1 SENDMAIL RELEASE NOTES 2 @(#)RELEASE_NOTES 8.7.Beta (Berkeley) 05/23/95 3 4This listing shows the version of the sendmail binary, the version 5of the sendmail configuration files, the date of release, and a 6summary of the changes in that release. 7 88.7/8.7 95/xx/xx CURRENTLY IN BETA PRERELEASE!!! 9 Fix a problem that could cause sendmail to run out of file 10 descriptors due to a trashed data structure after a 11 vfork. Fix from Brian Coan of the Institute for 12 Global Communications. 13 Change the VRFY response if you have disabled VRFY -- some 14 people seemed to think that it was too rude. 15 Avoid reference to uninitialized file descriptor if HASFLOCK 16 was not defined. This was used "safely" in the sense 17 that it only did a stat, but it would have set the 18 map modification time improperly. Problem pointed out 19 by Roy Mongiovi of Georgia Tech. 20 Clean up the Subject: line on warning messages and return 21 receipts so that they don't say "Returned mail:"; this 22 can be confusing. 23 Move ruleset entry/exit debugging from 21.2 to 21.1 -- this is 24 useful enough to make it worthwhile printing on "-d". 25 Avoid logging alias statistics every time you read the alias 26 file on systems with no database method compiled in. 27 If you have a name with a trailing dot, and you try looking it 28 up using gethostbyname without the dot (for /etc/hosts 29 compatibility), be sure to turn off RES_DEFNAMES and 30 RES_DNSRCH to avoid finding the wrong name accidently. 31 Problem noted by Charles Amos of the University of 32 Maryland. 33 Don't do timeouts in collect if you are not running SMTP. 34 There is nothing that says you can't have a long 35 running program piped into sendmail (possibly via 36 /bin/mail, which just execs sendmail). Problem reported 37 by Don "Truck" Lewis of Silicon Systems. 38 Try gethostbyname() even if the DNS lookup fails iff option I 39 is not set. This allows you to have hosts listed in 40 NIS or /etc/hosts that are not known to DNS. It's normally 41 a bad idea, but can be useful on firewall machines. This 42 should really be broken out on a separate flag, I suppose. 43 Avoid compile warnings against BIND 4.9.3, which uses function 44 prototypes. From Don Lewis of Silicon Systems. 45 Avoid possible incorrect diagnosis of DNS-related errors caused 46 by things like attempts to resolve uucp names using 47 $[ ... $] -- the fix is to clear h_errno at appropriate 48 times. From Kyle Jones of UUNET. 49 SECURITY: avoid denial-of-service attacks possible by destroying 50 the alias database file by setting resource limits low. 51 This involves adding two new compile-time options: 52 HASSETRLIMIT (indicating that setrlimit(2) support is 53 available) and HASULIMIT (indicating that ulimit(2) support 54 is available -- the Release 3 form is used). The former 55 is assumed on BSD-based systems, the latter on System 56 V-based systems. Attack noted by Phil Brandenberger of 57 Swarthmore University. 58 New syntaxes in test (-bt) mode: 59 ``.Dmvalue'' will define macro "m" to "value". 60 ``.Ccvalue'' will add "value" to class "c". 61 ``.Sruleset'' will dump the contents of the indicated 62 ruleset. 63 ``-ddebug-spec'' is equivalent to the command-line 64 -d debug flag. 65 ``$m'' will print the value of macro "m". 66 ``/mx host'' returns the MX records for ``host''. 67 ``/try address'' will parse address, returning the value of 68 crackaddr (essentially, the comment information) 69 and the parsed address (the same as -bv). 70 Somewhat better handling of UNIX-domain socket addresses -- it 71 should show the pathname rather than hex bytes. 72 Restore ``-ba'' mode -- this reads a file from stdin and parses 73 the header for envelope sender information and uses 74 CR-LF as message terminators. It was thought to be 75 obsolete (used only for Arpanet NCP protocols), but it 76 turns out that the UK ``Grey Book'' protocols require 77 that functionality. 78 Fix a fix in previous release -- if gethostname and gethostbyname 79 return a name without dots, and if a DNS lookup of that 80 name fails, wait one minute and try again even if DNS 81 not specified in the config file -- the problem is that 82 this code is executed before the config file is read. 83 This can result in an extra 60 second delay on startup 84 if (1) you have DNS compiled in, (2) you are not running 85 DNS, (3) your system hostname (as returned by hostname(1)) 86 has no dot, AND (4) the canonical name listed in /etc/hosts 87 or your NIS map has no dot. 88 Check for proper domain name on HELO and EHLO commands per 89 RFC 1123 section 5.2.5. Problem noted by Thomas Dwyer III 90 of Michigan Technological University. 91 Relax chownsafe rules slightly -- old version said that if you 92 can't tell if _POSIX_CHOWN_RESTRICTED is set (that is, 93 if fpathconf returned EINVAL or ENOSYS), assume that 94 chown is not safe. The new version falls back to whether 95 you are on a BSD system or not. This is important for 96 SunOS, which apparently always returns one of those 97 error codes. This impacts whether you can mail to files 98 or not. 99 Syntax errors such as unbalanced parentheses in the configuration 100 file could be omitted if you had "Oem" prior to the 101 syntax error in the config file. Change to always print 102 the error message. It was especially wierd because it 103 would cause a "warning" message to be sent to the Postmaster 104 for every message sent (but with no transcript). Problem 105 noted by Gregory Paris of Motorola. 106 Rewrite collect and putbody to handle full 8-bit data, including 107 zero bytes. These changes are internally extensive, but 108 should have minimal impact on external function. 109 Allow full words for option names -- if the option letter is 110 (apparently) a space, then take the word following -- e.g., 111 O MatchGECOS=TRUE 112 The full list of old and new names is as follows: 113 7 SevenBitInput 114 8 EightBitMode 115 A AliasFile 116 a AliasWait 117 B BlankSub 118 b MinFreeBlocks/MaxMessageSize 119 C CheckpointInterval 120 c HoldExpensive 121 D AutoRebuildAliases 122 d DeliveryMode 123 E ErrorHeader 124 e ErrorMode 125 f SaveFromLine 126 F TempFileMode 127 G MatchGECOS 128 H HelpFile 129 h MaxHopCount 130 i IgnoreDots 131 I ResolverOptions 132 J ForwardPath 133 j SendMimeErrors 134 k ConnectionCacheSize 135 K ConnectionCacheTimeout 136 L LogLevel 137 l UseErrorsTo 138 m MeToo 139 n CheckAliases 140 O DaemonPortOptions 141 o OldStyleHeaders 142 P PostmasterCopy 143 p PrivacyOptions 144 Q QueueDirectory 145 q QueueFactor 146 R DontPruneRoutes 147 r, T Timeout 148 S StatusFile 149 s SuperSafe 150 t TimeZoneSpec 151 u DefaultUser 152 U UserDatabaseSpec 153 V FallbackMXhost 154 v Verbose 155 w TryNullMXList 156 x QueueLA 157 X RefuseLA 158 Y ForkEachJob 159 y RecipientFactor 160 z ClassFactor 161 Z RetryFactor 162 To avoid possible problems with an older sendmail, 163 configuration level 6 is accepted by this version of 164 sendmail; any config file using the new names should 165 specify "V6" in the configuration. 166 Change address parsing to properly note that a phrase before a 167 colon and a trailing semicolon are essentially the same 168 as text outside of angle brackets (i.e., sendmail should 169 treat them as comments). This is to handle the 170 ``group name: addr1, addr2, ..., addrN;'' syntax (it will 171 assume that ``group name:'' is a comment on the first 172 address and the ``;'' is a comment on the last address). 173 This requires config file support to get right. It does 174 understand that :: is NOT this syntax, and can be turned 175 off completely by setting the ColonOkInAddresses option. 176 Level 6 config files added with new mailer flags: 177 A Addresses are aliasable. 178 i Do udb rewriting on envelope as well as header 179 sender lines. Applies to the from address mailer 180 flags rather than the recipient mailer flags. 181 j Do udb rewriting on header recipient addresses. 182 Applies to the sender mailer flags rather than the 183 recipient mailer flags. 184 k Disable check for loops when doing HELO command. 185 o Always run as the mail recipient, even on local 186 delivery. 187 w Check for an /etc/passwd entry for this user. 188 5 Pass addresses through ruleset 5. 189 : Check for :include: on this address. 190 | Check for |program on this address. 191 / Check for /file on this address. 192 @ Look up sender header addresses in the user 193 database. Applies to the mailer flags for the 194 mailer corresponding to the envelope sender 195 address, rather than to recipient mailer flags. 196 Pre-level 6 configuration files set A, w, 5, :, |, /, and @ 197 on the "local" mailer, the o flag on the "prog" and "*file*" 198 mailers, and the ColonOkInAddresses option. 199 Eight-to-seven bit MIME conversions. This borrows ideas from 200 John Beck of Hewlett-Packard, who generously contributed 201 their implementation to me, which I then didn't use (see 202 mime.c for an explanation of why). This adds the 203 EightBitMode option (a.k.a. `8') and an F=8 mailer flag 204 to control handling of 8-bit data. These have to cope with 205 two types of 8-bit data: unlabelled 8-bit data (that is, 206 8-bit data that is entered without declaring it as 8-bit 207 MIME -- technically this is illegal according to the 208 specs) and labelled 8-bit data (that is, it was declared 209 as 8BITMIME in the ESMTP session or by using the 210 -B8BITMIME command line flag). If the F=8 mailer flag is 211 set then 8-bit data is sent to non-8BITMIME machines 212 instead of converting to 7 bit (essentially using 213 just-send-8 semantics). The values for EightBitMode are: 214 m convert unlabelled 8-bit input to 8BITMIME, and do 215 any necessary conversion of 8BITMIME to 7BIT 216 (essentially, the full MIME option). 217 p pass unlabelled 8-bit input, but convert labelled 218 8BITMIME input to 7BIT as required (default). 219 s strict adherence: reject unlabelled 8-bit input, 220 convert 8BITMIME to 7BIT as required. The F=8 221 flag is ignored. 222 Unlabelled 8-bit data is rejected in mode `s' regardless of 223 the setting of F=8. 224 Add new internal class 'n', which is the set of MIME Content-Types 225 which can not be 8 to 7 bit encoded because of other 226 considerations. Types "multipart/*" and "message/*" are 227 never directly encoded (although their components can be). 228 Add new internal class 'e'. This is the set of MIME 229 Content-Transfer-Encodings that can be converted to 230 a seven bit format (Quoted-Printable or Base64). It is 231 preinitialized to contain "7bit", "8bit", and "binary". 232 Add C=charset mailer parameter and the the DefaultCharSet option (no 233 short name) to set the default character set to use in the 234 Content-Type: header when doing encoding of an 8-bit message 235 which isn't marked as MIME into MIME format. If the C= 236 parameter is set on the Envelope From address, use that as 237 the default encoding; else use the DefaultCharSet option. 238 If neither is set, it defaults to "unknown-8bit" as 239 suggested by RFC 1428 section 3. 240 Allow ``U=user:group'' field in mailer definition to set a default 241 user and group that a mailer will be executed as. This 242 overrides the 'u' and 'g' options, and if the `F=S' flag is 243 also set, it is the uid/gid that will always be used (that 244 is, the controlling address is ignored). The values may be 245 numeric or symbolic; if only a symbolic user is given (no 246 group) that user's default group in the passwd file is used 247 as the group. Based on code donated by Chip Rosenthal of 248 Unicom. 249 Allow `u' option to also accept user:group as a value, in the same 250 fashion as the U= mailer option. 251 Add the symbolic time zone name in the Arpanet format dates (as 252 a comment). This adds a new compile-time configuration 253 flag: TZ_TYPE can be set to TZ_TM_NAME (use the value 254 of (struct tm *)->tm_name), TZ_TM_ZONE (use the value 255 of (struct tm *)->tm_zone), TZ_TZNAME (use extern char 256 *tzname[(struct tm *)->tm_isdst]), TZ_TIMEZONE (use 257 timezone()), or TZ_NONE (don't include the comment). Code 258 from Chip Rosenthal. 259 The "Timeout" option (formerly "r") is extended to allow suboptions. 260 For example, 261 O Timeout.helo = 2m 262 There are also two new suboptions "queuereturn" and 263 "queuewarn"; these subsume the old T option. Thus, to 264 set them both the preferred new syntax is 265 O Timeout.queuereturn = 5d 266 O Timeout.queuewarn = 4h 267 Sort queue by host name instead of by message priority if the 268 QueueSortOrder option (no short name) is set is set to 269 ``host''. This makes better use of the connection cache, 270 but may delay more ``interactive'' messages behind large 271 backlogs under some circumstances. This is probably a 272 good option if you have high speed links or don't do lots 273 of ``batch'' messages, but less good if you are using 274 something like PPP on a 14.4 modem. Based on code 275 contributed by Roy Mongiovi of Georgia Tech (my main 276 contribution was to make it configurable). 277 Save i-number of df file in qf file to simplify rebuilding of queue 278 after disasterous disk crash. Suggested by Kyle Jones of 279 UUNET; closely based on code from KJS DECWRL code written 280 by Paul Vixie. NOTA BENE: The qf files produced by 8.7 281 are NOT back compatible with 8.6 -- that is, you can convert 282 from 8.6 to 8.7, but not the other direction. 283 Add ``F=d'' mailer flag to disable all use of angle brackets in 284 route-addrs in envelopes; this is because in some cases 285 they can be sent to the shell, which interprets them as 286 I/O redirection. 287 Don't include error file (option E) with return-receipts; this 288 can be confusing. 289 Don't send "Warning: cannot send" messages to owner-* or 290 *-request addresses. Suggested by Christophe Wolfhugel 291 of the Institut Pasteur, Paris. 292 Allow -O command line flag to set long form options. 293 Add "MinQueueAge" option to set the minimum time between attempts 294 to run the queue. For example, if the queue interval 295 (-q value) is five minutes, but the minimum queue age 296 is fifteen minutes, jobs won't be tried more often than 297 once every fifteen minutes. This can be used to give 298 you more responsiveness if your delivery mode is set to 299 queue-only. 300 Allow "fileopen" timeout (default: 60 seconds) for opening 301 :include: and .forward files. 302 Add "-k", "-v", and "-z" flags to map definitions; these set the 303 key field name, the value field name, and the field 304 delimiter. The field delimiter can be a single character 305 or the sequence "\t" or "\n" for tab or newline. 306 These are for use by NIS+ and similar access methods. 307 Add "nisplus" map class. Takes -k and -v flags to choose the 308 key and value field names respectively. Code donated by 309 Sun Microsystems. 310 Add "hesiod" map class. The "file name" is used as the 311 "HesiodNameType" parameter to hes_resolve(3). Returns the 312 first value found for the match. Code donated by Scott 313 Hutton of Indiana University. 314 Add "netinfo" (NeXT NetInfo) map class. Maps can have a -k flag to 315 specify the name of the property that is searched as the 316 key and a -v flag to specify the name of the property that 317 is returned as the value (defaults to "members"). The 318 default map is "/aliases". 319 Add "text" map class. This does slow, linear searches through 320 text files. The -z flag specifies a column delimiter 321 (defaults to any sequence of white space), the -k flag 322 sets the key column number, and the -v flag sets the 323 value column number. Lines beginning with `#' are treated 324 as comments. 325 Add "program" map class to execute arbitrary programs. The search 326 key is presented as the last argument; the output is one 327 line read from the programs standard output. Exit statuses 328 are from sysexits.h. 329 Add "sequence" map class -- searches maps in sequence until it 330 finds a match. For example, the declarations: 331 Kmap1 ... 332 Kmap2 ... 333 Kmapseq sequence map1 map2 334 defines a map "mapseq" that first searches map1; if the 335 value is found it is returned immediately, otherwise 336 map2 is searched and the value returned. 337 Add "switch" map class. This is much like "sequence" except that 338 the ordering is fetched from an external file, usually 339 the system service switch. The parameter is the name of 340 the service to switch on, and the maps that it will use 341 are this name followed by ".service_type". For example, 342 if the declaration of the map is 343 Ksample switch hosts 344 and the system service switch specifies that hosts are 345 looked up using dns and nis in that order, then this is 346 equivalent to 347 Ksample sequence hosts.dns hosts.nis 348 The subordinate maps must already be defined. 349 Add "user" map class -- looks up users using getpwnam. Takes a 350 "-v field" flag on the definition that tells what passwd 351 entry to return -- legal values are name, passwd, uid, gid, 352 gecos, dir, and shell. Generally expected to be used with 353 the -m (matchonly) flag. 354 Add "bestmx" map class -- returns the best MX value for the host 355 listed as the value. If there are several "best" MX records 356 for this host, one will be chosen at random. 357 Add "userdb" map class -- looks up entries in the user database. 358 The "file name" is actually the tag that will be used, 359 typically "mailname". If there are multiple entries 360 matching the name, the one chosen is undefined. 361 Add multiple queue timeouts (both return and warning). These are 362 set by the Precedence: or Priority: header fields to one of 363 three values. If a Priority: is set and has value "normal", 364 "urgent", or "non-urgent" the corresponding timeouts are 365 used. If no priority is set, the Precedence: is consulted; 366 if negative, non-urgent timeouts are used; if greater than 367 zero, urgent timeouts are used. Otherwise, normal timeouts 368 are used. The timeouts are set by setting the six timeouts 369 queue{warn,return}.{urgent,normal,non-urgent}. 370 Fix problem when a mail address is resolved to a $#error mailer 371 with a temporary failure indication; it works in SMTP, 372 but when delivering locally the mail is silently discarded. 373 This patch, from Kyle Jones of UUNET, bounces it instead 374 of queueing it (queueing is very hard). 375 When using /etc/hosts or NIS-style lookups, don't assume that 376 the first name in the list is the best one -- instead, 377 search for the first one with a dot. For example, if 378 an /etc/hosts entry reads 379 128.32.149.68 mammoth mammoth.CS.Berkeley.EDU 380 this change will use the second name as the canonical 381 machine name instead of the initial, unqualified name. 382 This heuristic is only used for finding your own name on 383 startup, when the system may not be fully configured yet. 384 Change dequote map to replace spaces in quoted text with a value 385 indicated by the -s flag on the dequote map definition. 386 For example, ``Mdequote dequote -s_'' will change 387 "Foo Bar" into an unquoted Foo_Bar instead of leaving it 388 quoted (because of the space character). Suggested by Dan 389 Oscarsson for use in X.400 addresses. 390 Implement long macro names as ${name}; long class names can 391 be similarly referenced as $={name} and $~{name}. 392 Definitions are (e.g.) ``D{name}value''. Names that have 393 a leading lower case letter or punctuation characters are 394 reserved for internal use by sendmail; i.e., config files 395 should use names that begin with a capital letter. Based 396 on code contributed by Dan Oscarsson. 397 Fix core dump if getgrgid returns a null group list (as opposed 398 to an empty group list, that is, a pointer to a list 399 with no members). Fix from Andrew Chang of Sun Microsystems. 400 Fix possible core dump if malloc fails -- if the malloc in xalloc 401 failed, it called syserr which called newstr which called 402 xalloc.... The newstr is now avoided for "panic" messages. 403 Reported by Stuart Kemp of James Cook University. 404 Improve connection cache timeouts; previously, they were not even 405 checked if you were delivering to anything other than an 406 IPC-connected host, so a series of (say) local mail 407 deliveries could cause cached connections to be open 408 much longer than the specified timeout. 409 If an incoming message exceeds the maximum message size, stop 410 writing the incoming bytes to the queue data file, since 411 this can fill your mqueue partition -- this is a possible 412 denial-of-service attack. 413 Don't reject all numeric local user names unless HESIOD is 414 defined. It turns out that Posix allows all-numeric 415 user names. Fix from Tony Sanders of BSDI. 416 Add service switch support. If the local OS has a service 417 switch (e.g., /etc/nsswitch.conf on Solaris) that will 418 be used; otherwise, it falls back to using a local 419 mechanism based on the ServiceSwitchFile option 420 (default: /etc/service.switch). For example, if the 421 service switch lists "files" and "nis" for the aliases 422 service, that will be the default lookup order. Note 423 that you can still stack aliases files however, although 424 you have to list them explicitly as "implicit:filename". 425 Option I (NameServerOptions) no longer sets the "UseNameServer" 426 variable which tells whether or not DNS should be considered 427 canonical. This is now determined based on whether or not 428 "dns" is in the service list for "hosts". 429 Add preliminary support for the ESMTP "DSN" extension (Delivery 430 Status Notifications). This is not yet a standard 431 and the implementation is for experimentation only. 432 For this reason it only announces itself as "X-DSN-0" 433 instead of "DSN". DSN notifications override 434 Return-Receipt-To:. 435 Add T=mtstype keyletter to mailer definitions to define the value 436 for the Final-MTS-Type: and Remote-MTS-Type: fields in the 437 DSN-standard return message. 438 Extend heuristic to force running in ESMTP mode to look for the 439 six-character string "ESMTP " anywhere in the 220 greeting 440 message (not just the second line). This is to provide 441 better compatibility with other ESMTP servers. 442 Print sequence number of job when running the queue so you can 443 easily see how much progress you have made. Suggested 444 by Peter Wemm of DIALix. 445 Map newlines to spaces in logged message-ids; some versions of 446 syslog truncate the rest of the line after newlines. 447 Suggested by Fletcher Mattox of U. Texas. 448 Move up forking for job runs so that if a message is split into 449 multiple envelopes you don't get "fork storms" -- this 450 also improves the connection cache utilization. 451 Accept "<<>>", "<<<>>>", and so forth as equivalent to "<>" for 452 the purposes of refusing to send error returns. Suggested 453 by Motonori Nakamura of Ritsumeikan University. 454 Relax rules on when a file can be written when referenced from 455 the aliases file: use the default uid/gid instead of the 456 real uid/gid. This allows you to create a file owned by 457 and writable only by the default uid/gid that will work 458 all the time (without having the setuid bit set). Change 459 suggested by Shau-Ping Lo and Andrew Cheng of Sun 460 Microsystems. 461 Add "DialDelay" option (no short name) to provide an "extra" 462 delay for dial on demand systems. If this is non-zero 463 and a connect fails, sendmail will wait this long and 464 then try again. If it takes longer than the kernel 465 timeout interval to establish the connection, this 466 option can give the network software time to establish 467 the link. The default units are seconds. 468 Move logging of sender information to be as early as possible; 469 previously, it could be delayed a while for SMTP mail 470 sent to aliases. Suggested by Brad Knowles of the 471 Defense Information Systems Agency. 472 Call res_init() before setting RES_DEBUG; this is required by 473 BIND 4.9.3, or so I'm told. From Douglas Anderson of 474 the National Computer Security Center. 475 Add xdelay= field in logs -- this is a transaction delay, telling 476 you how long it took to deliver to this address on the 477 last try. It is intended to be used for sorting mailing 478 lists to favor "quick" addresses. Provided for use by 479 the mailprio scripts (see below). 480 If a map cannot be opened, and that map is non-optional, and 481 an address requires that map for resolution, queue the 482 map instead of bouncing it. This involves creating a 483 pseudo-class of maps called "bogus-map" -- if a required 484 map cannot be opened, the class is changed to bogus-map; 485 all queries against bogus-map return "tempfail". The 486 bogus-map class is not directly accessible. A sample 487 implementation was donated by Jem Taylor of Glasgow 488 University Computing Service. 489 Don't make a bad ``MAIL FROM:'' address on one message blow away 490 other messages to the same host later in the queue. 491 Problem noted by Eric Prestemon of American University. 492 Fix a possible core dump when mailing to a program that talks 493 SMTP on its standard input. Fix from Keith Moore of 494 the University of Kentucky. 495 Make it possible to resolve filenames to $#local $: @ /filename; 496 previously, the "@" would cause it to not be recognized 497 as a file. Problem noted by Brian Hill of U.C. Davis. 498 Accept a -1 signal to re-exec the daemon. This only works if 499 argv[0] is a full path to sendmail. 500 Fix bug in "addr=..." field in O option on little-endian machines 501 -- the network number wasn't being converted to network 502 byte order. Patch from Kurt Lidl of Pix Technologies 503 Corporation. 504 Pre-initialize the resolver early on; this is to avoid a bug with 505 BIND 4.9.3 that can cause the _res.retry field to get 506 reset to zero, causing all name server lookups to time 507 out. Fix from Matt Day of Artisoft. 508 Restore T line (trusted users) in config file -- but instead of 509 locking out the -f flag, they just tell whether or not 510 an X-Authentication-Warning: will be added. This really 511 just creates new entries in class 't', so "Ft/file/name" 512 can be used to read trusted user names from a file. 513 Improve NEWDB alias file rebuilding so it will create them 514 properly if they do not already exist. This had been 515 a MAYBENEXTRELEASE feature in 8.6.9. 516 Check for @:@ entry in NIS maps before starting up to avoid 517 (but not prevent, sigh) race conditions. This ought to 518 be handled properly in ypserv, but isn't. Suggested by 519 Michael Beirne of Motorola. 520 Refuse connections if there isn't enough space on the filesystem 521 holding the queue. Contributed by Robert Dana of Wolf 522 Communications. 523 Skip checking for directory permissions in the path to a file 524 when checking for file permissions iff setreuid() 525 succeeded -- it is unnecessary in that case. This avoids 526 significant performance problems when looking for .forward 527 files. Based on a suggestion by Win Bent of USC. 528 Allow symbolic ruleset names. Syntax can be "Sname" to get an 529 arbitrary ruleset number assigned or "Sname = integer" 530 to assign a specific ruleset number. Reference is 531 $>name_or_number. Names can be composed of alphas, digits, 532 underscore, or hyphen (first character must be non-numeric). 533 Allow -o flag on AliasFile lines to make the alias file optional. 534 From Bryan Costales of ICSI. 535 Add NoRecipientAction option to handle the case where there is 536 no legal recipient header in the message. It can take 537 on values: 538 None Leave the message as is. The 539 message will be passed on even 540 though it is in technically 541 illegal syntax. 542 Add-To Add a To: header with any 543 recipients that it can find from 544 the envelope. This risks exposing 545 Bcc: recipients. 546 Add-Apparently-To Add an Apparently-To: header. This 547 has almost no redeeming social value, 548 and is provided only for back 549 compatibility. 550 Add-To-Undisclosed Add a header reading 551 To: undisclosed-recipients:; 552 which will have the effect of 553 making the message legal without 554 exposing Bcc: recipients. 555 Add-Bcc To add an empty Bcc: header. 556 There is a chance that mailers down 557 the line will delete this header, 558 which could cause exposure of Bcc: 559 recipients. 560 The default is NoRecipientAction=None. 561 Truncate (rather than delete) Bcc: lines in the header. This 562 should prevent later sendmails (at least, those that don't 563 themselves delete Bcc:) from considering this message to 564 be non-conforming -- although it does imply that non-blind 565 recipients can see that a Bcc: was sent, albeit not to whom. 566 Add SafeFileEnvironment option. If declared, files named as delivery 567 targets must be regular files in addition to the regular 568 checks. Also, if the option is non-null then it is used as 569 the name of a directory that is used as a chroot(2) 570 environment for the delivery; the file names listed in an 571 alias or forward should include the name of this root. 572 For example, if you run with 573 O SafeFileEnvironment=/arch 574 then aliases should reference "/arch/rest/of/path". If a 575 value is given, sendmail also won't try to save to 576 /usr/tmp/dead.letter (instead it just leaves the job in the 577 queue as Qfxxxxxx). Inspired by *Hobbit*'s sendmail patch kit. 578 Support -A flag for alias files; this will comma concatenate like 579 entries. For example, given the aliases: 580 list: member1 581 list: member2 582 and an alias file declared as: 583 OAhash:-A /etc/aliases 584 the final alias inserted will be "list: member1,member2"; 585 without -A you will get an error on the second and subsequent 586 alias for "list". Contributed by Bryan Costales of ICSI. 587 Line-buffer transcript file. Suggested by Liudvikas Bukys. 588 Fix a problem that could cause very long addresses to core dump in 589 some special circumstances. Problem pointed out by Allan 590 Johannesen. 591 (Internal change.) Change interface to expand() (macro expansion) 592 to be simpler and more consistent. 593 Delete check for funny qf file names. This didn't really give 594 any extra security and caused some people some problems. 595 (If you -really- want this, define PICKY_QF_NAME_CHECK 596 at compile time.) Suggested by Kyle Jones of UUNET. 597 (Internal change.) Change EF_NORETURN to EF_NO_BODY_RETN and 598 merge with DSN code; this is simpler and more consistent. 599 This may affect some people who have written their own 600 checkcompat() routine. 601 (Internal change.) Eliminate `D' line in qf file. The df file 602 is now assumed to be the same name as the qf file (with 603 the `q' changed to a `d', of course). 604 Avoid forking for delivery if all recipient mailers are marked as 605 "expensive" -- this can be a major cost on some systems. 606 Essentially, this forces sendmail into "queue only" mode 607 if all it is going to do is queue anyway. 608 Avoid sending a null message in some rather unusual circumstances 609 (specifically, the RCPT command returns a temporary 610 failure but the connection is lost before the DATA 611 command). Fix from Scott Hammond of Secure Computing 612 Corporation. 613 Change makesendmail to use a somewhat more rational naming scheme: 614 Makefiles and obj directories are named $os.$rel.$arch, 615 where $os is the operating system (e.g., SunOS), $rel is 616 the release number (e.g., 5.3), and $arch is the machine 617 architecture (e.g., sun4). Any of these can be omitted, 618 and anything after the first dot in a release number can 619 be replaced with "x" (e.g., SunOS.4.x.sun4). The previous 620 version used $os.$arch.$rel and was rather less general. 621 Ignore IDENT return value if the OSTYPE field returns "OTHER", 622 as indicated by RFC 1413. Pointed out by Kari Hurtta 623 of the Finnish Meteorological Institute. 624 Fix problem that could cause multiple responses to DATA command 625 on header syntax errors (e.g., lines beginning with colons). 626 Problem noted by Jens Thomassen of the University of Oslo. 627 Don't let null bytes in headers cause truncation of the rest of 628 the header. 629 Log Authentication-Warning:s. Suggested by Motonori Nakamura. 630 Increase timeouts on message data puts to allow time for receivers 631 to canonify addresses in headers on the fly. This is still 632 a rather ugly heuristic. From Motonori Nakamura. 633 Add "HasWildcardMX" suboption to ResolverOptions; if set, MX 634 records are not used when canonifying names. This is 635 useful if you have a wildcard MX record, although it 636 may cause other problems. In general, don't use wildcard 637 MX records. Patch from Motonori Nakamura. 638 Eliminate default two-line SMTP greeting message. Instead of 639 adding an extra "ESMTP spoken here" line, the word "ESMTP" 640 is added between the first and second word of the first 641 line of the greeting message (i.e., immediately after the 642 host name). This eliminates the need for the BROKEN_SMTP_PEERS 643 compile flag. Old sendmails won't see the ESMTP, but that's 644 acceptable because SIZE was the only useful extension that 645 old sendmails understand. 646 Avoid gethostbyname calls on UNIX domain sockets during SIGUSR1 647 invoked state dumps. From Masaharu Onishi. 648 Allow on-line comments in .forward and :include: files; they are 649 introduced by the string "<LWSP>#@#<LWSP>", where <LWSP> 650 is a space or a tab. This is intended for native 651 representation of non-ASCII sets such as Japanese, where 652 existing encodings would be unreadable or would lose 653 data -- for example, 654 <motonori@cs.ritsumei.ac.jp> NAKAMURA Motonori 655 (romanized/less information) 656 <motonori@cs.ritsumei.ac.jp> =?ISO-2022-JP?B?GyRCQ2ZCPBsoQg==?= 657 =?ISO-2022-JP?B?GyRCQUdFNRsoQg==?= 658 (with MIME encoding, not human readable) 659 <motonori@cs.ritsumei.ac.jp> #@# ^[$BCfB<^[(B ^[$BAGE5^[(B 660 (native encoding with ISO-2022-JP) 661 The last form is human readable in the Japanese environment. 662 Based on a fix from (surprise!) Motonori Nakamura. 663 Don't make SMTP error returns on MAIL FROM: line be "sticky" for all 664 messages to that host; these are most frequently associated 665 with addresses rather than the host, with the exception of 666 421 (service shutting down). The effect was to cause queues 667 to sometimes take an excessive time to flush. Reported by 668 Robert Sargent of Southern Geographics Technologies. 669 Add Nice=N mailer option to set the niceness at which a mailer will 670 run. 671 When looking for a default config file (that is, not specified using 672 a -C flag), try a configuration file name extended by the 673 binary version number -- e.g., sendmail.8.7.Alpha.9.cf, 674 sendmail.8.7.Alpha.cf, sendmail.8.7.cf, sendmail.8.cf, and 675 sendmail.cf in that order. This should make it easier to 676 test new versions in a shared environment. 677 Log queue runs that are skipped due to high loads. They are logged 678 at LOG_INFO priority iff the log level is > 8. Contributed 679 by Bruce Nagel of Data General. 680 Allow the error mailer to accept a DSN-style error status code 681 instead of an sysexits status code in the host part. 682 Anything with a dot will be interpreted as a DSN-style code. 683 Add new mailer flag: F=3 will tell translations to Quoted-Printable 684 to encode characters that might be munged by an EBCDIC system 685 in addition to the set required by RFC 1521. The additional 686 characters are !, ", #, $, @, [, \, ], ^, `, {, |, }, and ~. 687 (Think of "IBM 360" as the mnemonic for this flag.) 688 Change check for mailing to files to look for a pathname of [FILE] 689 rather than looking for the mailer named *file*. The mapping 690 of leading slashes still goes to the *file* mailer. This 691 allows you to implement the *file* mailer as a separate 692 program, for example, to insert a Content-Length: header 693 or do special security policy. However, note that the usual 694 initial checking for the file permissions is still done, and 695 the program in question needs to be very careful about how 696 it does the file write to avoid security problems. 697 Be able to read ~root/.forward even if the path isn't accessible to 698 regular users. This is disrecommended because sendmail 699 sometimes does not run as root (e.g., when an unsafe option 700 is specified on the command line), but should otherwise be 701 safe because .forward files must be owned by the user for 702 whom mail is being forwarded, and cannot be a symbolic link. 703 Suggested by Forrest Aldrich of Wang Laboratories. 704 Add new "HostsFile" option that is the pathname to the /etc/hosts 705 file. This is used for canonifying hostnames when the 706 service type is "files". 707 Implement programs on F (read class from file) line. The syntax is 708 Fc|/path/to/program to read the output from the program 709 into class "c". 710 Probe the network interfaces to find alternate names for this 711 host. Requires the SIOCGIFCONF ioctl call. Code 712 contributed by SunSoft. 713 Add "E" configuration line to set or propogate environment 714 variables into children. "E<envar>" will propogate 715 the named variable from the environment when sendmail 716 was invoked into any children it calls; "E<envar>=<value>" 717 sets the named variable to the indicated value. Any 718 variables not explicitly named will not be in the child 719 environment. However, sendmail still forces an 720 "AGENT=sendmail" environment variable, in part to enforce 721 at least one environment variable, since many programs and 722 libraries die horribly if this is not guaranteed. 723 PORTABILITY FIXES: 724 Solaris 2 from Rob McMahon <cudcv@csv.warwick.ac.uk>. 725 System V Release 4 from Motonori Nakamura of Ritsumeikan 726 University. This expands the disk size 727 checking to include all (?) SVR4 configurations. 728 System V Release 4 from Kimmo Suominen -- initgroups(3) 729 and setrlimit(2) are both available. 730 System V Release 4 from sob@sculley.ffg.com -- some versions 731 apparently "have EX_OK defined in other headerfiles." 732 Linux Makefile typo. 733 Linux getusershell(3) is broken in Slackware 2.0 -- 734 from Andrew Pam of Xanadu Australia. 735 More Linux tweaking from John Kennedy of California State 736 University, Chico. 737 Cray changes from Eric Wassenaar: ``On Cray, shorts, 738 ints, and longs are all 64 bits, and all structs 739 are multiples of 64 bits. This means that the 740 sizeof operator returns only multiples of 8. 741 This requires adaptation of code that really 742 deals with 32 bit or 16 bit fields, such as IP 743 addresses or nameserver fields.'' 744 DG/UX 5.4.3 from Mark T. Robinson <mtr@ornl.gov>. To 745 get the old behaviour, use -DDGUX_5_4_2. 746 DG/UX hack: add _FORCE_MAIL_LOCAL_=yes environment 747 variable to fix bogus /bin/mail behaviour. 748 Tandem NonStop-UX from Rick McCarty <mccarty@mpd.tandem.com>. 749 This also cleans up some System V Release 4 compile 750 problems. 751 Solaris 2: sendmail.cw file should be in /etc/mail to 752 match all the other configuration files. Fix 753 from Glenn Barry of Emory University. 754 Solaris 2.3: compile problem in conf.c. Fix from Alain 755 Nissen of the University of Liege, Belgium. 756 Ultrix: freespace calculation was incorrect. Fix from 757 Takashi Kizu of Osaka University. 758 SVR4: running in background gets a SIGTTOU because the 759 emulation code doesn't realize that "getpeername" 760 doesn't require reading the file. Fix from Peter 761 Wemm of DIALix. 762 Solaris 2.3: due to an apparent bug in the socket emulation 763 library, sockets can get into a "wedged" state where 764 they just return EPROTO; closing and re-opening the 765 socket clears the problem. Fix from Bob Manson 766 of Ohio State University. 767 Hitachi 3050R & 3050RX running HI-UX/WE2: portability 768 fixes from Akihiro Hashimoto ("Hash") of Chiba 769 University. 770 AIX changes to allow setproctitle to work from Rainer Sch�pf 771 of Zentrum f�r Datenverarbeitung der Universit�t 772 Mainz. 773 SCO Unix from Chip Rosenthal of Unicom (code was using the 774 wrong statfs call). 775 ANSI C fixes from Adam Glass (NetBSD project). 776 Stardent Titan/ANSI C fixes from Kate Hedstrom of Rutgers 777 University. 778 DG-UX fixes from Bruce Nagel of Data General. 779 IRIX64 updates from Mark Levinson of the University of 780 Rochester Medical Center. 781 Altos System V (``the first UNIX/XENIX merge the Altos 782 did for their Series 1000 & Series 2000 line; 783 their merged code was licenced back to AT&T and 784 Microsoft and became System V release 3.2'') from 785 Tim Rice <timr@crl.com>. 786 OSF/1 running on Intel Paragon from Jeff A. Earickson 787 <jeff@ssd.intel.com> of Intel Scalable Systems 788 Divison. 789 Amdahl UTS System V 2.1.5 (SVr3-based) from Janet Jackson 790 <janet@dialix.oz.au>. 791 System V Release 4 (statvfs semantic fix) from Alain 792 Durand of I.M.A.G. 793 HP-UX 10.x multiprocessor load average changes from 794 Scott Hutton and Jeff Sumler of Indiana University. 795 Cray CSOS from Scott Bolte of Cray Computer Corporation. 796 Unicos 8.0 from Douglas K. Rand of the University of North 797 Dakota, Scientific Computing Center. 798 Solaris 2.4 fixes from Sanjay Dani of Dani Communications. 799 ConvexOS 11.0 from Christophe Wolfhugel. 800 IRIX 4.0.5 from David Ashton-Reader of CADcentre. 801 ISC UNIX from J. J. Bailey. 802 HP-UX 9.xx on the 8xx series machines from Remy Giraud 803 of Meteo France. 804 HP-UX configuration from Tom Lane <tgl@sss.pgh.pa.us>. 805 IRIX 5.2 and 5.3 from Kari E. Hurtta. 806 FreeBSD 2.0 from Mike Hickey of Federal Data Corporation. 807 Sony NEWS-OS 4.2.1R and 6.0.3 from Motonori Nakamura. 808 Omron LUNA unios-b, mach from Motonori Nakamura. 809 NEC EWS-UX/V 4.2 from Motonori Nakamura. 810 NeXT 2.1 from Bryan Costales. 811 AUX patch thanks to Mike Erwin of Apple Computer. 812 HP-UX 10.0 from John Beck of Hewlett-Packard. 813 Ultrix: allow -DBROKEN_RES_SEARCH=0 if you are using a 814 non-DEC resolver. Suggested by Allan Johannesen. 815 MAKEMAP: allow -d flag to allow insertion of duplicate aliases 816 in type ``btree'' maps. The semantics of this are undefined 817 for regular maps, but it can be useful for the user database. 818 MAKEMAP: lock database file while rebuilding to avoid sendmail 819 lookups while the rebuild is going on. There is a race 820 condition between the open(... O_TRUNC ...) and the lock 821 on the file, but it should be quite small. 822 SMRSH: sendmail restricted shell added to the release. This can 823 be used as an alternative to /bin/sh for the "prog" mailer, 824 giving the local administrator more control over what 825 programs can be run from sendmail. 826 CONTRIB: a patch to rmail.c from Bill Gianopoulos of Raytheon 827 to allow rmail to compile on systems that don't have 828 function prototypes and systems that don't have snprintf. 829 CONTRIB: add the "mailprio" scripts that will help you sort mailing 830 lists by transaction delay times so that addresses that 831 respond quickly get sent first. This is to prevent very 832 sluggish servers from delaying other peoples' mail. 833 Contributed by Tony Sanders of BSDI. 834 CONTRIB: add the "bsdi.mc" file as contributed by Tony Sanders 835 of BSDI. This has a lot of comments to help people out. 836 CONFIG: fix mail from <> so it will properly convert to 837 MAILER-DAEMON on local addresses. 838 CONFIG: fix code that was supposed to catch colons in host 839 names. Problem noted by John Gardiner Myers of CMU. 840 CONFIG: allow use of SMTP_MAILER_MAX in nullclient configuration. 841 From Paul Riddle of the University of Maryland, Baltimore 842 County. 843 CONFIG: Catch and reject "." as a host address. 844 CONFIG: Generalize domaintable to look up all domains, not 845 just unqualified ones. 846 CONFIG: Delete OLD_SENDMAIL support -- as near as I can tell, it 847 was never used and didn't work anyway. 848 CONFIG: Set flags A, w, 5, :, /, |, and @ on the "local" mailer 849 and d on all mailers in the UUCP class. 850 CONFIG: Allow "user+detail" to be aliased specially: it will first 851 look for an alias for "user+detail", then for "user+*", and 852 finally for "user". This is intended for forwarding mail 853 for system aliases such as root and postmaster to a 854 centralized hub. 855 CONFIG: add confEIGHT_BIT_HANDLING to set option 8 (see above). 856 CONFIG: add smtp8 mailer; this has the F=8 (just-send-8) flag set. 857 The F=8 flag is also set on the "relay" mailer, since 858 this is expected to be another sendmail. 859 CONFIG: avoid qualifying all UUCP addresses sent via SMTP with 860 the name of the UUCP_RELAY -- in some cases, this is the 861 wrong value (e.g., when we have local UUCP connections), 862 and this can create unreplyable addresses. From Chip 863 Rosenthal of Unicom. 864 CONFIG: add confRECEIVED_HEADER to change the format of the 865 Received: header inserted into all messages. Suggested by 866 Gary Mills of the University of Manitoba. 867 CONFIG: Make "notsticky" the default; use FEATURE(stickyhost) 868 to get the old behaviour. I did this upon observing 869 that almost everyone needed this feature, and that the 870 concept I was trying to make happen didn't work with 871 some user agents anyway. FEATURE(notsticky) still works, 872 but it is a no-op. 873 CONFIG: Add LUSER_RELAY -- the host to which unrecognized user 874 names are sent, rather than immediately diagnosing them 875 as User Unknown. 876 CONFIG: Add SMTP_MAILER_ARGS, ESMTP_MAILER_ARGS, SMTP8_MAILER_ARGS, 877 and RELAY_MAILER_ARGS to set the arguments for the 878 indicated mailers. All default to "IPC $h". Patch from 879 Larry Parmelee of Cornell University. 880 CONFIG: pop mailer needs F=n flag to avoid "annoying side effects 881 on the client side" and F=P to get an appropriate 882 return-path. From Kimmo Suominen. 883 CONFIG: add FEATURE(local_procmail) to use the procmail program 884 as the local mailer. For addresses of the form "user+detail" 885 the "detail" part is passed to procmail via the -a flag. 886 Contributed by Kimmo Suominen. 887 CONFIG: add MAILER(procmail) to add an interface to procmail for 888 use from mailertables. This lets you execute arbitrary 889 procmail scripts. Contributed by Kimmo Suominen. 890 CONFIG: add T= fields (MTS type) to local, smtp, and uucp mailers. 891 CONFIG: add OSTYPE(ptx2) for DYNIX/ptx 2.x from Sequent. From 892 Paul Southworth of CICNet Systems Support. 893 CONFIG: use -a$g as default to UUCP mailers, instead of -a$f. 894 This causes the null return path to be rewritten as 895 MAILER-DAEMON; otherwise UUCP gets horribly confused. 896 From Michael Hohmuth of Technische Universitat Dresden. 897 CONFIG: Add FEATURE(bestmx_is_local) to cause any hosts that 898 list us as the best possible MX record to be treated as 899 though they were local (essentially, assume that they 900 are included in $=w). This can cause additional DNS 901 traffic, but is easier to administer if this fits your 902 local model. It does not work reliably if there are 903 multiple hosts that share the best MX preference. 904 Code contributed by John Oleynick of Rutgers. 905 CONFIG: Add FEATURE(smrsh) to use smrsh (the SendMail Restricted 906 SHell) instead of /bin/sh as the program used for delivery 907 to programs. If an argument is included, it is used as 908 the path to smrsh; otherwise, /usr/local/etc/smrsh is 909 assumed. 910 CONFIG: Add LOCAL_MAILER_MAX and PROCMAILER_MAILER_MAX to limit the 911 size of messages to the local and procmail mailers 912 respectively. Contributed by Brad Knowles of the Defense 913 Information Systems Agency. 914 CONFIG: Handle leading ``phrase:'' and trailing ``;'' as comments 915 (just like text outside of angle brackets) in order to 916 properly deal with ``group: addr1, ... addrN;'' syntax. 917 CONFIG: Require OSTYPE macro (the defaults really don't apply to 918 any real systems any more) and tweak the DOMAIN macro 919 so that it is less likely that users will accidently use 920 the Berkeley defaults. Also, create some generic files 921 that really can be used in the real world. 922 CONFIG: Add new configuration macros to set character sets for 923 messages _arriving from_ various mailers: LOCAL_MAILER_CHARSET, 924 SMTP_MAILER_CHARSET, and UUCP_MAILER_CHARSET. 925 CONFIG: Change UUCP_MAX_SIZE to UUCP_MAILER_MAX for consistency. 926 The old name will still be accepted for a while at least. 927 CONFIG: Implement DECNET_RELAY as spec for host to which DECNET 928 mail (.DECNET pseudo-domain or node::user) will be sent. 929 As with all relays, it can be ``mailer:hostname''. Suggested 930 by Scott Hutton. 931 CONFIG: Add MAILER(mail11) to get DECnet support. Code contributed 932 by Barb Dijker of Labyrinth Computer Services. 933 NEW FILES: 934 cf/cf/cs-hpux10.mc 935 cf/cf/cs-solaris2.mc 936 cf/cf/generic-hpux10.mc 937 cf/cf/generic-hpux9.mc 938 cf/cf/generic-osf1.mc 939 cf/cf/generic-solaris2.mc 940 cf/cf/generic-sunos4.1.mc 941 cf/cf/generic-ultrix4.mc 942 cf/cf/huginn.cs.mc 943 cf/domain/berkeley-only.m4 944 cf/domain/generic.m4 945 cf/feature/bestmx_is_local.m4 946 cf/feature/local_procmail.m4 947 cf/feature/smrsh.m4 948 cf/feature/stickydomain.m4 949 cf/mailer/procmail.m4 950 cf/ostype/amdahl-uts.m4 951 cf/ostype/hpux10.m4 952 cf/ostype/ptx2.m4 953 cf/ostype/unknown.m4 954 contrib/bsdi.mc 955 contrib/mailprio 956 contrib/rmail.oldsys.patch 957 smrsh/README 958 smrsh/smrsh.8 959 smrsh/smrsh.c 960 src/Makefiles/Makefile.CSOS 961 src/Makefiles/Makefile.IRIX.5.x 962 src/Makefiles/Makefile.IRIX64 963 src/Makefiles/Makefile.ISC 964 src/Makefiles/Makefile.NonStop-UX 965 src/Makefiles/Makefile.Paragon 966 src/Makefiles/Makefile.SunOS.5.3 967 src/Makefiles/Makefile.SunOS.5.4 968 src/Makefiles/Makefile.UNIX_SV.4.2.i386 969 src/Makefiles/Makefile.uts.systemV 970 src/mime.c 971 RENAMED FILES: 972 cf/cf/alpha.mc => cf/cf/s2k-osf1.mc 973 cf/cf/chez.mc => cf/cf/chez.cs.mc 974 cf/cf/hpux-cs-exposed.mc => cf/cf/cs-hpux9.mc 975 cf/cf/osf1-cs-exposed.mc => cf/cf/cs-osf1.mc 976 cf/cf/s2k.mc => cf/cf/s2k-ultrix4.mc 977 cf/cf/sunos4.1-cs-exposed.mc => cf/cf/cs-sunos4.1.mc 978 cf/cf/ultrix4.1-cs-exposed.mc => cf/cf/cs-ultrix4.mc 979 cf/cf/vangogh.mc => cf/cf/vangogh.cs.mc 980 cf/domain/Berkeley.m4 => cf/domain/Berkeley.EDU.m4 981 cf/domain/cs-exposed.m4 => cf/domain/CS.Berkeley.EDU.m4 982 cf/domain/eecs-hidden.m4 => cf/domain/EECS.Berkeley.EDU.m4 983 cf/domain/s2k.m4 => cf/domain/S2K.Berkeley.EDU.m4 984 cf/ostype/hpux.m4 => cf/ostype/hpux9.m4 985 cf/ostype/ultrix4.1.m4 => cf/ostype/ultrix4.m4 986 src/Makefile.* => src/Makefiles/Makefile.* 987 OBSOLETED FILES: 988 cf/cf/cogsci.mc 989 cf/cf/cs-exposed.mc 990 cf/cf/cs-hidden.mc 991 cf/cf/hpux-cs-hidden.mc 992 cf/cf/knecht.mc 993 cf/cf/osf1-cs-hidden.mc 994 cf/cf/sunos3.5-cs-exposed.mc 995 cf/cf/sunos3.5-cs-hidden.mc 996 cf/cf/sunos4.1-cs-hidden.mc 997 cf/cf/ultrix4.1-cs-hidden.mc 998 cf/domain/cs-hidden.m4 999 contrib/rcpt-streaming 1000 src/Makefiles/Makefile.SunOS.5.x 1001 10028.6.12/8.6.12 95/03/28 1003 Fix to IDENT code (it was getting the size of the reply buffer 1004 too small, so nothing was ever accepted). Fix from several 1005 people, including Allan Johannesen, Shane Castle of the 1006 Boulder County Information Services, and Jeff Smith of 1007 Warwick University (all arrived within a few hours of 1008 each other!). 1009 Fix a problem that could cause large jobs to run out of 1010 file descriptors on systems that use vfork() rather 1011 than fork(). 1012 10138.6.11/8.6.11 95/03/08 1014 The ``possible attack'' message would be logged more often 1015 than necessary if you are using Pine as a user agent. 1016 The wrong host would be reported in the ``possible attack'' 1017 message when attempted from IDENT. 1018 In some cases the syslog buffer could be overflowed when 1019 reporting the ``possible attack'' message. This can 1020 cause denial of service attacks. Truncate the message 1021 to 80 characters to prevent this problem. 1022 When reading the IDENT response a loop is needed around the 1023 read from the network to ensure that you don't get 1024 partial lines. 1025 Password entries without any shell listed (that is, a null 1026 shell) wouldn't match as "ok". Problem noted by 1027 Rob McMahon. 1028 When running BIND 4.9.x a problem could occur because the 1029 _res.options field is initialized differently than it 1030 was historically -- this requires that sendmail call 1031 res_init before it tweaks any bits. 1032 Fix an incompatibility in openxscript() between the file open mode 1033 and the stdio mode passed to fdopen. This caused UnixWare 1034 2.0 to have conniptions. Fix from Martin Sohnius of 1035 Novell Labs Europe. 1036 Fix problem with static linking of local getopt routine when 1037 using GNU's ld command. Fix from John Kennedy of 1038 Cal State Chico. 1039 It was possible to turn off privacy flags. Problem noted by 1040 *Hobbit*. 1041 Be more paranoid about writing files. Suggestions by *Hobbit* 1042 and Liudvikas Bukys. 1043 MAKEMAP: fixes for 64 bit machines (DEC Alphas in particular) 1044 from Spider Boardman. 1045 CONFIG: No changes (version number only, to keep it in sync 1046 with the binaries). 1047 10488.6.10/8.6.10 95/02/10 1049 SECURITY: Diagnose bogus values to some command line flags that 1050 could allow trash to get into headers and qf files. 1051 Validate the name of the user returned by the IDENT protocol. 1052 Some systems that really dislike IDENT send intentionally 1053 bogus information. Problem pointed out by Michael Bushnell 1054 of the Free Software Foundation. Has some security 1055 implications. 1056 Fix a problem causing error messages about DNS problems when 1057 the host name contained a percent sign to act oddly 1058 because it was passed as a printf-style format string. 1059 In some cases this could cause core dumps. 1060 Avoid possible buffer overrun in returntosender() if error 1061 message is quite ling. From Fletcher Mattox of the 1062 University of Texas. 1063 Fix a problem that would silently drop "too many hops" error 1064 messages if and only if you were sending to an alias. 1065 From Jon Giltner of the University of Colorado and 1066 Dan Harton of Oak Ridge National Laboratory. 1067 Fix a bug that caused core dumps on some systems if -d11.2 was 1068 set and e->e_message was null. Fix from Bruce Nagel of 1069 Data General. 1070 Fix problem that can still cause df files to be left around 1071 after "hop count exceeded" messages. Fix from Andrew 1072 Chang and Shau-Ping Lo of SunSoft. 1073 Fix a problem that can cause buffer overflows on very long 1074 user names (as might occur if you piped to a program 1075 with a lot of arguments). 1076 Avoid returning an error and re-queueing if the host signature 1077 is null; this can occur on addresses like ``user@.''. 1078 Problem noted by Wesley Craig and the University of 1079 Michigan. 1080 Avoid possible calls to malloc(0) if MCI caching is turned 1081 off. Bug fix from Pierre David of the Laboratoire 1082 Parallelisme, Reseaux, Systemes et Modelisation (PRiSM), 1083 Universite de Versailles - St Quentin, and Jacky 1084 Thibault. 1085 Make a local copy of the line being sent via senttolist() -- in 1086 some cases, buffers could get trashed by map lookups 1087 causing it to do unexpected things. This also simplifies 1088 some of the map code. 1089 CONFIG: No changes (version number only, to keep it in sync 1090 with the binaries). 1091 10928.6.9/8.6.9 94/04/19 1093 Do all mail delivery completely disconnected from any terminal. 1094 This provides consistency with daemon delivery and 1095 may have some security implications. 1096 Make sure that malloc doesn't get called with zero size, 1097 since that fails on some systems. Reported by Ed 1098 Hill of the University of Iowa. 1099 Fix multi-line values for $e (SMTP greeting message). Reported 1100 by Mike O'Connor of Ford Motor Company. 1101 Avoid syserr if no NIS domain name is defined, but the map it 1102 is trying to open is optional. From Win Bent of USC. 1103 Changes for picky compilers from Ed Gould of Digital Equipment. 1104 Hesiod support for UDB from Todd Miller of the University of 1105 Colorado. Use "hesiod" as the service name in the U 1106 option. 1107 Fix a problem that failed to set the "authentic" host name (that 1108 is, the one derived from the socket info) if you called 1109 sendmail -bs from inetd. Based on code contributed by 1110 Todd Miller (this problem was also reported by Guy Helmer 1111 of Dakota State University). This also fixes a related 1112 problem reported by Liudvikas Bukys of the University of 1113 Rochester. 1114 Parameterize "nroff -h" in all the Makefiles so people with 1115 variant versions can use them easily. Suggested by 1116 Peter Collinson of Hillside Systems. 1117 SMTP "MAIL" commands with multiple ESMTP parameters required two 1118 spaces between parameters instead of one. Reported by 1119 Valdis Kletnieks of Virginia Tech. 1120 Reduce the number of system calls during message collection by 1121 using global timeouts around the collect() loop. This 1122 code was contributed by Eric Wassenaar. 1123 If the initial hostname name gathering results in a name 1124 without a dot (usually caused by NIS misconfiguration) 1125 and BIND is compiled in, directly access DNS to get 1126 the canonical name. This should make life easier for 1127 Solaris systems. If it still can't be resolved, and 1128 if the name server is listed as "required", try again 1129 in 30 seconds. If that also fails, exit immediately to 1130 avoid bogus "config error: mail loops back to myself" 1131 messages. 1132 Improve the "MAIL DELETED BECAUSE OF LACK OF DISK SPACE" error 1133 message to explain how much space was available and 1134 sound a bit less threatening. Suggested by Stan Janet 1135 of the National Institute of Standards and Technology. 1136 If mail is delivered to an alias that has an owner, deliver any 1137 requested return-receipt immediately, and strip the 1138 Return-Receipt-To: header from the subsequent message. 1139 This prevents a certain class of denial of service 1140 attack, arguably gives more reasonable semantics, and 1141 moves things more towards what will probably become a 1142 network standard. Suggested by Christopher Davis of 1143 Kapor Enterprises. 1144 Add a "noreceipts" privacy flag to turn off all return receipts 1145 without recompiling. 1146 Avoid printing ESMTP parameters as part of the error message 1147 if there are errors during parsing. This change is 1148 purely cosmetic. 1149 Avoid sending out error messages during the collect phase of 1150 SMTP; there is an MVS mailer from UCLA that gets 1151 confused by this. Of course, I think it's their bug.... 1152 Check for the $j macro getting undefined, losing a dot, or getting 1153 lost from $=w in the daemon before accepting a connection; 1154 if it is, it dumps state, prints a LOG_ALERT message, 1155 and drops core for debugging. This is an attempt to 1156 track down a bug that I thought was long since gone. 1157 If you see this, please forward the log fragment to 1158 sendmail@CS.Berkeley.EDU. 1159 Change OLD_NEWDB from a #ifdef to a #if so it can be turned off 1160 with -DOLD_NEWDB=0 on the command line. From Christophe 1161 Wolfhugel. 1162 Instead of trying to truncate the listen queue for the server 1163 SMTP port when the load average is too high, just close 1164 the port completely and reopen it later as needed. 1165 This ensures that the other end gets a quick "connection 1166 refused" response, and that the connection can be 1167 recovered later. In particular, some socket emulations 1168 seem to get confused if you tweak the listen queue 1169 size around and can never start listening to connections 1170 again. The down side is that someone could start up 1171 another daemon process in the interim, so you could 1172 have multiple daemons all not listening to connections; 1173 this could in turn cause the sendmail.pid file to be 1174 incorrect. A better approach might be to accept the 1175 connection and give a 421 code, but that could break 1176 other mailers in mysterious ways and have paging behaviour 1177 implications. 1178 Fix a glitch in TCP-level debugging that caused flag 16.101 to 1179 set debugging on the wrong socket. From Eric Wassenaar. 1180 When creating a df* temporary file, be sure you truncate any 1181 existing data in the file -- otherwise system crashes 1182 and the like could result in extra data being sent. 1183 DOC: Replace the CHANGES-R5-R8 readme file with a paper in the 1184 doc directory. This includes some additional 1185 information. 1186 CONFIG: change UUCP rules to never add $U! or $k! on the front 1187 of recipient envelope addresses. This should have been 1188 handled by the $&h trick, but broke if people were 1189 mixing domainized and UUCP addresses. They should 1190 probably have converted all the way over to uucp-uudom 1191 instead of uucp-{new,old}, but the failure mode was to 1192 loop the mail, which was bad news. 1193 Portability fixes: 1194 Newer BSDI systems (several people). 1195 Older BSDI systems from Christophe Wolfhugel. 1196 Intergraph CLIX, from Paul Southworth of CICNet. 1197 UnixWare, from Evan Champion. 1198 NetBSD from Adam Glass. 1199 Solaris from Quentin Campbell of the University of 1200 Newcastle upon Tyne. 1201 IRIX from Dean Cookson and Bill Driscoll of Mitre 1202 Corporation. 1203 NCR 3000 from Kevin Darcy of Chrysler Financial Corporation. 1204 SunOS (it has setsid() and setvbuf() calls) from 1205 Jonathan Kamens of OpenVision Technologies. 1206 HP-UX from Tor Lillqvist. 1207 New Files: 1208 src/Makefile.CLIX 1209 src/Makefile.NCR3000 1210 doc/changes/Makefile 1211 doc/changes/changes.me 1212 doc/changes/changes.ps 1213 12148.6.8/8.6.6 94/03/21 1215 SECURITY: it was possible to read any file as root using the 1216 E (error message) option. Reported by Richard Jones; 1217 fixed by Michael Corrigan and Christophe Wolfhugel. 1218 12198.6.7/8.6.6 94/03/14 1220 SECURITY: it was possible to get root access by using wierd 1221 values to the -d flag. Thanks to Alain Durand of 1222 INRIA for forwarding me the notice from the bugtraq 1223 list. 1224 12258.6.6/8.6.6 94/03/13 1226 SECURITY: the ability to give files away on System V-based 1227 systems proved dangerous -- don't run as the owner 1228 of a :include: file on a system that allows giveaways. 1229 Unfortunately, this also applies to determining a 1230 valid shell. 1231 IMPORTANT: Previous versions weren't expiring old connections 1232 in the connection cache for a long time under some 1233 circumstances. This could result in resource exhaustion, 1234 both at your end and at the other end. This checks the 1235 connections for timeouts much more frequently. From 1236 Doug Anderson of NCSC. 1237 Fix a glitch that snuck in that caused programs to be run as 1238 the sender instead of the recipient if the mail was 1239 from a local user to another local user. From 1240 Motonori Nakamura of Kyoto University. 1241 Fix "wildcard" on /etc/shell matching -- instead of looking 1242 for "*", look for "/SENDMAIL/ANY/SHELL/". From 1243 Bryan Costales of ICSI. 1244 Change the method used to declare the "statfs" availability; 1245 instead of HASSTATFS and/or HASUSTAT with a ton of 1246 tweaking in conf.c, there is a single #define called 1247 SFS_TYPE which takes on one of six values (SFS_NONE 1248 for no statfs availability, SFS_USTAT for the ustat(2) 1249 syscall, SFS_4ARGS for a four argument statfs(2) call, 1250 and SFS_VFS, SFS_MOUNT, or SFS_STATFS for a two argument 1251 statfs(2) call with the declarations in <sys/vfs.h>, 1252 <sys/mount.h>, or <sys/statfs.h> respectively). 1253 Fix glitch in NetInfo support that could return garbage if 1254 there was no "/locations/sendmail" property. From 1255 David Meyer of the University of Virginia. 1256 Change HASFLOCK from defined/not-defined to a 0/1 definition 1257 to allow Linux to turn it off even though it is a 1258 BSD-like system. 1259 Allow setting of "ident" timeout to zero to turn off the ident 1260 protocol entirely. 1261 Make 7-bit stripping local to a connection (instead of to a 1262 mailer); this allows you to specify that SMTP is a 1263 7-bit channel, but revert to 8-bit should it advertise 1264 that it supports 8BITMIME. You still have to specify 1265 mailer flag 7 to get this stripping at all. 1266 Improve makesendmail script so it handles more cases automatically. 1267 Tighten up restrictions on taking ownership of :include: files 1268 to avoid problems on systems that allow you to give away 1269 files. 1270 Fix a problem that made it impossible to rebuild the alias 1271 file if it was on a read-only file system. From 1272 Harry Edmon of the University of Washington. 1273 Improve MX randomization function. From John Gardiner Myers 1274 of CMU. 1275 Fix a minor glitch causing a bogus message to be printed (used 1276 %s instead of %d in a printf string for the line number) 1277 when a bad queue file was read. From Harry Edmon. 1278 Allow $s to remain NULL on locally generated mail. I'm not 1279 sure this is necessary, but a lot of people have complained 1280 about it, and there is a legitimate question as to whether 1281 "localhost" is legal as an 822-style domain. 1282 Fix a problem with very short line lengths (mailer L= flag) in 1283 headers. This causes a leading space to be added onto 1284 continuation lines (including in the body!), and also 1285 tries to wrap headers containing addresses (From:, To:, 1286 etc) intelligently at the shorter line lengths. Problem 1287 Reported by Lars-Johan Liman of SUNET Operations Center. 1288 Log the real user name when logging syserrs, since these can have 1289 security implications. Suggested by several people. 1290 Fix address logging of cached connections -- it used to always 1291 log the numeric address as zero. This is a somewhat 1292 bogus implementation in that it does an extra system 1293 call, but it should be an inexpensive one. Fix from 1294 Motonori Nakamura. 1295 Tighten up handling of short syslog buffers even more -- there 1296 were cases where the outgoing relay= name was too long 1297 to share a line with delay= and mailer= logging. 1298 Limit the overhead on split envelopes to one open file descriptor 1299 per envelope -- previously the overhead was three 1300 descriptors. This was in response to a problem reported 1301 by P{r (Pell) Emanuelsson. 1302 Fixes to better handle the case of unexpected connection closes; 1303 this redirects the output to the transcript so the info 1304 is not lost. From Eric Wassenaar. 1305 Fix potential string overrun if you macro evaluate a string that 1306 has a naked $ at the end. Problem noted by James Matheson 1307 <jmrm@eng.cam.ac.uk>. 1308 Make default error number on $#error messages 553 (``Requested 1309 action not taken: mailbox name not allowed'') instead of 1310 501 (``Syntax error in parameters or arguments'') to 1311 avoid bogus "protocol error" messages. 1312 Strip off any existing trailing dot on names during $[ ... $] 1313 lookup. This prevents it from ending up with two dots 1314 on the end of dot terminated names. From Wesley Craig 1315 of the University of Michigan and Bryan Costales of ICSI. 1316 Clean up file class reading so that the debugging information is 1317 more informative. It hadn't been using setclass, so you 1318 didn't see the class items being added. 1319 Avoid core dump if you are running a version of sendmail where 1320 NIS is compiled in, and you specify an NIS map, but 1321 NIS is not running. Fix from John Oleynick of 1322 Rutgers. 1323 Diagnose bizarre case where res_search returns a failure value, 1324 but sets h_errno to a success value. 1325 Make sure that "too many hops" messages are considered important 1326 enough to send an error to the Postmaster (that is, the 1327 address specified in the P option). This fix should 1328 help problems that cause the df file to be left around 1329 sometimes -- unfortunately, I can't seem to reproduce 1330 the problem myself. 1331 Avoid core dump (null pointer reference) on EXPN command; this 1332 only occurred if your log level was set to 10 or higher 1333 and the target account was an alias or had a .forward file. 1334 Problem noted by Janne Himanka. 1335 Avoid "denial of service" attacks by someone who is flooding your 1336 SMTP port with bad commands by shutting the connection 1337 after 25 bad commands are issued. From Kyle Jones of 1338 UUNET. 1339 Fix core dump on error messages with very long "to" buffers; 1340 fmtmsg overflows the message buffer. Fixed by trimming 1341 the to address to 203 characters. Problem reported by 1342 John Oleynick. 1343 Fix configuration for HASFLOCK -- there were some spots where 1344 a #ifndef was incorrectly #ifdef. Pointed out by 1345 George Baltz of the University of Maryland. 1346 Fix a typo in savemail() that could cause the error message To: 1347 lists to be incorrect in some places. From Motonori 1348 Nakamura. 1349 Fix a glitch that can cause duplicate error messages on split 1350 envelopes where an address on one of the lists has a 1351 name server failure. Fix from Voradesh Yenbut of the 1352 University of Washington. 1353 Fix possible bogus pointer reference on ESMTP parameters that 1354 don't have an ``=value'' part. 1355 CNAME loops caused an error message to be generated, but also 1356 re-queued the message. Changed to just re-queue the 1357 message (it's really hard to just bounce it because 1358 of the wierd way the name server works in the presence 1359 of CNAME loops). Problem noted by James M.R.Matheson 1360 of Cambridge University. 1361 Avoid giving ``warning: foo owned process doing -bs'' messages 1362 if they use ``MAIL FROM:<foo>'' where foo is their true 1363 user name. Suggested by Andreas Stolcke of ICSI. 1364 Change the NAMED_BIND compile flag to be a 0/1 flag so you can 1365 override it easily in the Makefile -- that is, you can 1366 turn it off using -DNAMED_BIND=0. 1367 If a gethostbyname(...) of an address with a trailing dot fails, 1368 try it without the trailing dot. This is because if 1369 you have a version of gethostbyname() that falls back 1370 to NIS or the /etc/hosts file it will fail to find 1371 perfectly reasonable names that just don't happen to 1372 be dot terminated in the hosts file. You don't want to 1373 strip the dot first though because we're trying to ensure 1374 that country names that match one of your subdomains get 1375 a chance. 1376 PRALIASES: fix bogus output on non-null-terminated strings. 1377 From Bill Gianopoulos of Raytheon. 1378 CONFIG: Avoid rewriting anything that matches $w to be $j. 1379 This was in code intended to only catch the self-literal 1380 address (that is, [1.2.3.4], where 1.2.3.4 is your 1381 IP address), but the code was broken. However, it will 1382 still do this if $M is defined; this is necessary to 1383 get client configurations to work (sigh). Note that this 1384 means that $M overrides :mailname entries in the user 1385 database! Problem noted by Paul Southworth. 1386 CONFIG: Fix definition of Solaris help file location. From 1387 Steve Cliffe <steve@gorgon.cs.uow.edu.au>. 1388 CONFIG: Fix bug that broke news.group.USENET mappings. 1389 CONFIG: Allow declaration of SMTP_MAILER_MAX, FAX_MAILER_MAX, 1390 and USENET_MAILER_MAX to tweak the maximum message 1391 size for various mailers. 1392 CONFIG: Change definition of USENET_MAILER_ARGS to include argv[0] 1393 instead of assuming that it is "inews" for consistency 1394 with other mailers. From Michael Corrigan of UC San Diego. 1395 CONFIG: When mail is forwarded to a LOCAL_RELAY or a MAIL_HUB, 1396 qualify the address in the SMTP envelope as user@{relay|hub} 1397 instead of user@$j. From Bill Wisner of The Well. 1398 CONFIG: Fix route-addr syntax in nullrelay configuration set. 1399 CONFIG: Don't turn off case mapping of user names in the local 1400 mailer for IRIX. This was different than most every other 1401 system. 1402 CONFIG: Avoid infinite loops on certainly list:; syntaxes in 1403 envelope. Noted by Thierry Besancon 1404 <besancon@excalibur.ens.fr>. 1405 CONFIG: Don't include -z by default on uux line -- most systems 1406 don't want it set by default. Pointed out by Philippe 1407 Michel of Thomson CSF. 1408 CONFIG: Fix some bugs with mailertables -- for example, if your 1409 host name was foo.bar.ray.com and you matched against 1410 ".ray.com", the old implementation bound %1 to "bar" 1411 instead of "foo.bar". Also, allow "." in the mailertable 1412 to match anything -- essentially, take over SMART_HOST. 1413 This also moves matching of explicit local host names 1414 before the mailertable so they don't have to be special 1415 cased in the mailertable data. Reported by Bill 1416 Gianopoulos of Raytheon; the fix for the %1 binding 1417 problem was contributed by Nicholas Comanos of the 1418 University of Sydney. 1419 CONFIG: Don't include "root" in class $=L (users to deliver 1420 locally, even if a hub or relay exists) by default. 1421 This is because of the known bug where definition of 1422 both a LOCAL_RELAY and a MAIL_HUB causes $=L to ignore 1423 both and deliver into the local mailbox. 1424 CONFIG: Move up bitdomain and uudomain handling so that they 1425 are done before .UUCP class matching; uudomain was 1426 reported as ineffective before. This also frees up 1427 diversion 8 for future use. Problem reported by Kimmo 1428 Suominen. 1429 CONFIG: Don't try to convert dotted IP address (e.g., [1.2.3.4]) 1430 into host names. As pointed out by Jonathan Kamens, 1431 these are often used because either the forward or reverse 1432 mapping is broken; this translation makes it broken again. 1433 DOC: Clarify $@ and $: in the Install & Op Guide. From Kimmo 1434 Suominen. 1435 Portability fixes: 1436 Unicos from David L. Kensiski of Sterling Sofware. 1437 DomainOS from Don Lewis of Silicon Systems. 1438 GNU m4 1.0.3 from Karst Koymans of Utrecht University. 1439 Convex from Kimmo Suominen <kim@tac.nyc.ny.us>. 1440 NetBSD from Adam Glass <glass@sun-lamp.cs.berkeley.edu>. 1441 BSD/386 from Tony Sanders of BSDI. 1442 Apollo from Eric Wassenaar. 1443 DGUX from Doug Anderson. 1444 Sequent DYNIX/ptx 2.0 from Tim Wright of Sequent. 1445 NEW FILES: 1446 src/Makefile.DomainOS 1447 src/Makefile.PTX 1448 src/Makefile.SunOS.5.1 1449 src/Makefile.SunOS.5.2 1450 src/Makefile.SunOS.5.x 1451 src/mailq.1 1452 cf/ostype/domainos.m4 1453 doc/op/Makefile 1454 doc/intro/Makefile 1455 doc/usenix/Makefile 1456 14578.6.5/8.6.5 94/01/13 1458 Security fix: /.forward could be owned by anyone (the test 1459 to allow root to own any file was backwards). From 1460 Bob Campbell at U.C. Berkeley. 1461 Security fix: group ids were not completely set when programs 1462 were invoked. This caused programs to have group 1463 permissions they should not have had (usually group 1464 daemon instead of their own group). In particular, 1465 Perl scripts would refuse to run. 1466 Security: check to make sure files that are written are not 1467 symbolic links (at least under some circumstances). 1468 Although this does not respond to a specific known 1469 attack, it's just a good idea. Suggested by 1470 Christian Wettergren. 1471 Security fix: if a user had an NFS mounted home directory on 1472 a system with a restricted shell listed in their 1473 /etc/passwd entry, they could still execute any 1474 program by putting that in their .forward file. 1475 This fix prevents that by insisting that their shell 1476 appear in /etc/shells before allowing a .forward to 1477 execute a program or write a file. You can disable 1478 this by putting "*" in /etc/shells. It also won't 1479 permit world-writable :include: files to reference 1480 programs or files (there's no way to disable this). 1481 These behaviours are only one level deep -- for 1482 example, it is legal for a world-writable :include: 1483 file to reference an alias that writes a file, on 1484 the assumption that the alias file is well controlled. 1485 Security fix: root was not treated suspiciously enough when 1486 looking into subdirectories. This would potentially 1487 allow a cracker to examine files that were publically 1488 readable but in a non-publically searchable directory. 1489 Fix a problem that causes an error on QUIT on a cached 1490 connection to create problems on the current job. 1491 These are typically unrelated, so errors occur in 1492 the wrong place. 1493 Reset CurrentLA in sendall() -- this makes sendmail queue 1494 runs more responsive to load average, and fixes a 1495 problem that ignored the load average in locally 1496 generated mail. From Eric Wassenaar. 1497 Fix possible core dump on aliases with null LHS. From 1498 John Orthoefer of BB&N. 1499 Revert to using flock() whenever possible -- there are just 1500 too many bugs in fcntl() locking, particularly over 1501 NFS, that cause sendmail to fail in perverse ways. 1502 Fix a bug that causes the connection cache to get confused 1503 when sending error messages. This resulted in 1504 "unexpected close" messages. It should fix itself 1505 on the following queue run. Problem noted by 1506 Liudvikas Bukys of the University of Rochester. 1507 Include $k in $=k as documented in the Install & Op Guide. 1508 This seems odd, but it was documented.... From 1509 Michael Corrigan of UCSD. 1510 Fix problem that caused :include:s from alias files to be 1511 forced to be owned by root instead of daemon 1512 (actually DefUid). From Tim Irvin. 1513 Diagnose unrecognized I option values -- from Mortin Forssen 1514 of the Chalmers University of Technology. 1515 Make "error" mailer work consistently when there is no error 1516 code associated with it -- previously it returned OK 1517 even though there was a real problem. Now it assumes 1518 EX_UNAVAILABLE. 1519 Fix bug that caused the last header line of messages that had 1520 no body and which were terminated with EOF instead of 1521 "." to be discarded. Problem noted by Liudvikas Bukys. 1522 Fix core dump on SMTP mail to programs that failed -- it tried 1523 to go to a "next MX host" when none existed, causing 1524 a core dump. From der Mouse at McGill University. 1525 Change IDENTPROTO from a defined/not defined to a 0/1 switch; 1526 this makes it easier to turn it off (using 1527 -DIDENTPROTO=0 in the Makefile). From der Mouse. 1528 Fix YP_MASTER_NAME store to use the unupdated result of 1529 gethostname() (instead of myhostname(), which tries 1530 to fully qualify the name) to be consistent with 1531 SunOS. If your hostname is unqualified, this fixes 1532 transfers to slave servers. Bug noted by Keith 1533 McMillan of Ameritech Services, Inc. 1534 Fix Ultrix problem: gethostbyname() can return a very large 1535 (> 500) h_length field, which causes the sockaddr 1536 to be trashed. Use the size of the sockaddr instead. 1537 Fix from Bob Manson of Ohio State. 1538 Don't assume "-a." on host lookups if NAMED_BIND is not 1539 defined -- this confuses gethostbyname on hosts 1540 file lookups, which doesn't understand the trailing 1541 dot convention. 1542 Log SMTP server subprocesses that die with a signal instead 1543 of from a clean exit. 1544 If you don't have option "I" set, don't assume that a DNS 1545 "host unknown" message is authoritative -- it 1546 might still be found in /etc/hosts. 1547 Fix a problem that would cause Deferred: messages to be sent 1548 as the subject of an error message, even though the 1549 actual cause of a message was more severe than that. 1550 Problem noted by Chris Seabrook of OSSI. 1551 Fix race condition in DBM alias file locking. From Kyle 1552 Jones of UUNET. 1553 Limit delivery syslog line length to avoid bugs in some 1554 versions of syslog(3). This adds a new compile time 1555 variable SYSLOG_BUFSIZE. From Jay Plett of Princeton 1556 University, which is in turn derived from IDA. 1557 Fix quotes inside of comments in addresses -- previously 1558 it insisted that they be balanced, but the 822 spec 1559 says that they should be ignored. 1560 Dump open file state to syslog upon receiving SIGUSR1 (for 1561 debugging). This also evaluates ruleset 89, if set 1562 (with the null input), and logs the result. This 1563 should be used sparingly, since the rewrite process 1564 is not reentrant. 1565 Change -qI, -qR, and -qS flags to be case-insensitive as 1566 documented in the Bat Book. 1567 If the mailer returned EX_IOERR or EX_OSERR, sendmail did not 1568 return an error message and did not requeue the message. 1569 Fix based on code from Roland Dirlewanger of 1570 Reseau Regional Aquarel, Bordeaux, France. 1571 Fix a problem that caused a seg fault if you got a 421 error 1572 code during some parts of connection initialization. 1573 I've only seen this when talking to buggy mailers on 1574 the other end, but it shouldn't give a seg fault in 1575 any case. From Amir Plivatsky. 1576 Fix core dump caused by a ruleset call that returns null. 1577 Fix from Bryan Costales of ICSI. 1578 Full-Name: field was being ignored. Fix from Motonori Nakamura 1579 of Kyoto University. 1580 Fix a possible problem with very long input lines in setproctitle. 1581 From P{r Emanuelsson. 1582 Avoid putting "This is a warning message" out on return receipts. 1583 Suggested by Douglas Anderson. 1584 Detect loops caused by recursive ruleset calls. Suggested by 1585 Bryan Costales. 1586 Initialize non-alias maps during alias rebuilds -- they may be 1587 needed for parsing. Problem noted by Douglas Anderson. 1588 Log sender address even if no message was collected in SMTP 1589 (e.g., if all RCPTs failed). Suggested by Motonori 1590 Nakamura. 1591 Don't reflect the owner-list contents into the envelope sender 1592 address if the value contains ", :, /, or | (to avoid 1593 illegal addresses appearing there). 1594 Efficiency hack for toktype macro -- from Craig Partridge of 1595 BB&N. 1596 Clean up DNS error printing so that a host name is always 1597 included. 1598 Remember to set $i during queue runs. Reported by Stephen 1599 Campbell of Dartmouth University. 1600 If ${HOSTALIASES} is set, use it during canonification so that 1601 headers are properly mapped. Reported by Anne Bennett 1602 of Concordia University. 1603 Avoid printing misleading error message if SMTP mailer (not 1604 using [IPC]) should die on a core dump. 1605 Avoid incorrect diagnosis of "file 1 closed" when it is caused 1606 by the other end closing the connection. From 1607 Dave Morrison of Oracle. 1608 Improve several of the error messages printed by "mailq" 1609 to include a host name or other useful information. 1610 Add NetInfo preliminary support for NeXT systems. From Vince 1611 DeMarco. 1612 Fix a glitch that sometimes caused :include:s that pointed to 1613 NFS filesystems that were down to give an "aliasing/ 1614 forwarding loop broken" message instead of queueing 1615 the message for retry. Noted by William C Fenner of 1616 the NRL Connection Machine Facility. 1617 Fix a problem that could cause a core dump if the input sequence 1618 had (or somehow acquired) a \231 character. 1619 Make sure that route-addrs always have <angle brackets> around 1620 them in non-SMTP envelopes (SMTP envelopes already do 1621 this properly). 1622 Avoid wierd headers on unbalanced punctuation of the form: 1623 ``Joe User <user)'' -- this caused reference to the 1624 null macro. Fix from Rick McCarty of IO.COM. 1625 Fix a problem that caused an alias "user: user@local.host" to 1626 not have the QNOTREMOTE bit set; this caused configs 1627 to act as if FEATURE(notsticky) was defined even when 1628 it was not. The effect of the problem was to make it 1629 very hard to to set up satellite sites that had a few 1630 local accounts, with everything else forwarded to a 1631 corporate hub. Reported by Detlef Drewanz of the 1632 University of Rostock and Mark Frost of NCD. 1633 Change queuing to not call rulesets 3, {1 or 2}, 4 on header 1634 addresses. This is more efficient (fewer name server 1635 calls) and fixes certain unusual configurations, such 1636 as those that have ruleset 4 do something that is 1637 non-idempotent unless a mailer-specific ruleset did 1638 something else. Problem reported by Brian J. Coan 1639 of the Institute for Global Communications. 1640 Fix the "obsolete argument" routine in main to better understand 1641 new arguments. For example, if you used ``sendmail 1642 -C config -v -q'' it would choke on the -q because 1643 the -C would stop looking for old-format arguments. 1644 Fix the code that was intended to allow two users to forward their 1645 mail to the same program and have them appear unique. 1646 Portability fixes for: 1647 SCO UNIX from Murray Kucherawy. 1648 SCO Open Server 3.2v4 from Philippe Brand. 1649 System V Release 4 from Rick Ellis and others. 1650 OSF/1 from Steve Campbell. 1651 DG/UX from Ben Mesander of the USGS and Bryan Curnutt 1652 of Stoner Associates. 1653 Motorola SysV88 from Kevin Johnson of Motorola. 1654 Solaris 2.3 from Casper H.S. Dik of the University 1655 of Amsterdam and John Caruso of University 1656 of Maryland. 1657 FreeBSD from Ollivier Robert. 1658 NetBSD from Adam Glass. 1659 TitanOS from Kate Hedstrom of Rutgers University. 1660 Irix from Bryan Curnutt. 1661 Dynix from Jim Davis of the University of Arizona. 1662 RISC/os. 1663 Linux from John Kennedy of California State University 1664 at Chico. 1665 Solaris 2.x from Tony Boner of the U.S. Air Force. 1666 NEXTSTEP 3.x from Vince DeMarco. 1667 HP-UX from various people. NOTA BENE: the location 1668 of the config file has moved to /usr/lib 1669 to match the HP-UX version of sendmail. 1670 CONFIG: Don't do any recipient rewriting on relay mailer; 1671 since this is intended only for internal use, the 1672 usual RFC 821/822/1123 rules can be relaxed. The 1673 main point of this is to avoid munging (ugh) UUCP 1674 addresses when relaying internally. 1675 CONFIG: fix typo in mailer/uucp.m4 that mutilates list:; 1676 syntax addresses delivered via UUCP. Solution 1677 provided by Peter Wemm. 1678 CONFIG: fix thumb-fumble in default UUCP relaying in ruleset 1679 zero; it caused double @ signs in addresses. From 1680 Irving Reid of the University of Toronto. 1681 CONFIG: Portability fixes for SCO Unix 3.2 with TCP/IP 1.2.1 1682 from Markku Toijala of ICL Personal Systems Oy. 1683 CONFIG: Add trailing "." on pseudo-domains for consistency; 1684 this fixes a problem (noted by Al Whaley of Sunnyside) 1685 that made it hard to recognize your own pseudodomain 1686 names. 1687 CONFIG: catch "@host" syntax errors (i.e., null local-parts) 1688 rather than letting them get "local configuration 1689 error"s. Problem noted by John Gardiner Myers. 1690 CONFIG: add uucp-uudom mailer variant, based on code posted 1691 by Spider Boardman <spider@Orb.Nashua.NH.US>; this 1692 has uucp-dom semantics but old UUCP syntax. This 1693 also permits "uucp-old" as an alias for "uucp" and 1694 "uucp-new" as a synonym for "suucp" for consistency. 1695 CONFIG: add POP mailer support (from Kimmo Suominen 1696 <kim@grendel.lut.fi>). 1697 CONFIG: drop CSNET_RELAY support -- CSNET is long gone. 1698 CONFIG: fix bug caused with domain literal addresses (e.g., 1699 ``[128.32.131.12]'') when FEATURE(allmasquerade) 1700 was set; it would get an additional @masquerade.host 1701 added to the address. Problem noted by Peter Wan 1702 of Georgia Tech. 1703 CONFIG: make sure that the local UUCP name is in $=w. From 1704 Jim Murray of Stratus. 1705 CONFIG: changes to UUCP rewriting to simulate IDA-style "V" 1706 mailer flag. Briefly, if you are sending to host 1707 "foo", then it rewrites "foo!...!baz" to "...!baz", 1708 "foo!baz" remains "foo!baz", and anything else has 1709 the local name prepended. 1710 CONFIG: portability fixes for HP-UX. 1711 DOC: several minor problems fixed in the Install & Op Guide. 1712 MAKEMAP: fix core dump problem on lines that are too long or 1713 which lack newline. From Mark Delany. 1714 MAILSTATS: print sums of columns (total messages & kbytes 1715 in and out of the system). From Tom Ferrin of UC 1716 San Francisco Computer Graphics Lab. 1717 SIGNIFICANT USER- OR SYSAD-VISIBLE CHANGES: 1718 On HP-UX, /etc/sendmail.cf has been moved to 1719 /usr/lib/sendmail.cf to match HP sendmail. 1720 Permissions have been tightened up on world-writable 1721 :include: files and accounts that have shells 1722 that are not listed in /etc/shells. This may 1723 cause some .forward files that have worked 1724 before to start failing. 1725 SIGUSR1 dumps some state to the log. 1726 NEW FILES: 1727 src/Makefile.DGUX 1728 src/Makefile.Dynix 1729 src/Makefile.FreeBSD 1730 src/Makefile.Mach386 1731 src/Makefile.NetBSD 1732 src/Makefile.RISCos 1733 src/Makefile.SCO 1734 src/Makefile.SVR4 1735 src/Makefile.Titan 1736 cf/mailer/pop.m4 1737 cf/ostype/bsdi1.0.m4 1738 cf/ostype/dgux.m4 1739 cf/ostype/dynix3.2.m4 1740 cf/ostype/sco3.2.m4 1741 makemap/Makefile.dist 1742 praliases/Makefile.dist 1743 17448.6.4/8.6.4 93/10/31 1745 Repair core-dump problem (write to read-only memory segment) 1746 if you fall back to the return-to-Postmaster case in 1747 savemail. Problem reported by Richard Liu. 1748 Immediately diagnose bogus sender addresses in SMTP. This 1749 makes quite certain that crackers can't use this 1750 class of attack. 1751 Reliability Fix: check return value from fclose() and fsync() 1752 in a few critical places. 1753 Minor problem in initsys() that reversed a condition for 1754 redirecting the output channel on queue runs. It's 1755 not clear this code even does anything. From Eric 1756 Wassenaar of the Dutch National Institute for Nuclear 1757 and High-Energy Physics. 1758 Fix some problems that caused queue runs to do "too much work", 1759 such as double-reading the Errors-To: header. From 1760 Eric Wassenaar. 1761 Error messages on writing the temporary file (including the 1762 data file) were getting suppressed in SMTP -- this 1763 fix causes them to be properly reported. From Eric 1764 Wassenaar. 1765 Some changes to support AF_UNIX sockets -- this will only 1766 really become relevant in the next release, but some 1767 people need it for local patches. From Michael 1768 Corrigan of UC San Diego. 1769 Use dynamically allocated memory (instead of static buffers) 1770 for macros defined in initsys() and settime(); since 1771 these can have different values depending on which 1772 envelope they are in. From Eric Wassenaar. 1773 Improve logging to show ctladdr on to= logging; this tells you 1774 what uid/gid processes ran as. 1775 Fix a problem that caused error messages to be discarded if 1776 the sender address was unparseable for some reason; 1777 this was supposed to fall back to the "return to 1778 postmaster" case. 1779 Improve aliaswait backoff algorithm. 1780 Portability patches for Linux (8.6.3 required another header 1781 file) (from Karl London) and SCO UNIX. 1782 CONFIG: patch prog mailer to not strip host name off of envelope 1783 addresses (so that it matches local again). From 1784 Christopher Davis. 1785 CONFIG: change uucp-dom mailer so that "<>" translates to $n; 1786 this prevents uux from seeing lines with null names like 1787 ``From Sat Oct 30 14:55:31 1993''. From Motonori 1788 Nakamura of Kyoto University. 1789 CONFIG: handle <list:;> syntax correctly. This isn't legal, but 1790 it shouldn't fail miserably. From Motonori Nakamura. 1791 17928.6.3/8.6.3 93/10/24 1793 IMPORTANT FIX: Fix several problems that caused open files to 1794 be "lost" during queue runs; this overflowed the open 1795 file table on large runs. An assumption that fdopen 1796 always succeeds sometimes resulted in core dumps when 1797 this happens; sometimes the message is delivered twice, 1798 sometimes (probably) infinite times. This problem in 1799 various form was reported by P{r (Pell) Emanuelsson and 1800 Robert Campbell of U.C. Berkeley. 1801 Special diagnosis of EMFILE error conditions -- it now prints 1802 the known open file descriptors so you can figure out 1803 what is consuming so much resources. 1804 Fix a couple of problems caused by early address parsing 1805 errors -- one caused it to return a "this is only a 1806 warning" when it really wasn't, and the other started 1807 parsing through a random pointer. The first was 1808 noted by Eric Wassenaar. 1809 Fix an infinite loop problem caused by null components in the 1810 host signature. Problem noted by Jan Sorensen. 1811 Be sure to reset the "current date" when sending an error 1812 message -- PostMasterCopy messages were being sent 1813 with an old Date: header. 1814 Fix a problem that caused duplicated mail when sendmail was 1815 (1) compiled without HASFLOCK, (2) you are sending to 1816 an alias that has an owner-* alias, (3) you execute 1817 sendmail with -t flag, (4) you run in -odb mode, and 1818 (5) the sender specifies both the alias name and 1819 another alias [i.e., the envelope is split], then 1820 duplicate messages are sent. The problem description 1821 and one-line fix are from Motonori Nakamura of Kyoto 1822 University. 1823 Avoid a problem that causes error messages to be discarded 1824 in some cases -- this was the result of a "fix" to 1825 avoid duplicate error messages, but two are better 1826 than zero. Reported by Tim Rylance. 1827 Fix a minor botch in checkfd012() -- fix from Dave Hill of 1828 Computervision R&D Ltd. 1829 Remove "X-Authentication-Warning: <user> set sender to <address> 1830 using -f" entirely -- it is far too eager to include 1831 this, and it is confusing folks. I'll try to make it 1832 work "right" in 8.7. Problem noted by Yoshitaka 1833 Tokugawa of dit Co., Ltd. 1834 Fix a race condition with the errno value in tick() and 1835 reapchild() -- this caused occasional misdiagnosis 1836 of problems. Kyle Jones of UUNET helped this along. 1837 Repair rule loop-detection code. From Michael Corrigan of 1838 U.C. San Diego. 1839 Fix a problem that caused sender domain addition (C mailer 1840 flag to be ignored if you use -odq or use -odb with 1841 a high load average. Problem reported by Jim Murray 1842 of Stratus. 1843 Fix ident protocol on multi-homed machines. It was not 1844 always using the correct interface. Fix from J.R. 1845 Oldroyd of Opal. 1846 Previously, sendmail assumed that any SMTP greeting message 1847 that wasn't 2xx was a temporary failure -- it should 1848 only take 4xx as a temporary failure, and return a 1849 solid error message on anything else -- for example, 1850 to allow you to reject connections on a workstation 1851 that is MXed to a mail server. 1852 Portability enhancements for 386BSD/FreeBSD/NetBSD from 1853 Ollivier Robert. 1854 CONFIG: FEATURE(always_add_domain) didn't always add the domain; 1855 in particular, on local mail it modified the header sender 1856 but not the header recipient address(es). Reported by 1857 Jeffrey Honig of Cornell University. Also, strip 1858 any host from envelope recipient address(es), since 1859 local mailers don't understand host names -- this is 1860 to help mailertable entries. From Christopher Davis. 1861 CONFIG: masquerading didn't apply to addresses that already 1862 had a domain. This change replaces a local hostname 1863 by the masquerade name in the SMTP mailer (previously 1864 it only added the masquerade name if it didn't already 1865 have a domain name). Several people complained about 1866 this. 1867 18688.6.2/8.6.2 93/10/15 1869 Put a "successful delivery" message in the transcript for 1870 addresses that get return-receipts. 1871 Put a prominent "this is only a warning" message in warning 1872 messages -- some people don't read carefully enough 1873 and end up sending the message several times. 1874 Include reason for temporary failure in the "warning" return 1875 message. Currently, it just says "cannot send for 1876 four hours". 1877 Fix the "Original message received" time generated for 1878 returntosender messages. It was previously listed as 1879 the current time. Bug reported by Eric Hagberg of 1880 Cornell University Medical College. 1881 If there is an error when writing the body of a message, 1882 don't send the trailing dot and wait for a response 1883 in sender SMTP, as this could cause the connection to 1884 hang up under some bizarre circumstances. From Eric 1885 Wassenaar. 1886 Fix some server SMTP synchronization problems caused when 1887 connections fail during message collection. From 1888 Eric Wassenaar. 1889 Fix a problem that can cause srvrsmtp to reject mail if the 1890 name server is down -- it accepts the RCPT but rejects 1891 the DATA command. Problem reported by Jim Murray of 1892 Stratus. 1893 Fix a problem that can cause core dumps if the config file 1894 incorrectly resolves to a null hostname. Reported by 1895 Allan Johannesen of WPI. 1896 Non-root use of -C flag, dangerous -f flags, and use of -oQ 1897 by non-root users were not put into 1898 X-Authentication-Warning:s as intended because the 1899 config file hadn't set the PrivacyFlags yet. Fix 1900 from Sven-Ove Westberg of the University of Lulea. 1901 Under very odd circumstances, the alias file rebuild code 1902 could get confused as to whether a database was 1903 open or not. 1904 Check "vendor code" on the end of V lines -- this is 1905 intended to provide a hook for vendor-specific 1906 configuration syntax. (This is a "new feature", 1907 but I've made an exception to my rule in a belief 1908 that this is a highly exceptional case.) 1909 Portability fixes for DG/UX (from Douglas Anderson of NCSC), 1910 SCO Unix (from Murray Kucherawy), A/UX, and OSF/1 1911 (from Jon Forrest of UC Berkeley) 1912 CONFIG: fix ``mailer:host'' form of UUCP relay naming. 1913 19148.6.1/8.6 93/10/08 1915 Portability fixes for A/UX and Encore UMAX V. 1916 Fix error message handling -- if you had a name server down 1917 causing an error during parsing, that message was never 1918 propogated to the queue file. 1919 19208.6/8.6 93/10/05 1921 Configuration cleanup: make it easier to undo IDENTPROTO in 1922 conf.h (other systems have the same bug). 1923 If HASGETDTABLESIZE and _SC_OPEN_MAX are both defined, assume 1924 getdtablesize() instead of sysconf(); a disturbingly 1925 large number of systems defined _SC_OPEN_MAX in the 1926 header files but don't have the syscall. 1927 Another patch to really truly ignore MX records in getcanonname 1928 if trymx == FALSE. 1929 Fix problem that caused the "250 IAA25499 Message accepted for 1930 delivery" message to be omitted if there was an error 1931 in the header of the message (e.g., a bad Errors-To: 1932 line). Pointed out by Michael Corrigan of UCSD. 1933 Announce name of host we are chatting when we get errors; this 1934 is an IDA-ism suggested by Christophe Wolfhugel. 1935 Portability fixes for Alpha OSF/1 (from Anthony Baxter of the 1936 Australian Artificial Intelligence Institute), SCO Unix 1937 (from Murray Kucherawy of Hookup Communication Corp.), 1938 NeXT (from Vince DeMarco and myself), Linux (from 1939 Karl London <karl@borg.demon.co.uk>), BSDI (from 1940 Christophe Wolfhugel, and SVR4 on Dell (from Kimmo 1941 Suominen), AUX 3.0 on Macintosh, and ANSI C compilers. 1942 Some changes to get around gcc optimizer bugs. From Takahiro 1943 Kanbe. 1944 Fix error recovery in queueup if another tf file of the same 1945 name already exists. Problem stumbled over by Bill 1946 Wisner of The Well. 1947 Output YP_MASTER_NAME and YP_LAST_MODIFIED without null bytes. 1948 Problem noted by Keith McMillan of Ameritech Services. 1949 Deal with group permissions properly when opening .forward and 1950 :include: files. This relaxes the 8.1C restrictions 1951 slightly more. This includes proper setting of groups 1952 when reading :include: files, allowing you to read some 1953 files that you should be able to read but have previously 1954 been denied unless you owned them or they had "other" 1955 read permission. 1956 Make certain that $j is in $=w (after the .cf is read) so that 1957 if the user is forced to override some silly system, 1958 MX suppression will still work. 1959 Fix a couple of efficiency problems where newstr was double- 1960 calling expensive routines. In at least one case, it 1961 wasn't guaranteed that they would always return the 1962 same result. Problem noted by Christophe Wolfhugel. 1963 Fix null pointer dereference in putoutmsg -- only on an error 1964 condition from a non-SMTP mailer. From Motonori 1965 Nakamura. 1966 Macro expand "C" line class definitions before scanning so that 1967 "CX $Z" works. 1968 Fix problem that caused error message to be sent while still 1969 trying to send the original message if the connection 1970 is closed during a DATA command after getting an error 1971 on an RCPT command (pretty obscure). Problem reported 1972 by John Myers of CMU. 1973 Fix reply to NOOP to be 250 instead of 200 -- this is a long 1974 term bug. 1975 Fix a nasty bug causing core dumps when returning the "warning: 1976 cannot deliver for N hours -- will keep trying" message; 1977 it only occurred if you had PostMasterCopy set and 1978 only on some architectures. Although sendmail would 1979 keep trying, it would send error messages on each 1980 queue interval. This is an important fix. 1981 Allow u and g options to take user and group names respectively. 1982 Don't do a chdir into the queue directory in -bt mode to make 1983 ruleset testing a bit easier. 1984 Don't allow users to turn off logging (using -oL) on the command 1985 line -- command line can only raise, not lower, logging 1986 level. 1987 Set $u to the original recipient on the SMTP transaction or on 1988 the command line. This is only done if there is exactly 1989 one recipient. Technically, this does not meet the 1990 specs, because it does not guarantee a domain on the 1991 address. 1992 Fix a problem that dumped error messages on bad addresses if 1993 you used the -t flag. Problem noted by Josh Smith of 1994 Harvey Mudd College. 1995 Given an address such as ``<foo> <bar>'', auto-quote the first 1996 ``<foo>'' part, giving ``"<foo>" <bar>''. This is to 1997 avoid the problem of people who use angle brackets in 1998 their full name information. 1999 Fix a null pointer dereference if you set option "l", have 2000 an Errors-To: header in the message, and have Errors-To: 2001 defined in the config file H lines. From J.R. Oldroyd. 2002 Put YPCOMPAT on #ifdef NIS instead -- it's one less thing to get 2003 wrong when compiling. Suggested by Rick McCarty of TI. 2004 Fix a problem that could pass negative SIZE parameter if the 2005 df file got lost; this would cause servers to always 2006 give a temporary failure, making the problem even worse. 2007 Problem noted by Allan Johannesen of WPI. 2008 Add "ident" timeout (one of the "r" option selectors) for IDENT 2009 protocol timeouts (30s default). Requested by Murray 2010 Kucherawy of HookUp Communication Corp. to handle bogus 2011 PC TCP/IP implementations. 2012 Change $w default definition to be just the first component of 2013 the domain name on config level 5. The $j macro defaults 2014 to the FQDN; $m remains as before. This lets well-behaved 2015 config files use any of the short, long, or subdomain 2016 names. 2017 Add makesendmail script in src to try to automate multi-architecture 2018 builds. I know, this is sub-optimal, but it is still 2019 helpful. 2020 Fix very obscure race condition that can cause a queue run to 2021 get a queue file for an already completed job. This 2022 problem has existed for years. Problem noted by the 2023 long suffering Allan Johannesen of WPI. 2024 Fix a problem that caused the raw sender name to be passed to 2025 udbsender instead of the canonified name -- this caused 2026 it to sometimes miss records that it should have found. 2027 Relax check of name on HELO packet so that a program using -bs 2028 that claims to be itself works properly. 2029 Restore rewriting of $: part of address through 2, R, 4 in 2030 buildaddr -- this requires passing a lot of flags to get 2031 it right. Unlike old versions, this ONLY rewrites 2032 recipient addresses, not sender addresses. 2033 Fix a bug that caused core dumps in config files that cannot 2034 resolve /file/name style addresses. Fix from Jonathan 2035 Kamens of OpenVision Technologies. 2036 Fix problem with fcntl locking that can cause error returns to 2037 be lost if the lock is lost; this required fully 2038 queueing everything, dropping the envelope (so errors 2039 would get returned), and then re-reading the queue from 2040 scratch. 2041 Fix a problem that caused aliases that redefine an otherwise 2042 true address to still send to the original address 2043 if and only if the alias failed in certain bizarre 2044 ways (e.g, if they pointed at a list:; syntax address). 2045 Problem pointed out by Jonathan Kamens. 2046 Remove support for frozen configuration files. They caused 2047 more trouble than it was worth. 2048 Fix problem that can cause error messages to get ignored when 2049 using both -odb and -t flags. Problem noted by Rob 2050 McNicholas at U.C. Berkeley. 2051 Include all "normal" variations on hostname in $=w. For example, 2052 if the host name is vangogh.cs.berkeley.edu, $=w will 2053 contain vangogh, vangogh.cs, and vangogh.cs.berkeley.edu. 2054 Add "restrictqrun" privacy flag -- without this, anyone can run 2055 the queue. 2056 Reset SmtpPhase global on initial connection creation so that 2057 messages don't come out with stale information. 2058 Pass an "ext" argument to lockfile so that error/log messages 2059 will properly reflect the true filename being locked. 2060 Put all [...] address forms into $=w -- this eliminates the need 2061 for MAXIPADDR in conf.h. Suggested by John Gardiner 2062 Myers of CMU. 2063 Fix a bug that can cause qf files to be left around even after 2064 an SMTP RSET command. Problem and fix from Michael 2065 Corrigan. 2066 Don't send a PostMasterCopy to errors when the Precedence: is 2067 negative. Error reports still go to the envelope 2068 sender address. 2069 Add LA_SHORT for load averages. 2070 Lock sendmail.st file when posting statistics. 2071 Add "SendBufSize" and "RcvBufSize" suboptions to "O" option to 2072 set the size of the TCP send and receive buffers; if you 2073 run over a slow slip line you may need to set these down 2074 (although it would be better to fix the SLIP implementation 2075 so that it's not necessary to recompile every program 2076 that does bulk data transfer). 2077 Allow null defaults on $( ... $) lookups. Problem reported by 2078 Amir Plivatsky. 2079 Diagnose crufty S and V config lines. This resulted from an 2080 observation that some people were using the SITE macro 2081 without the SITECONFIG macro first, which was causing 2082 bogus config files that were not caught. 2083 Fix makemap -f flag to turn off case folding (it was turning it 2084 on instead). THIS IS A USER VISIBLE CHANGE!!! 2085 Fix a problem that caused multiple error messages to be sent if 2086 you used "sendmail -t -oem -odb", your system uses fcntl 2087 locking, and one of the recipient addresses is unknown. 2088 Reset uid earlier in include() so that recursive .forwards or 2089 :include:s don't use the wrong uid. 2090 If file descriptor 0, 1, or 2 was closed when sendmail was 2091 called, the code to recover the descriptor was broken. 2092 This sometimes (only sometimes) caused problems with the 2093 alias file. Fix from Motonori Nakamura. 2094 Fix a problem that caused aliaswait to go into infinite recursion 2095 if the @:@ metasymbol wasn't found in the alias file. 2096 Improve error message on newaliases if database files cannot be 2097 opened or if running with no database format defined. 2098 Do a better estimation of the size of error messages when NoReturn 2099 is set. Problem noted by P{r (Pell) Emanuelsson. 2100 Fix a problem causing the "c" option (don't connect to expensive 2101 mailers) to be ignored in SMTP. Problem noted and the 2102 solution suggested by Robert Elz of Munnari University. 2103 Improve connection caching algorithm by passing "[host]" to 2104 hostsignature, which strips the square brackets and 2105 returns the real name. This allows mailertable entries 2106 to match regular entries. 2107 Re-enable Return-Receipt-To: -- people seem to want this stupid 2108 feature, even if it doesn't work right. 2109 Catch and log attempts to try the "wiz" command in server SMTP. 2110 This also ups the log level from LOG_NOTICE to LOG_CRIT. 2111 Be more generous at assigning $z to the home directory -- do this 2112 for programs that are specified through a .forward file. 2113 Fix from Andrew Chang of Sun Microsystems. 2114 Always save a fatal error message in preference to a non-fatal 2115 error message so that the "subject" line of return 2116 messages is the best possible. 2117 CONFIG: reduce the number of quotes needed to quote configuration 2118 parameters with commas: two quotes should work now, e.g., 2119 define(ALIAS_FILE, ``/etc/aliases,/etc/aliases.local''). 2120 CONFIG: class $=Z is a set of UUCP hosts that use uucp-dom 2121 connections (domain-ized UUCP). 2122 CONFIG: fix bug in default maps (-o must be before database file 2123 name). Pointed out by Christophe Wolfhugel. 2124 CONFIG: add FEATURE(nodns) to state that we are not relying on 2125 DNS. This would presumably be used in UUCP islands. 2126 CONFIG: add OSTYPE(nextstep) and OSTYPE(linux). 2127 CONFIG: log $u in Received: line. This is in technical violation 2128 of the standards, since it doesn't guarantee a domain 2129 on the address. 2130 CONFIG: don't assume "m" in local mailer flags -- this means that 2131 if you redefine LOCAL_MAILER_FLAGS you will have to include 2132 the "m" flag should you want it. Apparently some Solaris 2.2 2133 installations can't handle multiple local recipients. 2134 Problem noted by Josh Smith. 2135 CONFIG: add confDOMAIN_NAME to set $j (if undefined, $j defaults). 2136 CONFIG: change default version level from 4 to 5. 2137 CONFIG: add FEATURE(nullclient) to create a config file that 2138 forwards all mail to a hub without ever looking at the 2139 addresses in any detail. 2140 CONFIG: properly strip mailer: information off of relays when 2141 used to change .BITNET form into %-hack form. 2142 CONFIG: fix a problem that caused infinite loops if presented 2143 with an address such as "!foo". 2144 CONFIG: check for self literal (e.g., [128.32.131.12]) even if 2145 the reverse "PTR" mapping is broken. There's a better 2146 way to do this, but the change is fairly major and I 2147 want to hold it for another release. Problem noted by 2148 Bret Marquis. 2149 21508.5/8.5 93/07/23 2151 Serious bug: if you used a command line recipient that was unknown 2152 sendmail would not send a return message (it was treating 2153 everything as though it had an SMTP-style client that 2154 would do the return itself). Problem noted by Josh Smith. 2155 Change "trymx" option in getcanonname() to ignore all MX data, 2156 even during a T_ANY query. This actually didn't break 2157 anything, because the only time you called getcanonname 2158 with !trymx was if you already knew there were no MX 2159 records, but it is somewhat cleaner. From Motonori 2160 Nakamura. 2161 Don't call getcanonname from getmxrr if you already know there 2162 are no DNS records matching the name. 2163 Fix a problem causing error messages to always include "The 2164 original message was received ... from localhost". 2165 The correct original host information is now included. 2166 Previous change to cf/sh/makeinfo.sh doesn't port to Ultrix (their 2167 version of "test" doesn't have the -x flag). Change it 2168 to use -f instead. From John Myers. 2169 CONFIG: 8.4 mistakenly set the default SMTP-style mailer to 2170 esmtp -- it should be smtp. 2171 CONFIG: send all relayed mail using confRELAY_MAILER (defaults 2172 to "relay" (a variant of "smtp") if MAILER(smtp) is used, 2173 else "suucp" if MAILER(uucp) is used, else "unknown"); 2174 this cleans up the configs somewhat. This fixes a serious 2175 problem that caused route-addrs to get mistaken as relays, 2176 pointed out by John Myers. WARNING: this also causes 2177 the default on SMART_HOST to change from "suucp" to 2178 "relay" if you have MAILER(smtp) specified. 2179 21808.4/8.4 93/07/22 2181 Add option `w'. If you receive a message that comes to you because 2182 you are the best (lowest preference) target of an MX, and 2183 you haven't explicitly recognized the source MX host in 2184 your .cf file, this option will cause you to try the target 2185 host directly (as if there were no MX for it at all). If 2186 `w' is not set, this case is a configuration error. 2187 Beware: if `w' is set, senders may get bogus errors like 2188 "message timed out" or "host unknown" for problems that 2189 are really configuration errors. This option is 2190 disrecommended, provided only for compatibility with 2191 UIUC sendmail. 2192 Fix a problem that caused the incoming socket to be left open 2193 when sendmail forks after the DATA command. This caused 2194 calling systems to wait in FIN_WAIT_2 state until the 2195 entire list was processed and the child closed -- a 2196 potentially prodigious amount of time. Problem noted 2197 by Neil Rickert. 2198 Fix problem (created in 6.64) that caused mail sent to multiple 2199 addresses, one of which was a bad address, to completely 2200 suppress the sending of the message. This changes 2201 handling of EF_FATALERRS somewhat, and adds an 2202 EF_GLOBALERRS flag. This also fixes a potential problem 2203 with duplicate error messages if there is a syntax error 2204 in the header of a message that isn't noticed until late 2205 in processing. Original problem pointed out by Josh Smith 2206 of Harvey Mudd College. This release includes quite a bit 2207 of dickering with error handling (see below). 2208 Back out SMTP transaction if MAIL gets nested 501 error. This 2209 will only hurt already-broken software and should help 2210 humans. 2211 Fix a problem that broke aliases when neither NDBM nor NEWDB were 2212 compiled in. It would never read the alias file. 2213 Repair unbalanced `)' and `>' (the "open" versions are already 2214 repaired). 2215 Logging of "done" in dropenvelope() was incorrect: it would 2216 log this even when the queue file still existed. Change 2217 this to only log "done" (at log level 11) when the 2218 queue file is actually removed. From John Myers. 2219 Log "lost connection" in server SMTP at log level 20 if there 2220 is no pending transaction. Some senders just close the 2221 connection rather than sending QUIT. 2222 Fix a bug causing getmxrr to add a dot to the end of unqualified 2223 domains that do not have MX records -- this would cause 2224 the subsequent host name lookup to fail. The problem 2225 only occurred if you had FEATURE(nocanonify) set. 2226 Problem noted by Rick McCarty of Texas Instruments. 2227 Fix invocation of setvbuf when passed a -X flag -- I had 2228 unwittingly used an ANSI C extension, and this caused 2229 core dumps on some machines. 2230 Diagnose self-destructive alias loops on RCPT as well as EXPN. 2231 Previously it just gave an empty send queue, which 2232 then gave either "Need RCPT (recipient)" at the DATA 2233 (confusing, since you had given an RCPT command which 2234 returned 250) or just dropped the email, depending on 2235 whether you were running VERBose mode. Now it usually 2236 diagnoses this case as "aliasing/forwarding loop broken". 2237 Unfortunately, it still doesn't adequately diagnose 2238 some true error conditions. 2239 Add internal concept of "warning messages" using 6xx codes. 2240 These are not reported only to Postmaster. Unbalanced 2241 parens, brackets, and quotes are printed as 653 codes. 2242 They are always mapped to 5xx codes before use in SMTP. 2243 Clean up error messages to tell both the actual address that 2244 failed and the alias they arose from. This makes it 2245 somewhat easier to diagnose problems. Difficulty noted 2246 by Motonori Nakamura. 2247 Fix a problem that inappropriately added a ctladdr to addresses 2248 that shouldn't have had one during a queue run. This 2249 caused error messages to be handled differently during 2250 a queue run than a direct run. 2251 Don't print the qf name and line number if you get errors during 2252 the direct run of the queue from srvrsmtp -- this was 2253 just extra stuff for users to crawl through. 2254 Put command line flags on second line of pid file so you can 2255 auto-restart the daemon with all appropriate arguments. 2256 Use "kill `head -1 /etc/sendmail.pid`" to stop the 2257 daemon, and "eval `tail -1 /etc/sendmail.pid`" to 2258 restart it. 2259 Remove the ``setuid(getuid())'' in main -- this caused the 2260 IDENT daemon to screw up. This required that I change 2261 HASSETEUID to HASSETREUID and complicate the mode 2262 changing somewhat because both Ultrix and SunOS seem 2263 to have a bug causing seteuid() to set the saved uid 2264 as well as the effective. The program test/t_setreuid.c 2265 will test to see if your implementation of setreuid(2) 2266 is appropriately functional. 2267 The FallBackMX (option V) handling failed to properly identify 2268 fallback to yourself -- most of the code was there, 2269 but it wasn't being enabled. Problem noted by Murray 2270 Kucherawy of the University of Waterloo. 2271 Change :include: open timeout from ETIMEDOUT to an internal 2272 code EOPENTIMEOUT; this avoids adding "during SmtpPhase 2273 with CurHostName" in error messages, which can be 2274 confusing. Reported by Jonathan Kamens of OpenVision 2275 Technologies. 2276 Back out setpgrp (setpgid on POSIX systems) call to reset the 2277 process group id. The original fix was to get around 2278 some problems with recalcitrant MUAs, but it breaks 2279 any call from a shell that creates a process group id 2280 different from the process id. I could try to fix 2281 this by diddling the tty owner (using tcsetpgrp or 2282 equivalent) but this is too likely to break other 2283 things. 2284 Portability changes: 2285 Support -M as equivalent to -oM on Ultrix -- apparently 2286 DECnet calls sendmail with -MrDECnet -Ms<HOST> -bs 2287 instead of using standard flags. Oh joy. This 2288 behaviour reported by Jon Giltner of University 2289 of Colorado. 2290 SGI IRIX -- this includes several changes that should 2291 help other strict ANSI compilers. 2292 SCO Unix -- from Murray Kucherawy of HookUp Communication 2293 Corporation. 2294 Solaris running the Sun C compiler (which despite the 2295 documentation apparently doesn't define 2296 __STDC__ by default). 2297 ConvexOS from Eric Schnoebelen of Convex. 2298 Sony NEWS workstations and Omron LUNA workstations from 2299 Motonori Nakamura. 2300 CONFIG: add confTRY_NULL_MX_LIST to set option `w'. 2301 CONFIG: delete `C' and `e' from default SMTP mailers flags; 2302 several people have made a good argument that this 2303 creates more problems than it solves (although this 2304 may prove painful in the short run). 2305 CONFIG: generalize all the relays to accept a "mailer:host" 2306 format. 2307 CONFIG: move local processing in ruleset 0 into a new ruleset 2308 98 (8 on old sendmail). Domain literal [a.b.c.d] 2309 addresses are also passed through this ruleset. 2310 CONFIG: if neither SMART_HOST nor MAILER(smtp) were defined, 2311 internet-style addresses would "fall off the end" of 2312 ruleset zero and be interpreted as local -- however, 2313 the angle brackets confused the recursive call. 2314 These are now diagnosed as "Unrecognized host name". 2315 CONFIG: USENET rules weren't included in S0 because of a mistaken 2316 ifdef(`_MAILER_USENET_') instead of 2317 ifdef(`_MAILER_usenet_'). Problem found by Rein Tollevik 2318 of SINTEF RUNIT, Oslo. 2319 CONFIG: move up LOCAL_RULE_0 processing so that it happens very 2320 early in ruleset 0; this allows .mc authors to bypass 2321 things like the "short circuit" code for local addresses. 2322 Prompted by a comment by Bill Wisner of The Well. 2323 CONFIG: add confSMTP_MAILER to define the mailer used (smtp or 2324 esmtp) to send SMTP mail. This allows you to default 2325 to esmtp but use a mailertable or other override to 2326 deal with broken servers. This logic was pointed out 2327 to me by Bill Wisner. Ditto for confLOCAL_MAILER. 2328 Changes to cf/sh/makeinfo.sh to make it portable to SVR4 2329 environments. Ugly as sin. 2330 23318.3/8.3 93/07/13 2332 Fix setuid problems introduced in 8.2 that caused messages 2333 like "Cannot create qfXXXXXX: Invalid argument" 2334 or "Cannot reopen dfXXXXXX: Permission denied". This 2335 involved a new compile flag "HASSETEUID" that takes 2336 the place of the old _POSIX_SAVED_IDS -- it turns out 2337 that the POSIX interface is broken enough to break 2338 some systems badly. This includes some fixes for 2339 HP-UX. Also fixes problems where the real uid is 2340 not reset properly on startup (from Neil Rickert). 2341 Fix a problem that caused timed out messages to not report the 2342 addresses that timed out. Error messages are also more 2343 "user friendly". 2344 Drop required bandwidth on connections from 64 bytes/sec to 2345 16 bytes/sec. 2346 Further Solaris portability changes -- doesn't require the BSD 2347 compatibility library. This also adds a new 2348 "HASGETDTABLESIZE" compile flag which can be used if 2349 you want to use getdtablesize(2) instead of sysconf(2). 2350 These are loosely based on changes from David Meyer at 2351 University of Oregon. This now seems to work, at least 2352 for quick test cases. 2353 Fix a problem that can cause duplicate error messages to be 2354 sent if you are in SMTP, you send to multiple addresses, 2355 and at least one of those addresses is good and points 2356 to an account that has a .forward file (whew!). 2357 Fix a problem causing messages to be discarded if checkcompat() 2358 returned EX_TEMPFAIL (because it didn't properly mark 2359 the "to" address). Problem noted by John Myers. 2360 Fix dfopen to return NULL if the open failed; I was depending 2361 on fdopen(-1) returning NULL, which isn't the case. This 2362 isn't serious, but does result in wierd error diagnoses. 2363 From Michael Corrigan. 2364 CONFIG: add UUCP_MAX_SIZE M4 macro to set the maximum size of 2365 messages sent through UUCP-family mailers. Suggested 2366 by Bill Wisner of The Well. 2367 CONFIG: if both MAILER(uucp) and MAILER(smtp) are specified, 2368 include a "uucp-dom" mailer that uses domain-style 2369 addressing. Suggested by Bill Wisner. 2370 CONFIG: Add LOCAL_SHELL_FLAGS and LOCAL_SHELL_ARGS to match 2371 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS. Suggested by 2372 Christophe Wolfhugel. 2373 CONFIG: Add OSTYPE(aix3). From Christophe Wolfhugel. 2374 23758.2/8.2 93/07/11 2376 Don't drop out on config file parse errors in -bt mode. 2377 On older configuration files, assume option "l" (use Errors-To 2378 header) for back compatibility. NOTE: this DOES NOT 2379 imply an endorsement of the Errors-To: header in any way. 2380 Accept -x flag on AIX-3 as well as OSF/1. Why, why, why??? 2381 Don't log errors on EHLO -- it isn't a "real" error for an old 2382 SMTP server to give an error on this command, and 2383 logging it in the transcript can be confusing. Fix 2384 from Bill Wisner. 2385 IRIX compatibility changes provided by Dan Rich 2386 <drich@sandman.lerc.nasa.gov>. 2387 Solaris 2 compatibility changes. Provided by Bob Cunningham 2388 <bob@kahala.soest.hawaii.edu>, John Oleynick 2389 <juo@klinzhai.rutgers.edu> 2390 Debugging: -d17 was overloaded (hostsignature and usersmtp.c); 2391 move usersmtp (smtpinit and smtpmailfrom) to -d18 to 2392 match the other flags in that file. 2393 Flush transcript before fork in mailfile(). From Eric Wassenaar. 2394 Save h_errno in mci struct and improve error message display. 2395 Changes from Eric Wassenaar. 2396 Open /dev/null for the transcript if the create of the xf file 2397 failed; this avoids at least one possible null pointer 2398 reference in very wierd cases. From Eric Wassenaar. 2399 Clean up statistics gathering; it was over-reporting because of 2400 forks. From Eric Wassenaar. 2401 Fix problem that causes old Return-Path: line to override new 2402 Return-Path: line (conf.c needs H_FORCE to avoid 2403 re-using old value). From Motonori Nakamura. 2404 Fix broken -m flag in K definition -- even if -m (match only) 2405 was specified, it would still replace the key with the 2406 value. Noted by Rick McCarty of Texas Instruments. 2407 If the name server timed out over several days, no "timed out" 2408 message would ever be sent back. The timeout code 2409 has been moved from markfailure() to dropenvelope() 2410 so that all such failures should be diagnosted. Pointed 2411 out by Christophe Wolfhugel and others. 2412 Relax safefile() constraints: directories in an include or 2413 forward path must be readable by self if the controlling 2414 user owns the entry, readable by all otherwise (e.g., 2415 when reading your .forward file, you have to own and 2416 have X permssion in it; everyone needs X permission in 2417 the root and directories leading up to your home); 2418 include files must be readable by anyone, but need not 2419 be owned by you. 2420 If _POSIX_SAVED_IDS is defined, setuid to the owner before 2421 reading a .forward file; this gets around some problems 2422 on NFS mounts if root permission is not exported and 2423 the user's home directory isn't x'able. 2424 Additional NeXT portability enhancements from Axel Zinser. 2425 Additional HP-UX portability enhancements from Brian Bullen. 2426 Add a timeout around SMTP message writes; this assumes you can 2427 get throughput of at least 64 bytes/second. Note that 2428 this does not impact the "datafinal" default, which 2429 is separate; this is just intended to work around 2430 network clogs that will occur before the final dot 2431 is sent. From Eric Wassenaar. 2432 Change map code to set the "include null" flag adaptively -- 2433 it initially tries both, but if it finds anything 2434 matching without a null it never tries again with a 2435 null and vice versa. If -N is specified, it never 2436 tries without the null and creates new maps with a 2437 null byte. If -O is specified, it never tries with 2438 the null (for efficiency). If -N and -O are specified, 2439 you get -NO (get it?) lookup at all, so this would 2440 be a bad idea. If you don't specify either -N or -O, 2441 it adapts. 2442 Fix recognition of "same from address" so that MH submissions 2443 will insert the appropriate full name information; 2444 this used to work and got broken somewhere along the 2445 way. 2446 Some changes to eliminate some unnecessary SYSERRs in the 2447 log. For example, if you lost a connection, don't 2448 bother reporting that fact on the connection you lost. 2449 Add some "extended debugging" flags to try to track down 2450 why we get occassional problems with file descriptor 2451 one being closed when execing a mailer; it seems to 2452 only happen when there has been another error in the 2453 same transaction. This requires XDEBUG, defined 2454 by default in conf.h. 2455 Add "-X filename" command line flag, which logs both sides of 2456 all SMTP transactions. This is intended ONLY for 2457 debugging bad implementations of other mailers; start 2458 it up, send a message from a mailer that is failing, 2459 and then kill it off and examine the indicated log. 2460 This output is not intended to be particularly human 2461 readable. This also adds the HASSETVBUF compile 2462 flag, defaulted on if your compiler defines __STDC__. 2463 CONFIG: change SMART_HOST to override an SMTP mailer. If you 2464 have a local net that should get direct connects, you 2465 will need to use LOCAL_NET_CONFIG to catch these hosts. 2466 See cf/README for an example. 2467 CONFIG: add LOCAL_MAILER_ARGS (default: `mail -d $u') to handle 2468 sites that don't use the -d flag. 2469 CONFIG: hide recipient addresses as well as sender addresses 2470 behind $M if FEATURE(allmasquerade) is specified; this 2471 has been requested by several people, but can break 2472 local aliases. For example, if you mail to "localalias" 2473 this will be rewritten as "localalias@masqueradehost"; 2474 although initial delivery will work, replies will be 2475 broken. Use it sparingly. 2476 CONFIG: add FEATURE(domaintable). This maps unqualified domains 2477 to qualified domains in headers. I believe this is 2478 largely equivalent to the IDA feature of the same name. 2479 CONFIG: use $U as UUCP name instead of $k. This permits you 2480 to override the "system name" as your UUCP name -- 2481 in particular, to use domain-ized UUCP names. From 2482 Bill Wisner of The Well. 2483 CONFIG: create new mailer "esmtp" that always tries EHLO 2484 first. This is currently unused in the config files, 2485 but could be used in a mailertable entry. 2486 24878.1C/8.1B 93/06/27 2488 Serious security bug fix: it was possible to read any file on 2489 the system, regardless of ownership and permissions. 2490 If a subroutine returns a fully qualified address, return it 2491 immediately instead of feeding it back into rewriting. 2492 This fixes a problem with mailertable lookups. 2493 CONFIG: fix some M4 frotz (concat => CONCAT) 2494 24958.1B/8.1A 93/06/12 2496 Serious bug fix: pattern matching backup algorithm stepped by 2497 two tokens in classes instead of one. Found by Claus 2498 Assmann at University of Kiel, Germany. 2499 25008.1A/8.1A 93/06/08 2501 Another mailertable fix.... 2502 25038.1/8.1 93/06/07 2504 4.4BSD freeze. No semantic changes. 2505 25066.65/6.34 93/06/06 2507 Fix some lintish problems. 2508 Fix some cases where server SMTP behaved poorly when handed bogus 2509 input, pointed out by Eric Wassenaar. 2510 CONFIG: fix some more (sigh) mailertable bugs -- thanks to 2511 Motonori Nakamura of Kyoto University (again). 2512 25136.64/6.33 93/06/05 2514 Don't send 050 (-v) information after the 250 response to a QUIT 2515 command in srvrsmtp -- clients usually close the connection 2516 at this point, and it causes bogus error messages. 2517 Don't send messages that have errors on input (such as unbalanced 2518 parentheses) during SMTP transactions, since a return 2519 message has (probably) already been sent. 2520 Give better diagnostics on timeouts during network reads, including 2521 information similar to the SMTP phase. 2522 Fix bug that caused SMTP messages to deliver synchronously; this 2523 happened after the DATA 250, and hence caused reading the 2524 next command to be delayed. 2525 Ignore Errors-To: header unless 'l' (lower case el) header is 2526 specified. The Errors-To: header violates RFC 1123. 2527 Errors-To: was only needed to take the place of the 2528 envelope sender in the days when most Unix mailers 2529 didn't understand about the two kinds of senders. 2530 Don't send warning messages in response to automatically generated 2531 messages (that is, those From:<>). 2532 CONFIG: fix some rather stupid typos in the mailertable code 2533 pointed out by Motonori Nakamura of Kyoto University. 2534 CONFIG: add confUSE_ERRORS_TO configuration option. 2535 CONFIG: if ALWAYS_ADD_DOMAIN is selected, try to use $M 2536 (masquerade name) instead of $j. 2537 CONFIG: don't add dots to relay names (added in 6.29); it breaks 2538 several things, and can be simulated by dot terminating 2539 the names of relays. For example, use: 2540 DBbit.net.relay. 2541 (note the trailing dot). 2542 25436.63/6.32 93/06/01 2544 Fix prototypes to eliminate chars in argument lists -- some 2545 compilers are pissy about this. 2546 Log protocol ($r) and body type if set so we can determine if 2547 the adaptive algorithms are working. 2548 Pessimize on locking of database files (particularly for NEWDB 2549 databases) during opens. There were problems with 2550 processes opening the file while it was rebuilt; since 2551 NEWDB caches heavily, the reader opened an empty file, 2552 which is an error. If your system has the ability to 2553 lock atomically on open, this works properly; otherwise, 2554 there are race conditions. 2555 Check mod time on .pag file instead of .dir in NDBM aliases 2556 because the .dir file doesn't get updated for small 2557 alias files. From John Gardiner Myers of CMU. 2558 More Solaris portability -- it now compiles on Solaris, but 2559 hangs up in gethostbyname(). 2560 Move setting of RES_DEBUG flag before first myhostname() call 2561 so we can see name server traffic on that call. 2562 Fsync() queue files. 2563 Fix a problem that causes -bi to try to rebuild maps other than 2564 the alias file(s). 2565 Fix a problem that caused udb to reject entries from any but 2566 the first database listed. 2567 Rearrange doc subdirectory for 4.4BSD release tape. 2568 CONFIG: put $r into the Received line. This was an oversight. 2569 CONFIG: fix typo (call to ruleset 99 should have been rulset 90). 2570 CONFIG: move "auxiliary" subroutines to be in ruleset 90-99 2571 range -- in the long run, single digit rulesets may 2572 become reserved for builtin use by sendmail. 2573 CONFIG: fix major problem that causes host aliases (that is, 2574 anything in $=w != $j) to not be recognized. This has 2575 been around since 6.30. 2576 25776.62/6.31 93/05/28 2578 BETA RELEASE 2579 Fix recursive syserr (if there is an error printing a syserr 2580 message). This makes the code much less eager to consider 2581 a write error as serious. This also includes some 2582 heuristics to be clever about closed connections. 2583 Lock NEWDB files during gets. This requires version 1.5 or later 2584 of the db library. If you have an older version, you 2585 can use -DOLD_NEWDB. This will go away in a few weeks. 2586 Fix problem causing aliases that use host maps to get overwritten. 2587 Do appropriate byte swapping on port numbers in ident protocol 2588 code. Fix from Allan Johannesen of WPI. 2589 Defer opening of map files to the same time as alias files so that 2590 the daemon will tend to pick up new versions more promptly. 2591 Prototype a bunch more functions. 2592 Some Solaris 2.1 changes (still doesn't link though). 2593 Try to simplify Makefiles by including more subordinate #defines 2594 in conf.h (based on OS type). 2595 CONFIG: check for domains if FEATURE(mailertable) is defined. 2596 For example, if the host name is "knecht.cs.berkeley.edu" 2597 it will search the following mailertable keys: 2598 knecht.cs.berkeley.edu 2599 .cs.berkeley.edu 2600 .berkeley.edu 2601 .edu 2602 This could be used to replace the special relays for bitnet 2603 and similar nets. 2604 26056.61/6.30 93/05/24 2606 Fix problem that prevented appending dots on canonified host 2607 names. This breaks tons of config files -- very 2608 important fix. 2609 Fix improper pointer dereference in response to HELO command. 2610 Fix core dump if debugging set in map_rewrite. 2611 CONFIG: add FEATURE(always_add_domain) to always attach the 2612 local domain (only impacts local mail). 2613 CONFIG: try to avoid turning names into $j -- although 2614 technically a host can only have one "canonical name", 2615 it seems to be common practice to have several. 2616 26176.60/6.29 93/05/22 2618 Major change: merge alias databases with maps. This expands and 2619 changes the map class interface but fixes a bunch of bugs. 2620 The important user-visible change is that the file name 2621 in a K line now does not include the ".db" extension; this 2622 is added automatically. Also, the -d (NIS domain) flag is 2623 missing from the K config line; use @domain instead. 2624 When compiling, the *_MAP names are gone -- just compile 2625 in NDBM, NEWDB, and/or NIS support. 2626 Announce mailer/host/user triple on -bv flag -- from Brian 2627 Bullen of Stirling University. 2628 Don't send more than one line in response to HELO -- it confuses 2629 Pony Express, which then behaves very badly. However, 2630 this change does send two line 220 greetings, with the 2631 second line reading "ESMTP spoken here". The usersmtp 2632 module recognizes this and goes into ESMTP mode regardless 2633 of the setting of the "a" mailer flag. Thus, "a" means 2634 "always try EHLO". 2635 AIX portability changes (thanks to Christophe Wolfhugel of 2636 Herve Schauer Consultants (Paris) for providing me with 2637 an INSA account for this purpose). Lightly tested. Use 2638 -D_AIX3. This probably breaks compatibility with some 2639 older systems (e.g., 4.2bsd) but still works on SunOS 2640 4.1.2, Ultrix 4.2A, HP-UX 8.07, OSF/1 T1.3, and AIX 3.2.3. 2641 Fix a problem causing an error message loop if the output channel 2642 is hosed. 2643 Add the Makefiles that I use for various environments -- some are 2644 Berkeley make versions and some are old make versions. 2645 My makefile for the NeXT box has gotten lost, alas! 2646 PRALIASES: support for printing NEWDB databases. From 2647 Michael J. Corrigan of U.C. San Diego. 2648 CONFIG: don't pass pseudo-domains to $[ ... $] (if you have 2649 a wildcard MX it can have wierd results). From 2650 Christophe Wolfhugel. 2651 CONFIG: dot terminate relay hostnames in S0. From Christophe 2652 Wolfhugel. 2653 26546.59/6.28 93/05/13 2655 Log version with SMTP daemon startup message. 2656 Adjust setproctitle to work on NetBSD and BSD/386. 2657 Fix null pointer reference in MX fallback code. 2658 A bunch of minor fixes from Eric Wassenaar: 2659 If deliver cannot execv the mailer, return EX_OSERR 2660 instead of EX_TEMPFAIL (to give better 2661 error messages). 2662 Consistently malloc e_message. 2663 Catch degenerate case of calling returntosender() 2664 with an empty returnq. 2665 MIME reformatting. 2666 26676.58/6.28 93/05/13 2668 Fix bug that can cause incorrect verbose display of user smtp 2669 messages. 2670 Disable SMTP VERB command if PRIV_NOEXPN is set (since this 2671 could reveal the same information. 2672 Allow failure when reading SMTP greeting message to go on to 2673 next MX host. 2674 Add "MIME-Version: 1.0" header if using MIME (this was NOT 2675 included in RFC 1344, but Bill King of Allan-Bradley 2676 Company forwarded me email from Nathaniel Borenstein 2677 claiming that it was an inadvertent omission). 2678 Don't use Content-Type: X-message-header. According to John 2679 Myers of CMU, many MIME readers will completely ignore 2680 the data if they don't recognize it. Instead, just 2681 add a blank line to make it a legal (empty) message. 2682 Fix problem causing dots to keep getting appended to cached 2683 hostnames. This can cause buffer overrun conditions. 2684 The problem was found by Erik Forsberg of Retix, 2685 although I used a different bug fix than he provided. 2686 Fix parsing of split header/envelope rewriting specs -- from 2687 Eric Forsberg. 2688 Fix from Eric Wassenaar to correct To: lists in error messages. 2689 26906.57/6.28 93/05/11 2691 Fix minor glitch causing extra ctladdrs to be output to queue 2692 file. Just an annoyance. 2693 Cache results of name server canonification lookups to avoid 2694 backed up queue runs. 2695 Major rewrite of alias.c: considerable cleanup, plus sample 2696 (untested) support for NIS aliases. The "A" option 2697 can now be a comma separated list (or be repeated) -- 2698 that is, you can have multiple alias databases. Each 2699 database can have the syntax ``class:file''; if no class 2700 is specified, the "implicit" class is assumed. Implicit 2701 searches through a list of compiled in types -- hash, 2702 dbm, nis, and stab. Alias files are searched in the 2703 order they are listed. For example: 2704 OAhash:/etc/aliases.local,/etc/aliases 2705 OAnis:mail.aliases@my.nis.domain 2706 first searches the hash database /etc/aliases.local, 2707 then the regular /etc/aliases database, then the NIS 2708 map "mail.aliases" in the NIS domain "my.nis.domain". 2709 If in Verbose mode (probably from VERB command) run SMTP job 2710 in foreground and don't do RCPT optimizations. 2711 Add udb :mailsender as equivalent to owner- for regular aliases. 2712 Delete option 8; add option 7 that means the opposite. That is, 2713 default to 8-bit mode; a special option is needed to 2714 force sendmail into 7 bit mode. 2715 Send error messages in encapsulated MIME format. 2716 New compile flag "NIS" that turns on NIS alias and NIS map 2717 support. 2718 Add "j" option to send error messages in MIME (RFC 1341) 2719 encapsulated message format per RFC 1344. The 2720 syntax is pretty ugly if you don't have MIME-aware 2721 user agents. 2722 Clean up message handling (for display in mailq output). 2723 New setproctitle implementation for 4.4bsd. 2724 Create files (such as ~/dead.letter) using mode FileMode (the 2725 F option value) instead of 0666. 2726 Fix bug causing output of EXPN command to not be fully qualified. 2727 This may cause some problems with UUCP addresses that 2728 will require some config file assistance -- specifically, 2729 the $: part has to include the host name for this output 2730 to make sense. 2731 Fix a problem that sometimes diagnosed errors and still sent the 2732 message if the header syntax was bad. 2733 Fix a bug that caused an error message to be emailed when sendmail 2734 was operating in -bv mode. 2735 Add "ListenQueueSize" keyword to daemon options option (OO) to 2736 set the queue size parameter passed to listen(). You 2737 will normally have to tweak your kernel to up this. 2738 Strip spaces off of beginning of message-id before logging (in 2739 case it was folded across lines). 2740 Tweak compile flags in daemon.c -- there were some cases where 2741 it wouldn't work without NETINET. 2742 Change *file* mailer to output all the usual default headers 2743 (From, Date, Message-Id). It gets used when sending 2744 back error messages. 2745 CONFIG: explicitly catch and diagnose list:; syntax in ruleset 2746 zero -- this is not a valid recipient syntax according 2747 to RFC 821. 2748 CONFIG: add confMIME_FORMAT_ERRORS to send error messages in 2749 MIME format. Defaults to on. 2750 CONFIG: add SMTP_MAILER_FLAGS and UUCP_MAILER_FLAGS to augment 2751 the flags for those mailers. 2752 27536.56/6.27 93/05/01 2754 Fix problem that causes the fallback mail to postmaster 2755 (case ESM_POSTMASTER in savemail()) to not look at 2756 aliases (ugh). 2757 Some more HPUX tweaking (compile flag hpux => __hpux so it 2758 still works in ANSI mode). 2759 Don't try to flock non-regular files when mailing to a file. 2760 In particular, this was a problem if you tried to 2761 send to /dev/null. 2762 Fix a wierd bug that can cause senders to be queued as 2763 recipients if the name server is down when the mail 2764 is initially sent. This hack just ignores sender 2765 deletion (essentially, it sets the MeToo flag) if there 2766 is a TEMPFAIL during processing of the sender address. 2767 Obscure. 2768 Fix a dangling else problem -- from Brian Bullen from University 2769 of Stirling, UK. 2770 Add the "b" mailer flag to force a blank line on the end of 2771 messages. Some brilliant versions of /bin/mail insist 2772 on this but do not add it themselves. 2773 Add the "g" mailer flag to prevent user SMTP from sending 2774 "MAIL From:<>". This is only intended to be a 2775 transitional gesture, and should not be used if at 2776 all possible. It appears that Berkeley and IDA 2777 config files have always handled this properly; the 2778 UK config kit apparently does not. 2779 Don't lowercase and then capitalize header field names -- leave 2780 them with original capitalization. Fixes from Bill 2781 King of Allen-Bradley Company. 2782 Further cleanup and improved reporting of error messages, 2783 particularly conditions that cause messages to be 2784 requeued for future delivery. 2785 Tweak syslog priorities in some cases. 2786 CONFIG: clean up route-addr on UUCP addresses. 2787 27886.55/6.25 93/04/27 2789 HPUX 8.07 compatibility changes in getla() -- I had to make 2790 these changes to get it to work at Berkeley, although 2791 others seem to have been working before (???). 2792 Various patches to XLA code. 2793 Fix problem that causes setuid bit on files to be ignored from 2794 SMTP or in queue runs. Problem noted by Jason Ornstein 2795 of Under The Wire, Inc. 2796 Fix problem that can cause CNAMEs to be ignored. 2797 Generalize getmxrr to match local host in $=w instead of a 2798 single name passed in. 2799 Some cleanup from Eric Wassenaar: 2800 Use FileMailer instead of ProgMailer in two places. 2801 Eliminate duplicate 8th-bit stripping in commaize. 2802 Fix a problem with mis-parsing of backslash escapes 2803 under some circumstances. 2804 NIS map fix (was always including trailing null character) 2805 from Mike Glendinning of Ingres UK. 2806 Add "a" mailer flag to try using ESMTP. It tries the EHLO 2807 command and if that fails falls back to regular SMTP. 2808 Also parses EHLO option keywords. If host supports 2809 SIZE extension, this is added to the MAIL FROM: 2810 command. 2811 Extend "b" option to include a second value which is the 2812 maximum message size this server is willing to accept. 2813 For example, a value of "10/1000000" says that there 2814 must be ten blocks free, and sendmail will reject 2815 any message larger than one megabyte. 2816 Some portability hooks for NeXT (this could be applicable 2817 to Mach in general). You have to create an empty 2818 file called "unistd.h" to get it to compile. 2819 Adjust config values (MAXLINE, MAXATOM, and PSBUFSIZE) to 2820 be more generous. 2821 Add X400-Received: to the list of headers tagged with H_TRACE 2822 in conf.c. From Bill King, Allen-Bradley Co. 2823 28246.54/6.25 93/04/19 2825 Fix problem that caused redefinition of SMTP and QUEUE compile 2826 flags. Pointed out by Jon Forrest of the Sequoia 2000 2827 project at Berkeley. 2828 Properly handle \! hack -- it was treating host\!user as one 2829 token (host!user) instead of three (host, !, user). 2830 Fix from Eric Wassenaar of NIKHEF-H. 2831 Fix compilation problem in getauthinfo() if IDENTPROTO is off. 2832 Turn off DEFNAMES and DNSRCH when getting the hostsignature 2833 (i.e., MX records) in level 1 configuration files; this 2834 matches the old behaviour. From Motonori Nakamura of 2835 Kyoto University. 2836 Improve error message printing -- if sent through an alias, 2837 error messages include the name of the alias in the 2838 message. Unfortunately, in order to make this work 2839 properly in queue runs, this changes the format of the 2840 C line in the qf file. The relatively uselessness of 2841 the previous information was pointed out to me by 2842 Allan E Johannesen of WPI. 2843 Add XLA compile flag to add hooks to Christophe Wolfhugel's 2844 extended load average code. This is still in very early 2845 form. For information regarding the guts of the xla 2846 code, contact Christophe.Wolfhugel@grasp.insa-lyon.fr. 2847 Additional hooks for detecting tempfails in rewriting rules 2848 (that is, in map lookups). 2849 28506.53/6.25 93/04/15 2851 Properly diagnose ruleset zero returning null (instead of a mailer 2852 triple). From Motonori Nakamura of Kyoto University. 2853 More generalization of socket code for other protocols. 2854 Shorten timeouts on reverse name lookups -- since they are done 2855 during connection establishment, long timeouts here can 2856 cause higher level timeouts. This mainly serves to accept 2857 mail from hosts that do not have proper reverse (PTR) DNS 2858 records set up. 2859 Reset e_statmsg before each mailer invocation to avoid bogus 2860 messages in the log. 2861 Redefine $r, $s, and $_ in error envelopes so you don't get 2862 incorrect cruft in the error message. Problem noted by 2863 Motonori Nakamura of Kyoto University. 2864 Fix a problem that can cause failure to return errors to Postmaster 2865 in certain cases. From Motonori Nakamura. 2866 Fix a problem that can cause some systems to give duplicate error 2867 messages when a bad syntax address such as "<a" is presented 2868 to an SMTP server. It doesn't seem to occur on all 2869 machines. From Motonori Nakamura. 2870 Default IDENTPROTO off for Ultrix and HPUX, which apparently have 2871 the interesting "feature" that when they receive a "Host 2872 unreachable" message they closes all open connections to 2873 that host. However, some firewall gateways send this message 2874 if you try to connect to an unauthorized port, such as the 2875 IDENT port (113). Thus, no email can be received from such 2876 hosts. There is some evidence that versions of Ultrix before 2877 4.3 do not have this problem. Thanks to Tom Ivar Helbekkmo 2878 for pointing out this behaviour to me and to Michael Corrigan 2879 of U.C. San Diego for informing me about the HPUX problem. 2880 Allow IPC mailers to return a colon-separated list of hosts in the 2881 $@ clause; these are searched in order as though they were 2882 MX records. 2883 When sending an error report, print the list of addresses tagged 2884 as bad. Requested by Allan E Johannesen of WPI. 2885 Change map function calls to return a status code. This gets 2886 passed back as the result of rewrite. Parseaddr marks 2887 the address as a QUEUEUP address if the return code is 2888 EX_TEMPFAIL. All this to queue properly if the name 2889 server is down. This code is not well tested. This code 2890 changes the interface to map lookup functions (a fifth 2891 parameter, int *statp, is added). Feature requested by 2892 Dan Oscarsson. 2893 Don't delete quotes (in the dequote map) if there are spaces in 2894 the string, since this would cause them to be replaced by 2895 the SpaceSub character. 2896 Accept BODY=8BITMIME on SMTP MAIL command. This isn't advertised 2897 because the 8BIT to 7BIT translation doesn't exist yet. 2898 This does add a "bodytype" field to both envelope and 2899 queue file and a -B command line flag to pass the type in 2900 during direct invocations. 2901 Discard return error messages only on responses to responses to 2902 responses, not on responses to responses. That is, the 2903 algorithm is to try return to sender, then return to 2904 postmaster, then discard. Previously it discarded 2905 immediately if the return to sender pass failed. 2906 CONFIG: back out change to hide unqualified hostnames behind %-hack. 2907 This screws up local aliases and .forward files. 2908 CONFIG: add FEATURE(nocanonify) to turn off calls to $[ ... $]; 2909 some sites only handle completely canonified names. 2910 Requested by John Gardiner Myers of CMU. 2911 CONFIG: some UUCP code was still included even if FEATURE(nouucp) 2912 was specified. 2913 29146.52/6.24 93/04/10 2915 Clean up some minor glitches on error return messages pointed out 2916 by Motonori Nakamura of Kyoto University. 2917 Fix reply() to not reset SmtpReplyBuffer on fatal errors; this 2918 was supposed to reset SmtpMsg Buffer. This makes the 2919 client side code virtually useless. Reported by Allan 2920 E Johannesen of WPI and Phil Brandenberger of Swarthmore. 2921 Better debug messages if fuzzy is disabled, suggested by Allan 2922 E Johannesen of WPI. 2923 Offset SmtpReplyBuffer by four in usersmtp when checking for 2924 loopback. From Eric Wassenaar. 2925 Don't set $s until after runinchild in srvrsmtp -- otherwise 2926 it gets cleared. From Eric Wassenaar. 2927 Implement IDA-style $&x for deferred macro expansion. 2928 More POSIX compatibility. 2929 CONFIG: Hide unqualified hostnames behind %-hack using $s as the 2930 actual sender. This is only done if $r is non-null, that 2931 is, if this is not locally submitted mail. 2932 CONFIG: Add FEATURE(bitdomain) allowing mapping of BITNET host 2933 names to internet domains. A program contributed by 2934 John Gardiner Myers of CMU to create the maps is included 2935 in the contrib directory (in the "misc" tar file). 2936 CONFIG: Add FEATURE(uucpdomain) for a similar mapping for UUCP 2937 hosts. There is currently no tool to create this map. 2938 29396.51/6.23 93/04/04 2940 Add D= mailer flag to specify a path of possible working directories 2941 in which to execute the mailer. This is intended for the 2942 prog mailer; some shells can get upset if they don't have 2943 access to the current directory. 2944 Add RFC 1413 (IDENT) protocol support. This is only very loosely 2945 tested. This adds a $_ macro to be the authenticated 2946 info (in ``user@domain [address]'' form) and debug flag 2947 9 to trace the protocol. 2948 Check for loopbacks in usersmtp instead of srvrsmtp -- there is no 2949 reason for a local agent to not be talking to the localhost 2950 (although the inverse is not true). 2951 Add a few hooks for automated map rebuilding. This is certainly 2952 not done yet. 2953 CONFIG: Have prog mailer specify a path of ``D=$z:/'' -- that is, 2954 user's home directory then the root. 2955 CONFIG: Log RFC 1413 identification in Received: line. 2956 29576.50/6.22 93/04/01 2958 Fixes to requeueing code to make it compute priority, nrcpts, 2959 and the like properly. 2960 29616.49/6.22 93/04/01 2962 Diagnose incorrect privacy flags. Suggested by Bryan Costales 2963 of ICSI. 2964 Some ANSI C fixes. 2965 Arrange to quote backslashes as well as other special characters 2966 in the phrase part of a route-addr. 2967 Some fixes to FallBackMX code suggested by Motonori Nakamura of 2968 Kyoto University. 2969 More vigorous zeroing of CurHostAddr to avoid logging of bogus 2970 host addresses when you are actually just printing 2971 information from the MCI structure; problem noted by 2972 Michael Corrigan of U.C. San Diego. 2973 Don't ignore rest of queue if any job is not runnable. This can 2974 also cause an incorrect job to be lost. Fix from 2975 Eric Wassenaar. 2976 Always respond "quickly" to RCPT command; do alias expansion and 2977 the like later. This also means that mail for lists that 2978 have errors will be acccepted, and an error sent back 2979 later. This is done by instantiating the queue file 2980 and then immediately running and requeueing it. 2981 29826.48/6.22 93/03/30 2983 Fix incorrect diagnosis of infinite loop in ruleset. Problem noted 2984 by several people. 2985 Improve information printed when infinite loops are discovered. 2986 Zero CurHostAddr to fix erroneous internet addresses in log when no 2987 addresses can be bound. Pointed out by Motonori Nakamura 2988 of Kyoto University. 2989 "Probe" SMTP connections using RSET instead of NOOP "just in case". 2990 Suggested by John Gardiner Myers of CMU. 2991 Don't warn about -f if you are setting sender to yourself. 2992 29936.47/6.22 93/03/29 2994 Fix incompatible call to endmailer in smtpquit which causes core 2995 dumps. Noted by Allan E Johannesen of WPI. 2996 HPUX portability changes from Michael J. Corrigan of UC San Diego. 2997 Require MAIL before RCPT command in srvrsmtp.c. This had been 2998 intentional from the 821 draft days when the order wasn't 2999 clear, but is silly now. 3000 Fix bug in nis_magic routine that was initializing parameters 3001 incorrectly. Fix from Takahiro Kanbe of Fuji Xerox 3002 Information Systems Co., Ltd. 3003 Change default for PrivacyFlags in conf.c to 0 -- since it always 3004 "or"s in new values, there was no way to turn off the 3005 AuthWarning stuff. 3006 Add O option to set SMTP daemon options. 3007 Add V option to set fallback MX host. This always sorts at lower 3008 priority than anything it gets from the name server. It 3009 should only be used for environments with very bad network 3010 connectivity. Requested by several people. 3011 Log sending info. It's not clear this is a good idea. 3012 CONFIG: fix typo in mailertable code. Noted by Phil Brandenberger 3013 of Swarthmore. 3014 CONFIG: add confDAEMON_OPTIONS and confFALLBACK_MX to set options 3015 O and V, respectively. 3016 30176.46/6.21 93/03/26 3018 Fix botch in server SMTP that broke transactions that did not 3019 use HELO first (like MH). Fix from Michael Corrigan 3020 of U.C. San Diego. 3021 Fall back to other MX records if there is an error anywhere 3022 in delivery (actually on MAIL or DATA -- RCPT is harder). 3023 Suggested by John Gardiner Myers and Motonori Nakamura. 3024 Revert to non-prototypes -- it turns out that our ANSI C 3025 compiler is more forgiving than most others about 3026 mixing prototyped extern declarations with non-prototyped 3027 function definitions. 3028 Fix a problem with multi-word class matching pointed out by 3029 Neil Rickert. Given: 3030 CX b a.b.c 3031 R$+ $=X $+ $: $1 < $2 > $3 3032 the input "user@a.b.c" failed instead of being properly 3033 rewritten as "user@a.<b>.c". 3034 Neil also convinced me that it was correct that $~ should match 3035 only one token -- the problem is that it's always possible 3036 to add another token, so $~ matches far too eagerly. 3037 30386.45/6.21 93/03/25 3039 Implement multi-word classes (properly!). 3040 30416.44/6.21 93/03/25 3042 Add X-Authentication-Warning: headers to clue users into possible 3043 attempts to forge mail. This is on the authwarnings 3044 privacy flag, but is the default. Suggested by Bryan 3045 Costales of ICSI. 3046 Pass default units for convtime in so they can be more reasonable. 3047 Allow config files to always add a new Comments: header (i.e., 3048 they will be added even if an old one already exists). 3049 Suggested by Bryan Costales of ICSI. 3050 Allow config files to delete an existing Return-Path: header. 3051 These should only be added at final delivery. Suggested 3052 by Bryan Costales of ICSI. 3053 Some debugging additions. Suggested by Bryan Costales of ICSI. 3054 Clean up logging of Family 0 addresses. Noted by David Muir 3055 Sharnoff and others. 3056 Add a "dequote" map class. This allows config files to strip 3057 quotes off of addresses. Note that this is not a builtin 3058 map, just a class -- so you have to define the map 3059 using the K line. 3060 Fix a bug in the queueup() loop getting a locked tf where in 3061 very odd cases it can fall off the bottom and core dump. 3062 Of course, it was P{r Emanuelsson who found it.... 3063 Open a new transcript when splitting an envelope. Problem found 3064 by Allan E Johannesen of WPI. 3065 Improved error output in endmailer if the mailer core dumps. 3066 CONFIG: Fix typo in UUCP mailer definition. 3067 CONFIG: Default several of the new options on: eight bit input, 3068 privacy flags set to "authwarnings", and message warning 3069 set to 4h. 3070 CONFIG: Use dequote map. 3071 30726.43/6.20 93/03/23 3073 Fix problem with assumption of an sa_len field in a generic 3074 sockaddr -- it turns out that most vendors haven't 3075 picked up this (very important) fix. 3076 Change compilation flags for daemon code -- select one or both 3077 of NETINET or NETISO, but don't ever set DAEMON manually. 3078 CONFIG: add FEATURE(mailertable) to do IDA-style mailertables. 3079 30806.42/6.19 93/03/19 3081 Use Postmaster as default fallback return address, not root. 3082 POSIX changes for file descriptor handling. 3083 Diagnose errors writing new queue file. 3084 If you change the owner using an owner- alias, also change the 3085 error mode to EM_MAIL so that errors don't get dropped 3086 into an inappropriate directory. Problem noted by 3087 Allan E Johannesen of WPI. 3088 If you are su'ed to root, send email as who you really are, not 3089 as root. From Brian Kantor of U.C. San Diego. 3090 Allow warning messages to be sent after a configurable interval 3091 has passed without delivery. The message is sent only 3092 once per envelope. This changes the format of the qf 3093 file to have an F line, and the format of the T option 3094 to accept take the format "return/warn" (both intervals). 3095 Don't force all local names to lower case -- this was left over 3096 from the wierd handling of case mapping on aliases. It 3097 is now driven (as expected) by the "u" mailer flag. 3098 Problem noted by P{r Emanuelsson. 3099 Fix problem that caused headers on returned email to be trashed; 3100 they were getting freed, but are still accessible via 3101 BlankEnvelope. 3102 Fix problem that caused bogus ids to be created on returned 3103 mail. 3104 Add support for ISO and other non-INET networking. This is by 3105 no means finished yet. This does assume a lot of other 3106 system support, like a version of gethostbyname that 3107 returns non-AF_INET addresses. 3108 CONFIG: change default on prog mailer to keep upper case in 3109 user names (i.e., in the program command line). 3110 CONFIG: strip trailing dots off of hosts in uucp mailer before 3111 convert to bang format. 3112 CONFIG: create new "relay" mailer for $R (LOCAL_RELAY) and $H 3113 (MAIL_HUB) delivery that doesn't add local domain. Note 3114 that this violates 821, but is probably "more correct" 3115 for what we are trying to do. Problem pointed out by 3116 Michael Graff of Iowa State. 3117 31186.41/6.18 93/03/18 3119 Clean up unnecessary creates of queue ids (i.e., empty qf files) 3120 when not needed, such as when starting up an SMTP 3121 connection. 3122 Fix problem where split envelopes aren't instantiated in the queue. 3123 This is quite a serious bug. 3124 Owner- aliases had problems with leading spaces causing a 3125 premature delimitation. 3126 31276.40/6.18 93/03/18 3128 Have ending 250 (after DATA) include the id; suggested by 3129 Brian Kantor of UC San Diego. 3130 Add logging on envelope splitting. 3131 Change queue ids to have one more letter encoding the hour of 3132 the day so that during a single day there is a greater 3133 likelihood of uniqueness; requested by Brian Kantor. 3134 31356.39/6.18 93/03/18 3136 Fix minor compile problem if LOCKF is defined. 3137 Define size of tobuf in conf.h. Observed by Toshinari Takahashi 3138 of Toshiba. 3139 Restore e_sender -- this is equivalent to e_from.q_paddr without 3140 decorations such as angle brackets and comments. 3141 OSF/1 on Alpha changes from Allan E Johannesen of WPI. 3142 CONFIG: fix typo in S3 for list syntax (;: => :;). Thanks to 3143 Christopher Hoover for noting the problem. 3144 31456.38/6.17 93/03/17 3146 Pass envelope to disconnect to avoid another use of CurEnv, which 3147 can apparently end up being null at inopportune times. 3148 Log "received from" as "relay=" for consistency (suggested by 3149 John Gardiner Myers). 3150 Fix major bug in header handling: if no From: line existed in 3151 the header (so sendmail inserts one), and the sender is 3152 an alias that has an owner, the From: line shows the 3153 owner (as well as the envelope). Fixed by early binding 3154 the headers (which will change debugging output). 3155 HPUX portability patches from Michael J. Corrigan of UC San Diego. 3156 Some attempts to adapt better to out of open file conditions. 3157 Some changes to ctladdr handling in queue files. 3158 31596.37/6.17 93/03/16 3160 MAJOR CHANGE: delete e_sender and e_returnpath (why are these 3161 different from e_from?) and $< macro. 3162 Log correct IP address in relay= field even if the connection 3163 times out. 3164 Log "received from [RESPONSE]" on EF_RESPONSE messages (from 3165 John Gardiner Myers). 3166 Fixes to SysExMsg logging (sometimes just got "message: %s" 3167 instead of "message: error message"), noted by Eric 3168 Wassenaar. Also reported by Motonori Nakamura. 3169 Improvements to MX piggybacking code, from Motonori Nakamura. 3170 Fix case where CurHostName points to an auto variable that has 3171 been deallocated (from Motonori Nakamura). 3172 Fix bug causing newlines to be included in aliases if option 3173 "n" (check alias RHS) is set; bug noted by David Muir 3174 Sharnoff. 3175 Fix problem causing user names that should be mapped to lower 3176 case to not be mapped if they are sent during a queue 3177 run. This greatly simplifies the case mapping code. 3178 Problem noted by Allan E Johannesen of WPI. 3179 Don't do recipient address rewriting in buildaddr. This 3180 improperly did recipient rewriting on sender addresses, 3181 and just seems bogus in general -- but the change could 3182 break some .cf files. 3183 Pass TZ envariable to child processes for System V. 3184 CONFIG: allow LOCAL_RULE_1 and LOCAL_RULE_2 if you want to 3185 define those rulesets. 3186 KNOWN PROBLEM: I have seen some problems on SunOS that causes 3187 the User Data Base to give errors on some addresses. I 3188 have tracked the problem back at least as far as 93.02.15 3189 (version 6.22). Running with debugging on makes it 3190 go away, so I conclude that it is referencing uninitialized 3191 stack data. I haven't been able to track this down yet. 3192 31936.36/6.16 93/03/08 3194 Allow local mailer to specify $@host -- this lets you assign the 3195 "foo" part of jgm+foo to $h for passing in to the local 3196 mailer. 3197 Additional debug printing in getcanonname (show query type). 3198 Don't add the e_fromdomain on sender addresses -- this interacts 3199 wierdly with the owner- code. 3200 Improve delivery logging to not log obvious or meaningless stuff. 3201 Include numeric IP address in Received: lines per RFC 1123 section 3202 5.2.8. 3203 Fixed a bug in checking stat() return value if restrictmailq is 3204 set. Also, check the entire group set instead of just the 3205 primary group. Both from John Gardiner Myers. 3206 Don't have usrerr automatically print errno, since this is often 3207 misleading. 3208 Use transienterror() in makeconnection after connect() fails and 3209 in openmailer after execve() fails (from Eric Wassenaar). 3210 Also moved transienterror() from util.c to conf.c. 3211 Clean up from= logging on response messages. 3212 Undo patch allowing prescan to return a null vector -- it breaks 3213 too many things. 3214 Config: FEATURE(notsticky) lets you use UDB for everything coming 3215 in to the machine, even if it is specifically targetted 3216 to this machine. Without it, UDB is bypassed if the user 3217 name is fully qualified. 3218 Config: fix another minor botch with <> (local mailer wasn't 3219 mapping them properly). 3220 32216.35/6.15 93/03/05 3222 Fix getrealhostname to return null if sinlen <= 0 -- this can 3223 occur if stdin is a pipe. 3224 Avoid infinite loop in getcanonname if name server return 3225 NO_DATA (for example). 3226 Config: avoid having C flag qualify list syntax and error syntax. 3227 32286.34/6.14 93/03/05 3229 Fix logging in deliver to not pass too many parameters to Ultrix 3230 versions of syslog. 3231 Don't write the pid file until after the daemon has actually 3232 opened and conditioned the connection. 3233 Consider addresses "different" if their q_uids differ (so that 3234 two users forwarding to the same program will be seen 3235 as different, rather than the same). 3236 Fix problem with bad parameters in main() -- they set ExitStat 3237 but don't exit. 3238 Fix null pointer references through RealHostName -- painfully 3239 discovered by Allan E Johannesen of WPI. 3240 Fix bug causing user@@localhost to core dump (yuch). 3241 Config: don't put two @host.dom.ain on users in $=E in SMTP 3242 mailer. Also, catch user@ (no host) in ruleset 0. 3243 32446.33/6.13 93/03/03 3245 Config: add confCW_FILE as the name of the cw configuration file 3246 (defaults to /etc/sendmail.cw). From P{r Emanuelsson. 3247 Allow prescan to return a pointer to an empty list -- this is 3248 not an error. Also, clean up error reporting to avoid 3249 double errors (prescan reports once, then the caller 3250 reports again). 3251 Changes to avoid trusting T_ANY queries -- run them, but if you 3252 don't get the info you expected, do T_A and T_MX queries 3253 anyhow. This also fixes an oversight where _res.options 3254 bits were being ignored. 3255 If PRIV_NOVRFY is set, use 252 response code instead of 502 per 3256 RFC 1123 section 5.2.3. It's not 100% clear that this 3257 is correct, but it probably works better with stupid 3258 mailers that do a VRFY and only check the first digit. 3259 32606.32/6.12 93/03/02 3261 Fix uninitialized variable "protocol" in smtp code. 3262 Include <unistd.h> in sendmail.h -- move towards POSIX/ANSI. 3263 Additional hooks for RFC 1427 (ESMTP SIZE extension). This 3264 includes requiring that enoughspace() know the system 3265 block size, which will undoubtedly break most ports. 3266 Trace flag 19 in use for srvrsmtp.c. 3267 Additional logging -- notably the sending mailer name. This 3268 also changes the delivery logging to strict field=value 3269 syntax. 3270 Fix some problems with messages getting sent even to addresses 3271 that had been marked bad -- from Eric Wassenaar. 3272 More WIDE changes: accept host name inside [...] as non-MXed 3273 host. This is intended ONLY for use inside firewalled 3274 environments, where the MX points at the gateway. 3275 Change .cf file conventions so that mapping for <> addresses 3276 don't have an @ in them (to avoid confusing the C mailer 3277 flag). Pointed out by Neil Rickert. 3278 Config extensions for Sam Leffler's FlexFAX software. 3279 32806.31/6.10 93/02/28 3281 Fix some more bugs in alias owner code -- there were some wierd 3282 cases where an error in a non-aliased name would override 3283 the return info in an aliased name with an owner. 3284 Changes from WIDE Project, forwarded to me by Motonori Nakamura: 3285 Log actual delivery host (after MX et al); from 3286 yasuhiro@dcl.co.jp. 3287 Log daemon startup. 3288 Deliver Postmaster copies without a body. 3289 Better logging of SMTP senders. 3290 Send all program email as daemon even when local. 3291 As requested in various forms from many people, accept -qIstring 3292 to limit queue runs to jobs with queue-id matching string. 3293 Similarly for -qRstring for recipients, -qSstring for 3294 senders. 3295 Initial hooks for ESMTP support (see RFC 1425). 3296 Fixed a syntax error in the UUCP mailer specification that caused 3297 core dumps on startup. 3298 Check for missing A= or P= arguments in mailer definitions. 3299 33006.30/6.10 93/02/27 3301 Require FROZENCONFIG compilation flag to include frozen 3302 configuration code. Frozen configuration is really 3303 not a very good idea any more, particularly in shared 3304 library environments. 3305 Do better checking of errno after opens of :include: and .forward 3306 files to defer delivery on network and other transient 3307 errors. Suggestion from Craig Everhart. 3308 Fix minor botch in read timeout macro processing. 3309 Add FEATURE(nouucp) to config files for sites that know absolutely 3310 nothing about UUCP. 3311 Add built cf files to distribution tape and clarify how to build 3312 them if you don't have the Berkeley make. 3313 Some sizeof(long) portability changes for the Alpha, from Allan 3314 E Johannesen. 3315 Add "restrictmailq" privacy flag -- if set, only people in the same 3316 group as your queue directory can print the queue. If you 3317 set this, be sure you also restrict access to log files.... 3318 Fix another bug in owner-list stuff that can cause data files to 3319 be "lost". 3320 Fix a bug with queue runs that cause forwards to yourself to go 3321 into alias/forwarding loops. I'm still iffy about this 3322 fix. 3323 Fix from Eric Wassenaar for suppression of return message code. 3324 33256.29/6.9 93/02/24 3326 Fix yet another problem in alias owner code -- put the wrong return 3327 address on the enclosed return-to-sender letter. 3328 33296.28/6.9 93/02/24 3330 Fix botch in alias owner code that caused it to not operate if the 3331 error was detected locally. 3332 33336.27/6.9 93/02/24 3334 M_LOCAL => M_LOCALMAILER to avoid conflict with Ultrix include 3335 file <sys/mount.h>. 3336 Miscellaneous bug fixes from Eric Wassenaar: 3337 sendmail -bv -t logs the from line even though in verify 3338 mode only. 3339 sendmail -v can go into queue mode if shouldqueue returns 3340 TRUE. 3341 Add route-addr pruning per RFC 1123 section 5.3.3. This can be 3342 disabled using the "R" option. 3343 Delete (always undocumented) -R flag (save original recipients); 3344 there are ways to syslog(3) these now. 3345 Clean up SMTP reply codes -- specify them as needed in the code, 3346 instead of in conf.c -- this was needed during the NCP to 3347 TCP transition, but seems silly now. This also changes 3348 parameters to message and nmessage. 3349 Have mailstats read the .cf file to find the sendmail.st file and 3350 get text versions of mailer names. An initial version of 3351 this code was provided by Tuominen Keijo (although the 3352 comments indicate the good bits were written by "E.V."). 3353 Add yet more System V compatibility hacks. 3354 Fix bug in VRFY code (assumes everything must be a local user). 3355 Allow specification of any of the hard-wired pathnames in the 3356 Makefile. 3357 Delete concept of "trusted users" -- this really didn't provide 3358 any security anyway, and caused some problems. 3359 Delete last vestige of support for the word "at" as an equivalent 3360 to the character "@". 3361 Propagate owner-foo alias information into the envelope sender. 3362 Based on code from John Gardiner Myers. This is a major 3363 semantic change -- beware! 3364 Allow $@ on LHS to indicate "match zero" -- this is used to match 3365 the null expression. 3366 33676.26/6.8 93/02/21 3368 Don't "lose" queue runs. Very important fix from (who else?) 3369 Eric Wassenaar. 3370 Completely reset state on RSET command -- from Eric Wassenaar. 3371 Send error messages and return receipts using an envelope sender 3372 of <> regardless of the setting of $n. Rewriting rules 3373 can undo this if they feel the necessity, as might be 3374 needed for networks that don't understand the syntax. 3375 This is permitted by RFC 821 section 3.6 and required by 3376 RFC 1123 section 5.3.3. THIS REQUIRES VERSION 4 CONFIG 3377 FILES because the rulesets must be able to parse <> 3378 properly. 3379 Don't ever send error messages to "<>" -- they will get sent to 3380 the local postmaster or dumped in /usr/tmp/dead.letter 3381 instead. Per RFC 1123 section 5.3.3. 3382 Explicitly check for email to yourself as a dotted quad. You 3383 have to call $[ [ ... ] $] to get this. 3384 Up the message timeout to five days per RFC 1123 section 5.3.1.1. 3385 Make all read timeouts individually configurable, as strongly 3386 recommended by RFC 1123 section 5.3.2. 3387 Use f_bavail (blocks available to regular users) instead of f_bfree 3388 (blocks available to superuser) in free block checks. 3389 Change $d macro to be the current time, not the origination time, 3390 since this is consistent with how it is used now. 3391 Generalization of enoughspace from Eric Wassenaar covering 3392 SGI, Apollo, HPUX, Ultrix, and SunOS. 3393 Ignore process group signals -- some front ends can do this if 3394 you kill a window too quickly. From Eric Wassenaar. 3395 Change umask to 022. 3396 33976.25/6.8 93/02/20 3398 Close all cached connections before calling mailers and after 3399 forking for delivery (caused double closes which resulted 3400 in false errors). 3401 Add FEATURE(redirect) in config files -- this allows you to alias 3402 old addresses to a pointer to the new address that will 3403 give a 551 error message, but not deliver the mail. 3404 Some code changes to make the 551 errors look pretty. 3405 Names of M4 program paths in config files have changed -- they 3406 are all XXX_MAILER_PATH now, to match XXX_MAILER_FLAGS. 3407 Fix a bug in the QSELFREF code having to do with empty .forward 3408 files, reported by Eric Wassenaar. 3409 Add option "p" (privacy flags); this allows you to tune how 3410 picky the SMTP server will be. This also adds the 3411 confPRIVACY_FLAGS M4 macro in the config files. 3412 Add option "b" (minimum blocks free). If there are fewer than 3413 this number of blocks free on the filesystem containing 3414 the queue directory, the SMTP MAIL command will return 3415 a 452 response and ask you to try again later. This 3416 also adds the confMIN_FREE_BLOCKS M4 macro in the config 3417 files. 3418 Made VRFY just verify (doesn't expand aliases and .forward files); 3419 EXPN does full expansion. RCPT in queue-only mode also 3420 doesn't chase aliases and .forward. 3421 34226.24/6.7 93/02/19 3423 Increase the number of domain search entries in domain.c to allow 3424 for the extra "" entry indicating the root domain. 3425 Reported by Motonori Nakamura of Kyoto U. 3426 Add a "SMART_HOST" in the configs for UUCP-connected sites that 3427 want to forward all mail with extra "@"s to that site. 3428 Also allows SMART_HOST, LOCAL_RELAY, and MAIL_HUB to 3429 be specified as ``mailer:hostname'' to use an alternate 3430 mailer. 3431 Clarified and updated some wording in the Operations Guide. 3432 Add the "c" mailer flag -- this suppresses all comment parts of 3433 addresses (requested by John Curran of NEARnet). 3434 Have -v print prompts in -bt mode even if stdin is not a terminal 3435 (default behaviour is to be silent if not reading from 3436 a terminal). Suggested by Bryan Costales, ICSI. 3437 Move the metacharacters from C0 space (\001-\037) into C1 space 3438 (\201-\237). This also fixes a bunch of potential bugs 3439 with G1 characters (\240-\276) in headers relating to 3440 negative numbers passed to isspace() et al. 3441 Add YP_LAST_MODIFIED and YP_MASTER_NAME to DBM version of alias 3442 database if YPCOMPAT is #defined. Enhancement from 3443 Takahiro Kanbe of Fuji Xerox Information Systems Co., Ltd. 3444 Add "list" Precedence (-30); this can be used with old sendmails 3445 which will map to precedence 0 (which will return error 3446 messages). Suggested by Stephen R. van den Berg. 3447 Many bug fixes from Eric Wassenaar of the National Institute for 3448 Nuclear and High-Energy Physics, Amsterdam: 3449 Clear timeouts properly on open failures in include(). 3450 Don't dereference through NULL if no home directory found. 3451 Re-establish SIGCHLD signal on System 5 in reapchild(). 3452 Avoid NULL pointer reference on -pFOO flag. 3453 Properly handle backslash escapes in comments. 3454 Correctly check reply status on SMTP NOOP command. 3455 Properly save SMTP error message if peer gives 3456 "Service Shutting Down" message. 3457 Avoid writing to the transcript if it couldn't be opened. 3458 Signal errors in SMTP children to parent properly. 3459 Handle self references in a list more globally (include a 3460 QSELFREF bit in the address flags). This enhancement 3461 was suggested by Eric Wassenaar. 3462 Use initgroups() in hpux, even though it's System-V based. The 3463 HASINITGROUPS compile flag can set this on other systems. 3464 This HPUX behaviour was pointed out by Eric Wassenaar. 3465 34666.23/6.6 93/02/16 3467 Clean up handling of LogLevel to make it easier to figure out 3468 what's on what level. 3469 Change log levels to have some consistency: 3470 1 serious system failures, security problems 3471 2 lost communications, protocol failures 3472 3 other serious failures 3473 4 minor errors 3474 5 message collection 3475 6 vrfy logging, creation of return-to-sender 3476 7 delivery failures 3477 8 delivery successes 3478 9 delivery tempfails (queue ups) 3479 10 database expansion 3480 >64 debugging 3481 Allow IDA-style separated processing on S= and R= in Mailer 3482 definition lines. Note that rulesets 1 and 2 are 3483 still used for both addresses as before. Bruce Lilly 3484 gave a convincing argument that RFC976 insists on 3485 this behaviour. 3486 Added some time zones to arpatounix -- they may not be in the 3487 standards, but they are in use. However, I may delete 3488 arpatounix entirely -- there appears to be no reason 3489 for it to exist. 3490 Change to UUCP mailer (in cf directory) to try to do a saner job. 3491 I'm still not certain about this mailer in general. 3492 34936.22/6.5 93/02/15 3494 Fix bug that prevents saving letters in ~/dead.letter. 3495 Don't add angle brackets in VRFY command if angle brackets already 3496 exist in the address. 3497 Fix bogus error message in udbexpand. 3498 Null terminate host buffers in buildaddr (broken in 6.21) -- 3499 IMPORTANT FIX!! 3500 35016.21/6.5 93/02/15 3502 Fix another incorrect error message in alias.c, found by Azuma 3503 Okamoto. 3504 Fix a couple of problems in the more-configurable config files, 3505 found by Tom Ivar Helbekkmo. 3506 Fix problem with quoted :include: entries. 3507 Don't duplicate the filename on verbose printing of .forward and 3508 :include: contents. 3509 Extend size of prescan buffer (to allow bigger addresses). Also, 3510 detect some buffer overflows. 3511 Log user SMTP protocol errors (log level 4). 3512 35136.20/6.4 93/02/14 3514 Fix another problem in the MCI state machine caused when there 3515 were errors generated from the other end to commands 3516 other than RCPT. 3517 35186.19/6.4 93/02/14 3519 Include load average support for DEC Alpha running OSF/1. 3520 Fix multiple-response problem with errors in MAIL From: line. 3521 Fix SMTP reply codes for invalid address syntaxes (give 501; 3522 never give multiple error messages for a single message). 3523 Fix problem where a cached connection timeout rejects all 3524 later connects to that host. 3525 Fix incorrect error message if alias.c is compiled with DBM only. 3526 Additional changes to fix nested conditionals (from Bruce Lilly). 3527 Recover more gracefully from operating system failures, particularly 3528 NULL returns from openmailer (from Noritoshi Demizu, 3529 OMRON Corporation). 3530 Log forward, alias, and userdb expand operations on log level 10; 3531 concept suggested by P{r (Pell) Emanuelsson. 3532 Changes for HPUX 8.07 compatibility. 3533 35346.18/6.4 93/02/12 3535 Allow any config option to be set using an M4 define. 3536 Change UNAME compile flag to HASUNAME for IDA compatibility 3537 (besides, it's a better name). 3538 Note in README that on SunOS it must be linked -Bstatic. 3539 Fairly major change in domain.c to handle wildcard MX records 3540 more rationally. NOTE: the "w" option (no wildcard MX 3541 records match local domain) has been eliminated. 3542 Fix some unset variable references pointed out by Bruce Lilly. 3543 Fix host name in process titles when using cached connection. 3544 35456.17/6.3 93/01/28 3546 Fix System 5 compatibility changes to be compatible with the rest 3547 of the world. 3548 35496.16/6.3 93/01/28 3550 Experimental fix for problem handling errors in the SMTP 3551 protocol in conjunction with connection caching. 3552 System 5 compatibility changes. 3553 35546.15/6.3 93/01/26 3555 Fix a bug that causes local mail delivered using -odq to be 3556 eliminated as a duplicate (because it matched the 3557 ctladdr, now passed in as a C line). These changes 3558 are pretty tricky...... 3559 35606.14/6.3 93/01/25 3561 Add debugging for some MCI errors. 3562 35636.13/6.3 93/01/22 3564 Fix -e compatibility flag to take a value. 3565 Fix a couple of minor compilation warnings on Sun cc. 3566 Improve error messages in a few cases to be more self-explanatory. 3567 35686.12/6.3 93/01/21 3569 Fix yet-another problem with environment handling, pointed out 3570 by Yoshitaka Tokugawa and Tom Ivar Helbekkmo. 3571 Some heuristics to try to limit resource exhaustion problems 3572 if a downstream host has been down for a long time. 3573 Fix problem with incorrect host name being logged in "Connection 3574 timed out" messages (from Tom Ivar Helbekkmo). 3575 Fix some ANSI C problems (from Takahiro Kanbe). 3576 Properly log message sender on returned mail during queue run. 3577 Count number of recipients properly. 3578 Fix a problem in yp map code. 3579 Diagnose "message timed out" (from Motonori Nakamura). 3580 35816.11/6.3 93/01/20 3582 Fix problem with address delimitor inside quotes. 3583 Define $k and $=k to be the UUCP name (from the uname call) 3584 based on code from Bruce Lilly. 3585 35866.10/6.2 93/01/18 3587 Implement arpatounix (largely code from Bruce Lilly). 3588 Log more info (suggested by John Myers). 3589 Allow nested $?...$|...$. (inspired by code from Bruce Lilly of 3590 Sony US). 3591 POSIX compatibility (noted by Keith Bostic). 3592 Handle SMTP MAIL command errors properly (urged by several people, 3593 notably John Myers of CMU). 3594 Do early diagnosis of .cf errors (notably referencing a RHS 3595 substitution that isn't on the LHS). 3596 Adjust checkpointing to better handle batched recipients, suggested 3597 by John Myers. 3598 Fix miscellaneous bugs. 3599 (config files:) Implement MAIL_HUB for all local mail (to handle 3600 NFS-mounted directories) as urged by Tom Ivar Helbekkmo 3601 of the Norwegian School of Economics. 3602 36036.9/6.1 93/01/13 3604 Environment handling simplification/bug fix -- child processes 3605 get a minimal, fixed environment. This avoids different 3606 behaviour in queue runs. 3607 Handle commas inside comments properly. 3608 Properly limit large messages submitted in -obq mode. 3609 36106.8/6.1 93/01/10 3611 Check mtime of thaw file against .cf and sendmail binary, based on 3612 code from John Myers. 3613 36146.7/6.1 93/01/10 3615 MX piggybacking, based on code from John Myers@CMU. 3616 Allow checkcompat to return -1 to mean tempfail. 3617 Bug fix in m_mno computation. 3618 36196.6/6.1 93/01/09 3620 Tuning of queueing functions as recommended by John Gardiner Myers. 3621 Return mail headers (no body) on messages with negative precedence. 3622 Minor other bug fixes. 3623 36246.5/6.1 93/01/03 3625 Fix botch causing queued headers to have ?XX? prefixes. 3626 36276.4/6.1 93/01/02 3628 Changes to recognize special mailer types (e.g., file) early. 3629 36306.3/6.1 93/01/01 3631 Pass timeouts to sfgets. 3632 Check for control characters in addresses. 3633 Fixed deferred error reporting. 3634 Report duplicate aliases. 3635 Handle mixed case recursive aliases. 3636 Misc bug fixes. 3637 36386.2/6.1 92/12/30 3639 Put return-receipt-to on a conf.c flag (but don't set it). 3640 Fix minor syslog problem. 3641