1 SENDMAIL RELEASE NOTES 2 @(#)RELEASE_NOTES 8.6.7.1 (Berkeley) 03/14/94 3 4This listing shows the version of the sendmail binary, the version 5of the sendmail configuration files, the date of release, and a 6summary of the changes in that release. 7 88.6.7/8.6.6 94/03/14 9 SECURITY: it was possible to get root access by using wierd 10 values to the -d flag. Thanks to Alain Durand of 11 INRIA for forwarding me the notice from the bugtraq 12 list. 13 148.6.6/8.6.6 94/03/13 15 SECURITY: the ability to give files away on System V-based 16 systems proved dangerous -- don't run as the owner 17 of a :include: file on a system that allows giveaways. 18 Unfortunately, this also applies to determining a 19 valid shell. 20 IMPORTANT: Previous versions weren't expiring old connections 21 in the connection cache for a long time under some 22 circumstances. This could result in resource exhaustion, 23 both at your end and at the other end. This checks the 24 connections for timeouts much more frequently. From 25 Doug Anderson of NCSC. 26 Fix a glitch that snuck in that caused programs to be run as 27 the sender instead of the recipient if the mail was 28 from a local user to another local user. From 29 Motonori Nakamura of Kyoto University. 30 Fix "wildcard" on /etc/shell matching -- instead of looking 31 for "*", look for "/SENDMAIL/ANY/SHELL/". From 32 Bryan Costales of ICSI. 33 Change the method used to declare the "statfs" availability; 34 instead of HASSTATFS and/or HASUSTAT with a ton of 35 tweaking in conf.c, there is a single #define called 36 SFS_TYPE which takes on one of six values (SFS_NONE 37 for no statfs availability, SFS_USTAT for the ustat(2) 38 syscall, SFS_4ARGS for a four argument statfs(2) call, 39 and SFS_VFS, SFS_MOUNT, or SFS_STATFS for a two argument 40 statfs(2) call with the declarations in <sys/vfs.h>, 41 <sys/mount.h>, or <sys/statfs.h> respectively). 42 Fix glitch in NetInfo support that could return garbage if 43 there was no "/locations/sendmail" property. From 44 David Meyer of the University of Virginia. 45 Change HASFLOCK from defined/not-defined to a 0/1 definition 46 to allow Linux to turn it off even though it is a 47 BSD-like system. 48 Allow setting of "ident" timeout to zero to turn off the ident 49 protocol entirely. 50 Make 7-bit stripping local to a connection (instead of to a 51 mailer); this allows you to specify that SMTP is a 52 7-bit channel, but revert to 8-bit should it advertise 53 that it supports 8BITMIME. You still have to specify 54 mailer flag 7 to get this stripping at all. 55 Improve makesendmail script so it handles more cases automatically. 56 Tighten up restrictions on taking ownership of :include: files 57 to avoid problems on systems that allow you to give away 58 files. 59 Fix a problem that made it impossible to rebuild the alias 60 file if it was on a read-only file system. From 61 Harry Edmon of the University of Washington. 62 Improve MX randomization function. From John Gardiner Myers 63 of CMU. 64 Fix a minor glitch causing a bogus message to be printed (used 65 %s instead of %d in a printf string for the line number) 66 when a bad queue file was read. From Harry Edmon. 67 Allow $s to remain NULL on locally generated mail. I'm not 68 sure this is necessary, but a lot of people have complained 69 about it, and there is a legitimate question as to whether 70 "localhost" is legal as an 822-style domain. 71 Fix a problem with very short line lengths (mailer L= flag) in 72 headers. This causes a leading space to be added onto 73 continuation lines (including in the body!), and also 74 tries to wrap headers containing addresses (From:, To:, 75 etc) intelligently at the shorter line lengths. Problem 76 Reported by Lars-Johan Liman of SUNET Operations Center. 77 Log the real user name when logging syserrs, since these can have 78 security implications. Suggested by several people. 79 Fix address logging of cached connections -- it used to always 80 log the numeric address as zero. This is a somewhat 81 bogus implementation in that it does an extra system 82 call, but it should be an inexpensive one. Fix from 83 Motonori Nakamura. 84 Tighten up handling of short syslog buffers even more -- there 85 were cases where the outgoing relay= name was too long 86 to share a line with delay= and mailer= logging. 87 Limit the overhead on split envelopes to one open file descriptor 88 per envelope -- previously the overhead was three 89 descriptors. This was in response to a problem reported 90 by P{r (Pell) Emanuelsson. 91 Fixes to better handle the case of unexpected connection closes; 92 this redirects the output to the transcript so the info 93 is not lost. From Eric Wassenaar. 94 Fix potential string overrun if you macro evaluate a string that 95 has a naked $ at the end. Problem noted by James Matheson 96 <jmrm@eng.cam.ac.uk>. 97 Make default error number on $#error messages 553 (``Requested 98 action not taken: mailbox name not allowed'') instead of 99 501 (``Syntax error in parameters or arguments'') to 100 avoid bogus "protocol error" messages. 101 Strip off any existing trailing dot on names during $[ ... $] 102 lookup. This prevents it from ending up with two dots 103 on the end of dot terminated names. From Wesley Craig 104 of the University of Michigan and Bryan Costales of ICSI. 105 Clean up file class reading so that the debugging information is 106 more informative. It hadn't been using setclass, so you 107 didn't see the class items being added. 108 Avoid core dump if you are running a version of sendmail where 109 NIS is compiled in, and you specify an NIS map, but 110 NIS is not running. Fix from John Oleynick of 111 Rutgers. 112 Diagnose bizarre case where res_search returns a failure value, 113 but sets h_errno to a success value. 114 Make sure that "too many hops" messages are considered important 115 enough to send an error to the Postmaster (that is, the 116 address specified in the P option). This fix should 117 help problems that cause the df file to be left around 118 sometimes -- unfortunately, I can't seem to reproduce 119 the problem myself. 120 Avoid core dump (null pointer reference) on EXPN command; this 121 only occurred if your log level was set to 10 or higher 122 and the target account was an alias or had a .forward file. 123 Problem noted by Janne Himanka. 124 Avoid "denial of service" attacks by someone who is flooding your 125 SMTP port with bad commands by shutting the connection 126 after 25 bad commands are issued. From Kyle Jones of 127 UUNET. 128 Fix core dump on error messages with very long "to" buffers; 129 fmtmsg overflows the message buffer. Fixed by trimming 130 the to address to 203 characters. Problem reported by 131 John Oleynick. 132 Fix configuration for HASFLOCK -- there were some spots where 133 a #ifndef was incorrectly #ifdef. Pointed out by 134 George Baltz of the University of Maryland. 135 Fix a typo in savemail() that could cause the error message To: 136 lists to be incorrect in some places. From Motonori 137 Nakamura. 138 Fix a glitch that can cause duplicate error messages on split 139 envelopes where an address on one of the lists has a 140 name server failure. Fix from Voradesh Yenbut of the 141 University of Washington. 142 Fix possible bogus pointer reference on ESMTP parameters that 143 don't have an ``=value'' part. 144 CNAME loops caused an error message to be generated, but also 145 re-queued the message. Changed to just re-queue the 146 message (it's really hard to just bounce it because 147 of the wierd way the name server works in the presence 148 of CNAME loops). Problem noted by James M.R.Matheson 149 of Cambridge University. 150 Avoid giving ``warning: foo owned process doing -bs'' messages 151 if they use ``MAIL FROM:<foo>'' where foo is their true 152 user name. Suggested by Andreas Stolcke of ICSI. 153 Change the NAMED_BIND compile flag to be a 0/1 flag so you can 154 override it easily in the Makefile -- that is, you can 155 turn it off using -DNAMED_BIND=0. 156 If a gethostbyname(...) of an address with a trailing dot fails, 157 try it without the trailing dot. This is because if 158 you have a version of gethostbyname() that falls back 159 to NIS or the /etc/hosts file it will fail to find 160 perfectly reasonable names that just don't happen to 161 be dot terminated in the hosts file. You don't want to 162 strip the dot first though because we're trying to ensure 163 that country names that match one of your subdomains get 164 a chance. 165 PRALIASES: fix bogus output on non-null-terminated strings. 166 From Bill Gianopoulos of Raytheon. 167 CONFIG: Avoid rewriting anything that matches $w to be $j. 168 This was in code intended to only catch the self-literal 169 address (that is, [1.2.3.4], where 1.2.3.4 is your 170 IP address), but the code was broken. However, it will 171 still do this if $M is defined; this is necessary to 172 get client configurations to work (sigh). Note that this 173 means that $M overrides :mailname entries in the user 174 database! Problem noted by Paul Southworth. 175 CONFIG: Fix definition of Solaris help file location. From 176 Steve Cliffe <steve@gorgon.cs.uow.edu.au>. 177 CONFIG: Fix bug that broke news.group.USENET mappings. 178 CONFIG: Allow declaration of SMTP_MAILER_MAX, FAX_MAILER_MAX, 179 and USENET_MAILER_MAX to tweak the maximum message 180 size for various mailers. 181 CONFIG: Change definition of USENET_MAILER_ARGS to include argv[0] 182 instead of assuming that it is "inews" for consistency 183 with other mailers. From Michael Corrigan of UC San Diego. 184 CONFIG: When mail is forwarded to a LOCAL_RELAY or a MAIL_HUB, 185 qualify the address in the SMTP envelope as user@{relay|hub} 186 instead of user@$j. From Bill Wisner of The Well. 187 CONFIG: Fix route-addr syntax in nullrelay configuration set. 188 CONFIG: Don't turn off case mapping of user names in the local 189 mailer for IRIX. This was different than most every other 190 system. 191 CONFIG: Avoid infinite loops on certainly list:; syntaxes in 192 envelope. Noted by Thierry Besancon 193 <besancon@excalibur.ens.fr>. 194 CONFIG: Don't include -z by default on uux line -- most systems 195 don't want it set by default. Pointed out by Philippe 196 Michel of Thomson CSF. 197 CONFIG: Fix some bugs with mailertables -- for example, if your 198 host name was foo.bar.ray.com and you matched against 199 ".ray.com", the old implementation bound %1 to "bar" 200 instead of "foo.bar". Also, allow "." in the mailertable 201 to match anything -- essentially, take over SMART_HOST. 202 This also moves matching of explicit local host names 203 before the mailertable so they don't have to be special 204 cased in the mailertable data. Reported by Bill 205 Gianopoulos of Raytheon; the fix for the %1 binding 206 problem was contributed by Nicholas Comanos of the 207 University of Sydney. 208 CONFIG: Don't include "root" in class $=L (users to deliver 209 locally, even if a hub or relay exists) by default. 210 This is because of the known bug where definition of 211 both a LOCAL_RELAY and a MAIL_HUB causes $=L to ignore 212 both and deliver into the local mailbox. 213 CONFIG: Move up bitdomain and uudomain handling so that they 214 are done before .UUCP class matching; uudomain was 215 reported as ineffective before. This also frees up 216 diversion 8 for future use. Problem reported by Kimmo 217 Suominen. 218 CONFIG: Don't try to convert dotted IP address (e.g., [1.2.3.4]) 219 into host names. As pointed out by Jonathan Kamens, 220 these are often used because either the forward or reverse 221 mapping is broken; this translation makes it broken again. 222 DOC: Clarify $@ and $: in the Install & Op Guide. From Kimmo 223 Suominen. 224 Portability fixes: 225 Unicos from David L. Kensiski of Sterling Sofware. 226 DomainOS from Don Lewis of Silicon Systems. 227 GNU m4 1.0.3 from Karst Koymans of Utrecht University. 228 Convex from Kimmo Suominen <kim@tac.nyc.ny.us>. 229 NetBSD from Adam Glass <glass@sun-lamp.cs.berkeley.edu>. 230 BSD/386 from Tony Sanders of BSDI. 231 Apollo from Eric Wassenaar. 232 DGUX from Doug Anderson. 233 Sequent DYNIX/ptx 2.0 from Tim Wright of Sequent. 234 NEW FILES: 235 src/Makefile.DomainOS 236 src/Makefile.PTX 237 src/Makefile.SunOS.5.1 238 src/Makefile.SunOS.5.2 239 src/Makefile.SunOS.5.x 240 src/mailq.1 241 cf/ostype/domainos.m4 242 doc/op/Makefile 243 doc/intro/Makefile 244 doc/usenix/Makefile 245 2468.6.5/8.6.5 94/01/13 247 Security fix: /.forward could be owned by anyone (the test 248 to allow root to own any file was backwards). From 249 Bob Campbell at U.C. Berkeley. 250 Security fix: group ids were not completely set when programs 251 were invoked. This caused programs to have group 252 permissions they should not have had (usually group 253 daemon instead of their own group). In particular, 254 Perl scripts would refuse to run. 255 Security: check to make sure files that are written are not 256 symbolic links (at least under some circumstances). 257 Although this does not respond to a specific known 258 attack, it's just a good idea. Suggested by 259 Christian Wettergren. 260 Security fix: if a user had an NFS mounted home directory on 261 a system with a restricted shell listed in their 262 /etc/passwd entry, they could still execute any 263 program by putting that in their .forward file. 264 This fix prevents that by insisting that their shell 265 appear in /etc/shells before allowing a .forward to 266 execute a program or write a file. You can disable 267 this by putting "*" in /etc/shells. It also won't 268 permit world-writable :include: files to reference 269 programs or files (there's no way to disable this). 270 These behaviours are only one level deep -- for 271 example, it is legal for a world-writable :include: 272 file to reference an alias that writes a file, on 273 the assumption that the alias file is well controlled. 274 Security fix: root was not treated suspiciously enough when 275 looking into subdirectories. This would potentially 276 allow a cracker to examine files that were publically 277 readable but in a non-publically searchable directory. 278 Fix a problem that causes an error on QUIT on a cached 279 connection to create problems on the current job. 280 These are typically unrelated, so errors occur in 281 the wrong place. 282 Reset CurrentLA in sendall() -- this makes sendmail queue 283 runs more responsive to load average, and fixes a 284 problem that ignored the load average in locally 285 generated mail. From Eric Wassenaar. 286 Fix possible core dump on aliases with null LHS. From 287 John Orthoefer of BB&N. 288 Revert to using flock() whenever possible -- there are just 289 too many bugs in fcntl() locking, particularly over 290 NFS, that cause sendmail to fail in perverse ways. 291 Fix a bug that causes the connection cache to get confused 292 when sending error messages. This resulted in 293 "unexpected close" messages. It should fix itself 294 on the following queue run. Problem noted by 295 Liudvikas Bukys of Rochester University. 296 Include $k in $=k as documented in the Install & Op Guide. 297 This seems odd, but it was documented.... From 298 Michael Corrigan of UCSD. 299 Fix problem that caused :include:s from alias files to be 300 forced to be owned by root instead of daemon 301 (actually DefUid). From Tim Irvin. 302 Diagnose unrecognized I option values -- from Mortin Forssen 303 of the Chalmers University of Technology. 304 Make "error" mailer work consistently when there is no error 305 code associated with it -- previously it returned OK 306 even though there was a real problem. Now it assumes 307 EX_UNAVAILABLE. 308 Fix bug that caused the last header line of messages that had 309 no body and which were terminated with EOF instead of 310 "." to be discarded. Problem noted by Liudvikas Bukys. 311 Fix core dump on SMTP mail to programs that failed -- it tried 312 to go to a "next MX host" when none existed, causing 313 a core dump. From der Mouse at McGill University. 314 Change IDENTPROTO from a defined/not defined to a 0/1 switch; 315 this makes it easier to turn it off (using 316 -DIDENTPROTO=0 in the Makefile). From der Mouse. 317 Fix YP_MASTER_NAME store to use the unupdated result of 318 gethostname() (instead of myhostname(), which tries 319 to fully qualify the name) to be consistent with 320 SunOS. If your hostname is unqualified, this fixes 321 transfers to slave servers. Bug noted by Keith 322 McMillan of Ameritech Services, Inc. 323 Fix Ultrix problem: gethostbyname() can return a very large 324 (> 500) h_length field, which causes the sockaddr 325 to be trashed. Use the size of the sockaddr instead. 326 Fix from Bob Manson of Ohio State. 327 Don't assume "-a." on host lookups if NAMED_BIND is not 328 defined -- this confuses gethostbyname on hosts 329 file lookups, which doesn't understand the trailing 330 dot convention. 331 Log SMTP server subprocesses that die with a signal instead 332 of from a clean exit. 333 If you don't have option "I" set, don't assume that a DNS 334 "host unknown" message is authoritative -- it 335 might still be found in /etc/hosts. 336 Fix a problem that would cause Deferred: messages to be sent 337 as the subject of an error message, even though the 338 actual cause of a message was more severe than that. 339 Problem noted by Chris Seabrook of OSSI. 340 Fix race condition in DBM alias file locking. From Kyle 341 Jones of UUNET. 342 Limit delivery syslog line length to avoid bugs in some 343 versions of syslog(3). This adds a new compile time 344 variable SYSLOG_BUFSIZE. From Jay Plett of Princeton 345 University, which is in turn derived from IDA. 346 Fix quotes inside of comments in addresses -- previously 347 it insisted that they be balanced, but the 822 spec 348 says that they should be ignored. 349 Dump open file state to syslog upon receiving SIGUSR1 (for 350 debugging). This also evaluates ruleset 89, if set 351 (with the null input), and logs the result. This 352 should be used sparingly, since the rewrite process 353 is not reentrant. 354 Change -qI, -qR, and -qS flags to be case-insensitive as 355 documented in the Bat Book. 356 If the mailer returned EX_IOERR or EX_OSERR, sendmail did not 357 return an error message and did not requeue the message. 358 Fix based on code from Roland Dirlewanger of 359 Reseau Regional Aquarel, Bordeaux, France. 360 Fix a problem that caused a seg fault if you got a 421 error 361 code during some parts of connection initialization. 362 I've only seen this when talking to buggy mailers on 363 the other end, but it shouldn't give a seg fault in 364 any case. From Amir Plivatsky. 365 Fix core dump caused by a ruleset call that returns null. 366 Fix from Bryan Costales of ICSI. 367 Full-Name: field was being ignored. Fix from Motonori Nakamura 368 of Kyoto University. 369 Fix a possible problem with very long input lines in setproctitle. 370 From P{r Emanuelsson. 371 Avoid putting "This is a warning message" out on return receipts. 372 Suggested by Douglas Anderson. 373 Detect loops caused by recursive ruleset calls. Suggested by 374 Bryan Costales. 375 Initialize non-alias maps during alias rebuilds -- they may be 376 needed for parsing. Problem noted by Douglas Anderson. 377 Log sender address even if no message was collected in SMTP 378 (e.g., if all RCPTs failed). Suggested by Motonori 379 Nakamura. 380 Don't reflect the owner-list contents into the envelope sender 381 address if the value contains ", :, /, or | (to avoid 382 illegal addresses appearing there). 383 Efficiency hack for toktype macro -- from Craig Partridge of 384 BB&N. 385 Clean up DNS error printing so that a host name is always 386 included. 387 Remember to set $i during queue runs. Reported by Stephen 388 Campbell of Dartmouth University. 389 If ${HOSTALIASES} is set, use it during canonification so that 390 headers are properly mapped. Reported by Anne Bennett 391 of Concordia University. 392 Avoid printing misleading error message if SMTP mailer (not 393 using [IPC]) should die on a core dump. 394 Avoid incorrect diagnosis of "file 1 closed" when it is caused 395 by the other end closing the connection. From 396 Dave Morrison of Oracle. 397 Improve several of the error messages printed by "mailq" 398 to include a host name or other useful information. 399 Add NetInfo preliminary support for NeXT systems. From Vince 400 DeMarco. 401 Fix a glitch that sometimes caused :include:s that pointed to 402 NFS filesystems that were down to give an "aliasing/ 403 forwarding loop broken" message instead of queueing 404 the message for retry. Noted by William C Fenner of 405 the NRL Connection Machine Facility. 406 Fix a problem that could cause a core dump if the input sequence 407 had (or somehow acquired) a \231 character. 408 Make sure that route-addrs always have <angle brackets> around 409 them in non-SMTP envelopes (SMTP envelopes already do 410 this properly). 411 Avoid wierd headers on unbalanced punctuation of the form: 412 ``Joe User <user)'' -- this caused reference to the 413 null macro. Fix from Rick McCarty of IO.COM. 414 Fix a problem that caused an alias "user: user@local.host" to 415 not have the QNOTREMOTE bit set; this caused configs 416 to act as if FEATURE(notsticky) was defined even when 417 it was not. The effect of the problem was to make it 418 very hard to to set up satellite sites that had a few 419 local accounts, with everything else forwarded to a 420 corporate hub. Reported by Detlef Drewanz of the 421 University of Rostock and Mark Frost of NCD. 422 Change queuing to not call rulesets 3, {1 or 2}, 4 on header 423 addresses. This is more efficient (fewer name server 424 calls) and fixes certain unusual configurations, such 425 as those that have ruleset 4 do something that is 426 non-idempotent unless a mailer-specific ruleset did 427 something else. Problem reported by Brian J. Coan 428 of the Institute for Global Communications. 429 Fix the "obsolete argument" routine in main to better understand 430 new arguments. For example, if you used ``sendmail 431 -C config -v -q'' it would choke on the -q because 432 the -C would stop looking for old-format arguments. 433 Fix the code that was intended to allow two users to forward their 434 mail to the same program and have them appear unique. 435 Portability fixes for: 436 SCO UNIX from Murray Kucherawy. 437 SCO Open Server 3.2v4 from Philippe Brand. 438 System V Release 4 from Rick Ellis and others. 439 OSF/1 from Steve Campbell. 440 DG/UX from Ben Mesander of the USGS and Bryan Curnutt 441 of Stoner Associates. 442 Motorola SysV88 from Kevin Johnson of Motorola. 443 Solaris 2.3 from Casper H.S. Dik of the University 444 of Amsterdam and John Caruso of University 445 of Maryland. 446 FreeBSD from Ollivier Robert. 447 NetBSD from Adam Glass. 448 TitanOS from Kate Hedstrom of Rutgers University. 449 Irix from Bryan Curnutt. 450 Dynix from Jim Davis of the University of Arizona. 451 RISC/os. 452 Linux from John Kennedy of California State University 453 at Chico. 454 Solaris 2.x from Tony Boner of the U.S. Air Force. 455 NEXTSTEP 3.x from Vince DeMarco. 456 HP-UX from various people. NOTA BENE: the location 457 of the config file has moved to /usr/lib 458 to match the HP-UX version of sendmail. 459 CONFIG: Don't do any recipient rewriting on relay mailer; 460 since this is intended only for internal use, the 461 usual RFC 821/822/1123 rules can be relaxed. The 462 main point of this is to avoid munging (ugh) UUCP 463 addresses when relaying internally. 464 CONFIG: fix typo in mailer/uucp.m4 that mutilates list:; 465 syntax addresses delivered via UUCP. Solution 466 provided by Peter Wemm. 467 CONFIG: fix thumb-fumble in default UUCP relaying in ruleset 468 zero; it caused double @ signs in addresses. From 469 Irving Reid of the University of Toronto. 470 CONFIG: Portability fixes for SCO Unix 3.2 with TCP/IP 1.2.1 471 from Markku Toijala of ICL Personal Systems Oy. 472 CONFIG: Add trailing "." on pseudo-domains for consistency; 473 this fixes a problem (noted by Al Whaley of Sunnyside) 474 that made it hard to recognize your own pseudodomain 475 names. 476 CONFIG: catch "@host" syntax errors (i.e., null local-parts) 477 rather than letting them get "local configuration 478 error"s. Problem noted by John Gardiner Myers. 479 CONFIG: add uucp-uudom mailer variant, based on code posted 480 by Spider Boardman <spider@Orb.Nashua.NH.US>; this 481 has uucp-dom semantics but old UUCP syntax. This 482 also permits "uucp-old" as an alias for "uucp" and 483 "uucp-new" as a synonym for "suucp" for consistency. 484 CONFIG: add POP mailer support (from Kimmo Suominen 485 <kim@grendel.lut.fi>). 486 CONFIG: drop CSNET_RELAY support -- CSNET is long gone. 487 CONFIG: fix bug caused with domain literal addresses (e.g., 488 ``[128.32.131.12]'') when FEATURE(allmasquerade) 489 was set; it would get an additional @masquerade.host 490 added to the address. Problem noted by Peter Wan 491 of Georgia Tech. 492 CONFIG: make sure that the local UUCP name is in $=w. From 493 Jim Murray of Stratus. 494 CONFIG: changes to UUCP rewriting to simulate IDA-style "V" 495 mailer flag. Briefly, if you are sending to host 496 "foo", then it rewrites "foo!...!baz" to "...!baz", 497 "foo!baz" remains "foo!baz", and anything else has 498 the local name prepended. 499 CONFIG: portability fixes for HP-UX. 500 DOC: several minor problems fixed in the Install & Op Guide. 501 MAKEMAP: fix core dump problem on lines that are too long or 502 which lack newline. From Mark Delany. 503 MAILSTATS: print sums of columns (total messages & kbytes 504 in and out of the system). From Tom Ferrin of UC 505 San Francisco Computer Graphics Lab. 506 SIGNIFICANT USER- OR SYSAD-VISIBLE CHANGES: 507 On HP-UX, /etc/sendmail.cf has been moved to 508 /usr/lib/sendmail.cf to match HP sendmail. 509 Permissions have been tightened up on world-writable 510 :include: files and accounts that have shells 511 that are not listed in /etc/shells. This may 512 cause some .forward files that have worked 513 before to start failing. 514 SIGUSR1 dumps some state to the log. 515 NEW FILES: 516 src/Makefile.DGUX 517 src/Makefile.Dynix 518 src/Makefile.FreeBSD 519 src/Makefile.Mach386 520 src/Makefile.NetBSD 521 src/Makefile.RISCos 522 src/Makefile.SCO 523 src/Makefile.SVR4 524 src/Makefile.Titan 525 cf/mailer/pop.m4 526 cf/ostype/bsdi1.0.m4 527 cf/ostype/dgux.m4 528 cf/ostype/dynix3.2.m4 529 cf/ostype/sco3.2.m4 530 makemap/Makefile.dist 531 praliases/Makefile.dist 532 5338.6.4/8.6.4 93/10/31 534 Repair core-dump problem (write to read-only memory segment) 535 if you fall back to the return-to-Postmaster case in 536 savemail. Problem reported by Richard Liu. 537 Immediately diagnose bogus sender addresses in SMTP. This 538 makes quite certain that crackers can't use this 539 class of attack. 540 Reliability Fix: check return value from fclose() and fsync() 541 in a few critical places. 542 Minor problem in initsys() that reversed a condition for 543 redirecting the output channel on queue runs. It's 544 not clear this code even does anything. From Eric 545 Wassenaar of the Dutch National Institute for Nuclear 546 and High-Energy Physics. 547 Fix some problems that caused queue runs to do "too much work", 548 such as double-reading the Errors-To: header. From 549 Eric Wassenaar. 550 Error messages on writing the temporary file (including the 551 data file) were getting suppressed in SMTP -- this 552 fix causes them to be properly reported. From Eric 553 Wassenaar. 554 Some changes to support AF_UNIX sockets -- this will only 555 really become relevant in the next release, but some 556 people need it for local patches. From Michael 557 Corrigan of UC San Diego. 558 Use dynamically allocated memory (instead of static buffers) 559 for macros defined in initsys() and settime(); since 560 these can have different values depending on which 561 envelope they are in. From Eric Wassenaar. 562 Improve logging to show ctladdr on to= logging; this tells you 563 what uid/gid processes ran as. 564 Fix a problem that caused error messages to be discarded if 565 the sender address was unparseable for some reason; 566 this was supposed to fall back to the "return to 567 postmaster" case. 568 Improve aliaswait backoff algorithm. 569 Portability patches for Linux (8.6.3 required another header 570 file) (from Karl London) and SCO UNIX. 571 CONFIG: patch prog mailer to not strip host name off of envelope 572 addresses (so that it matches local again). From 573 Christopher Davis. 574 CONFIG: change uucp-dom mailer so that "<>" translates to $n; 575 this prevents uux from seeing lines with null names like 576 ``From Sat Oct 30 14:55:31 1993''. From Motonori 577 Nakamura of Kyoto University. 578 CONFIG: handle <list:;> syntax correctly. This isn't legal, but 579 it shouldn't fail miserably. From Motonori Nakamura. 580 5818.6.3/8.6.3 93/10/24 582 IMPORTANT FIX: Fix several problems that caused open files to 583 be "lost" during queue runs; this overflowed the open 584 file table on large runs. An assumption that fdopen 585 always succeeds sometimes resulted in core dumps when 586 this happens; sometimes the message is delivered twice, 587 sometimes (probably) infinite times. This problem in 588 various form was reported by P{r (Pell) Emanuelsson and 589 Robert Campbell of U.C. Berkeley. 590 Special diagnosis of EMFILE error conditions -- it now prints 591 the known open file descriptors so you can figure out 592 what is consuming so much resources. 593 Fix a couple of problems caused by early address parsing 594 errors -- one caused it to return a "this is only a 595 warning" when it really wasn't, and the other started 596 parsing through a random pointer. The first was 597 noted by Eric Wassenaar. 598 Fix an infinite loop problem caused by null components in the 599 host signature. Problem noted by Jan Sorensen. 600 Be sure to reset the "current date" when sending an error 601 message -- PostMasterCopy messages were being sent 602 with an old Date: header. 603 Fix a problem that caused duplicated mail when sendmail was 604 (1) compiled without HASFLOCK, (2) you are sending to 605 an alias that has an owner-* alias, (3) you execute 606 sendmail with -t flag, (4) you run in -odb mode, and 607 (5) the sender specifies both the alias name and 608 another alias [i.e., the envelope is split], then 609 duplicate messages are sent. The problem description 610 and one-line fix are from Motonori Nakamura of Kyoto 611 University. 612 Avoid a problem that causes error messages to be discarded 613 in some cases -- this was the result of a "fix" to 614 avoid duplicate error messages, but two are better 615 than zero. Reported by Tim Rylance. 616 Fix a minor botch in checkfd012() -- fix from Dave Hill of 617 Computervision R&D Ltd. 618 Remove "X-Authentication-Warning: <user> set sender to <address> 619 using -f" entirely -- it is far too eager to include 620 this, and it is confusing folks. I'll try to make it 621 work "right" in 8.7. Problem noted by Yoshitaka 622 Tokugawa of dit Co., Ltd. 623 Fix a race condition with the errno value in tick() and 624 reapchild() -- this caused occasional misdiagnosis 625 of problems. Kyle Jones of UUNET helped this along. 626 Repair rule loop-detection code. From Michael Corrigan of 627 U.C. San Diego. 628 Fix a problem that caused sender domain addition (C mailer 629 flag to be ignored if you use -odq or use -odb with 630 a high load average. Problem reported by Jim Murray 631 of Stratus. 632 Fix ident protocol on multi-homed machines. It was not 633 always using the correct interface. Fix from J.R. 634 Oldroyd of Opal. 635 Previously, sendmail assumed that any SMTP greeting message 636 that wasn't 2xx was a temporary failure -- it should 637 only take 4xx as a temporary failure, and return a 638 solid error message on anything else -- for example, 639 to allow you to reject connections on a workstation 640 that is MXed to a mail server. 641 Portability enhancements for 386BSD/FreeBSD/NetBSD from 642 Ollivier Robert. 643 CONFIG: FEATURE(always_add_domain) didn't always add the domain; 644 in particular, on local mail it modified the header sender 645 but not the header recipient address(es). Reported by 646 Jeffrey Honig of Cornell University. Also, strip 647 any host from envelope recipient address(es), since 648 local mailers don't understand host names -- this is 649 to help mailertable entries. From Christopher Davis. 650 CONFIG: masquerading didn't apply to addresses that already 651 had a domain. This change replaces a local hostname 652 by the masquerade name in the SMTP mailer (previously 653 it only added the masquerade name if it didn't already 654 have a domain name). Several people complained about 655 this. 656 6578.6.2/8.6.2 93/10/15 658 Put a "successful delivery" message in the transcript for 659 addresses that get return-receipts. 660 Put a prominent "this is only a warning" message in warning 661 messages -- some people don't read carefully enough 662 and end up sending the message several times. 663 Include reason for temporary failure in the "warning" return 664 message. Currently, it just says "cannot send for 665 four hours". 666 Fix the "Original message received" time generated for 667 returntosender messages. It was previously listed as 668 the current time. Bug reported by Eric Hagberg of 669 Cornell University Medical College. 670 If there is an error when writing the body of a message, 671 don't send the trailing dot and wait for a response 672 in sender SMTP, as this could cause the connection to 673 hang up under some bizarre circumstances. From Eric 674 Wassenaar. 675 Fix some server SMTP synchronization problems caused when 676 connections fail during message collection. From 677 Eric Wassenaar. 678 Fix a problem that can cause srvrsmtp to reject mail if the 679 name server is down -- it accepts the RCPT but rejects 680 the DATA command. Problem reported by Jim Murray of 681 Stratus. 682 Fix a problem that can cause core dumps if the config file 683 incorrectly resolves to a null hostname. Reported by 684 Allan Johannesen of WPI. 685 Non-root use of -C flag, dangerous -f flags, and use of -oQ 686 by non-root users were not put into 687 X-Authentication-Warning:s as intended because the 688 config file hadn't set the PrivacyFlags yet. Fix 689 from Sven-Ove Westberg of the University of Lulea. 690 Under very odd circumstances, the alias file rebuild code 691 could get confused as to whether a database was 692 open or not. 693 Check "vendor code" on the end of V lines -- this is 694 intended to provide a hook for vendor-specific 695 configuration syntax. (This is a "new feature", 696 but I've made an exception to my rule in a belief 697 that this is a highly exceptional case.) 698 Portability fixes for DG/UX (from Douglas Anderson of NCSC), 699 SCO Unix (from Murray Kucherawy), A/UX, and OSF/1 700 (from Jon Forrest of UC Berkeley) 701 CONFIG: fix ``mailer:host'' form of UUCP relay naming. 702 7038.6.1/8.6 93/10/08 704 Portability fixes for A/UX and Encore UMAX V. 705 Fix error message handling -- if you had a name server down 706 causing an error during parsing, that message was never 707 propogated to the queue file. 708 7098.6/8.6 93/10/05 710 Configuration cleanup: make it easier to undo IDENTPROTO in 711 conf.h (other systems have the same bug). 712 If HASGETDTABLESIZE and _SC_OPEN_MAX are both defined, assume 713 getdtablesize() instead of sysconf(); a disturbingly 714 large number of systems defined _SC_OPEN_MAX in the 715 header files but don't have the syscall. 716 Another patch to really truly ignore MX records in getcanonname 717 if trymx == FALSE. 718 Fix problem that caused the "250 IAA25499 Message accepted for 719 delivery" message to be omitted if there was an error 720 in the header of the message (e.g., a bad Errors-To: 721 line). Pointed out by Michael Corrigan of UCSD. 722 Announce name of host we are chatting when we get errors; this 723 is an IDA-ism suggested by Christophe Wolfhugel. 724 Portability fixes for Alpha OSF/1 (from Anthony Baxter of the 725 Australian Artificial Intelligence Institute), SCO Unix 726 (from Murray Kucherawy of Hookup Communication Corp.), 727 NeXT (from Vince DeMarco and myself), Linux (from 728 Karl London <karl@borg.demon.co.uk>), BSDI (from 729 Christophe Wolfhugel, and SVR4 on Dell (from Kimmo 730 Suominen), AUX 3.0 on Macintosh, and ANSI C compilers. 731 Some changes to get around gcc optimizer bugs. From Takahiro 732 Kanbe. 733 Fix error recovery in queueup if another tf file of the same 734 name already exists. Problem stumbled over by Bill 735 Wisner of The Well. 736 Output YP_MASTER_NAME and YP_LAST_MODIFIED without null bytes. 737 Problem noted by Keith McMillan of Ameritech Services. 738 Deal with group permissions properly when opening .forward and 739 :include: files. This relaxes the 8.1C restrictions 740 slightly more. This includes proper setting of groups 741 when reading :include: files, allowing you to read some 742 files that you should be able to read but have previously 743 been denied unless you owned them or they had "other" 744 read permission. 745 Make certain that $j is in $=w (after the .cf is read) so that 746 if the user is forced to override some silly system, 747 MX suppression will still work. 748 Fix a couple of efficiency problems where newstr was double- 749 calling expensive routines. In at least one case, it 750 wasn't guaranteed that they would always return the 751 same result. Problem noted by Christophe Wolfhugel. 752 Fix null pointer dereference in putoutmsg -- only on an error 753 condition from a non-SMTP mailer. From Motonori 754 Nakamura. 755 Macro expand "C" line class definitions before scanning so that 756 "CX $Z" works. 757 Fix problem that caused error message to be sent while still 758 trying to send the original message if the connection 759 is closed during a DATA command after getting an error 760 on an RCPT command (pretty obscure). Problem reported 761 by John Myers of CMU. 762 Fix reply to NOOP to be 250 instead of 200 -- this is a long 763 term bug. 764 Fix a nasty bug causing core dumps when returning the "warning: 765 cannot deliver for N hours -- will keep trying" message; 766 it only occurred if you had PostMasterCopy set and 767 only on some architectures. Although sendmail would 768 keep trying, it would send error messages on each 769 queue interval. This is an important fix. 770 Allow u and g options to take user and group names respectively. 771 Don't do a chdir into the queue directory in -bt mode to make 772 ruleset testing a bit easier. 773 Don't allow users to turn off logging (using -oL) on the command 774 line -- command line can only raise, not lower, logging 775 level. 776 Set $u to the original recipient on the SMTP transaction or on 777 the command line. This is only done if there is exactly 778 one recipient. Technically, this does not meet the 779 specs, because it does not guarantee a domain on the 780 address. 781 Fix a problem that dumped error messages on bad addresses if 782 you used the -t flag. Problem noted by Josh Smith of 783 Harvey Mudd College. 784 Given an address such as ``<foo> <bar>'', auto-quote the first 785 ``<foo>'' part, giving ``"<foo>" <bar>''. This is to 786 avoid the problem of people who use angle brackets in 787 their full name information. 788 Fix a null pointer dereference if you set option "l", have 789 an Errors-To: header in the message, and have Errors-To: 790 defined in the config file H lines. From J.R. Oldroyd. 791 Put YPCOMPAT on #ifdef NIS instead -- it's one less thing to get 792 wrong when compiling. Suggested by Rick McCarty of TI. 793 Fix a problem that could pass negative SIZE parameter if the 794 df file got lost; this would cause servers to always 795 give a temporary failure, making the problem even worse. 796 Problem noted by Allan Johannesen of WPI. 797 Add "ident" timeout (one of the "r" option selectors) for IDENT 798 protocol timeouts (30s default). Requested by Murray 799 Kucherawy of HookUp Communication Corp. to handle bogus 800 PC TCP/IP implementations. 801 Change $w default definition to be just the first component of 802 the domain name on config level 5. The $j macro defaults 803 to the FQDN; $m remains as before. This lets well-behaved 804 config files use any of the short, long, or subdomain 805 names. 806 Add makesendmail script in src to try to automate multi-architecture 807 builds. I know, this is sub-optimal, but it is still 808 helpful. 809 Fix very obscure race condition that can cause a queue run to 810 get a queue file for an already completed job. This 811 problem has existed for years. Problem noted by the 812 long suffering Allan Johannesen of WPI. 813 Fix a problem that caused the raw sender name to be passed to 814 udbsender instead of the canonified name -- this caused 815 it to sometimes miss records that it should have found. 816 Relax check of name on HELO packet so that a program using -bs 817 that claims to be itself works properly. 818 Restore rewriting of $: part of address through 2, R, 4 in 819 buildaddr -- this requires passing a lot of flags to get 820 it right. Unlike old versions, this ONLY rewrites 821 recipient addresses, not sender addresses. 822 Fix a bug that caused core dumps in config files that cannot 823 resolve /file/name style addresses. Fix from Jonathan 824 Kamens of OpenVision Technologies. 825 Fix problem with fcntl locking that can cause error returns to 826 be lost if the lock is lost; this required fully 827 queueing everything, dropping the envelope (so errors 828 would get returned), and then re-reading the queue from 829 scratch. 830 Fix a problem that caused aliases that redefine an otherwise 831 true address to still send to the original address 832 if and only if the alias failed in certain bizarre 833 ways (e.g, if they pointed at a list:; syntax address). 834 Problem pointed out by Jonathan Kamens. 835 Remove support for frozen configuration files. They caused 836 more trouble than it was worth. 837 Fix problem that can cause error messages to get ignored when 838 using both -odb and -t flags. Problem noted by Rob 839 McNicholas at U.C. Berkeley. 840 Include all "normal" variations on hostname in $=w. For example, 841 if the host name is vangogh.cs.berkeley.edu, $=w will 842 contain vangogh, vangogh.cs, and vangogh.cs.berkeley.edu. 843 Add "restrictqrun" privacy flag -- without this, anyone can run 844 the queue. 845 Reset SmtpPhase global on initial connection creation so that 846 messages don't come out with stale information. 847 Pass an "ext" argument to lockfile so that error/log messages 848 will properly reflect the true filename being locked. 849 Put all [...] address forms into $=w -- this eliminates the need 850 for MAXIPADDR in conf.h. Suggested by John Gardiner 851 Myers of CMU. 852 Fix a bug that can cause qf files to be left around even after 853 an SMTP RSET command. Problem and fix from Michael 854 Corrigan. 855 Don't send a PostMasterCopy to errors when the Precedence: is 856 negative. Error reports still go to the envelope 857 sender address. 858 Add LA_SHORT for load averages. 859 Lock sendmail.st file when posting statistics. 860 Add "SendBufSize" and "RcvBufSize" suboptions to "O" option to 861 set the size of the TCP send and receive buffers; if you 862 run over a slow slip line you may need to set these down 863 (although it would be better to fix the SLIP implementation 864 so that it's not necessary to recompile every program 865 that does bulk data transfer). 866 Allow null defaults on $( ... $) lookups. Problem reported by 867 Amir Plivatsky. 868 Diagnose crufty S and V config lines. This resulted from an 869 observation that some people were using the SITE macro 870 without the SITECONFIG macro first, which was causing 871 bogus config files that were not caught. 872 Fix makemap -f flag to turn off case folding (it was turning it 873 on instead). THIS IS A USER VISIBLE CHANGE!!! 874 Fix a problem that caused multiple error messages to be sent if 875 you used "sendmail -t -oem -odb", your system uses fcntl 876 locking, and one of the recipient addresses is unknown. 877 Reset uid earlier in include() so that recursive .forwards or 878 :include:s don't use the wrong uid. 879 If file descriptor 0, 1, or 2 was closed when sendmail was 880 called, the code to recover the descriptor was broken. 881 This sometimes (only sometimes) caused problems with the 882 alias file. Fix from Motonori Nakamura. 883 Fix a problem that caused aliaswait to go into infinite recursion 884 if the @:@ metasymbol wasn't found in the alias file. 885 Improve error message on newaliases if database files cannot be 886 opened or if running with no database format defined. 887 Do a better estimation of the size of error messages when NoReturn 888 is set. Problem noted by P{r (Pell) Emanuelsson. 889 Fix a problem causing the "c" option (don't connect to expensive 890 mailers) to be ignored in SMTP. Problem noted and the 891 solution suggested by Robert Elz of Munnari University. 892 Improve connection caching algorithm by passing "[host]" to 893 hostsignature, which strips the square brackets and 894 returns the real name. This allows mailertable entries 895 to match regular entries. 896 Re-enable Return-Receipt-To: -- people seem to want this stupid 897 feature, even if it doesn't work right. 898 Catch and log attempts to try the "wiz" command in server SMTP. 899 This also ups the log level from LOG_NOTICE to LOG_CRIT. 900 Be more generous at assigning $z to the home directory -- do this 901 for programs that are specified through a .forward file. 902 Fix from Andrew Chang of Sun Microsystems. 903 Always save a fatal error message in preference to a non-fatal 904 error message so that the "subject" line of return 905 messages is the best possible. 906 CONFIG: reduce the number of quotes needed to quote configuration 907 parameters with commas: two quotes should work now, e.g., 908 define(ALIAS_FILE, ``/etc/aliases,/etc/aliases.local''). 909 CONFIG: class $=Z is a set of UUCP hosts that use uucp-dom 910 connections (domain-ized UUCP). 911 CONFIG: fix bug in default maps (-o must be before database file 912 name). Pointed out by Christophe Wolfhugel. 913 CONFIG: add FEATURE(nodns) to state that we are not relying on 914 DNS. This would presumably be used in UUCP islands. 915 CONFIG: add OSTYPE(nextstep) and OSTYPE(linux). 916 CONFIG: log $u in Received: line. This is in technical violation 917 of the standards, since it doesn't guarantee a domain 918 on the address. 919 CONFIG: don't assume "m" in local mailer flags -- this means that 920 if you redefine LOCAL_MAILER_FLAGS you will have to include 921 the "m" flag should you want it. Apparently some Solaris 2.2 922 installations can't handle multiple local recipients. 923 Problem noted by Josh Smith. 924 CONFIG: add confDOMAIN_NAME to set $j (if undefined, $j defaults). 925 CONFIG: change default version level from 4 to 5. 926 CONFIG: add FEATURE(nullclient) to create a config file that 927 forwards all mail to a hub without ever looking at the 928 addresses in any detail. 929 CONFIG: properly strip mailer: information off of relays when 930 used to change .BITNET form into %-hack form. 931 CONFIG: fix a problem that caused infinite loops if presented 932 with an address such as "!foo". 933 CONFIG: check for self literal (e.g., [128.32.131.12]) even if 934 the reverse "PTR" mapping is broken. There's a better 935 way to do this, but the change is fairly major and I 936 want to hold it for another release. Problem noted by 937 Bret Marquis. 938 9398.5/8.5 93/07/23 940 Serious bug: if you used a command line recipient that was unknown 941 sendmail would not send a return message (it was treating 942 everything as though it had an SMTP-style client that 943 would do the return itself). Problem noted by Josh Smith. 944 Change "trymx" option in getcanonname() to ignore all MX data, 945 even during a T_ANY query. This actually didn't break 946 anything, because the only time you called getcanonname 947 with !trymx was if you already knew there were no MX 948 records, but it is somewhat cleaner. From Motonori 949 Nakamura. 950 Don't call getcanonname from getmxrr if you already know there 951 are no DNS records matching the name. 952 Fix a problem causing error messages to always include "The 953 original message was received ... from localhost". 954 The correct original host information is now included. 955 Previous change to cf/sh/makeinfo.sh doesn't port to Ultrix (their 956 version of "test" doesn't have the -x flag). Change it 957 to use -f instead. From John Myers. 958 CONFIG: 8.4 mistakenly set the default SMTP-style mailer to 959 esmtp -- it should be smtp. 960 CONFIG: send all relayed mail using confRELAY_MAILER (defaults 961 to "relay" (a variant of "smtp") if MAILER(smtp) is used, 962 else "suucp" if MAILER(uucp) is used, else "unknown"); 963 this cleans up the configs somewhat. This fixes a serious 964 problem that caused route-addrs to get mistaken as relays, 965 pointed out by John Myers. WARNING: this also causes 966 the default on SMART_HOST to change from "suucp" to 967 "relay" if you have MAILER(smtp) specified. 968 9698.4/8.4 93/07/22 970 Add option `w'. If you receive a message that comes to you because 971 you are the best (lowest preference) target of an MX, and 972 you haven't explicitly recognized the source MX host in 973 your .cf file, this option will cause you to try the target 974 host directly (as if there were no MX for it at all). If 975 `w' is not set, this case is a configuration error. 976 Beware: if `w' is set, senders may get bogus errors like 977 "message timed out" or "host unknown" for problems that 978 are really configuration errors. This option is 979 disrecommended, provided only for compatibility with 980 UIUC sendmail. 981 Fix a problem that caused the incoming socket to be left open 982 when sendmail forks after the DATA command. This caused 983 calling systems to wait in FIN_WAIT_2 state until the 984 entire list was processed and the child closed -- a 985 potentially prodigious amount of time. Problem noted 986 by Neil Rickert. 987 Fix problem (created in 6.64) that caused mail sent to multiple 988 addresses, one of which was a bad address, to completely 989 suppress the sending of the message. This changes 990 handling of EF_FATALERRS somewhat, and adds an 991 EF_GLOBALERRS flag. This also fixes a potential problem 992 with duplicate error messages if there is a syntax error 993 in the header of a message that isn't noticed until late 994 in processing. Original problem pointed out by Josh Smith 995 of Harvey Mudd College. This release includes quite a bit 996 of dickering with error handling (see below). 997 Back out SMTP transaction if MAIL gets nested 501 error. This 998 will only hurt already-broken software and should help 999 humans. 1000 Fix a problem that broke aliases when neither NDBM nor NEWDB were 1001 compiled in. It would never read the alias file. 1002 Repair unbalanced `)' and `>' (the "open" versions are already 1003 repaired). 1004 Logging of "done" in dropenvelope() was incorrect: it would 1005 log this even when the queue file still existed. Change 1006 this to only log "done" (at log level 11) when the 1007 queue file is actually removed. From John Myers. 1008 Log "lost connection" in server SMTP at log level 20 if there 1009 is no pending transaction. Some senders just close the 1010 connection rather than sending QUIT. 1011 Fix a bug causing getmxrr to add a dot to the end of unqualified 1012 domains that do not have MX records -- this would cause 1013 the subsequent host name lookup to fail. The problem 1014 only occurred if you had FEATURE(nocanonify) set. 1015 Problem noted by Rick McCarty of Texas Instruments. 1016 Fix invocation of setvbuf when passed a -X flag -- I had 1017 unwittingly used an ANSI C extension, and this caused 1018 core dumps on some machines. 1019 Diagnose self-destructive alias loops on RCPT as well as EXPN. 1020 Previously it just gave an empty send queue, which 1021 then gave either "Need RCPT (recipient)" at the DATA 1022 (confusing, since you had given an RCPT command which 1023 returned 250) or just dropped the email, depending on 1024 whether you were running VERBose mode. Now it usually 1025 diagnoses this case as "aliasing/forwarding loop broken". 1026 Unfortunately, it still doesn't adequately diagnose 1027 some true error conditions. 1028 Add internal concept of "warning messages" using 6xx codes. 1029 These are not reported only to Postmaster. Unbalanced 1030 parens, brackets, and quotes are printed as 653 codes. 1031 They are always mapped to 5xx codes before use in SMTP. 1032 Clean up error messages to tell both the actual address that 1033 failed and the alias they arose from. This makes it 1034 somewhat easier to diagnose problems. Difficulty noted 1035 by Motonori Nakamura. 1036 Fix a problem that inappropriately added a ctladdr to addresses 1037 that shouldn't have had one during a queue run. This 1038 caused error messages to be handled differently during 1039 a queue run than a direct run. 1040 Don't print the qf name and line number if you get errors during 1041 the direct run of the queue from srvrsmtp -- this was 1042 just extra stuff for users to crawl through. 1043 Put command line flags on second line of pid file so you can 1044 auto-restart the daemon with all appropriate arguments. 1045 Use "kill `head -1 /etc/sendmail.pid`" to stop the 1046 daemon, and "eval `tail -1 /etc/sendmail.pid`" to 1047 restart it. 1048 Remove the ``setuid(getuid())'' in main -- this caused the 1049 IDENT daemon to screw up. This required that I change 1050 HASSETEUID to HASSETREUID and complicate the mode 1051 changing somewhat because both Ultrix and SunOS seem 1052 to have a bug causing seteuid() to set the saved uid 1053 as well as the effective. The program test/t_setreuid.c 1054 will test to see if your implementation of setreuid(2) 1055 is appropriately functional. 1056 The FallBackMX (option V) handling failed to properly identify 1057 fallback to yourself -- most of the code was there, 1058 but it wasn't being enabled. Problem noted by Murray 1059 Kucherawy of the University of Waterloo. 1060 Change :include: open timeout from ETIMEDOUT to an internal 1061 code EOPENTIMEOUT; this avoids adding "during SmtpPhase 1062 with CurHostName" in error messages, which can be 1063 confusing. Reported by Jonathan Kamens of OpenVision 1064 Technologies. 1065 Back out setpgrp (setpgid on POSIX systems) call to reset the 1066 process group id. The original fix was to get around 1067 some problems with recalcitrant MUAs, but it breaks 1068 any call from a shell that creates a process group id 1069 different from the process id. I could try to fix 1070 this by diddling the tty owner (using tcsetpgrp or 1071 equivalent) but this is too likely to break other 1072 things. 1073 Portability changes: 1074 Support -M as equivalent to -oM on Ultrix -- apparently 1075 DECnet calls sendmail with -MrDECnet -Ms<HOST> -bs 1076 instead of using standard flags. Oh joy. This 1077 behaviour reported by Jon Giltner of University 1078 of Colorado. 1079 SGI IRIX -- this includes several changes that should 1080 help other strict ANSI compilers. 1081 SCO Unix -- from Murray Kucherawy of HookUp Communication 1082 Corporation. 1083 Solaris running the Sun C compiler (which despite the 1084 documentation apparently doesn't define 1085 __STDC__ by default). 1086 ConvexOS from Eric Schnoebelen of Convex. 1087 Sony NEWS workstations and Omron LUNA workstations from 1088 Motonori Nakamura. 1089 CONFIG: add confTRY_NULL_MX_LIST to set option `w'. 1090 CONFIG: delete `C' and `e' from default SMTP mailers flags; 1091 several people have made a good argument that this 1092 creates more problems than it solves (although this 1093 may prove painful in the short run). 1094 CONFIG: generalize all the relays to accept a "mailer:host" 1095 format. 1096 CONFIG: move local processing in ruleset 0 into a new ruleset 1097 98 (8 on old sendmail). Domain literal [a.b.c.d] 1098 addresses are also passed through this ruleset. 1099 CONFIG: if neither SMART_HOST nor MAILER(smtp) were defined, 1100 internet-style addresses would "fall off the end" of 1101 ruleset zero and be interpreted as local -- however, 1102 the angle brackets confused the recursive call. 1103 These are now diagnosed as "Unrecognized host name". 1104 CONFIG: USENET rules weren't included in S0 because of a mistaken 1105 ifdef(`_MAILER_USENET_') instead of 1106 ifdef(`_MAILER_usenet_'). Problem found by Rein Tollevik 1107 of SINTEF RUNIT, Oslo. 1108 CONFIG: move up LOCAL_RULE_0 processing so that it happens very 1109 early in ruleset 0; this allows .mc authors to bypass 1110 things like the "short circuit" code for local addresses. 1111 Prompted by a comment by Bill Wisner of The Well. 1112 CONFIG: add confSMTP_MAILER to define the mailer used (smtp or 1113 esmtp) to send SMTP mail. This allows you to default 1114 to esmtp but use a mailertable or other override to 1115 deal with broken servers. This logic was pointed out 1116 to me by Bill Wisner. Ditto for confLOCAL_MAILER. 1117 Changes to cf/sh/makeinfo.sh to make it portable to SVR4 1118 environments. Ugly as sin. 1119 11208.3/8.3 93/07/13 1121 Fix setuid problems introduced in 8.2 that caused messages 1122 like "Cannot create qfXXXXXX: Invalid argument" 1123 or "Cannot reopen dfXXXXXX: Permission denied". This 1124 involved a new compile flag "HASSETEUID" that takes 1125 the place of the old _POSIX_SAVED_IDS -- it turns out 1126 that the POSIX interface is broken enough to break 1127 some systems badly. This includes some fixes for 1128 HP-UX. Also fixes problems where the real uid is 1129 not reset properly on startup (from Neil Rickert). 1130 Fix a problem that caused timed out messages to not report the 1131 addresses that timed out. Error messages are also more 1132 "user friendly". 1133 Drop required bandwidth on connections from 64 bytes/sec to 1134 16 bytes/sec. 1135 Further Solaris portability changes -- doesn't require the BSD 1136 compatibility library. This also adds a new 1137 "HASGETDTABLESIZE" compile flag which can be used if 1138 you want to use getdtablesize(2) instead of sysconf(2). 1139 These are loosely based on changes from David Meyer at 1140 University of Oregon. This now seems to work, at least 1141 for quick test cases. 1142 Fix a problem that can cause duplicate error messages to be 1143 sent if you are in SMTP, you send to multiple addresses, 1144 and at least one of those addresses is good and points 1145 to an account that has a .forward file (whew!). 1146 Fix a problem causing messages to be discarded if checkcompat() 1147 returned EX_TEMPFAIL (because it didn't properly mark 1148 the "to" address). Problem noted by John Myers. 1149 Fix dfopen to return NULL if the open failed; I was depending 1150 on fdopen(-1) returning NULL, which isn't the case. This 1151 isn't serious, but does result in wierd error diagnoses. 1152 From Michael Corrigan. 1153 CONFIG: add UUCP_MAX_SIZE M4 macro to set the maximum size of 1154 messages sent through UUCP-family mailers. Suggested 1155 by Bill Wisner of The Well. 1156 CONFIG: if both MAILER(uucp) and MAILER(smtp) are specified, 1157 include a "uucp-dom" mailer that uses domain-style 1158 addressing. Suggested by Bill Wisner. 1159 CONFIG: Add LOCAL_SHELL_FLAGS and LOCAL_SHELL_ARGS to match 1160 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS. Suggested by 1161 Christophe Wolfhugel. 1162 CONFIG: Add OSTYPE(aix3). From Christophe Wolfhugel. 1163 11648.2/8.2 93/07/11 1165 Don't drop out on config file parse errors in -bt mode. 1166 On older configuration files, assume option "l" (use Errors-To 1167 header) for back compatibility. NOTE: this DOES NOT 1168 imply an endorsement of the Errors-To: header in any way. 1169 Accept -x flag on AIX-3 as well as OSF/1. Why, why, why??? 1170 Don't log errors on EHLO -- it isn't a "real" error for an old 1171 SMTP server to give an error on this command, and 1172 logging it in the transcript can be confusing. Fix 1173 from Bill Wisner. 1174 IRIX compatibility changes provided by Dan Rich 1175 <drich@sandman.lerc.nasa.gov>. 1176 Solaris 2 compatibility changes. Provided by Bob Cunningham 1177 <bob@kahala.soest.hawaii.edu>, John Oleynick 1178 <juo@klinzhai.rutgers.edu> 1179 Debugging: -d17 was overloaded (hostsignature and usersmtp.c); 1180 move usersmtp (smtpinit and smtpmailfrom) to -d18 to 1181 match the other flags in that file. 1182 Flush transcript before fork in mailfile(). From Eric Wassenaar. 1183 Save h_errno in mci struct and improve error message display. 1184 Changes from Eric Wassenaar. 1185 Open /dev/null for the transcript if the create of the xf file 1186 failed; this avoids at least one possible null pointer 1187 reference in very wierd cases. From Eric Wassenaar. 1188 Clean up statistics gathering; it was over-reporting because of 1189 forks. From Eric Wassenaar. 1190 Fix problem that causes old Return-Path: line to override new 1191 Return-Path: line (conf.c needs H_FORCE to avoid 1192 re-using old value). From Motonori Nakamura. 1193 Fix broken -m flag in K definition -- even if -m (match only) 1194 was specified, it would still replace the key with the 1195 value. Noted by Rick McCarty of Texas Instruments. 1196 If the name server timed out over several days, no "timed out" 1197 message would ever be sent back. The timeout code 1198 has been moved from markfailure() to dropenvelope() 1199 so that all such failures should be diagnosted. Pointed 1200 out by Christophe Wolfhugel and others. 1201 Relax safefile() constraints: directories in an include or 1202 forward path must be readable by self if the controlling 1203 user owns the entry, readable by all otherwise (e.g., 1204 when reading your .forward file, you have to own and 1205 have X permssion in it; everyone needs X permission in 1206 the root and directories leading up to your home); 1207 include files must be readable by anyone, but need not 1208 be owned by you. 1209 If _POSIX_SAVED_IDS is defined, setuid to the owner before 1210 reading a .forward file; this gets around some problems 1211 on NFS mounts if root permission is not exported and 1212 the user's home directory isn't x'able. 1213 Additional NeXT portability enhancements from Axel Zinser. 1214 Additional HP-UX portability enhancements from Brian Bullen. 1215 Add a timeout around SMTP message writes; this assumes you can 1216 get throughput of at least 64 bytes/second. Note that 1217 this does not impact the "datafinal" default, which 1218 is separate; this is just intended to work around 1219 network clogs that will occur before the final dot 1220 is sent. From Eric Wassenaar. 1221 Change map code to set the "include null" flag adaptively -- 1222 it initially tries both, but if it finds anything 1223 matching without a null it never tries again with a 1224 null and vice versa. If -N is specified, it never 1225 tries without the null and creates new maps with a 1226 null byte. If -O is specified, it never tries with 1227 the null (for efficiency). If -N and -O are specified, 1228 you get -NO (get it?) lookup at all, so this would 1229 be a bad idea. If you don't specify either -N or -O, 1230 it adapts. 1231 Fix recognition of "same from address" so that MH submissions 1232 will insert the appropriate full name information; 1233 this used to work and got broken somewhere along the 1234 way. 1235 Some changes to eliminate some unnecessary SYSERRs in the 1236 log. For example, if you lost a connection, don't 1237 bother reporting that fact on the connection you lost. 1238 Add some "extended debugging" flags to try to track down 1239 why we get occassional problems with file descriptor 1240 one being closed when execing a mailer; it seems to 1241 only happen when there has been another error in the 1242 same transaction. This requires XDEBUG, defined 1243 by default in conf.h. 1244 Add "-X filename" command line flag, which logs both sides of 1245 all SMTP transactions. This is intended ONLY for 1246 debugging bad implementations of other mailers; start 1247 it up, send a message from a mailer that is failing, 1248 and then kill it off and examine the indicated log. 1249 This output is not intended to be particularly human 1250 readable. This also adds the HASSETVBUF compile 1251 flag, defaulted on if your compiler defines __STDC__. 1252 CONFIG: change SMART_HOST to override an SMTP mailer. If you 1253 have a local net that should get direct connects, you 1254 will need to use LOCAL_NET_CONFIG to catch these hosts. 1255 See cf/README for an example. 1256 CONFIG: add LOCAL_MAILER_ARGS (default: `mail -d $u') to handle 1257 sites that don't use the -d flag. 1258 CONFIG: hide recipient addresses as well as sender addresses 1259 behind $M if FEATURE(allmasquerade) is specified; this 1260 has been requested by several people, but can break 1261 local aliases. For example, if you mail to "localalias" 1262 this will be rewritten as "localalias@masqueradehost"; 1263 although initial delivery will work, replies will be 1264 broken. Use it sparingly. 1265 CONFIG: add FEATURE(domaintable). This maps unqualified domains 1266 to qualified domains in headers. I believe this is 1267 largely equivalent to the IDA feature of the same name. 1268 CONFIG: use $U as UUCP name instead of $k. This permits you 1269 to override the "system name" as your UUCP name -- 1270 in particular, to use domain-ized UUCP names. From 1271 Bill Wisner of The Well. 1272 CONFIG: create new mailer "esmtp" that always tries EHLO 1273 first. This is currently unused in the config files, 1274 but could be used in a mailertable entry. 1275 12768.1C/8.1B 93/06/27 1277 Serious security bug fix: it was possible to read any file on 1278 the system, regardless of ownership and permissions. 1279 If a subroutine returns a fully qualified address, return it 1280 immediately instead of feeding it back into rewriting. 1281 This fixes a problem with mailertable lookups. 1282 CONFIG: fix some M4 frotz (concat => CONCAT) 1283 12848.1B/8.1A 93/06/12 1285 Serious bug fix: pattern matching backup algorithm stepped by 1286 two tokens in classes instead of one. Found by Claus 1287 Assmann at University of Kiel, Germany. 1288 12898.1A/8.1A 93/06/08 1290 Another mailertable fix.... 1291 12928.1/8.1 93/06/07 1293 4.4BSD freeze. No semantic changes. 1294 12956.65/6.34 93/06/06 1296 Fix some lintish problems. 1297 Fix some cases where server SMTP behaved poorly when handed bogus 1298 input, pointed out by Eric Wassenaar. 1299 CONFIG: fix some more (sigh) mailertable bugs -- thanks to 1300 Motonori Nakamura of Kyoto University (again). 1301 13026.64/6.33 93/06/05 1303 Don't send 050 (-v) information after the 250 response to a QUIT 1304 command in srvrsmtp -- clients usually close the connection 1305 at this point, and it causes bogus error messages. 1306 Don't send messages that have errors on input (such as unbalanced 1307 parentheses) during SMTP transactions, since a return 1308 message has (probably) already been sent. 1309 Give better diagnostics on timeouts during network reads, including 1310 information similar to the SMTP phase. 1311 Fix bug that caused SMTP messages to deliver synchronously; this 1312 happened after the DATA 250, and hence caused reading the 1313 next command to be delayed. 1314 Ignore Errors-To: header unless 'l' (lower case el) header is 1315 specified. The Errors-To: header violates RFC 1123. 1316 Errors-To: was only needed to take the place of the 1317 envelope sender in the days when most Unix mailers 1318 didn't understand about the two kinds of senders. 1319 Don't send warning messages in response to automatically generated 1320 messages (that is, those From:<>). 1321 CONFIG: fix some rather stupid typos in the mailertable code 1322 pointed out by Motonori Nakamura of Kyoto University. 1323 CONFIG: add confUSE_ERRORS_TO configuration option. 1324 CONFIG: if ALWAYS_ADD_DOMAIN is selected, try to use $M 1325 (masquerade name) instead of $j. 1326 CONFIG: don't add dots to relay names (added in 6.29); it breaks 1327 several things, and can be simulated by dot terminating 1328 the names of relays. For example, use: 1329 DBbit.net.relay. 1330 (note the trailing dot). 1331 13326.63/6.32 93/06/01 1333 Fix prototypes to eliminate chars in argument lists -- some 1334 compilers are pissy about this. 1335 Log protocol ($r) and body type if set so we can determine if 1336 the adaptive algorithms are working. 1337 Pessimize on locking of database files (particularly for NEWDB 1338 databases) during opens. There were problems with 1339 processes opening the file while it was rebuilt; since 1340 NEWDB caches heavily, the reader opened an empty file, 1341 which is an error. If your system has the ability to 1342 lock atomically on open, this works properly; otherwise, 1343 there are race conditions. 1344 Check mod time on .pag file instead of .dir in NDBM aliases 1345 because the .dir file doesn't get updated for small 1346 alias files. From John Gardiner Myers of CMU. 1347 More Solaris portability -- it now compiles on Solaris, but 1348 hangs up in gethostbyname(). 1349 Move setting of RES_DEBUG flag before first myhostname() call 1350 so we can see name server traffic on that call. 1351 Fsync() queue files. 1352 Fix a problem that causes -bi to try to rebuild maps other than 1353 the alias file(s). 1354 Fix a problem that caused udb to reject entries from any but 1355 the first database listed. 1356 Rearrange doc subdirectory for 4.4BSD release tape. 1357 CONFIG: put $r into the Received line. This was an oversight. 1358 CONFIG: fix typo (call to ruleset 99 should have been rulset 90). 1359 CONFIG: move "auxiliary" subroutines to be in ruleset 90-99 1360 range -- in the long run, single digit rulesets may 1361 become reserved for builtin use by sendmail. 1362 CONFIG: fix major problem that causes host aliases (that is, 1363 anything in $=w != $j) to not be recognized. This has 1364 been around since 6.30. 1365 13666.62/6.31 93/05/28 1367 BETA RELEASE 1368 Fix recursive syserr (if there is an error printing a syserr 1369 message). This makes the code much less eager to consider 1370 a write error as serious. This also includes some 1371 heuristics to be clever about closed connections. 1372 Lock NEWDB files during gets. This requires version 1.5 or later 1373 of the db library. If you have an older version, you 1374 can use -DOLD_NEWDB. This will go away in a few weeks. 1375 Fix problem causing aliases that use host maps to get overwritten. 1376 Do appropriate byte swapping on port numbers in ident protocol 1377 code. Fix from Allan Johannesen of WPI. 1378 Defer opening of map files to the same time as alias files so that 1379 the daemon will tend to pick up new versions more promptly. 1380 Prototype a bunch more functions. 1381 Some Solaris 2.1 changes (still doesn't link though). 1382 Try to simplify Makefiles by including more subordinate #defines 1383 in conf.h (based on OS type). 1384 CONFIG: check for domains if FEATURE(mailertable) is defined. 1385 For example, if the host name is "knecht.cs.berkeley.edu" 1386 it will search the following mailertable keys: 1387 knecht.cs.berkeley.edu 1388 .cs.berkeley.edu 1389 .berkeley.edu 1390 .edu 1391 This could be used to replace the special relays for bitnet 1392 and similar nets. 1393 13946.61/6.30 93/05/24 1395 Fix problem that prevented appending dots on canonified host 1396 names. This breaks tons of config files -- very 1397 important fix. 1398 Fix improper pointer dereference in response to HELO command. 1399 Fix core dump if debugging set in map_rewrite. 1400 CONFIG: add FEATURE(always_add_domain) to always attach the 1401 local domain (only impacts local mail). 1402 CONFIG: try to avoid turning names into $j -- although 1403 technically a host can only have one "canonical name", 1404 it seems to be common practice to have several. 1405 14066.60/6.29 93/05/22 1407 Major change: merge alias databases with maps. This expands and 1408 changes the map class interface but fixes a bunch of bugs. 1409 The important user-visible change is that the file name 1410 in a K line now does not include the ".db" extension; this 1411 is added automatically. Also, the -d (NIS domain) flag is 1412 missing from the K config line; use @domain instead. 1413 When compiling, the *_MAP names are gone -- just compile 1414 in NDBM, NEWDB, and/or NIS support. 1415 Announce mailer/host/user triple on -bv flag -- from Brian 1416 Bullen of Stirling University. 1417 Don't send more than one line in response to HELO -- it confuses 1418 Pony Express, which then behaves very badly. However, 1419 this change does send two line 220 greetings, with the 1420 second line reading "ESMTP spoken here". The usersmtp 1421 module recognizes this and goes into ESMTP mode regardless 1422 of the setting of the "a" mailer flag. Thus, "a" means 1423 "always try EHLO". 1424 AIX portability changes (thanks to Christophe Wolfhugel of 1425 Herve Schauer Consultants (Paris) for providing me with 1426 an INSA account for this purpose). Lightly tested. Use 1427 -D_AIX3. This probably breaks compatibility with some 1428 older systems (e.g., 4.2bsd) but still works on SunOS 1429 4.1.2, Ultrix 4.2A, HP-UX 8.07, OSF/1 T1.3, and AIX 3.2.3. 1430 Fix a problem causing an error message loop if the output channel 1431 is hosed. 1432 Add the Makefiles that I use for various environments -- some are 1433 Berkeley make versions and some are old make versions. 1434 My makefile for the NeXT box has gotten lost, alas! 1435 PRALIASES: support for printing NEWDB databases. From 1436 Michael J. Corrigan of U.C. San Diego. 1437 CONFIG: don't pass pseudo-domains to $[ ... $] (if you have 1438 a wildcard MX it can have wierd results). From 1439 Christophe Wolfhugel. 1440 CONFIG: dot terminate relay hostnames in S0. From Christophe 1441 Wolfhugel. 1442 14436.59/6.28 93/05/13 1444 Log version with SMTP daemon startup message. 1445 Adjust setproctitle to work on NetBSD and BSD/386. 1446 Fix null pointer reference in MX fallback code. 1447 A bunch of minor fixes from Eric Wassenaar: 1448 If deliver cannot execv the mailer, return EX_OSERR 1449 instead of EX_TEMPFAIL (to give better 1450 error messages). 1451 Consistently malloc e_message. 1452 Catch degenerate case of calling returntosender() 1453 with an empty returnq. 1454 MIME reformatting. 1455 14566.58/6.28 93/05/13 1457 Fix bug that can cause incorrect verbose display of user smtp 1458 messages. 1459 Disable SMTP VERB command if PRIV_NOEXPN is set (since this 1460 could reveal the same information. 1461 Allow failure when reading SMTP greeting message to go on to 1462 next MX host. 1463 Add "MIME-Version: 1.0" header if using MIME (this was NOT 1464 included in RFC 1344, but Bill King of Allan-Bradley 1465 Company forwarded me email from Nathaniel Borenstein 1466 claiming that it was an inadvertent omission). 1467 Don't use Content-Type: X-message-header. According to John 1468 Myers of CMU, many MIME readers will completely ignore 1469 the data if they don't recognize it. Instead, just 1470 add a blank line to make it a legal (empty) message. 1471 Fix problem causing dots to keep getting appended to cached 1472 hostnames. This can cause buffer overrun conditions. 1473 The problem was found by Erik Forsberg of Retix, 1474 although I used a different bug fix than he provided. 1475 Fix parsing of split header/envelope rewriting specs -- from 1476 Eric Forsberg. 1477 Fix from Eric Wassenaar to correct To: lists in error messages. 1478 14796.57/6.28 93/05/11 1480 Fix minor glitch causing extra ctladdrs to be output to queue 1481 file. Just an annoyance. 1482 Cache results of name server canonification lookups to avoid 1483 backed up queue runs. 1484 Major rewrite of alias.c: considerable cleanup, plus sample 1485 (untested) support for NIS aliases. The "A" option 1486 can now be a comma separated list (or be repeated) -- 1487 that is, you can have multiple alias databases. Each 1488 database can have the syntax ``class:file''; if no class 1489 is specified, the "implicit" class is assumed. Implicit 1490 searches through a list of compiled in types -- hash, 1491 dbm, nis, and stab. Alias files are searched in the 1492 order they are listed. For example: 1493 OAhash:/etc/aliases.local,/etc/aliases 1494 OAnis:mail.aliases@my.nis.domain 1495 first searches the hash database /etc/aliases.local, 1496 then the regular /etc/aliases database, then the NIS 1497 map "mail.aliases" in the NIS domain "my.nis.domain". 1498 If in Verbose mode (probably from VERB command) run SMTP job 1499 in foreground and don't do RCPT optimizations. 1500 Add udb :mailsender as equivalent to owner- for regular aliases. 1501 Delete option 8; add option 7 that means the opposite. That is, 1502 default to 8-bit mode; a special option is needed to 1503 force sendmail into 7 bit mode. 1504 Send error messages in encapsulated MIME format. 1505 New compile flag "NIS" that turns on NIS alias and NIS map 1506 support. 1507 Add "j" option to send error messages in MIME (RFC 1341) 1508 encapsulated message format per RFC 1344. The 1509 syntax is pretty ugly if you don't have MIME-aware 1510 user agents. 1511 Clean up message handling (for display in mailq output). 1512 New setproctitle implementation for 4.4bsd. 1513 Create files (such as ~/dead.letter) using mode FileMode (the 1514 F option value) instead of 0666. 1515 Fix bug causing output of EXPN command to not be fully qualified. 1516 This may cause some problems with UUCP addresses that 1517 will require some config file assistance -- specifically, 1518 the $: part has to include the host name for this output 1519 to make sense. 1520 Fix a problem that sometimes diagnosed errors and still sent the 1521 message if the header syntax was bad. 1522 Fix a bug that caused an error message to be emailed when sendmail 1523 was operating in -bv mode. 1524 Add "ListenQueueSize" keyword to daemon options option (OO) to 1525 set the queue size parameter passed to listen(). You 1526 will normally have to tweak your kernel to up this. 1527 Strip spaces off of beginning of message-id before logging (in 1528 case it was folded across lines). 1529 Tweak compile flags in daemon.c -- there were some cases where 1530 it wouldn't work without NETINET. 1531 Change *file* mailer to output all the usual default headers 1532 (From, Date, Message-Id). It gets used when sending 1533 back error messages. 1534 CONFIG: explicitly catch and diagnose list:; syntax in ruleset 1535 zero -- this is not a valid recipient syntax according 1536 to RFC 821. 1537 CONFIG: add confMIME_FORMAT_ERRORS to send error messages in 1538 MIME format. Defaults to on. 1539 CONFIG: add SMTP_MAILER_FLAGS and UUCP_MAILER_FLAGS to augment 1540 the flags for those mailers. 1541 15426.56/6.27 93/05/01 1543 Fix problem that causes the fallback mail to postmaster 1544 (case ESM_POSTMASTER in savemail()) to not look at 1545 aliases (ugh). 1546 Some more HPUX tweaking (compile flag hpux => __hpux so it 1547 still works in ANSI mode). 1548 Don't try to flock non-regular files when mailing to a file. 1549 In particular, this was a problem if you tried to 1550 send to /dev/null. 1551 Fix a wierd bug that can cause senders to be queued as 1552 recipients if the name server is down when the mail 1553 is initially sent. This hack just ignores sender 1554 deletion (essentially, it sets the MeToo flag) if there 1555 is a TEMPFAIL during processing of the sender address. 1556 Obscure. 1557 Fix a dangling else problem -- from Brian Bullen from University 1558 of Stirling, UK. 1559 Add the "b" mailer flag to force a blank line on the end of 1560 messages. Some brilliant versions of /bin/mail insist 1561 on this but do not add it themselves. 1562 Add the "g" mailer flag to prevent user SMTP from sending 1563 "MAIL From:<>". This is only intended to be a 1564 transitional gesture, and should not be used if at 1565 all possible. It appears that Berkeley and IDA 1566 config files have always handled this properly; the 1567 UK config kit apparently does not. 1568 Don't lowercase and then capitalize header field names -- leave 1569 them with original capitalization. Fixes from Bill 1570 King of Allen-Bradley Company. 1571 Further cleanup and improved reporting of error messages, 1572 particularly conditions that cause messages to be 1573 requeued for future delivery. 1574 Tweak syslog priorities in some cases. 1575 CONFIG: clean up route-addr on UUCP addresses. 1576 15776.55/6.25 93/04/27 1578 HPUX 8.07 compatibility changes in getla() -- I had to make 1579 these changes to get it to work at Berkeley, although 1580 others seem to have been working before (???). 1581 Various patches to XLA code. 1582 Fix problem that causes setuid bit on files to be ignored from 1583 SMTP or in queue runs. Problem noted by Jason Ornstein 1584 of Under The Wire, Inc. 1585 Fix problem that can cause CNAMEs to be ignored. 1586 Generalize getmxrr to match local host in $=w instead of a 1587 single name passed in. 1588 Some cleanup from Eric Wassenaar: 1589 Use FileMailer instead of ProgMailer in two places. 1590 Eliminate duplicate 8th-bit stripping in commaize. 1591 Fix a problem with mis-parsing of backslash escapes 1592 under some circumstances. 1593 NIS map fix (was always including trailing null character) 1594 from Mike Glendinning of Ingres UK. 1595 Add "a" mailer flag to try using ESMTP. It tries the EHLO 1596 command and if that fails falls back to regular SMTP. 1597 Also parses EHLO option keywords. If host supports 1598 SIZE extension, this is added to the MAIL FROM: 1599 command. 1600 Extend "b" option to include a second value which is the 1601 maximum message size this server is willing to accept. 1602 For example, a value of "10/1000000" says that there 1603 must be ten blocks free, and sendmail will reject 1604 any message larger than one megabyte. 1605 Some portability hooks for NeXT (this could be applicable 1606 to Mach in general). You have to create an empty 1607 file called "unistd.h" to get it to compile. 1608 Adjust config values (MAXLINE, MAXATOM, and PSBUFSIZE) to 1609 be more generous. 1610 Add X400-Received: to the list of headers tagged with H_TRACE 1611 in conf.c. From Bill King, Allen-Bradley Co. 1612 16136.54/6.25 93/04/19 1614 Fix problem that caused redefinition of SMTP and QUEUE compile 1615 flags. Pointed out by Jon Forrest of the Sequoia 2000 1616 project at Berkeley. 1617 Properly handle \! hack -- it was treating host\!user as one 1618 token (host!user) instead of three (host, !, user). 1619 Fix from Eric Wassenaar of NIKHEF-H. 1620 Fix compilation problem in getauthinfo() if IDENTPROTO is off. 1621 Turn off DEFNAMES and DNSRCH when getting the hostsignature 1622 (i.e., MX records) in level 1 configuration files; this 1623 matches the old behaviour. From Motonori Nakamura of 1624 Kyoto University. 1625 Improve error message printing -- if sent through an alias, 1626 error messages include the name of the alias in the 1627 message. Unfortunately, in order to make this work 1628 properly in queue runs, this changes the format of the 1629 C line in the qf file. The relatively uselessness of 1630 the previous information was pointed out to me by 1631 Allan E Johannesen of WPI. 1632 Add XLA compile flag to add hooks to Christophe Wolfhugel's 1633 extended load average code. This is still in very early 1634 form. For information regarding the guts of the xla 1635 code, contact Christophe.Wolfhugel@grasp.insa-lyon.fr. 1636 Additional hooks for detecting tempfails in rewriting rules 1637 (that is, in map lookups). 1638 16396.53/6.25 93/04/15 1640 Properly diagnose ruleset zero returning null (instead of a mailer 1641 triple). From Motonori Nakamura of Kyoto University. 1642 More generalization of socket code for other protocols. 1643 Shorten timeouts on reverse name lookups -- since they are done 1644 during connection establishment, long timeouts here can 1645 cause higher level timeouts. This mainly serves to accept 1646 mail from hosts that do not have proper reverse (PTR) DNS 1647 records set up. 1648 Reset e_statmsg before each mailer invocation to avoid bogus 1649 messages in the log. 1650 Redefine $r, $s, and $_ in error envelopes so you don't get 1651 incorrect cruft in the error message. Problem noted by 1652 Motonori Nakamura of Kyoto University. 1653 Fix a problem that can cause failure to return errors to Postmaster 1654 in certain cases. From Motonori Nakamura. 1655 Fix a problem that can cause some systems to give duplicate error 1656 messages when a bad syntax address such as "<a" is presented 1657 to an SMTP server. It doesn't seem to occur on all 1658 machines. From Motonori Nakamura. 1659 Default IDENTPROTO off for Ultrix and HPUX, which apparently have 1660 the interesting "feature" that when they receive a "Host 1661 unreachable" message they closes all open connections to 1662 that host. However, some firewall gateways send this message 1663 if you try to connect to an unauthorized port, such as the 1664 IDENT port (113). Thus, no email can be received from such 1665 hosts. There is some evidence that versions of Ultrix before 1666 4.3 do not have this problem. Thanks to Tom Ivar Helbekkmo 1667 for pointing out this behaviour to me and to Michael Corrigan 1668 of U.C. San Diego for informing me about the HPUX problem. 1669 Allow IPC mailers to return a colon-separated list of hosts in the 1670 $@ clause; these are searched in order as though they were 1671 MX records. 1672 When sending an error report, print the list of addresses tagged 1673 as bad. Requested by Allan E Johannesen of WPI. 1674 Change map function calls to return a status code. This gets 1675 passed back as the result of rewrite. Parseaddr marks 1676 the address as a QUEUEUP address if the return code is 1677 EX_TEMPFAIL. All this to queue properly if the name 1678 server is down. This code is not well tested. This code 1679 changes the interface to map lookup functions (a fifth 1680 parameter, int *statp, is added). Feature requested by 1681 Dan Oscarsson. 1682 Don't delete quotes (in the dequote map) if there are spaces in 1683 the string, since this would cause them to be replaced by 1684 the SpaceSub character. 1685 Accept BODY=8BITMIME on SMTP MAIL command. This isn't advertised 1686 because the 8BIT to 7BIT translation doesn't exist yet. 1687 This does add a "bodytype" field to both envelope and 1688 queue file and a -B command line flag to pass the type in 1689 during direct invocations. 1690 Discard return error messages only on responses to responses to 1691 responses, not on responses to responses. That is, the 1692 algorithm is to try return to sender, then return to 1693 postmaster, then discard. Previously it discarded 1694 immediately if the return to sender pass failed. 1695 CONFIG: back out change to hide unqualified hostnames behind %-hack. 1696 This screws up local aliases and .forward files. 1697 CONFIG: add FEATURE(nocanonify) to turn off calls to $[ ... $]; 1698 some sites only handle completely canonified names. 1699 Requested by John Gardiner Myers of CMU. 1700 CONFIG: some UUCP code was still included even if FEATURE(nouucp) 1701 was specified. 1702 17036.52/6.24 93/04/10 1704 Clean up some minor glitches on error return messages pointed out 1705 by Motonori Nakamura of Kyoto University. 1706 Fix reply() to not reset SmtpReplyBuffer on fatal errors; this 1707 was supposed to reset SmtpMsg Buffer. This makes the 1708 client side code virtually useless. Reported by Allan 1709 E Johannesen of WPI and Phil Brandenberger of Swarthmore. 1710 Better debug messages if fuzzy is disabled, suggested by Allan 1711 E Johannesen of WPI. 1712 Offset SmtpReplyBuffer by four in usersmtp when checking for 1713 loopback. From Eric Wassenaar. 1714 Don't set $s until after runinchild in srvrsmtp -- otherwise 1715 it gets cleared. From Eric Wassenaar. 1716 Implement IDA-style $&x for deferred macro expansion. 1717 More POSIX compatibility. 1718 CONFIG: Hide unqualified hostnames behind %-hack using $s as the 1719 actual sender. This is only done if $r is non-null, that 1720 is, if this is not locally submitted mail. 1721 CONFIG: Add FEATURE(bitdomain) allowing mapping of BITNET host 1722 names to internet domains. A program contributed by 1723 John Gardiner Myers of CMU to create the maps is included 1724 in the contrib directory (in the "misc" tar file). 1725 CONFIG: Add FEATURE(uucpdomain) for a similar mapping for UUCP 1726 hosts. There is currently no tool to create this map. 1727 17286.51/6.23 93/04/04 1729 Add D= mailer flag to specify a path of possible working directories 1730 in which to execute the mailer. This is intended for the 1731 prog mailer; some shells can get upset if they don't have 1732 access to the current directory. 1733 Add RFC 1413 (IDENT) protocol support. This is only very loosely 1734 tested. This adds a $_ macro to be the authenticated 1735 info (in ``user@domain [address]'' form) and debug flag 1736 9 to trace the protocol. 1737 Check for loopbacks in usersmtp instead of srvrsmtp -- there is no 1738 reason for a local agent to not be talking to the localhost 1739 (although the inverse is not true). 1740 Add a few hooks for automated map rebuilding. This is certainly 1741 not done yet. 1742 CONFIG: Have prog mailer specify a path of ``D=$z:/'' -- that is, 1743 user's home directory then the root. 1744 CONFIG: Log RFC 1413 identification in Received: line. 1745 17466.50/6.22 93/04/01 1747 Fixes to requeueing code to make it compute priority, nrcpts, 1748 and the like properly. 1749 17506.49/6.22 93/04/01 1751 Diagnose incorrect privacy flags. Suggested by Bryan Costales 1752 of ICSI. 1753 Some ANSI C fixes. 1754 Arrange to quote backslashes as well as other special characters 1755 in the phrase part of a route-addr. 1756 Some fixes to FallBackMX code suggested by Motonori Nakamura of 1757 Kyoto University. 1758 More vigorous zeroing of CurHostAddr to avoid logging of bogus 1759 host addresses when you are actually just printing 1760 information from the MCI structure; problem noted by 1761 Michael Corrigan of U.C. San Diego. 1762 Don't ignore rest of queue if any job is not runnable. This can 1763 also cause an incorrect job to be lost. Fix from 1764 Eric Wassenaar. 1765 Always respond "quickly" to RCPT command; do alias expansion and 1766 the like later. This also means that mail for lists that 1767 have errors will be acccepted, and an error sent back 1768 later. This is done by instantiating the queue file 1769 and then immediately running and requeueing it. 1770 17716.48/6.22 93/03/30 1772 Fix incorrect diagnosis of infinite loop in ruleset. Problem noted 1773 by several people. 1774 Improve information printed when infinite loops are discovered. 1775 Zero CurHostAddr to fix erroneous internet addresses in log when no 1776 addresses can be bound. Pointed out by Motonori Nakamura 1777 of Kyoto University. 1778 "Probe" SMTP connections using RSET instead of NOOP "just in case". 1779 Suggested by John Gardiner Myers of CMU. 1780 Don't warn about -f if you are setting sender to yourself. 1781 17826.47/6.22 93/03/29 1783 Fix incompatible call to endmailer in smtpquit which causes core 1784 dumps. Noted by Allan E Johannesen of WPI. 1785 HPUX portability changes from Michael J. Corrigan of UC San Diego. 1786 Require MAIL before RCPT command in srvrsmtp.c. This had been 1787 intentional from the 821 draft days when the order wasn't 1788 clear, but is silly now. 1789 Fix bug in nis_magic routine that was initializing parameters 1790 incorrectly. Fix from Takahiro Kanbe of Fuji Xerox 1791 Information Systems Co., Ltd. 1792 Change default for PrivacyFlags in conf.c to 0 -- since it always 1793 "or"s in new values, there was no way to turn off the 1794 AuthWarning stuff. 1795 Add O option to set SMTP daemon options. 1796 Add V option to set fallback MX host. This always sorts at lower 1797 priority than anything it gets from the name server. It 1798 should only be used for environments with very bad network 1799 connectivity. Requested by several people. 1800 Log sending info. It's not clear this is a good idea. 1801 CONFIG: fix typo in mailertable code. Noted by Phil Brandenberger 1802 of Swarthmore. 1803 CONFIG: add confDAEMON_OPTIONS and confFALLBACK_MX to set options 1804 O and V, respectively. 1805 18066.46/6.21 93/03/26 1807 Fix botch in server SMTP that broke transactions that did not 1808 use HELO first (like MH). Fix from Michael Corrigan 1809 of U.C. San Diego. 1810 Fall back to other MX records if there is an error anywhere 1811 in delivery (actually on MAIL or DATA -- RCPT is harder). 1812 Suggested by John Gardiner Myers and Motonori Nakamura. 1813 Revert to non-prototypes -- it turns out that our ANSI C 1814 compiler is more forgiving than most others about 1815 mixing prototyped extern declarations with non-prototyped 1816 function definitions. 1817 Fix a problem with multi-word class matching pointed out by 1818 Neil Rickert. Given: 1819 CX b a.b.c 1820 R$+ $=X $+ $: $1 < $2 > $3 1821 the input "user@a.b.c" failed instead of being properly 1822 rewritten as "user@a.<b>.c". 1823 Neil also convinced me that it was correct that $~ should match 1824 only one token -- the problem is that it's always possible 1825 to add another token, so $~ matches far too eagerly. 1826 18276.45/6.21 93/03/25 1828 Implement multi-word classes (properly!). 1829 18306.44/6.21 93/03/25 1831 Add X-Authentication-Warning: headers to clue users into possible 1832 attempts to forge mail. This is on the authwarnings 1833 privacy flag, but is the default. Suggested by Bryan 1834 Costales of ICSI. 1835 Pass default units for convtime in so they can be more reasonable. 1836 Allow config files to always add a new Comments: header (i.e., 1837 they will be added even if an old one already exists). 1838 Suggested by Bryan Costales of ICSI. 1839 Allow config files to delete an existing Return-Path: header. 1840 These should only be added at final delivery. Suggested 1841 by Bryan Costales of ICSI. 1842 Some debugging additions. Suggested by Bryan Costales of ICSI. 1843 Clean up logging of Family 0 addresses. Noted by David Muir 1844 Sharnoff and others. 1845 Add a "dequote" map class. This allows config files to strip 1846 quotes off of addresses. Note that this is not a builtin 1847 map, just a class -- so you have to define the map 1848 using the K line. 1849 Fix a bug in the queueup() loop getting a locked tf where in 1850 very odd cases it can fall off the bottom and core dump. 1851 Of course, it was P{r Emanuelsson who found it.... 1852 Open a new transcript when splitting an envelope. Problem found 1853 by Allan E Johannesen of WPI. 1854 Improved error output in endmailer if the mailer core dumps. 1855 CONFIG: Fix typo in UUCP mailer definition. 1856 CONFIG: Default several of the new options on: eight bit input, 1857 privacy flags set to "authwarnings", and message warning 1858 set to 4h. 1859 CONFIG: Use dequote map. 1860 18616.43/6.20 93/03/23 1862 Fix problem with assumption of an sa_len field in a generic 1863 sockaddr -- it turns out that most vendors haven't 1864 picked up this (very important) fix. 1865 Change compilation flags for daemon code -- select one or both 1866 of NETINET or NETISO, but don't ever set DAEMON manually. 1867 CONFIG: add FEATURE(mailertable) to do IDA-style mailertables. 1868 18696.42/6.19 93/03/19 1870 Use Postmaster as default fallback return address, not root. 1871 POSIX changes for file descriptor handling. 1872 Diagnose errors writing new queue file. 1873 If you change the owner using an owner- alias, also change the 1874 error mode to EM_MAIL so that errors don't get dropped 1875 into an inappropriate directory. Problem noted by 1876 Allan E Johannesen of WPI. 1877 If you are su'ed to root, send email as who you really are, not 1878 as root. From Brian Kantor of U.C. San Diego. 1879 Allow warning messages to be sent after a configurable interval 1880 has passed without delivery. The message is sent only 1881 once per envelope. This changes the format of the qf 1882 file to have an F line, and the format of the T option 1883 to accept take the format "return/warn" (both intervals). 1884 Don't force all local names to lower case -- this was left over 1885 from the wierd handling of case mapping on aliases. It 1886 is now driven (as expected) by the "u" mailer flag. 1887 Problem noted by P{r Emanuelsson. 1888 Fix problem that caused headers on returned email to be trashed; 1889 they were getting freed, but are still accessible via 1890 BlankEnvelope. 1891 Fix problem that caused bogus ids to be created on returned 1892 mail. 1893 Add support for ISO and other non-INET networking. This is by 1894 no means finished yet. This does assume a lot of other 1895 system support, like a version of gethostbyname that 1896 returns non-AF_INET addresses. 1897 CONFIG: change default on prog mailer to keep upper case in 1898 user names (i.e., in the program command line). 1899 CONFIG: strip trailing dots off of hosts in uucp mailer before 1900 convert to bang format. 1901 CONFIG: create new "relay" mailer for $R (LOCAL_RELAY) and $H 1902 (MAIL_HUB) delivery that doesn't add local domain. Note 1903 that this violates 821, but is probably "more correct" 1904 for what we are trying to do. Problem pointed out by 1905 Michael Graff of Iowa State. 1906 19076.41/6.18 93/03/18 1908 Clean up unnecessary creates of queue ids (i.e., empty qf files) 1909 when not needed, such as when starting up an SMTP 1910 connection. 1911 Fix problem where split envelopes aren't instantiated in the queue. 1912 This is quite a serious bug. 1913 Owner- aliases had problems with leading spaces causing a 1914 premature delimitation. 1915 19166.40/6.18 93/03/18 1917 Have ending 250 (after DATA) include the id; suggested by 1918 Brian Kantor of UC San Diego. 1919 Add logging on envelope splitting. 1920 Change queue ids to have one more letter encoding the hour of 1921 the day so that during a single day there is a greater 1922 likelihood of uniqueness; requested by Brian Kantor. 1923 19246.39/6.18 93/03/18 1925 Fix minor compile problem if LOCKF is defined. 1926 Define size of tobuf in conf.h. Observed by Toshinari Takahashi 1927 of Toshiba. 1928 Restore e_sender -- this is equivalent to e_from.q_paddr without 1929 decorations such as angle brackets and comments. 1930 OSF/1 on Alpha changes from Allan E Johannesen of WPI. 1931 CONFIG: fix typo in S3 for list syntax (;: => :;). Thanks to 1932 Christopher Hoover for noting the problem. 1933 19346.38/6.17 93/03/17 1935 Pass envelope to disconnect to avoid another use of CurEnv, which 1936 can apparently end up being null at inopportune times. 1937 Log "received from" as "relay=" for consistency (suggested by 1938 John Gardiner Myers). 1939 Fix major bug in header handling: if no From: line existed in 1940 the header (so sendmail inserts one), and the sender is 1941 an alias that has an owner, the From: line shows the 1942 owner (as well as the envelope). Fixed by early binding 1943 the headers (which will change debugging output). 1944 HPUX portability patches from Michael J. Corrigan of UC San Diego. 1945 Some attempts to adapt better to out of open file conditions. 1946 Some changes to ctladdr handling in queue files. 1947 19486.37/6.17 93/03/16 1949 MAJOR CHANGE: delete e_sender and e_returnpath (why are these 1950 different from e_from?) and $< macro. 1951 Log correct IP address in relay= field even if the connection 1952 times out. 1953 Log "received from [RESPONSE]" on EF_RESPONSE messages (from 1954 John Gardiner Myers). 1955 Fixes to SysExMsg logging (sometimes just got "message: %s" 1956 instead of "message: error message"), noted by Eric 1957 Wassenaar. Also reported by Motonori Nakamura. 1958 Improvements to MX piggybacking code, from Motonori Nakamura. 1959 Fix case where CurHostName points to an auto variable that has 1960 been deallocated (from Motonori Nakamura). 1961 Fix bug causing newlines to be included in aliases if option 1962 "n" (check alias RHS) is set; bug noted by David Muir 1963 Sharnoff. 1964 Fix problem causing user names that should be mapped to lower 1965 case to not be mapped if they are sent during a queue 1966 run. This greatly simplifies the case mapping code. 1967 Problem noted by Allan E Johannesen of WPI. 1968 Don't do recipient address rewriting in buildaddr. This 1969 improperly did recipient rewriting on sender addresses, 1970 and just seems bogus in general -- but the change could 1971 break some .cf files. 1972 Pass TZ envariable to child processes for System V. 1973 CONFIG: allow LOCAL_RULE_1 and LOCAL_RULE_2 if you want to 1974 define those rulesets. 1975 KNOWN PROBLEM: I have seen some problems on SunOS that causes 1976 the User Data Base to give errors on some addresses. I 1977 have tracked the problem back at least as far as 93.02.15 1978 (version 6.22). Running with debugging on makes it 1979 go away, so I conclude that it is referencing uninitialized 1980 stack data. I haven't been able to track this down yet. 1981 19826.36/6.16 93/03/08 1983 Allow local mailer to specify $@host -- this lets you assign the 1984 "foo" part of jgm+foo to $h for passing in to the local 1985 mailer. 1986 Additional debug printing in getcanonname (show query type). 1987 Don't add the e_fromdomain on sender addresses -- this interacts 1988 wierdly with the owner- code. 1989 Improve delivery logging to not log obvious or meaningless stuff. 1990 Include numeric IP address in Received: lines per RFC 1123 section 1991 5.2.8. 1992 Fixed a bug in checking stat() return value if restrictmailq is 1993 set. Also, check the entire group set instead of just the 1994 primary group. Both from John Gardiner Myers. 1995 Don't have usrerr automatically print errno, since this is often 1996 misleading. 1997 Use transienterror() in makeconnection after connect() fails and 1998 in openmailer after execve() fails (from Eric Wassenaar). 1999 Also moved transienterror() from util.c to conf.c. 2000 Clean up from= logging on response messages. 2001 Undo patch allowing prescan to return a null vector -- it breaks 2002 too many things. 2003 Config: FEATURE(notsticky) lets you use UDB for everything coming 2004 in to the machine, even if it is specifically targetted 2005 to this machine. Without it, UDB is bypassed if the user 2006 name is fully qualified. 2007 Config: fix another minor botch with <> (local mailer wasn't 2008 mapping them properly). 2009 20106.35/6.15 93/03/05 2011 Fix getrealhostname to return null if sinlen <= 0 -- this can 2012 occur if stdin is a pipe. 2013 Avoid infinite loop in getcanonname if name server return 2014 NO_DATA (for example). 2015 Config: avoid having C flag qualify list syntax and error syntax. 2016 20176.34/6.14 93/03/05 2018 Fix logging in deliver to not pass too many parameters to Ultrix 2019 versions of syslog. 2020 Don't write the pid file until after the daemon has actually 2021 opened and conditioned the connection. 2022 Consider addresses "different" if their q_uids differ (so that 2023 two users forwarding to the same program will be seen 2024 as different, rather than the same). 2025 Fix problem with bad parameters in main() -- they set ExitStat 2026 but don't exit. 2027 Fix null pointer references through RealHostName -- painfully 2028 discovered by Allan E Johannesen of WPI. 2029 Fix bug causing user@@localhost to core dump (yuch). 2030 Config: don't put two @host.dom.ain on users in $=E in SMTP 2031 mailer. Also, catch user@ (no host) in ruleset 0. 2032 20336.33/6.13 93/03/03 2034 Config: add confCW_FILE as the name of the cw configuration file 2035 (defaults to /etc/sendmail.cw). From P{r Emanuelsson. 2036 Allow prescan to return a pointer to an empty list -- this is 2037 not an error. Also, clean up error reporting to avoid 2038 double errors (prescan reports once, then the caller 2039 reports again). 2040 Changes to avoid trusting T_ANY queries -- run them, but if you 2041 don't get the info you expected, do T_A and T_MX queries 2042 anyhow. This also fixes an oversight where _res.options 2043 bits were being ignored. 2044 If PRIV_NOVRFY is set, use 252 response code instead of 502 per 2045 RFC 1123 section 5.2.3. It's not 100% clear that this 2046 is correct, but it probably works better with stupid 2047 mailers that do a VRFY and only check the first digit. 2048 20496.32/6.12 93/03/02 2050 Fix uninitialized variable "protocol" in smtp code. 2051 Include <unistd.h> in sendmail.h -- move towards POSIX/ANSI. 2052 Additional hooks for RFC 1427 (ESMTP SIZE extension). This 2053 includes requiring that enoughspace() know the system 2054 block size, which will undoubtedly break most ports. 2055 Trace flag 19 in use for srvrsmtp.c. 2056 Additional logging -- notably the sending mailer name. This 2057 also changes the delivery logging to strict field=value 2058 syntax. 2059 Fix some problems with messages getting sent even to addresses 2060 that had been marked bad -- from Eric Wassenaar. 2061 More WIDE changes: accept host name inside [...] as non-MXed 2062 host. This is intended ONLY for use inside firewalled 2063 environments, where the MX points at the gateway. 2064 Change .cf file conventions so that mapping for <> addresses 2065 don't have an @ in them (to avoid confusing the C mailer 2066 flag). Pointed out by Neil Rickert. 2067 Config extensions for Sam Leffler's FlexFAX software. 2068 20696.31/6.10 93/02/28 2070 Fix some more bugs in alias owner code -- there were some wierd 2071 cases where an error in a non-aliased name would override 2072 the return info in an aliased name with an owner. 2073 Changes from WIDE Project, forwarded to me by Motonori Nakamura: 2074 Log actual delivery host (after MX et al); from 2075 yasuhiro@dcl.co.jp. 2076 Log daemon startup. 2077 Deliver Postmaster copies without a body. 2078 Better logging of SMTP senders. 2079 Send all program email as daemon even when local. 2080 As requested in various forms from many people, accept -qIstring 2081 to limit queue runs to jobs with queue-id matching string. 2082 Similarly for -qRstring for recipients, -qSstring for 2083 senders. 2084 Initial hooks for ESMTP support (see RFC 1425). 2085 Fixed a syntax error in the UUCP mailer specification that caused 2086 core dumps on startup. 2087 Check for missing A= or P= arguments in mailer definitions. 2088 20896.30/6.10 93/02/27 2090 Require FROZENCONFIG compilation flag to include frozen 2091 configuration code. Frozen configuration is really 2092 not a very good idea any more, particularly in shared 2093 library environments. 2094 Do better checking of errno after opens of :include: and .forward 2095 files to defer delivery on network and other transient 2096 errors. Suggestion from Craig Everhart. 2097 Fix minor botch in read timeout macro processing. 2098 Add FEATURE(nouucp) to config files for sites that know absolutely 2099 nothing about UUCP. 2100 Add built cf files to distribution tape and clarify how to build 2101 them if you don't have the Berkeley make. 2102 Some sizeof(long) portability changes for the Alpha, from Allan 2103 E Johannesen. 2104 Add "restrictmailq" privacy flag -- if set, only people in the same 2105 group as your queue directory can print the queue. If you 2106 set this, be sure you also restrict access to log files.... 2107 Fix another bug in owner-list stuff that can cause data files to 2108 be "lost". 2109 Fix a bug with queue runs that cause forwards to yourself to go 2110 into alias/forwarding loops. I'm still iffy about this 2111 fix. 2112 Fix from Eric Wassenaar for suppression of return message code. 2113 21146.29/6.9 93/02/24 2115 Fix yet another problem in alias owner code -- put the wrong return 2116 address on the enclosed return-to-sender letter. 2117 21186.28/6.9 93/02/24 2119 Fix botch in alias owner code that caused it to not operate if the 2120 error was detected locally. 2121 21226.27/6.9 93/02/24 2123 M_LOCAL => M_LOCALMAILER to avoid conflict with Ultrix include 2124 file <sys/mount.h>. 2125 Miscellaneous bug fixes from Eric Wassenaar: 2126 sendmail -bv -t logs the from line even though in verify 2127 mode only. 2128 sendmail -v can go into queue mode if shouldqueue returns 2129 TRUE. 2130 Add route-addr pruning per RFC 1123 section 5.3.3. This can be 2131 disabled using the "R" option. 2132 Delete (always undocumented) -R flag (save original recipients); 2133 there are ways to syslog(3) these now. 2134 Clean up SMTP reply codes -- specify them as needed in the code, 2135 instead of in conf.c -- this was needed during the NCP to 2136 TCP transition, but seems silly now. This also changes 2137 parameters to message and nmessage. 2138 Have mailstats read the .cf file to find the sendmail.st file and 2139 get text versions of mailer names. An initial version of 2140 this code was provided by Tuominen Keijo (although the 2141 comments indicate the good bits were written by "E.V."). 2142 Add yet more System V compatibility hacks. 2143 Fix bug in VRFY code (assumes everything must be a local user). 2144 Allow specification of any of the hard-wired pathnames in the 2145 Makefile. 2146 Delete concept of "trusted users" -- this really didn't provide 2147 any security anyway, and caused some problems. 2148 Delete last vestige of support for the word "at" as an equivalent 2149 to the character "@". 2150 Propagate owner-foo alias information into the envelope sender. 2151 Based on code from John Gardiner Myers. This is a major 2152 semantic change -- beware! 2153 Allow $@ on LHS to indicate "match zero" -- this is used to match 2154 the null expression. 2155 21566.26/6.8 93/02/21 2157 Don't "lose" queue runs. Very important fix from (who else?) 2158 Eric Wassenaar. 2159 Completely reset state on RSET command -- from Eric Wassenaar. 2160 Send error messages and return receipts using an envelope sender 2161 of <> regardless of the setting of $n. Rewriting rules 2162 can undo this if they feel the necessity, as might be 2163 needed for networks that don't understand the syntax. 2164 This is permitted by RFC 821 section 3.6 and required by 2165 RFC 1123 section 5.3.3. THIS REQUIRES VERSION 4 CONFIG 2166 FILES because the rulesets must be able to parse <> 2167 properly. 2168 Don't ever send error messages to "<>" -- they will get sent to 2169 the local postmaster or dumped in /usr/tmp/dead.letter 2170 instead. Per RFC 1123 section 5.3.3. 2171 Explicitly check for email to yourself as a dotted quad. You 2172 have to call $[ [ ... ] $] to get this. 2173 Up the message timeout to five days per RFC 1123 section 5.3.1.1. 2174 Make all read timeouts individually configurable, as strongly 2175 recommended by RFC 1123 section 5.3.2. 2176 Use f_bavail (blocks available to regular users) instead of f_bfree 2177 (blocks available to superuser) in free block checks. 2178 Change $d macro to be the current time, not the origination time, 2179 since this is consistent with how it is used now. 2180 Generalization of enoughspace from Eric Wassenaar covering 2181 SGI, Apollo, HPUX, Ultrix, and SunOS. 2182 Ignore process group signals -- some front ends can do this if 2183 you kill a window too quickly. From Eric Wassenaar. 2184 Change umask to 022. 2185 21866.25/6.8 93/02/20 2187 Close all cached connections before calling mailers and after 2188 forking for delivery (caused double closes which resulted 2189 in false errors). 2190 Add FEATURE(redirect) in config files -- this allows you to alias 2191 old addresses to a pointer to the new address that will 2192 give a 551 error message, but not deliver the mail. 2193 Some code changes to make the 551 errors look pretty. 2194 Names of M4 program paths in config files have changed -- they 2195 are all XXX_MAILER_PATH now, to match XXX_MAILER_FLAGS. 2196 Fix a bug in the QSELFREF code having to do with empty .forward 2197 files, reported by Eric Wassenaar. 2198 Add option "p" (privacy flags); this allows you to tune how 2199 picky the SMTP server will be. This also adds the 2200 confPRIVACY_FLAGS M4 macro in the config files. 2201 Add option "b" (minimum blocks free). If there are fewer than 2202 this number of blocks free on the filesystem containing 2203 the queue directory, the SMTP MAIL command will return 2204 a 452 response and ask you to try again later. This 2205 also adds the confMIN_FREE_BLOCKS M4 macro in the config 2206 files. 2207 Made VRFY just verify (doesn't expand aliases and .forward files); 2208 EXPN does full expansion. RCPT in queue-only mode also 2209 doesn't chase aliases and .forward. 2210 22116.24/6.7 93/02/19 2212 Increase the number of domain search entries in domain.c to allow 2213 for the extra "" entry indicating the root domain. 2214 Reported by Motonori Nakamura of Kyoto U. 2215 Add a "SMART_HOST" in the configs for UUCP-connected sites that 2216 want to forward all mail with extra "@"s to that site. 2217 Also allows SMART_HOST, LOCAL_RELAY, and MAIL_HUB to 2218 be specified as ``mailer:hostname'' to use an alternate 2219 mailer. 2220 Clarified and updated some wording in the Operations Guide. 2221 Add the "c" mailer flag -- this suppresses all comment parts of 2222 addresses (requested by John Curran of NEARnet). 2223 Have -v print prompts in -bt mode even if stdin is not a terminal 2224 (default behaviour is to be silent if not reading from 2225 a terminal). Suggested by Bryan Costales, ICSI. 2226 Move the metacharacters from C0 space (\001-\037) into C1 space 2227 (\201-\237). This also fixes a bunch of potential bugs 2228 with G1 characters (\240-\276) in headers relating to 2229 negative numbers passed to isspace() et al. 2230 Add YP_LAST_MODIFIED and YP_MASTER_NAME to DBM version of alias 2231 database if YPCOMPAT is #defined. Enhancement from 2232 Takahiro Kanbe of Fuji Xerox Information Systems Co., Ltd. 2233 Add "list" Precedence (-30); this can be used with old sendmails 2234 which will map to precedence 0 (which will return error 2235 messages). Suggested by Stephen R. van den Berg. 2236 Many bug fixes from Eric Wassenaar of the National Institute for 2237 Nuclear and High-Energy Physics, Amsterdam: 2238 Clear timeouts properly on open failures in include(). 2239 Don't dereference through NULL if no home directory found. 2240 Re-establish SIGCHLD signal on System 5 in reapchild(). 2241 Avoid NULL pointer reference on -pFOO flag. 2242 Properly handle backslash escapes in comments. 2243 Correctly check reply status on SMTP NOOP command. 2244 Properly save SMTP error message if peer gives 2245 "Service Shutting Down" message. 2246 Avoid writing to the transcript if it couldn't be opened. 2247 Signal errors in SMTP children to parent properly. 2248 Handle self references in a list more globally (include a 2249 QSELFREF bit in the address flags). This enhancement 2250 was suggested by Eric Wassenaar. 2251 Use initgroups() in hpux, even though it's System-V based. The 2252 HASINITGROUPS compile flag can set this on other systems. 2253 This HPUX behaviour was pointed out by Eric Wassenaar. 2254 22556.23/6.6 93/02/16 2256 Clean up handling of LogLevel to make it easier to figure out 2257 what's on what level. 2258 Change log levels to have some consistency: 2259 1 serious system failures, security problems 2260 2 lost communications, protocol failures 2261 3 other serious failures 2262 4 minor errors 2263 5 message collection 2264 6 vrfy logging, creation of return-to-sender 2265 7 delivery failures 2266 8 delivery successes 2267 9 delivery tempfails (queue ups) 2268 10 database expansion 2269 >64 debugging 2270 Allow IDA-style separated processing on S= and R= in Mailer 2271 definition lines. Note that rulesets 1 and 2 are 2272 still used for both addresses as before. Bruce Lilly 2273 gave a convincing argument that RFC976 insists on 2274 this behaviour. 2275 Added some time zones to arpatounix -- they may not be in the 2276 standards, but they are in use. However, I may delete 2277 arpatounix entirely -- there appears to be no reason 2278 for it to exist. 2279 Change to UUCP mailer (in cf directory) to try to do a saner job. 2280 I'm still not certain about this mailer in general. 2281 22826.22/6.5 93/02/15 2283 Fix bug that prevents saving letters in ~/dead.letter. 2284 Don't add angle brackets in VRFY command if angle brackets already 2285 exist in the address. 2286 Fix bogus error message in udbexpand. 2287 Null terminate host buffers in buildaddr (broken in 6.21) -- 2288 IMPORTANT FIX!! 2289 22906.21/6.5 93/02/15 2291 Fix another incorrect error message in alias.c, found by Azuma 2292 Okamoto. 2293 Fix a couple of problems in the more-configurable config files, 2294 found by Tom Ivar Helbekkmo. 2295 Fix problem with quoted :include: entries. 2296 Don't duplicate the filename on verbose printing of .forward and 2297 :include: contents. 2298 Extend size of prescan buffer (to allow bigger addresses). Also, 2299 detect some buffer overflows. 2300 Log user SMTP protocol errors (log level 4). 2301 23026.20/6.4 93/02/14 2303 Fix another problem in the MCI state machine caused when there 2304 were errors generated from the other end to commands 2305 other than RCPT. 2306 23076.19/6.4 93/02/14 2308 Include load average support for DEC Alpha running OSF/1. 2309 Fix multiple-response problem with errors in MAIL From: line. 2310 Fix SMTP reply codes for invalid address syntaxes (give 501; 2311 never give multiple error messages for a single message). 2312 Fix problem where a cached connection timeout rejects all 2313 later connects to that host. 2314 Fix incorrect error message if alias.c is compiled with DBM only. 2315 Additional changes to fix nested conditionals (from Bruce Lilly). 2316 Recover more gracefully from operating system failures, particularly 2317 NULL returns from openmailer (from Noritoshi Demizu, 2318 OMRON Corporation). 2319 Log forward, alias, and userdb expand operations on log level 10; 2320 concept suggested by P{r (Pell) Emanuelsson. 2321 Changes for HPUX 8.07 compatibility. 2322 23236.18/6.4 93/02/12 2324 Allow any config option to be set using an M4 define. 2325 Change UNAME compile flag to HASUNAME for IDA compatibility 2326 (besides, it's a better name). 2327 Note in README that on SunOS it must be linked -Bstatic. 2328 Fairly major change in domain.c to handle wildcard MX records 2329 more rationally. NOTE: the "w" option (no wildcard MX 2330 records match local domain) has been eliminated. 2331 Fix some unset variable references pointed out by Bruce Lilly. 2332 Fix host name in process titles when using cached connection. 2333 23346.17/6.3 93/01/28 2335 Fix System 5 compatibility changes to be compatible with the rest 2336 of the world. 2337 23386.16/6.3 93/01/28 2339 Experimental fix for problem handling errors in the SMTP 2340 protocol in conjunction with connection caching. 2341 System 5 compatibility changes. 2342 23436.15/6.3 93/01/26 2344 Fix a bug that causes local mail delivered using -odq to be 2345 eliminated as a duplicate (because it matched the 2346 ctladdr, now passed in as a C line). These changes 2347 are pretty tricky...... 2348 23496.14/6.3 93/01/25 2350 Add debugging for some MCI errors. 2351 23526.13/6.3 93/01/22 2353 Fix -e compatibility flag to take a value. 2354 Fix a couple of minor compilation warnings on Sun cc. 2355 Improve error messages in a few cases to be more self-explanatory. 2356 23576.12/6.3 93/01/21 2358 Fix yet-another problem with environment handling, pointed out 2359 by Yoshitaka Tokugawa and Tom Ivar Helbekkmo. 2360 Some heuristics to try to limit resource exhaustion problems 2361 if a downstream host has been down for a long time. 2362 Fix problem with incorrect host name being logged in "Connection 2363 timed out" messages (from Tom Ivar Helbekkmo). 2364 Fix some ANSI C problems (from Takahiro Kanbe). 2365 Properly log message sender on returned mail during queue run. 2366 Count number of recipients properly. 2367 Fix a problem in yp map code. 2368 Diagnose "message timed out" (from Motonori Nakamura). 2369 23706.11/6.3 93/01/20 2371 Fix problem with address delimitor inside quotes. 2372 Define $k and $=k to be the UUCP name (from the uname call) 2373 based on code from Bruce Lilly. 2374 23756.10/6.2 93/01/18 2376 Implement arpatounix (largely code from Bruce Lilly). 2377 Log more info (suggested by John Myers). 2378 Allow nested $?...$|...$. (inspired by code from Bruce Lilly of 2379 Sony US). 2380 POSIX compatibility (noted by Keith Bostic). 2381 Handle SMTP MAIL command errors properly (urged by several people, 2382 notably John Myers of CMU). 2383 Do early diagnosis of .cf errors (notably referencing a RHS 2384 substitution that isn't on the LHS). 2385 Adjust checkpointing to better handle batched recipients, suggested 2386 by John Myers. 2387 Fix miscellaneous bugs. 2388 (config files:) Implement MAIL_HUB for all local mail (to handle 2389 NFS-mounted directories) as urged by Tom Ivar Helbekkmo 2390 of the Norwegian School of Economics. 2391 23926.9/6.1 93/01/13 2393 Environment handling simplification/bug fix -- child processes 2394 get a minimal, fixed environment. This avoids different 2395 behaviour in queue runs. 2396 Handle commas inside comments properly. 2397 Properly limit large messages submitted in -obq mode. 2398 23996.8/6.1 93/01/10 2400 Check mtime of thaw file against .cf and sendmail binary, based on 2401 code from John Myers. 2402 24036.7/6.1 93/01/10 2404 MX piggybacking, based on code from John Myers@CMU. 2405 Allow checkcompat to return -1 to mean tempfail. 2406 Bug fix in m_mno computation. 2407 24086.6/6.1 93/01/09 2409 Tuning of queueing functions as recommended by John Gardiner Myers. 2410 Return mail headers (no body) on messages with negative precedence. 2411 Minor other bug fixes. 2412 24136.5/6.1 93/01/03 2414 Fix botch causing queued headers to have ?XX? prefixes. 2415 24166.4/6.1 93/01/02 2417 Changes to recognize special mailer types (e.g., file) early. 2418 24196.3/6.1 93/01/01 2420 Pass timeouts to sfgets. 2421 Check for control characters in addresses. 2422 Fixed deferred error reporting. 2423 Report duplicate aliases. 2424 Handle mixed case recursive aliases. 2425 Misc bug fixes. 2426 24276.2/6.1 92/12/30 2428 Put return-receipt-to on a conf.c flag (but don't set it). 2429 Fix minor syslog problem. 2430