresses is unknown.
	Reset uid earlier in include() so that recursive .forwards or
		:include:s don't use the wrong uid.
	If file descriptor 0, 1, or 2 was closed when sendmail was
		called, the code to recover the descriptor was broken.
		This sometimes (only sometimes) caused problems with the
		alias file.  Fix from Motonori Nakamura.
	Fix a problem that caused aliaswait to go into infinite recursion
		if the @:@ metasymbol wasn't found in the alias file.
	Improve error message on newaliases if database files cannot be
		opened or if running with no database format defined.
	Do a better estimation of the size of error messages when NoReturn
		is set.  Problem noted by P{r (Pell) Emanuelsson.
	Fix a problem causing the "c" option (don't connect to expensive
		mailers) to be ignored in SMTP.  Problem noted and the
		solution suggested by Robert Elz of Munnari University.
	Improve connection caching algorithm by passing "[host]" to
		hostsignature, which strips the square brackets and
		returns the real name.  This allows mailertable entries
		to match regular entries.
	Re-enable Return-Receipt-To: -- people seem to want this stupid
		feature, even if it doesn't work right.
	Catch and log attempts to try the "wiz" command in server SMTP.
		This also ups the log level from LOG_NOTICE to LOG_CRIT.
	Be more generous at assigning $z to the home directory -- do this
		for programs that are specified through a .forward file.
		Fix from Andrew Chang of Sun Microsystems.
	Always save a fatal error message in preference to a non-fatal
		error message so that the "subject" line of return
		messages is the best possible.
	CONFIG: reduce the number of quotes needed to quote configuration
		parameters with commas: two quotes should work now, e.g.,
		define(ALIAS_FILE, ``/etc/aliases,/etc/aliases.local'').
	CONFIG: class $=Z is a set of UUCP hosts that use uucp-dom
		connections (domain-ized UUCP).
	CONFIG: fix bug in default maps (-o must be before database file
		name).  Pointed out by Christophe Wolfhugel.
	CONFIG: add FEATURE(nodns) to state that we are not relying on
		DNS.  This would presumably be used in UUCP islands.
	CONFIG: add OSTYPE(nextstep) and OSTYPE(linux).
	CONFIG: log $u in Received: line.  This is in technical violation
		of the standards, since it doesn't guarantee a domain
		on the address.
	CONFIG: don't assume "m" in local mailer flags -- this means that
		if you redefine LOCAL_MAILER_FLAGS you will have to include
		the "m" flag should you want it.  Apparently some Solaris 2.2
		installations can't handle multiple local recipients.
		Problem noted by Josh Smith.
	CONFIG: add confDOMAIN_NAME to set $j (if undefined, $j defaults).
	CONFIG: change default version level from 4 to 5.
	CONFIG: add FEATURE(nullclient) to create a config file that
		forwards all mail to a hub without ever looking at the
		addresses in any detail.
	CONFIG: properly strip mailer: information off of relays when
		used to change .BITNET form into %-hack form.
	CONFIG: fix a problem that caused infinite loops if presented
		with an address such as "!foo".
	CONFIG: check for self literal (e.g., [128.32.131.12]) even if
		the reverse "PTR" mapping is broken.  There's a better
		way to do this, but the change is fairly major and I
		want to hold it for another release.  Problem noted by
		Bret Marquis.

8.5/8.5		93/07/23
	Serious bug: if you used a command line recipient that was unknown
		sendmail would not send a return message (it was treating
		everything as though it had an SMTP-style client that
		would do the return itself).  Problem noted by Josh Smith.
	Change "trymx" option in getcanonname() to ignore all MX data,
		even during a T_ANY query.  This actually didn't break
		anything, because the only time you called getcanonname
		with !trymx was if you already knew there were no MX
		records, but it is somewhat cleaner.  From Motonori
		Nakamura.
	Don't call getcanonname from getmxrr if you already know there
		are no DNS records matching the name.
	Fix a problem causing error messages to always include "The
		original message was received ... from localhost".
		The correct original host information is now included.
	Previous change to cf/sh/makeinfo.sh doesn't port to Ultrix (their
		version of "test" doesn't have the -x flag).  Change it
		to use -f instead.  From John Myers.
	CONFIG: 8.4 mistakenly set the default SMTP-style mailer to
		esmtp -- it should be smtp.
	CONFIG: send all relayed mail using confRELAY_MAILER (defaults
		to "relay" (a variant of "smtp") if MAILER(smtp) is used,
		else "suucp" if MAILER(uucp) is used, else "unknown");
		this cleans up the configs somewhat.  This fixes a serious
		problem that caused route-addrs to get mistaken as relays,
		pointed out by John Myers.  WARNING: this also causes
		the default on SMART_HOST to change from "suucp" to
		"relay" if you have MAILER(smtp) specified.

8.4/8.4		93/07/22
	Add option `w'.  If you receive a message that comes to you because
		you are the best (lowest preference) target of an MX, and
		you haven't explicitly recognized the source MX host in
		your .cf file, this option will cause you to try the target
		host directly (as if there were no MX for it at all).  If
		`w' is not set, this case is a configuration error.
		Beware: if `w' is set, senders may get bogus errors like
		"message timed out" or "host unknown" for problems that
		are really configuration errors.  This option is
		disrecommended, provided only for compatibility with
		UIUC sendmail.
	Fix a problem that caused the incoming socket to be left open
		when sendmail forks after the DATA command.  This caused
		calling systems to wait in FIN_WAIT_2 state until the
		entire list was processed and the child closed -- a
		potentially prodigious amount of time.  Problem noted
		by Neil Rickert.
	Fix problem (created in 6.64) that caused mail sent to multiple
		addresses, one of which was a bad address, to completely
		suppress the sending of the message.  This changes
		handling of EF_FATALERRS somewhat, and adds an
		EF_GLOBALERRS flag.  This also fixes a potential problem
		with duplicate error messages if there is a syntax error
		in the header of a message that isn't noticed until late
		in processing.  Original problem pointed out by Josh Smith
		of Harvey Mudd College.  This release includes quite a bit
		of dickering with error handling (see below).
	Back out SMTP transaction if MAIL gets nested 501 error.  This
		will only hurt already-broken software and should help
		humans.
	Fix a problem that broke aliases when neither NDBM nor NEWDB were
		compiled in.  It would never read the alias file.
	Repair unbalanced `)' and `>' (the "open" versions are already
		repaired).
	Logging of "done" in dropenvelope() was incorrect: it would
		log this even when the queue file still existed.  Change
		this to only log "done" (at log level 11) when the
		queue file is actually removed.  From John Myers.
	Log "lost connection" in server SMTP at log level 20 if there
		is no pending transaction.  Some senders just close the
		connection rather than sending QUIT.
	Fix a bug causing getmxrr to add a dot to the end of unqualified
		domains that do not have MX records -- this would cause
		the subsequent host name lookup to fail.  The problem
		only occurred if you had FEATURE(nocanonify) set.
		Problem noted by Rick McCarty of Texas Instruments.
	Fix invocation of setvbuf when passed a -X flag -- I had
		unwittingly used an ANSI C extension, and this caused
		core dumps on some machines.
	Diagnose self-destructive alias loops on RCPT as well as EXPN.
		Previously it just gave an empty send queue, which
		then gave either "Need RCPT (recipient)" at the DATA
		(confusing, since you had given an RCPT command which
		returned 250) or just dropped the email, depending on
		whether you were running VERBose mode.  Now it usually
		diagnoses this case as "aliasing/forwarding loop broken".
		Unfortunately, it still doesn't adequately diagnose
		some true error conditions.
	Add internal concept of "warning messages" using 6xx codes.
		These are not reported only to Postmaster.  Unbalanced
		parens, brackets, and quotes are printed as 653 codes.
		They are always mapped to 5xx codes before use in SMTP.
	Clean up error messages to tell both the actual address that
		failed and the alias they arose from.  This makes it
		somewhat easier to diagnose problems.  Difficulty noted
		by Motonori Nakamura.
	Fix a problem that inappropriately added a ctladdr to addresses
		that shouldn't have had one during a queue run.  This
		caused error messages to be handled differently during
		a queue run than a direct run.
	Don't print the qf name and line number if you get errors during
		the direct run of the queue from srvrsmtp -- this was
		just extra stuff for users to crawl through.
	Put command line flags on second line of pid file so you can
		auto-restart the daemon with all appropriate arguments.
		Use "kill `head -1 /etc/sendmail.pid`" to stop the
		daemon, and "eval `tail -1 /etc/sendmail.pid`" to
		restart it.
	Remove the ``setuid(getuid())'' in main -- this caused the
		IDENT daemon to screw up.  This required that I change
		HASSETEUID to HASSETREUID and complicate the mode
		changing somewhat because both Ultrix and SunOS seem
		to have a bug causing seteuid() to set the saved uid
		as well as the effective.  The program test/t_setreuid.c
		will test to see if your implementation of setreuid(2)
		is appropriately functional.
	The FallBackMX (option V) handling failed to properly identify
		fallback to yourself -- most of the code was there,
		but it wasn't being enabled.  Problem noted by Murray
		Kucherawy of the University of Waterloo.
	Change :include: open timeout from ETIMEDOUT to an internal
		code EOPENTIMEOUT; this avoids adding "during SmtpPhase
		with CurHostName" in error messages, which can be
		confusing.  Reported by Jonathan Kamens of OpenVision
		Technologies.
	Back out setpgrp (setpgid on POSIX systems) call to reset the
		process group id.  The original fix was to get around
		some problems with recalcitrant MUAs, but it breaks
		any call from a shell that creates a process group id
		different from the process id.  I could try to fix
		this by diddling the tty owner (using tcsetpgrp or
		equivalent) but this is too likely to break other
		things.
	Portability changes:
		Support -M as equivalent to -oM on Ultrix -- apparently
			DECnet calls sendmail with -MrDECnet -Ms<HOST> -bs
			instead of using standard flags.  Oh joy.  This
			behaviour reported by Jon Giltner of University
			of Colorado.
		SGI IRIX  -- this includes several changes that should
			help other strict ANSI compilers.
		SCO Unix -- from Murray Kucherawy of HookUp Communication
			Corporation.
		Solaris running the Sun C compiler (which despite the
			documentation apparently doesn't define
			__STDC__ by default).
		ConvexOS from Eric Schnoebelen of Convex.
		Sony NEWS workstations and Omron LUNA workstations from
			Motonori Nakamura.
	CONFIG: add confTRY_NULL_MX_LIST to set option `w'.
	CONFIG: delete `C' and `e' from default SMTP mailers flags;
		several people have made a good argument that this
		creates more problems than it solves (although this
		may prove painful in the short run).
	CONFIG: generalize all the relays to accept a "mailer:host"
		format.
	CONFIG: move local processing in ruleset 0 into a new ruleset
		98 (8 on old sendmail).  Domain literal [a.b.c.d]
		addresses are also passed through this ruleset.
	CONFIG: if neither SMART_HOST nor MAILER(smtp) were defined,
		internet-style addresses would "fall off the end" of
		ruleset zero and be interpreted as local -- however,
		the angle brackets confused the recursive call.
		These are now diagnosed as "Unrecognized host name".
	CONFIG: USENET rules weren't included in S0 because of a mistaken
		ifdef(`_MAILER_USENET_') instead of
		ifdef(`_MAILER_usenet_').  Problem found by Rein Tollevik
		of SINTEF RUNIT, Oslo.
	CONFIG: move up LOCAL_RULE_0 processing so that it happens very
		early in ruleset 0; this allows .mc authors to bypass
		things like the "short circuit" code for local addresses.
		Prompted by a comment by Bill Wisner of The Well.
	CONFIG: add confSMTP_MAILER to define the mailer used (smtp or
		esmtp) to send SMTP mail.  This allows you to default
		to esmtp but use a mailertable or other override to
		deal with broken servers.  This logic was pointed out
		to me by Bill Wisner.  Ditto for confLOCAL_MAILER.
	Changes to cf/sh/makeinfo.sh to make it portable to SVR4
		environments.  Ugly as sin.

8.3/8.3		93/07/13
	Fix setuid problems introduced in 8.2 that caused messages
		like "Cannot create qfXXXXXX: Invalid argument"
		or "Cannot reopen dfXXXXXX: Permission denied".  This
		involved a new compile flag "HASSETEUID" that takes
		the place of the old _POSIX_SAVED_IDS -- it turns out
		that the POSIX interface is broken enough to break
		some systems badly.  This includes some fixes for
		HP-UX.  Also fixes problems where the real uid is
		not reset properly on startup (from Neil Rickert).
	Fix a problem that caused timed out messages to not report the
		addresses that timed out.  Error messages are also more
		"user friendly".
	Drop required bandwidth on connections from 64 bytes/sec to
		16 bytes/sec.
	Further Solaris portability changes -- doesn't require the BSD
		compatibility library.  This also adds a new
		"HASGETDTABLESIZE" compile flag which can be used if
		you want to use getdtablesize(2) instead of sysconf(2).
		These are loosely based on changes from David Meyer at
		University of Oregon.  This now seems to work, at least
		for quick test cases.
	Fix a problem that can cause duplicate error messages to be
		sent if you are in SMTP, you send to multiple addresses,
		and at least one of those addresses is good and points
		to an account that has a .forward file (whew!).
	Fix a problem causing messages to be discarded if checkcompat()
		returned EX_TEMPFAIL (because it didn't properly mark
		the "to" address).  Problem noted by John Myers.
	Fix dfopen to return NULL if the open failed; I was depending
		on fdopen(-1) returning NULL, which isn't the case.  This
		isn't serious, but does result in wierd error diagnoses.
		From Michael Corrigan.
	CONFIG: add UUCP_MAX_SIZE M4 macro to set the maximum size of
		messages sent through UUCP-family mailers.  Suggested
		by Bill Wisner of The Well.
	CONFIG: if both MAILER(uucp) and MAILER(smtp) are specified,
		include a "uucp-dom" mailer that uses domain-style
		addressing.  Suggested by Bill Wisner.
	CONFIG: Add LOCAL_SHELL_FLAGS and LOCAL_SHELL_ARGS to match
		LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS.  Suggested by
		Christophe Wolfhugel.
	CONFIG: Add OSTYPE(aix3).  From Christophe Wolfhugel.

8.2/8.2		93/07/11
	Don't drop out on config file parse errors in -bt mode.
	On older configuration files, assume option "l" (use Errors-To
		header) for back compatibility.  NOTE:  this DOES NOT
		imply an endorsement of the Errors-To: header in any way.
	Accept -x flag on AIX-3 as well as OSF/1.  Why, why, why???
	Don't log errors on EHLO -- it isn't a "real" error for an old
		SMTP server to give an error on this command, and
		logging it in the transcript can be confusing.  Fix
		from Bill Wisner.
	IRIX compatibility changes provided by Dan Rich
		<drich@sandman.lerc.nasa.gov>.
	Solaris 2 compatibility changes.  Provided by Bob Cunningham
		<bob@kahala.soest.hawaii.edu>, John Oleynick
		<juo@klinzhai.rutgers.edu>
	Debugging: -d17 was overloaded (hostsignature and usersmtp.c);
		move usersmtp (smtpinit and smtpmailfrom) to -d18 to
		match the other flags in that file.
	Flush transcript before fork in mailfile().  From Eric Wassenaar.
	Save h_errno in mci struct and improve error message display.
		Changes from Eric Wassenaar.
	Open /dev/null for the transcript if the create of the xf file
		failed; this avoids at least one possible null pointer
		reference in very wierd cases.  From Eric Wassenaar.
	Clean up statistics gathering; it was over-reporting because of
		forks.  From Eric Wassenaar.
	Fix problem that causes old Return-Path: line to override new
		Return-Path: line (conf.c needs H_FORCE to avoid
		re-using old value).  From Motonori Nakamura.
	Fix broken -m flag in K definition -- even if -m (match only)
		was specified, it would still replace the key with the
		value.  Noted by Rick McCarty of Texas Instruments.
	If the name server timed out over several days, no "timed out"
		message would ever be sent back.  The timeout code
		has been moved from markfailure() to dropenvelope()
		so that all such failures should be diagnosted.  Pointed
		out by Christophe Wolfhugel and others.
	Relax safefile() constraints: directories in an include or
		forward path must be readable by self if the controlling
		user owns the entry, readable by all otherwise (e.g.,
		when reading your .forward file, you have to own and
		have X permssion in it; everyone needs X permission in
		the root and directories leading up to your home);
		include files must be readable by anyone, but need not
		be owned by you.
	If _POSIX_SAVED_IDS is defined, setuid to the owner before
		reading a .forward file; this gets around some problems
		on NFS mounts if root permission is not exported and
		the user's home directory isn't x'able.
	Additional NeXT portability enhancements from Axel Zinser.
	Additional HP-UX portability enhancements from Brian Bullen.
	Add a timeout around SMTP message writes; this assumes you can
		get throughput of at least 64 bytes/second.  Note that
		this does not impact the "datafinal" default, which
		is separate; this is just intended to work around
		network clogs that will occur before the final dot
		is sent.  From Eric Wassenaar.
	Change map code to set the "include null" flag adaptively --
		it initially tries both, but if it finds anything
		matching without a null it never tries again with a
		null and vice versa.  If -N is specified, it never
		tries without the null and creates new maps with a
		null byte.  If -O is specified, it never tries with
		the null (for efficiency).  If -N and -O are specified,
		you get -NO (get it?) lookup at all, so this would
		be a bad idea.  If you don't specify either -N or -O,
		it adapts.
	Fix recognition of "same from address" so that MH submissions
		will insert the appropriate full name information;
		this used to work and got broken somewhere along the
		way.
	Some changes to eliminate some unnecessary SYSERRs in the
		log.  For example, if you lost a connection, don't
		bother reporting that fact on the connection you lost.
	Add some "extended debugging" flags to try to track down
		why we get occassional problems with file descriptor
		one being closed when execing a mailer; it seems to
		only happen when there has been another error in the
		same transaction.  This requires XDEBUG, defined
		by default in conf.h.
	Add "-X filename" command line flag, which logs both sides of
		all SMTP transactions.  This is intended ONLY for
		debugging bad implementations of other mailers; start
		it up, send a message from a mailer that is failing,
		and then kill it off and examine the indicated log.
		This output is not intended to be particularly human
		readable.  This also adds the HASSETVBUF compile
		flag, defaulted on if your compiler defines __STDC__.
	CONFIG: change SMART_HOST to override an SMTP mailer.  If you
		have a local net that should get direct connects, you
		will need to use LOCAL_NET_CONFIG to catch these hosts.
		See cf/README for an example.
	CONFIG: add LOCAL_MAILER_ARGS (default: `mail -d $u') to handle
		sites that don't use the -d flag.
	CONFIG: hide recipient addresses as well as sender addresses
		behind $M if FEATURE(allmasquerade) is specified; this
		has been requested by several people, but can break
		local aliases.  For example, if you mail to "localalias"
		this will be rewritten as "localalias@masqueradehost";
		although initial delivery will work, replies will be
		broken.  Use it sparingly.
	CONFIG: add FEATURE(domaintable).  This maps unqualified domains
		to qualified domains in headers.  I believe this is
		largely equivalent to the IDA feature of the same name.
	CONFIG: use $U as UUCP name instead of $k.  This permits you
		to override the "system name" as your UUCP name --
		in particular, to use domain-ized UUCP names.  From
		Bill Wisner of The Well.
	CONFIG: create new mailer "esmtp" that always tries EHLO
		first.  This is currently unused in the config files,
		but could be used in a mailertable entry.

8.1C/8.1B	93/06/27
	Serious security bug fix: it was possible to read any file on
		the system, regardless of ownership and permissions.
	If a subroutine returns a fully qualified address, return it
		immediately instead of feeding it back into rewriting.
		This fixes a problem with mailertable lookups.
	CONFIG: fix some M4 frotz (concat => CONCAT)

8.1B/8.1A	93/06/12
	Serious bug fix: pattern matching backup algorithm stepped by
		two tokens in classes instead of one.  Found by Claus
		Assmann at University of Kiel, Germany.

8.1A/8.1A	93/06/08
	Another mailertable fix....

8.1/8.1		93/06/07
	4.4BSD freeze.  No semantic changes.

6.65/6.34	93/06/06
	Fix some lintish problems.
	Fix some cases where server SMTP behaved poorly when handed bogus
		input, pointed out by Eric Wassenaar.
	CONFIG: fix some more (sigh) mailertable bugs -- thanks to
		Motonori Nakamura of Kyoto University (again).

6.64/6.33	93/06/05
	Don't send 050 (-v) information after the 250 response to a QUIT
		command in srvrsmtp -- clients usually close the connection
		at this point, and it causes bogus error messages.
	Don't send messages that have errors on input (such as unbalanced
		parentheses) during SMTP transactions, since a return
		message has (probably) already been sent.
	Give better diagnostics on timeouts during network reads, including
		information similar to the SMTP phase.
	Fix bug that caused SMTP messages to deliver synchronously; this
		happened after the DATA 250, and hence caused reading the
		next command to be delayed.
	Ignore Errors-To: header unless 'l' (lower case el) header is
		specified.  The Errors-To: header violates RFC 1123.
		Errors-To: was only needed to take the place of the
		envelope sender in the days when most Unix mailers
		didn't understand about the two kinds of senders.
	Don't send warning messages in response to automatically generated
		messages (that is, those From:<>).
	CONFIG: fix some rather stupid typos in the mailertable code
		pointed out by Motonori Nakamura of Kyoto University.
	CONFIG: add confUSE_ERRORS_TO configuration option.
	CONFIG: if ALWAYS_ADD_DOMAIN is selected, try to use $M
		(masquerade name) instead of $j.
	CONFIG: don't add dots to relay names (added in 6.29); it breaks
		several things, and can be simulated by dot terminating
		the names of relays.  For example, use:
			DBbit.net.relay.
		(note the trailing dot).

6.63/6.32	93/06/01
	Fix prototypes to eliminate chars in argument lists -- some
		compilers are pissy about this.
	Log protocol ($r) and body type if set so we can determine if
		the adaptive algorithms are working.
	Pessimize on locking of database files (particularly for NEWDB
		databases) during opens.  There were problems with
		processes opening the file while it was rebuilt; since
		NEWDB caches heavily, the reader opened an empty file,
		which is an error.  If your system has the ability to
		lock atomically on open, this works properly; otherwise,
		there are race conditions.
	Check mod time on .pag file instead of .dir in NDBM aliases
		because the .dir file doesn't get updated for small
		alias files.  From John Gardiner Myers of CMU.
	More Solaris portability -- it now compiles on Solaris, but
		hangs up in gethostbyname().
	Move setting of RES_DEBUG flag before first myhostname() call
		so we can see name server traffic on that call.
	Fsync() queue files.
	Fix a problem that causes -bi to try to rebuild maps other than
		the alias file(s).
	Fix a problem that caused udb to reject entries from any but
		the first database listed.
	Rearrange doc subdirectory for 4.4BSD release tape.
	CONFIG: put $r into the Received line.  This was an oversight.
	CONFIG: fix typo (call to ruleset 99 should have been rulset 90).
	CONFIG: move "auxiliary" subroutines to be in ruleset 90-99
		range -- in the long run, single digit rulesets may
		become reserved for builtin use by sendmail.
	CONFIG: fix major problem that causes host aliases (that is,
		anything in $=w != $j) to not be recognized.  This has
		been around since 6.30.

6.62/6.31	93/05/28
	BETA RELEASE
	Fix recursive syserr (if there is an error printing a syserr
		message).  This makes the code much less eager to consider
		a write error as serious.  This also includes some
		heuristics to be clever about closed connections.
	Lock NEWDB files during gets.  This requires version 1.5 or later
		of the db library.  If you have an older version, you
		can use -DOLD_NEWDB.  This will go away in a few weeks.
	Fix problem causing aliases that use host maps to get overwritten.
	Do appropriate byte swapping on port numbers in ident protocol
		code.  Fix from Allan Johannesen of WPI.
	Defer opening of map files to the same time as alias files so that
		the daemon will tend to pick up new versions more promptly.
	Prototype a bunch more functions.
	Some Solaris 2.1 changes (still doesn't link though).
	Try to simplify Makefiles by including more subordinate #defines
		in conf.h (based on OS type).
	CONFIG: check for domains if FEATURE(mailertable) is defined.
		For example, if the host name is "knecht.cs.berkeley.edu"
		it will search the following mailertable keys:
			knecht.cs.berkeley.edu
			.cs.berkeley.edu
			.berkeley.edu
			.edu
		This could be used to replace the special relays for bitnet
		and similar nets.

6.61/6.30	93/05/24
	Fix problem that prevented appending dots on canonified host
		names.  This breaks tons of config files -- very
		important fix.
	Fix improper pointer dereference in response to HELO command.
	Fix core dump if debugging set in map_rewrite.
	CONFIG: add FEATURE(always_add_domain) to always attach the
		local domain (only impacts local mail).
	CONFIG: try to avoid turning names into $j -- although
		technically a host can only have one "canonical name",
		it seems to be common practice to have several.

6.60/6.29	93/05/22
	Major change: merge alias databases with maps.  This expands and
		changes the map class interface but fixes a bunch of bugs.
		The important user-visible change is that the file name
		in a K line now does not include the ".db" extension; this
		is added automatically.  Also, the -d (NIS domain) flag is
		missing from the K config line; use @domain instead.
		When compiling, the *_MAP names are gone -- just compile
		in NDBM, NEWDB, and/or NIS support.
	Announce mailer/host/user triple on -bv flag -- from Brian
		Bullen of Stirling University.
	Don't send more than one line in response to HELO -- it confuses
		Pony Express, which then behaves very badly.  However,
		this change does send two line 220 greetings, with the
		second line reading "ESMTP spoken here".  The usersmtp
		module recognizes this and goes into ESMTP mode regardless
		of the setting of the "a" mailer flag.  Thus, "a" means
		"always try EHLO".
	AIX portability changes (thanks to Christophe Wolfhugel of
		Herve Schauer Consultants (Paris) for providing me with
		an INSA account for this purpose).  Lightly tested.  Use
		-D_AIX3.  This probably breaks compatibility with some
		older systems (e.g., 4.2bsd) but still works on SunOS
		4.1.2, Ultrix 4.2A, HP-UX 8.07, OSF/1 T1.3, and AIX 3.2.3.
	Fix a problem causing an error message loop if the output channel
		is hosed.
	Add the Makefiles that I use for various environments -- some are
		Berkeley make versions and some are old make versions.
		My makefile for the NeXT box has gotten lost, alas!
	PRALIASES: support for printing NEWDB databases.  From
		Michael J. Corrigan of U.C. San Diego.
	CONFIG: don't pass pseudo-domains to $[ ... $] (if you have
		a wildcard MX it can have wierd results).  From
		Christophe Wolfhugel.
	CONFIG: dot terminate relay hostnames in S0.  From Christophe
		Wolfhugel.

6.59/6.28	93/05/13
	Log version with SMTP daemon startup message.
	Adjust setproctitle to work on NetBSD and BSD/386.
	Fix null pointer reference in MX fallback code.
	A bunch of minor fixes from Eric Wassenaar:
		If deliver cannot execv the mailer, return EX_OSERR
			instead of EX_TEMPFAIL (to give better
			error messages).
		Consistently malloc e_message.
		Catch degenerate case of calling returntosender()
			with an empty returnq.
		MIME reformatting.

6.58/6.28	93/05/13
	Fix bug that can cause incorrect verbose display of user smtp
		messages.
	Disable SMTP VERB command if PRIV_NOEXPN is set (since this
		could reveal the same information.
	Allow failure when reading SMTP greeting message to go on to
		next MX host.
	Add "MIME-Version: 1.0" header if using MIME (this was NOT
		included in RFC 1344, but Bill King of Allan-Bradley
		Company forwarded me email from Nathaniel Borenstein
		claiming that it was an inadvertent omission).
	Don't use Content-Type: X-message-header.  According to John
		Myers of CMU, many MIME readers will completely ignore
		the data if they don't recognize it.  Instead, just
		add a blank line to make it a legal (empty) message.
	Fix problem causing dots to keep getting appended to cached
		hostnames.  This can cause buffer overrun conditions.
		The problem was found by Erik Forsberg of Retix,
		although I used a different bug fix than he provided.
	Fix parsing of split header/envelope rewriting specs -- from
		Eric Forsberg.
	Fix from Eric Wassenaar to correct To: lists in error messages.

6.57/6.28	93/05/11
	Fix minor glitch causing extra ctladdrs to be output to queue
		file.  Just an annoyance.
	Cache results of name server canonification lookups to avoid
		backed up queue runs.
	Major rewrite of alias.c: considerable cleanup, plus sample
		(untested) support for NIS aliases.  The "A" option
		can now be a comma separated list (or be repeated) --
		that is, you can have multiple alias databases.  Each
		database can have the syntax ``class:file''; if no class
		is specified, the "implicit" class is assumed.  Implicit
		searches through a list of compiled in types -- hash,
		dbm, nis, and stab.  Alias files are searched in the
		order they are listed.  For example:
			OAhash:/etc/aliases.local,/etc/aliases
			OAnis:mail.aliases@my.nis.domain
		first searches the hash database /etc/aliases.local,
		then the regular /etc/aliases database, then the NIS
		map "mail.aliases" in the NIS domain "my.nis.domain".
	If in Verbose mode (probably from VERB command) run SMTP job
		in foreground and don't do RCPT optimizations.
	Add udb :mailsender as equivalent to owner- for regular aliases.
	Delete option 8; add option 7 that means the opposite.  That is,
		default to 8-bit mode; a special option is needed to
		force sendmail into 7 bit mode.
	Send error messages in encapsulated MIME format.
	New compile flag "NIS" that turns on NIS alias and NIS map
		support.
	Add "j" option to send error messages in MIME (RFC 1341)
		encapsulated message format per RFC 1344.  The
		syntax is pretty ugly if you don't have MIME-aware
		user agents.
	Clean up message handling (for display in mailq output).
	New setproctitle implementation for 4.4bsd.
	Create files (such as ~/dead.letter) using mode FileMode (the
		F option value) instead of 0666.
	Fix bug causing output of EXPN command to not be fully qualified.
		This may cause some problems with UUCP addresses that
		will require some config file assistance -- specifically,
		the $: part has to include the host name for this output
		to make sense.
	Fix a problem that sometimes diagnosed errors and still sent the
		message if the header syntax was bad.
	Fix a bug that caused an error message to be emailed when sendmail
		was operating in -bv mode.
	Add "ListenQueueSize" keyword to daemon options option (OO) to
		set the queue size parameter passed to listen().  You
		will normally have to tweak your kernel to up this.
	Strip spaces off of beginning of message-id before logging (in
		case it was folded across lines).
	Tweak compile flags in daemon.c -- there were some cases where
		it wouldn't work without NETINET.
	Change *file* mailer to output all the usual default headers
		(From, Date, Message-Id).  It gets used when sending
		back error messages.
	CONFIG: explicitly catch and diagnose list:; syntax in ruleset
		zero -- this is not a valid recipient syntax according
		to RFC 821.
	CONFIG: add confMIME_FORMAT_ERRORS to send error messages in
		MIME format.  Defaults to on.
	CONFIG: add SMTP_MAILER_FLAGS and UUCP_MAILER_FLAGS to augment
		the flags for those mailers.

6.56/6.27	93/05/01
	Fix problem that causes the fallback mail to postmaster
		(case ESM_POSTMASTER in savemail()) to not look at
		aliases (ugh).
	Some more HPUX tweaking (compile flag hpux => __hpux so it
		still works in ANSI mode).
	Don't try to flock non-regular files when mailing to a file.
		In particular, this was a problem if you tried to
		send to /dev/null.
	Fix a wierd bug that can cause senders to be queued as
		recipients if the name server is down when the mail
		is initially sent.  This hack just ignores sender
		deletion (essentially, it sets the MeToo flag) if there
		is a TEMPFAIL during processing of the sender address.
		Obscure.
	Fix a dangling else problem -- from Brian Bullen from University
		of Stirling, UK.
	Add the "b" mailer flag to force a blank line on the end of
		messages.  Some brilliant versions of /bin/mail insist
		on this but do not add it themselves.
	Add the "g" mailer flag to prevent user SMTP from sending
		"MAIL From:<>".  This is only intended to be a
		transitional gesture, and should not be used if at
		all possible.  It appears that Berkeley and IDA
		config files have always handled this properly; the
		UK config kit apparently does not.
	Don't lowercase and then capitalize header field names -- leave
		them with original capitalization.  Fixes from Bill
		King of Allen-Bradley Company.
	Further cleanup and improved reporting of error messages,
		particularly conditions that cause messages to be
		requeued for future delivery.
	Tweak syslog priorities in some cases.
	CONFIG: clean up route-addr on UUCP addresses.

6.55/6.25	93/04/27
	HPUX 8.07 compatibility changes in getla() -- I had to make
		these changes to get it to work at Berkeley, although
		others seem to have been working before (???).
	Various patches to XLA code.
	Fix problem that causes setuid bit on files to be ignored from
		SMTP or in queue runs.  Problem noted by Jason Ornstein
		of Under The Wire, Inc.
	Fix problem that can cause CNAMEs to be ignored.
	Generalize getmxrr to match local host in $=w instead of a
		single name passed in.
	Some cleanup from Eric Wassenaar:
		Use FileMailer instead of ProgMailer in two places.
		Eliminate duplicate 8th-bit stripping in commaize.
		Fix a problem with mis-parsing of backslash escapes
			under some circumstances.
	NIS map fix (was always including trailing null character)
		from Mike Glendinning of Ingres UK.
	Add "a" mailer flag to try using ESMTP.  It tries the EHLO
		command and if that fails falls back to regular SMTP.
		Also parses EHLO option keywords.  If host supports
		SIZE extension, this is added to the MAIL FROM:
		command.
	Extend "b" option to include a second value which is the
		maximum message size this server is willing to accept.
		For example, a value of "10/1000000" says that there
		must be ten blocks free, and sendmail will reject
		any message larger than one megabyte.
	Some portability hooks for NeXT (this could be applicable
		to Mach in general).  You have to create an empty
		file called "unistd.h" to get it to compile.
	Adjust config values (MAXLINE, MAXATOM, and PSBUFSIZE) to
		be more generous.
	Add X400-Received: to the list of headers tagged with H_TRACE
		in conf.c.  From Bill King, Allen-Bradley Co.

6.54/6.25	93/04/19
	Fix problem that caused redefinition of SMTP and QUEUE compile
		flags.  Pointed out by Jon Forrest of the Sequoia 2000
		project at Berkeley.
	Properly handle \! hack -- it was treating host\!user as one
		token (host!user) instead of three (host, !, user).
		Fix from Eric Wassenaar of NIKHEF-H.
	Fix compilation problem in getauthinfo() if IDENTPROTO is off.
	Turn off DEFNAMES and DNSRCH when getting the hostsignature
		(i.e., MX records) in level 1 configuration files; this
		matches the old behaviour.  From Motonori Nakamura of
		Kyoto University.
	Improve error message printing -- if sent through an alias,
		error messages include the name of the alias in the
		message.  Unfortunately, in order to make this work
		properly in queue runs, this changes the format of the
		C line in the qf file.  The relatively uselessness of
		the previous information was pointed out to me by
		Allan E Johannesen of WPI.
	Add XLA compile flag to add hooks to Christophe Wolfhugel's
		extended load average code.  This is still in very early
		form.  For information regarding the guts of the xla
		code, contact Christophe.Wolfhugel@grasp.insa-lyon.fr.
	Additional hooks for detecting tempfails in rewriting rules
		(that is, in map lookups).

6.53/6.25	93/04/15
	Properly diagnose ruleset zero returning null (instead of a mailer
		triple).  From Motonori Nakamura of Kyoto University.
	More generalization of socket code for other protocols.
	Shorten timeouts on reverse name lookups -- since they are done
		during connection establishment, long timeouts here can
		cause higher level timeouts.  This mainly serves to accept
		mail from hosts that do not have proper reverse (PTR) DNS
		records set up.
	Reset e_statmsg before each mailer invocation to avoid bogus
		messages in the log.
	Redefine $r, $s, and $_ in error envelopes so you don't get
		incorrect cruft in the error message.  Problem noted by
		Motonori Nakamura of Kyoto University.
	Fix a problem that can cause failure to return errors to Postmaster
		in certain cases.  From Motonori Nakamura.
	Fix a problem that can cause some systems to give duplicate error
		messages when a bad syntax address such as "<a" is presented
		to an SMTP server.   It doesn't seem to occur on all
		machines.  From Motonori Nakamura.
	Default IDENTPROTO off for Ultrix and HPUX, which apparently have
		the interesting "feature" that when they receive a "Host
		unreachable" message they closes all open connections to
		that host.  However, some firewall gateways send this message
		if you try to connect to an unauthorized port, such as the
		IDENT port (113).  Thus, no email can be received from such
		hosts.  There is some evidence that versions of Ultrix before
		4.3 do not have this problem.  Thanks to Tom Ivar Helbekkmo
		for pointing out this behaviour to me and to Michael Corrigan
		of U.C. San Diego for informing me about the HPUX problem.
	Allow IPC mailers to return a colon-separated list of hosts in the
		$@ clause; these are searched in order as though they were
		MX records.
	When sending an error report, print the list of addresses tagged
		as bad.  Requested by Allan E Johannesen of WPI.
	Change map function calls to return a status code.  This gets
		passed back as the result of rewrite.  Parseaddr marks
		the address as a QUEUEUP address if the return code is
		EX_TEMPFAIL.  All this to queue properly if the name
		server is down.  This code is not well tested.  This code
		changes the interface to map lookup functions (a fifth
		parameter, int *statp, is added).  Feature requested by
		Dan Oscarsson.
	Don't delete quotes (in the dequote map) if there are spaces in
		the string, since this would cause them to be replaced by
		the SpaceSub character.
	Accept BODY=8BITMIME on SMTP MAIL command.  This isn't advertised
		because the 8BIT to 7BIT translation doesn't exist yet.
		This does add a "bodytype" field to both envelope and
		queue file and a -B command line flag to pass the type in
		during direct invocations.
	Discard return error messages only on responses to responses to
		responses, not on responses to responses.  That is, the
		algorithm is to try return to sender, then return to
		postmaster, then discard.  Previously it discarded
		immediately if the return to sender pass failed.
	CONFIG: back out change to hide unqualified hostnames behind %-hack.
		This screws up local aliases and .forward files.
	CONFIG: add FEATURE(nocanonify) to turn off calls to $[ ... $];
		some sites only handle completely canonified names.
		Requested by John Gardiner Myers of CMU.
	CONFIG: some UUCP code was still included even if FEATURE(nouucp)
		was specified.

6.52/6.24	93/04/10
	Clean up some minor glitches on error return messages pointed out
		by Motonori Nakamura of Kyoto University.
	Fix reply() to not reset SmtpReplyBuffer on fatal errors; this
		was supposed to reset SmtpMsg Buffer.  This makes the
		client side code virtually useless.  Reported by Allan
		E Johannesen of WPI and Phil Brandenberger of Swarthmore.
	Better debug messages if fuzzy is disabled, suggested by Allan
		E Johannesen of WPI.
	Offset SmtpReplyBuffer by four in usersmtp when checking for
		loopback.  From Eric Wassenaar.
	Don't set $s until after runinchild in srvrsmtp -- otherwise
		it gets cleared.  From Eric Wassenaar.
	Implement IDA-style $&x for deferred macro expansion.
	More POSIX compatibility.
	CONFIG: Hide unqualified hostnames behind %-hack using $s as the
		actual sender.  This is only done if $r is non-null, that
		is, if this is not locally submitted mail.
	CONFIG: Add FEATURE(bitdomain) allowing mapping of BITNET host
		names to internet domains.  A program contributed by
		John Gardiner Myers of CMU to create the maps is included
		in the contrib directory (in the "misc" tar file).
	CONFIG: Add FEATURE(uucpdomain) for a similar mapping for UUCP
		hosts.  There is currently no tool to create this map.

6.51/6.23	93/04/04
	Add D= mailer flag to specify a path of possible working directories
		in which to execute the mailer.  This is intended for the
		prog mailer; some shells can get upset if they don't have
		access to the current directory.
	Add RFC 1413 (IDENT) protocol support.  This is only very loosely
		tested.  This adds a $_ macro to be the authenticated
		info (in ``user@domain [address]'' form) and debug flag
		9 to trace the protocol.
	Check for loopbacks in usersmtp instead of srvrsmtp -- there is no
		reason for a local agent to not be talking to the localhost
		(although the inverse is not true).
	Add a few hooks for automated map rebuilding.  This is certainly
		not done yet.
	CONFIG: Have prog mailer specify a path of ``D=$z:/'' -- that is,
		user's home directory then the root.
	CONFIG: Log RFC 1413 identification in Received: line.

6.50/6.22	93/04/01
	Fixes to requeueing code to make it compute priority, nrcpts,
		and the like properly.

6.49/6.22	93/04/01
	Diagnose incorrect privacy flags.  Suggested by Bryan Costales
		of ICSI.
	Some ANSI C fixes.
	Arrange to quote backslashes as well as other special characters
		in the phrase part of a route-addr.
	Some fixes to FallBackMX code suggested by Motonori Nakamura of
		Kyoto University.
	More vigorous zeroing of CurHostAddr to avoid logging of bogus
		host addresses when you are actually just printing
		information from the MCI structure; problem noted by
		Michael Corrigan of U.C. San Diego.
	Don't ignore rest of queue if any job is not runnable.  This can
		also cause an incorrect job to be lost.  Fix from
		Eric Wassenaar.
	Always respond "quickly" to RCPT command; do alias expansion and
		the like later.  This also means that mail for lists that
		have errors will be acccepted, and an error sent back
		later.  This is done by instantiating the queue file
		and then immediately running and requeueing it.

6.48/6.22	93/03/30
	Fix incorrect diagnosis of infinite loop in ruleset.  Problem noted
		by several people.
	Improve information printed when infinite loops are discovered.
	Zero CurHostAddr to fix erroneous internet addresses in log when no
		addresses can be bound.  Pointed out by Motonori Nakamura
		of Kyoto University.
	"Probe" SMTP connections using RSET instead of NOOP "just in case".
		Suggested by John Gardiner Myers of CMU.
	Don't warn about -f if you are setting sender to yourself.

6.47/6.22	93/03/29
	Fix incompatible call to endmailer in smtpquit which causes core
		dumps.  Noted by Allan E Johannesen of WPI.
	HPUX portability changes from Michael J. Corrigan of UC San Diego.
	Require MAIL before RCPT command in srvrsmtp.c.  This had been
		intentional from the 821 draft days when the order wasn't
		clear, but is silly now.
	Fix bug in nis_magic routine that was initializing parameters
		incorrectly.  Fix from Takahiro Kanbe of Fuji Xerox
		Information Systems Co., Ltd.
	Change default for PrivacyFlags in conf.c to 0 -- since it always
		"or"s in new values, there was no way to turn off the
		AuthWarning stuff.
	Add O option to set SMTP daemon options.
	Add V option to set fallback MX host.  This always sorts at lower
		priority than anything it gets from the name server.  It
		should only be used for environments with very bad network
		connectivity.  Requested by several people.
	Log sending info.  It's not clear this is a good idea.
	CONFIG: fix typo in mailertable code.  Noted by Phil Brandenberger
		of Swarthmore.
	CONFIG: add confDAEMON_OPTIONS and confFALLBACK_MX to set options
		O and V, respectively.

6.46/6.21	93/03/26
	Fix botch in server SMTP that broke transactions that did not
		use HELO first (like MH).  Fix from Michael Corrigan
		of U.C. San Diego.
	Fall back to other MX records if there is an error anywhere
		in delivery (actually on MAIL or DATA -- RCPT is harder).
		Suggested by John Gardiner Myers and Motonori Nakamura.
	Revert to non-prototypes -- it turns out that our ANSI C
		compiler is more forgiving than most others about
		mixing prototyped extern declarations with non-prototyped
		function definitions.
	Fix a problem with multi-word class matching pointed out by
		Neil Rickert.  Given:
			CX b a.b.c
			R$+ $=X $+	$: $1 < $2 > $3
		the input "user@a.b.c" failed instead of being properly
		rewritten as "user@a.<b>.c".
	Neil also convinced me that it was correct that $~ should match
		only one token -- the problem is that it's always possible
		to add another token, so $~ matches far too eagerly.

6.45/6.21	93/03/25
	Implement multi-word classes (properly!).

6.44/6.21	93/03/25
	Add X-Authentication-Warning: headers to clue users into possible
		attempts to forge mail.  This is on the authwarnings
		privacy flag, but is the default.  Suggested by Bryan
		Costales of ICSI.
	Pass default units for convtime in so they can be more reasonable.
	Allow config files to always add a new Comments: header (i.e.,
		they will be added even if an old one already exists).
		Suggested by Bryan Costales of ICSI.
	Allow config files to delete an existing Return-Path: header.
		These should only be added at final delivery.  Suggested
		by Bryan Costales of ICSI.
	Some debugging additions.  Suggested by Bryan Costales of ICSI.
	Clean up logging of Family 0 addresses.  Noted by David Muir
		Sharnoff and others.
	Add a "dequote" map class.  This allows config files to strip
		quotes off of addresses.  Note that this is not a builtin
		map, just a class -- so you have to define the map
		using the K line.
	Fix a bug in the queueup() loop getting a locked tf where in
		very odd cases it can fall off the bottom and core dump.
		Of course, it was P{r Emanuelsson who found it....
	Open a new transcript when splitting an envelope.  Problem found
		by Allan E Johannesen of WPI.
	Improved error output in endmailer if the mailer core dumps.
	CONFIG: Fix typo in UUCP mailer definition.
	CONFIG: Default several of the new options on: eight bit input,
		privacy flags set to "authwarnings", and message warning
		set to 4h.
	CONFIG: Use dequote map.

6.43/6.20	93/03/23
	Fix problem with assumption of an sa_len field in a generic
		sockaddr -- it turns out that most vendors haven't
		picked up this (very important) fix.
	Change compilation flags for daemon code -- select one or both
		of NETINET or NETISO, but don't ever set DAEMON manually.
	CONFIG: add FEATURE(mailertable) to do IDA-style mailertables.

6.42/6.19	93/03/19
	Use Postmaster as default fallback return address, not root.
	POSIX changes for file descriptor handling.
	Diagnose errors writing new queue file.
	If you change the owner using an owner- alias, also change the
		error mode to EM_MAIL so that errors don't get dropped
		into an inappropriate directory.  Problem noted by
		Allan E Johannesen of WPI.
	If you are su'ed to root, send email as who you really are, not
		as root.  From Brian Kantor of U.C. San Diego.
	Allow warning messages to be sent after a configurable interval
		has passed without delivery.  The message is sent only
		once per envelope.  This changes the format of the qf
		file to have an F line, and the format of the T option
		to accept take the format "return/warn" (both intervals).
	Don't force all local names to lower case -- this was left over
		from the wierd handling of case mapping on aliases.  It
		is now driven (as expected) by the "u" mailer flag.
		Problem noted by P{r Emanuelsson.
	Fix problem that caused headers on returned email to be trashed;
		they were getting freed, but are still accessible via
		BlankEnvelope.
	Fix problem that caused bogus ids to be created on returned
		mail.
	Add support for ISO and other non-INET networking.  This is by
		no means finished yet.  This does assume a lot of other
		system support, like a version of gethostbyname that
		returns non-AF_INET addresses.
	CONFIG: change default on prog mailer to keep upper case in
		user names (i.e., in the program command line).
	CONFIG: strip trailing dots off of hosts in uucp mailer before
		convert to bang format.
	CONFIG: create new "relay" mailer for $R (LOCAL_RELAY) and $H
		(MAIL_HUB) delivery that doesn't add local domain.  Note
		that this violates 821, but is probably "more correct"
		for what we are trying to do.  Problem pointed out by
		Michael Graff of Iowa State.

6.41/6.18	93/03/18
	Clean up unnecessary creates of queue ids (i.e., empty qf files)
		when not needed, such as when starting up an SMTP
		connection.
	Fix problem where split envelopes aren't instantiated in the queue.
		This is quite a serious bug.
	Owner- aliases had problems with leading spaces causing a
		premature delimitation.

6.40/6.18	93/03/18
	Have ending 250 (after DATA) include the id; suggested by
		Brian Kantor of UC San Diego.
	Add logging on envelope splitting.
	Change queue ids to have one more letter encoding the hour of
		the day so that during a single day there is a greater
		likelihood of uniqueness; requested by Brian Kantor.

6.39/6.18	93/03/18
	Fix minor compile problem if LOCKF is defined.
	Define size of tobuf in conf.h.  Observed by Toshinari Takahashi
		of Toshiba.
	Restore e_sender -- this is equivalent to e_from.q_paddr without
		decorations such as angle brackets and comments.
	OSF/1 on Alpha changes from Allan E Johannesen of WPI.
	CONFIG: fix typo in S3 for list syntax (;: => :;).  Thanks to
		Christopher Hoover for noting the problem.

6.38/6.17	93/03/17
	Pass envelope to disconnect to avoid another use of CurEnv, which
		can apparently end up being null at inopportune times.
	Log "received from" as "relay=" for consistency (suggested by
		John Gardiner Myers).
	Fix major bug in header handling:  if no From: line existed in
		the header (so sendmail inserts one), and the sender is
		an alias that has an owner, the From: line shows the
		owner (as well as the envelope).  Fixed by early binding
		the headers (which will change debugging output).
	HPUX portability patches from Michael J. Corrigan of UC San Diego.
	Some attempts to adapt better to out of open file conditions.
	Some changes to ctladdr handling in queue files.

6.37/6.17	93/03/16
	MAJOR CHANGE:  delete e_sender and e_returnpath (why are these
		different from e_from?) and $< macro.
	Log correct IP address in relay= field even if the connection
		times out.
	Log "received from [RESPONSE]" on EF_RESPONSE messages (from
		John Gardiner Myers).
	Fixes to SysExMsg logging (sometimes just got "message: %s"
		instead of "message: error message"), noted by Eric
		Wassenaar.  Also reported by Motonori Nakamura.
	Improvements to MX piggybacking code, from Motonori Nakamura.
	Fix case where CurHostName points to an auto variable that has
		been deallocated (from Motonori Nakamura).
	Fix bug causing newlines to be included in aliases if option
		"n" (check alias RHS) is set; bug noted by David Muir
		Sharnoff.
	Fix problem causing user names that should be mapped to lower
		case to not be mapped if they are sent during a queue
		run.  This greatly simplifies the case mapping code.
		Problem noted by Allan E Johannesen of WPI.
	Don't do recipient address rewriting in buildaddr.  This
		improperly did recipient rewriting on sender addresses,
		and just seems bogus in general -- but the change could
		break some .cf files.
	Pass TZ envariable to child processes for System V.
	CONFIG: allow LOCAL_RULE_1 and LOCAL_RULE_2 if you want to
		define those rulesets.
	KNOWN PROBLEM:  I have seen some problems on SunOS that causes
		the User Data Base to give errors on some addresses.  I
		have tracked the problem back at least as far as 93.02.15
		(version 6.22).  Running with debugging on makes it
		go away, so I conclude that it is referencing uninitialized
		stack data.  I haven't been able to track this down yet.

6.36/6.16	93/03/08
	Allow local mailer to specify $@host -- this lets you assign the
		"foo" part of jgm+foo to $h for passing in to the local
		mailer.
	Additional debug printing in getcanonname (show query type).
	Don't add the e_fromdomain on sender addresses -- this interacts
		wierdly with the owner- code.
	Improve delivery logging to not log obvious or meaningless stuff.
	Include numeric IP address in Received: lines per RFC 1123 section
		5.2.8.
	Fixed a bug in checking stat() return value if restrictmailq is
		set.  Also, check the entire group set instead of just the
		primary group.  Both from John Gardiner Myers.
	Don't have usrerr automatically print errno, since this is often
		misleading.
	Use transienterror() in makeconnection after connect() fails and
		in openmailer after execve() fails (from Eric Wassenaar).
		Also moved transienterror() from util.c to conf.c.
	Clean up from= logging on response messages.
	Undo patch allowing prescan to return a null vector -- it breaks
		too many things.
	Config: FEATURE(notsticky) lets you use UDB for everything coming
		in to the machine, even if it is specifically targetted
		to this machine.  Without it, UDB is bypassed if the user
		name is fully qualified.
	Config: fix another minor botch with <> (local mailer wasn't
		mapping them properly).

6.35/6.15	93/03/05
	Fix getrealhostname to return null if sinlen <= 0 -- this can
		occur if stdin is a pipe.
	Avoid infinite loop in getcanonname if name server return
		NO_DATA (for example).
	Config: avoid having C flag qualify list syntax and error syntax.

6.34/6.14	93/03/05
	Fix logging in deliver to not pass too many parameters to Ultrix
		versions of syslog.
	Don't write the pid file until after the daemon has actually
		opened and conditioned the connection.
	Consider addresses "different" if their q_uids differ (so that
		two users forwarding to the same program will be seen
		as different, rather than the same).
	Fix problem with bad parameters in main() -- they set ExitStat
		but don't exit.
	Fix null pointer references through RealHostName -- painfully
		discovered by Allan E Johannesen of WPI.
	Fix bug causing user@@localhost to core dump (yuch).
	Config: don't put two @host.dom.ain on users in $=E in SMTP
		mailer.  Also, catch user@ (no host) in ruleset 0.

6.33/6.13	93/03/03
	Config: add confCW_FILE as the name of the cw configuration file
		(defaults to /etc/sendmail.cw).  From P{r Emanuelsson.
	Allow prescan to return a pointer to an empty list -- this is
		not an error.  Also, clean up error reporting to avoid
		double errors (prescan reports once, then the caller
		reports again).
	Changes to avoid trusting T_ANY queries -- run them, but if you
		don't get the info you expected, do T_A and T_MX queries
		anyhow.  This also fixes an oversight where _res.options
		bits were being ignored.
	If PRIV_NOVRFY is set, use 252 response code instead of 502 per
		RFC 1123 section 5.2.3.  It's not 100% clear that this
		is correct, but it probably works better with stupid
		mailers that do a VRFY and only check the first digit.

6.32/6.12	93/03/02
	Fix uninitialized variable "protocol" in smtp code.
	Include <unistd.h> in sendmail.h -- move towards POSIX/ANSI.
	Additional hooks for RFC 1427 (ESMTP SIZE extension).  This
		includes requiring that enoughspace() know the system
		block size, which will undoubtedly break most ports.
	Trace flag 19 in use for srvrsmtp.c.
	Additional logging -- notably the sending mailer name.  This
		also changes the delivery logging to strict field=value
		syntax.
	Fix some problems with messages getting sent even to addresses
		that had been marked bad -- from Eric Wassenaar.
	More WIDE changes: accept host name inside [...] as non-MXed
		host.  This is intended ONLY for use inside firewalled
		environments, where the MX points at the gateway.
	Change .cf file conventions so that mapping for <> addresses
		don't have an @ in them (to avoid confusing the C mailer
		flag).  Pointed out by Neil Rickert.
	Config extensions for Sam Leffler's FlexFAX software.

6.31/6.10	93/02/28
	Fix some more bugs in alias owner code -- there were some wierd
		cases where an error in a non-aliased name would override
		the return info in an aliased name with an owner.
	Changes from WIDE Project, forwarded to me by Motonori Nakamura:
		Log actual delivery host (after MX et al); from
			yasuhiro@dcl.co.jp.
		Log daemon startup.
		Deliver Postmaster copies without a body.
		Better logging of SMTP senders.
		Send all program email as daemon even when local.
	As requested in various forms from many people, accept -qIstring
		to limit queue runs to jobs with queue-id matching string.
		Similarly for -qRstring for recipients, -qSstring for
		senders.
	Initial hooks for ESMTP support (see RFC 1425).
	Fixed a syntax error in the UUCP mailer specification that caused
		core dumps on startup.
	Check for missing A= or P= arguments in mailer definitions.

6.30/6.10	93/02/27
	Require FROZENCONFIG compilation flag to include frozen
		configuration code.  Frozen configuration is really
		not a very good idea any more, particularly in shared
		library environments.
	Do better checking of errno after opens of :include: and .forward
		files to defer delivery on network and other transient
		errors.  Suggestion from Craig Everhart.
	Fix minor botch in read timeout macro processing.
	Add FEATURE(nouucp) to config files for sites that know absolutely
		nothing about UUCP.
	Add built cf files to distribution tape and clarify how to build
		them if you don't have the Berkeley make.
	Some sizeof(long) portability changes for the Alpha, from Allan
		E Johannesen.
	Add "restrictmailq" privacy flag -- if set, only people in the same
		group as your queue directory can print the queue.  If you
		set this, be sure you also restrict access to log files....
	Fix another bug in owner-list stuff that can cause data files to
		be "lost".
	Fix a bug with queue runs that cause forwards to yourself to go
		into alias/forwarding loops.  I'm still iffy about this
		fix.
	Fix from Eric Wassenaar for suppression of return message code.

6.29/6.9	93/02/24
	Fix yet another problem in alias owner code -- put the wrong return
		address on the enclosed return-to-sender letter.

6.28/6.9	93/02/24
	Fix botch in alias owner code that caused it to not operate if the
		error was detected locally.

6.27/6.9	93/02/24
	M_LOCAL => M_LOCALMAILER to avoid conflict with Ultrix include
		file <sys/mount.h>.
	Miscellaneous bug fixes from Eric Wassenaar:
		sendmail -bv -t logs the from line even though in verify
			mode only.
		sendmail -v can go into queue mode if shouldqueue returns
			TRUE.
	Add route-addr pruning per RFC 1123 section 5.3.3.  This can be
		disabled using the "R" option.
	Delete (always undocumented) -R flag (save original recipients);
		there are ways to syslog(3) these now.
	Clean up SMTP reply codes -- specify them as needed in the code,
		instead of in conf.c -- this was needed during the NCP to
		TCP transition, but seems silly now.  This also changes
		parameters to message and nmessage.
	Have mailstats read the .cf file to find the sendmail.st file and
		get text versions of mailer names.  An initial version of
		this code was provided by Tuominen Keijo (although the
		comments indicate the good bits were written by "E.V.").
	Add yet more System V compatibility hacks.
	Fix bug in VRFY code (assumes everything must be a local user).
	Allow specification of any of the hard-wired pathnames in the
		Makefile.
	Delete concept of "trusted users" -- this really didn't provide
		any security anyway, and caused some problems.
	Delete last vestige of support for the word "at" as an equivalent
		to the character "@".
	Propagate owner-foo alias information into the envelope sender.
		Based on code from John Gardiner Myers.  This is a major
		semantic change -- beware!
	Allow $@ on LHS to indicate "match zero" -- this is used to match
		the null expression.

6.26/6.8	93/02/21
	Don't "lose" queue runs.  Very important fix from (who else?)
		Eric Wassenaar.
	Completely reset state on RSET command -- from Eric Wassenaar.
	Send error messages and return receipts using an envelope sender
		of <> regardless of the setting of $n.  Rewriting rules
		can undo this if they feel the necessity, as might be
		needed for networks that don't understand the syntax.
		This is permitted by RFC 821 section 3.6 and required by
		RFC 1123 section 5.3.3.  THIS REQUIRES VERSION 4 CONFIG
		FILES because the rulesets must be able to parse <>
		properly.
	Don't ever send error messages to "<>" -- they will get sent to
		the local postmaster or dumped in /usr/tmp/dead.letter
		instead.  Per RFC 1123 section 5.3.3.
	Explicitly check for email to yourself as a dotted quad.  You
		have to call $[ [ ... ] $] to get this.
	Up the message timeout to five days per RFC 1123 section 5.3.1.1.
	Make all read timeouts individually configurable, as strongly
		recommended by RFC 1123 section 5.3.2.
	Use f_bavail (blocks available to regular users) instead of f_bfree
		(blocks available to superuser) in free block checks.
	Change $d macro to be the current time, not the origination time,
		since this is consistent with how it is used now.
	Generalization of enoughspace from Eric Wassenaar covering
		SGI, Apollo, HPUX, Ultrix, and SunOS.
	Ignore process group signals -- some front ends can do this if
		you kill a window too quickly.  From Eric Wassenaar.
	Change umask to 022.

6.25/6.8	93/02/20
	Close all cached connections before calling mailers and after
		forking for delivery (caused double closes which resulted
		in false errors).
	Add FEATURE(redirect) in config files -- this allows you to alias
		old addresses to a pointer to the new address that will
		give a 551 error message, but not deliver the mail.
	Some code changes to make the 551 errors look pretty.
	Names of M4 program paths in config files have changed -- they
		are all XXX_MAILER_PATH now, to match XXX_MAILER_FLAGS.
	Fix a bug in the QSELFREF code having to do with empty .forward
		files, reported by Eric Wassenaar.
	Add option "p" (privacy flags); this allows you to tune how
		picky the SMTP server will be.  This also adds the
		confPRIVACY_FLAGS M4 macro in the config files.
	Add option "b" (minimum blocks free).  If there are fewer than
		this number of blocks free on the filesystem containing
		the queue directory, the SMTP MAIL command will return
		a 452 response and ask you to try again later.  This
		also adds the confMIN_FREE_BLOCKS M4 macro in the config
		files.
	Made VRFY just verify (doesn't expand aliases and .forward files);
		EXPN does full expansion.  RCPT in queue-only mode also
		doesn't chase aliases and .forward.

6.24/6.7	93/02/19
	Increase the number of domain search entries in domain.c to allow
		for the extra "" entry indicating the root domain.
		Reported by Motonori Nakamura of Kyoto U.
	Add a "SMART_HOST" in the configs for UUCP-connected sites that
		want to forward all mail with extra "@"s to that site.
		Also allows SMART_HOST, LOCAL_RELAY, and MAIL_HUB to
		be specified as ``mailer:hostname'' to use an alternate
		mailer.
	Clarified and updated some wording in the Operations Guide.
	Add the "c" mailer flag -- this suppresses all comment parts of
		addresses (requested by John Curran of NEARnet).
	Have -v print prompts in -bt mode even if stdin is not a terminal
		(default behaviour is to be silent if not reading from
		a terminal).  Suggested by Bryan Costales, ICSI.
	Move the metacharacters from C0 space (\001-\037) into C1 space
		(\201-\237).  This also fixes a bunch of potential bugs
		with G1 characters (\240-\276) in headers relating to
		negative numbers passed to isspace() et al.
	Add YP_LAST_MODIFIED and YP_MASTER_NAME to DBM version of alias
		database if YPCOMPAT is #defined.  Enhancement from
		Takahiro Kanbe of Fuji Xerox Information Systems Co., Ltd.
	Add "list" Precedence (-30); this can be used with old sendmails
		which will map to precedence 0 (which will return error
		messages).  Suggested by Stephen R. van den Berg.
	Many bug fixes from Eric Wassenaar of the National Institute for
			Nuclear and High-Energy Physics, Amsterdam:
		Clear timeouts properly on open failures in include().
		Don't dereference through NULL if no home directory found.
		Re-establish SIGCHLD signal on System 5 in reapchild().
		Avoid NULL pointer reference on -pFOO flag.
		Properly handle backslash escapes in comments.
		Correctly check reply status on SMTP NOOP command.
		Properly save SMTP error message if peer gives
			"Service Shutting Down" message.
		Avoid writing to the transcript if it couldn't be opened.
		Signal errors in SMTP children to parent properly.
	Handle self references in a list more globally (include a
		QSELFREF bit in the address flags).  This enhancement
		was suggested by Eric Wassenaar.
	Use initgroups() in hpux, even though it's System-V based.  The
		HASINITGROUPS compile flag can set this on other systems.
		This HPUX behaviour was pointed out by Eric Wassenaar.

6.23/6.6	93/02/16
	Clean up handling of LogLevel to make it easier to figure out
		what's on what level.
	Change log levels to have some consistency:
		1    serious system failures, security problems
		2    lost communications, protocol failures
		3    other serious failures
		4    minor errors
		5    message collection
		6    vrfy logging, creation of return-to-sender
		7    delivery failures
		8    delivery successes
		9    delivery tempfails (queue ups)
		10   database expansion
		>64  debugging
	Allow IDA-style separated processing on S= and R= in Mailer
		definition lines.  Note that rulesets 1 and 2 are
		still used for both addresses as before.  Bruce Lilly
		gave a convincing argument that RFC976 insists on
		this behaviour.
	Added some time zones to arpatounix -- they may not be in the
		standards, but they are in use.  However, I may delete
		arpatounix entirely -- there appears to be no reason
		for it to exist.
	Change to UUCP mailer (in cf directory) to try to do a saner job.
		I'm still not certain about this mailer in general.

6.22/6.5	93/02/15
	Fix bug that prevents saving letters in ~/dead.letter.
	Don't add angle brackets in VRFY command if angle brackets already
		exist in the address.
	Fix bogus error message in udbexpand.
	Null terminate host buffers in buildaddr (broken in 6.21) --
		IMPORTANT FIX!!

6.21/6.5	93/02/15
	Fix another incorrect error message in alias.c, found by Azuma
		Okamoto.
	Fix a couple of problems in the more-configurable config files,
		found by Tom Ivar Helbekkmo.
	Fix problem with quoted :include: entries.
	Don't duplicate the filename on verbose printing of .forward and
		:include: contents.
	Extend size of prescan buffer (to allow bigger addresses).  Also,
		detect some buffer overflows.
	Log user SMTP protocol errors (log level 4).

6.20/6.4	93/02/14
	Fix another problem in the MCI state machine caused when there
		were errors generated from the other end to commands
		other than RCPT.

6.19/6.4	93/02/14
	Include load average support for DEC Alpha running OSF/1.
	Fix multiple-response problem with errors in MAIL From: line.
	Fix SMTP reply codes for invalid address syntaxes (give 501;
		never give multiple error messages for a single message).
	Fix problem where a cached connection timeout rejects all
		later connects to that host.
	Fix incorrect error message if alias.c is compiled with DBM only.
	Additional changes to fix nested conditionals (from Bruce Lilly).
	Recover more gracefully from operating system failures, particularly
		NULL returns from openmailer (from Noritoshi Demizu,
		OMRON Corporation).
	Log forward, alias, and userdb expand operations on log level 10;
		concept suggested by P{r (Pell) Emanuelsson.
	Changes for HPUX 8.07 compatibility.

6.18/6.4	93/02/12
	Allow any config option to be set using an M4 define.
	Change UNAME compile flag to HASUNAME for IDA compatibility
		(besides, it's a better name).
	Note in README that on SunOS it must be linked -Bstatic.
	Fairly major change in domain.c to handle wildcard MX records
		more rationally.  NOTE: the "w" option (no wildcard MX
		records match local domain) has been eliminated.
	Fix some unset variable references pointed out by Bruce Lilly.
	Fix host name in process titles when using cached connection.

6.17/6.3	93/01/28
	Fix System 5 compatibility changes to be compatible with the rest
		of the world.

6.16/6.3	93/01/28
	Experimental fix for problem handling errors in the SMTP
		protocol in conjunction with connection caching.
	System 5 compatibility changes.

6.15/6.3	93/01/26
	Fix a bug that causes local mail delivered using -odq to be
		eliminated as a duplicate (because it matched the
		ctladdr, now passed in as a C line).  These changes
		are pretty tricky......

6.14/6.3	93/01/25
	Add debugging for some MCI errors.

6.13/6.3	93/01/22
	Fix -e compatibility flag to take a value.
	Fix a couple of minor compilation warnings on Sun cc.
	Improve error messages in a few cases to be more self-explanatory.

6.12/6.3	93/01/21
	Fix yet-another problem with environment handling, pointed out
		by Yoshitaka Tokugawa and Tom Ivar Helbekkmo.
	Some heuristics to try to limit resource exhaustion problems
		if a downstream host has been down for a long time.
	Fix problem with incorrect host name being logged in "Connection
		timed out" messages (from Tom Ivar Helbekkmo).
	Fix some ANSI C problems (from Takahiro Kanbe).
	Properly log message sender on returned mail during queue run.
	Count number of recipients properly.
	Fix a problem in yp map code.
	Diagnose "message timed out" (from Motonori Nakamura).

6.11/6.3	93/01/20
	Fix problem with address delimitor inside quotes.
	Define $k and $=k to be the UUCP name (from the uname call)
		based on code from Bruce Lilly.

6.10/6.2	93/01/18
	Implement arpatounix (largely code from Bruce Lilly).
	Log more info (suggested by John Myers).
	Allow nested $?...$|...$. (inspired by code from Bruce Lilly of
		Sony US).
	POSIX compatibility (noted by Keith Bostic).
	Handle SMTP MAIL command errors properly (urged by several people,
		notably John Myers of CMU).
	Do early diagnosis of .cf errors (notably referencing a RHS
		substitution that isn't on the LHS).
	Adjust checkpointing to better handle batched recipients, suggested
		by John Myers.
	Fix miscellaneous bugs.
	(config files:)  Implement MAIL_HUB for all local mail (to handle
		NFS-mounted directories) as urged by Tom Ivar Helbekkmo
		of the Norwegian School of Economics.

6.9/6.1 	93/01/13
	Environment handling simplification/bug fix -- child processes
		get a minimal, fixed environment.  This avoids different
		behaviour in queue runs.
	Handle commas inside comments properly.
	Properly limit large messages submitted in -obq mode.

6.8/6.1		93/01/10
	Check mtime of thaw file against .cf and sendmail binary, based on
		code from John Myers.

6.7/6.1		93/01/10
	MX piggybacking, based on code from John Myers@CMU.
	Allow checkcompat to return -1 to mean tempfail.
	Bug fix in m_mno computation.

6.6/6.1		93/01/09
	Tuning of queueing functions as recommended by John Gardiner Myers.
	Return mail headers (no body) on messages with negative precedence.
	Minor other bug fixes.

6.5/6.1		93/01/03
	Fix botch causing queued headers to have ?XX? prefixes.

6.4/6.1		93/01/02
	Changes to recognize special mailer types (e.g., file) early.

6.3/6.1		93/01/01
	Pass timeouts to sfgets.
	Check for control characters in addresses.
	Fixed deferred error reporting.
	Report duplicate aliases.
	Handle mixed case recursive aliases.
	Misc bug fixes.

6.2/6.1		92/12/30
	Put return-receipt-to on a conf.c flag (but don't set it).
	Fix minor syslog problem.