Update to 8.14.4:
8.14.4/8.14.4 2009/12/30
SECURITY: Handle bogus certificates containing NUL characters
in CNs by placing a string indicating a bad certificate
in the {cn_subject} or {cn_issuer} macro. Patch inspired
by Matthias Andree's changes for fetchmail.
During the generation of a queue identifier an integer overflow
could occur which might result in bogus characters
being used. Based on patch from John Vannoy of
Pepperdine University.
The value of headers, e.g., Precedence, Content-Type, et.al.,
was not processed correctly. Patch from Per Hedeland.
Between 8.11.7 and 8.12.0 the length limitation on a return
path was erroneously reduced from MAXNAME (256) to
MAXSHORTSTR (203). Patch from John Gardiner Myers
of Proofpoint; the problem was also noted by Steve
Hubert of University of Washington.
Prevent a crash when a hostname lookup returns a seemingly
valid result which contains a NULL pointer (this seems
to be happening on some Linux versions).
The process title was missing the current load average when
the MTA was delaying connections due to DelayLA.
Patch from Dick St.Peters of NetHeaven.
Do not reset the number of queue entries in shared memory if
only some of them are processed.
Fix overflow of an internal array when parsing some replies
from a milter. Problem found by Scott Rotondo
of Sun Microsystems.
If STARTTLS is turned off in the server (via M=S) then it
would not be initialized for use in the client either.
Patch from Kazuteru Okahashi of IIJ.
If a Diffie-Hellman cipher is selected for STARTTLS, the
handshake could fail with some TLS implementations
because the prime used by the server is not long enough.
Note: the initialization of the DSA/DH parameters for
the server can take a significant amount of time on slow
machines. This can be turned off by setting DHParameters
to none or a file (see doc/op/op.me). Patch from
Petr Lampa of the Brno University of Technology.
Fix handling of `b' modifier for DaemonPortOptions on little
endian machines for loopback address. Patch from
John Beck of Sun Microsystems.
Fix a potential memory leak in libsmdb/smdb1.c found by parfait.
Based on patch from Jonathan Gray of OpenBSD.
If a milter sets the reply code to "421" during the transfer
of the body, the SMTP server will terminate the SMTP session
with that error to match the behavior of the other callbacks.
Return EX_IOERR (instead of 0) if a mail submission fails due to
missing disk space in the mail queue. Based on patch
from Martin Poole of RedHat.
CONFIG: Using FEATURE(`ldap_routing')'s `nodomain' argument would
cause addresses not found in LDAP to be misparsed.
CONFIG: Using a CN restriction did not work for TLS_Clt as it
referred to a wrong macro. Patch from John Gardiner
Myers of Proofpoint.
CONFIG: The option relaytofulladdress of FEATURE(`access_db')
did not work if FEATURE(`relay_hosts_only') is used too.
Problem noted by Kristian Shaw.
CONFIG: The internal function lower() was broken and hence
strcasecmp() did not work either, which could cause
problems for some FEATURE()s if upper case arguments
were used. Patch from Vesa-Matti J Kari of the
University of Helsinki.
LIBMILTER: Fix internal check whether a milter application
is compiled against the same version of libmilter as
it is linked against (especially useful for dynamic
libraries).
LIBMILTER: Fix memory leak that occurred when smfi_setsymlist()
was used. Based on patch by Dan Lukes.
LIBMILTER: Document the effect of SMFIP_HDR_LEADSPC for filters
which add, insert, or replace headers. From Benjamin
Pineau.
LIBMILTER: Fix error messages which refer to "select()" to be
correct if SM_CONF_POLL is used. Based on patch from
John Nemeth.
LIBSM: Fix handling of LDAP search failures where the error is
carried in the search result itself, such as seen with
OpenLDAP proxy servers.
VACATION: Do not refer to a local variable outside its scope.
Based on patch from Mark Costlow of Southwest Cyberport.
Portability:
Enable HAVE_NANOSLEEP for SunOS 5.11. Patch from
John Beck of Sun Microsystems.
Drop NISPLUS from default SunOS 5.11 map definitions.
Patch from John Beck of Sun Microsystems.
2010-01-16 01:31:13 +01:00
|
|
|
@comment $NetBSD: PLIST,v 1.17 2010/01/16 00:31:13 jnemeth Exp $
|
1999-04-10 18:41:21 +02:00
|
|
|
bin/hoststat
|
Update to version 8.12.8. Security related change included.
Also SASL 2 support added and PLIST tuning.
8.12.8/8.12.8 2003/02/11
SECURITY: Fix a remote buffer overflow in header parsing by
dropping sender and recipient header comments if the
comments are too long. Problem noted by Mark Dowd
of ISS X-Force.
Fix a potential non-exploitable buffer overflow in parsing the
.cf queue settings and potential buffer underflow in
parsing ident responses. Problem noted by Yichen Xie of
Stanford University Compilation Group.
Fix ETRN #queuegroup command: actually start a queue run for
the selected queue group. Problem noted by Jos Vos.
If MaxMimeHeaderLength is set and a malformed MIME header is fixed,
log the fixup as "Fixed MIME header" instead of "Truncated
MIME header". Problem noted by Ian J Hart.
CONFIG: Fix regression bug in proto.m4 that caused a bogus
error message: "FEATURE() should be before MAILER()".
MAIL.LOCAL: Be more explicit in some error cases, i.e., whether
a mailbox has more than one link or whether it is not
a regular file. Patch from John Beck of Sun Microsystems.
8.12.7/8.12.7 2002/12/29
Properly clean up macros to avoid persistence of session data
across various connections. This could cause session
oriented restrictions, e.g., STARTTLS requirements,
to erroneously allow a connection. Problem noted
by Tim Maletic of Priority Health.
Do not lookup MX records when sorting the MSP queue. The MSP
only needs to relay all mail to the MTA. Problem found
by Gary Mills of the University of Manitoba.
Do not restrict the length of connection information to 100
characters in some logging statements. Problem noted by
Erik Parker.
When converting an enhanced status code to an exit status, use
EX_CONFIG if the first digit is not 2, 4, or 5 or if *.1.5
is used.
Reset macro $x when receiving another MAIL command. Problem
noted by Vlado Potisk of Wigro s.r.o.
Don't bother setting the permissions on the build area statistics
file, the proper permissions will be put on the file at
install time. This fixes installation over NFS for some
users. Problem noted by Martin J. Dellwo of 3-Dimensional
Pharmaceuticals, Inc.
Fix problem of decoding SASLv2 encrypted data. Problem noted by
Alex Deiter of Mobile TeleSystems, Komi Republic.
Log milter socket open errors at MilterLogLevel 1 or higher instead
of 11 or higher.
Print early system errors to the console instead of silently
exiting. Problem noted by James Jong of IBM.
Do not process a queue group if Runners is set to 0, regardless
of whether F=f or sendmail is run in verbose mode (-v).
The use of -qGname will still force queue group "name"
to be run even if Runners=0.
Change the level for logging the fact that a daemon is refusing
connections due to high load from LOG_INFO to LOG_NOTICE.
Patch from John Beck of Sun Microsystems.
Use location information for submit.cf from NetInfo
(/locations/sendmail/submit.cf) if available.
Re-enable ForkEachJob which was lost in 8.12.0. Problem noted by
Neil Rickert of Northern Illinois University.
Make behavior of /canon in debug mode consistent with usage in
rulesets. Patch from Shigeno Kazutaka of IIJ.
Fix a potential memory leak in envelope splitting. Problem noted
by John Majikes of IBM.
Do not try to share an mailbox database LDAP connection across
different processes. Problem noted by Randy Kunkee.
Fix logging for undelivered recipients when the SMTP connection
times out during message collection. Problem noted by Neil
Rickert of Northern Illinois University.
Avoid problems with QueueSortOrder=random due to problems with
qsort() on Solaris (and maybe some other operating systems).
Problem noted by Stephan Schulz of Gruner+Jahr..
If -f "" is specified, set the sender address to "<>". Problem
noted by Matthias Andree.
Fix formatting problem of footnotes for plain text output on some
versions of tmac. Patch from Per Hedeland.
Portability:
Berkeley DB 4.1 support (requires at least 4.1.25).
Some getopt(3) implementations in GNU/Linux are broken
and pass a NULL pointer to an option which requires
an argument, hence the builtin version of
sendmail is used instead. This can be overridden
by using -DSM_CONF_GETOPT=0. Problem noted by
Vlado Potisk of Wigro s.r.o.
Support for nph-1.2.0 from Mark D. Roth of the University
of Illinois at Urbana-Champaign.
Support for FreeBSD 5.0's MAC labeling from Robert Watson
of the TrustedBSD Project.
Support for reading the number of processors on an IRIX
system from Michel Bourget of SGI.
Support for UnixWare 7.1 based on input from Larry Rosenman.
Interix support from Nedelcho Stanev of Atlantic Sky
Corporation.
Update Mac OS X/Darwin portability from Wilfredo Sanchez.
CONFIG: Enforce tls_client restrictions even if delay_checks
is used. Problem noted by Malte Starostik.
CONFIG: Deal with an empty hostname created via bogus
DNS entries to get around access restrictions.
Problem noted by Kai Schlichting.
CONFIG: Use FEATURE(`msp', `[127.0.0.1]') in submit.mc by default
to avoid problems with hostname resolution for localhost
which on many systems does not resolve to 127.0.0.1 (or
::1 for IPv6). If you do not use IPv4 but only IPv6 then
you need to change submit.mc accordingly, see the comment
in the file itself.
CONFIG: Set confDONT_INIT_GROUPS to True in submit.mc to avoid
error messages from initgroups(3) on AIX 4.3 when sending
mail to non-existing users. Problem noted by Mark Roth of
the University of Illinois at Urbana-Champaign.
CONFIG: Allow local_procmail to override local_lmtp settings.
CONFIG: Always allow connections from 127.0.0.1 or IPv6:::1 to
relay.
CONTRIB: cidrexpand: Deal with the prefix tags that may be included
in access_db.
CONTRIB: New version of doublebounce.pl contributed by Leo Bicknell.
LIBMILTER: On Solaris libmilter may get into an endless loop if
an error in the communication from/to the MTA occurs.
Patch from Gurusamy Sarathy of Active State.
LIBMILTER: Ignore EINTR from sigwait(3) which may happen on Tru64.
Patch from from Jose Marcio Martins da Cruz of Ecole
Nationale Superieure des Mines de Paris.
MAIL.LOCAL: Fix a truncation race condition if the close() on
the mailbox fails. Problem noted by Tomoko Fukuzawa of
Sun Microsystems.
MAIL.LOCAL: Fix a potential file descriptor leak if mkstemp(3)
fails. Patch from John Beck of Sun Microsystems.
SMRSH: SECURITY: Only allow regular files or symbolic links to be
used for a command. Problem noted by David Endler of
iDEFENSE, Inc.
New Files:
devtools/OS/Interix
include/sm/bdb.h
2003-03-04 01:21:31 +01:00
|
|
|
bin/mailq
|
|
|
|
|
bin/newaliases
|
1999-04-10 18:41:21 +02:00
|
|
|
bin/purgestat
|
upgrade to 8.11.0 from sendmail.org.
the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
2000-07-24 06:22:31 +02:00
|
|
|
bin/vacation
|
2003-09-15 13:59:11 +02:00
|
|
|
lib/libsm.a
|
|
|
|
|
lib/libsmutil.a
|
1999-04-09 01:00:33 +02:00
|
|
|
libexec/sendmail/sendmail
|
1999-04-10 18:41:21 +02:00
|
|
|
libexec/sendmail/smrsh
|
2006-06-07 16:48:28 +02:00
|
|
|
man/man1/mailq.1
|
|
|
|
|
man/man1/newaliases.1
|
|
|
|
|
man/man1/vacation.1
|
|
|
|
|
man/man5/aliases.5
|
|
|
|
|
man/man8/editmap.8
|
|
|
|
|
man/man8/mailstats.8
|
|
|
|
|
man/man8/makemap.8
|
|
|
|
|
man/man8/praliases.8
|
|
|
|
|
man/man8/sendmail.8
|
|
|
|
|
man/man8/smrsh.8
|
2002-09-23 14:56:57 +02:00
|
|
|
sbin/editmap
|
1999-04-10 18:41:21 +02:00
|
|
|
sbin/mailstats
|
|
|
|
|
sbin/makemap
|
|
|
|
|
sbin/praliases
|
2004-08-30 22:16:28 +02:00
|
|
|
share/doc/sendmail/README
|
|
|
|
|
share/doc/sendmail/RELEASE_NOTES
|
|
|
|
|
share/doc/sendmail/SECURITY
|
|
|
|
|
share/doc/sendmail/op.me
|
|
|
|
|
share/doc/sendmail/op.ps
|
2006-06-07 00:03:36 +02:00
|
|
|
share/examples/rc.d/sendmail
|
|
|
|
|
share/examples/rc.d/smmsp
|
2003-05-01 17:19:11 +02:00
|
|
|
share/examples/sendmail/mailer.conf
|
2007-01-20 21:08:31 +01:00
|
|
|
share/examples/sendmail/socketmapClient.pl
|
|
|
|
|
share/examples/sendmail/socketmapServer.pl
|
upgrade to 8.11.0 from sendmail.org.
the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
2000-07-24 06:22:31 +02:00
|
|
|
share/misc/helpfile
|
|
|
|
|
share/sendmail/README
|
|
|
|
|
share/sendmail/cf/Build
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/cf/Makefile
|
2002-09-23 14:56:57 +02:00
|
|
|
share/sendmail/cf/README
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/cf/chez.cs.mc
|
|
|
|
|
share/sendmail/cf/clientproto.mc
|
|
|
|
|
share/sendmail/cf/cs-hpux10.mc
|
|
|
|
|
share/sendmail/cf/cs-hpux9.mc
|
|
|
|
|
share/sendmail/cf/cs-osf1.mc
|
|
|
|
|
share/sendmail/cf/cs-solaris2.mc
|
|
|
|
|
share/sendmail/cf/cs-sunos4.1.mc
|
|
|
|
|
share/sendmail/cf/cs-ultrix4.mc
|
|
|
|
|
share/sendmail/cf/cyrusproto.mc
|
upgrade to 8.11.0 from sendmail.org.
the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
2000-07-24 06:22:31 +02:00
|
|
|
share/sendmail/cf/generic-bsd4.4.cf
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/cf/generic-bsd4.4.mc
|
upgrade to 8.11.0 from sendmail.org.
the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
2000-07-24 06:22:31 +02:00
|
|
|
share/sendmail/cf/generic-hpux10.cf
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/cf/generic-hpux10.mc
|
upgrade to 8.11.0 from sendmail.org.
the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
2000-07-24 06:22:31 +02:00
|
|
|
share/sendmail/cf/generic-hpux9.cf
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/cf/generic-hpux9.mc
|
2002-09-23 14:56:57 +02:00
|
|
|
share/sendmail/cf/generic-linux.cf
|
|
|
|
|
share/sendmail/cf/generic-linux.mc
|
|
|
|
|
share/sendmail/cf/generic-mpeix.cf
|
|
|
|
|
share/sendmail/cf/generic-mpeix.mc
|
|
|
|
|
share/sendmail/cf/generic-nextstep3.3.cf
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/cf/generic-nextstep3.3.mc
|
upgrade to 8.11.0 from sendmail.org.
the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
2000-07-24 06:22:31 +02:00
|
|
|
share/sendmail/cf/generic-osf1.cf
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/cf/generic-osf1.mc
|
2002-09-23 14:56:57 +02:00
|
|
|
share/sendmail/cf/generic-solaris.cf
|
|
|
|
|
share/sendmail/cf/generic-solaris.mc
|
upgrade to 8.11.0 from sendmail.org.
the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
2000-07-24 06:22:31 +02:00
|
|
|
share/sendmail/cf/generic-sunos4.1.cf
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/cf/generic-sunos4.1.mc
|
upgrade to 8.11.0 from sendmail.org.
the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
2000-07-24 06:22:31 +02:00
|
|
|
share/sendmail/cf/generic-ultrix4.cf
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/cf/generic-ultrix4.mc
|
|
|
|
|
share/sendmail/cf/huginn.cs.mc
|
|
|
|
|
share/sendmail/cf/knecht.mc
|
|
|
|
|
share/sendmail/cf/mail.cs.mc
|
|
|
|
|
share/sendmail/cf/mail.eecs.mc
|
|
|
|
|
share/sendmail/cf/mailspool.cs.mc
|
|
|
|
|
share/sendmail/cf/python.cs.mc
|
|
|
|
|
share/sendmail/cf/s2k-osf1.mc
|
|
|
|
|
share/sendmail/cf/s2k-ultrix4.mc
|
2002-09-23 14:56:57 +02:00
|
|
|
share/sendmail/cf/submit.cf
|
|
|
|
|
share/sendmail/cf/submit.mc
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/cf/tcpproto.mc
|
|
|
|
|
share/sendmail/cf/ucbarpa.mc
|
|
|
|
|
share/sendmail/cf/ucbvax.mc
|
|
|
|
|
share/sendmail/cf/uucpproto.mc
|
|
|
|
|
share/sendmail/cf/vangogh.cs.mc
|
|
|
|
|
share/sendmail/domain/Berkeley.EDU.m4
|
|
|
|
|
share/sendmail/domain/CS.Berkeley.EDU.m4
|
|
|
|
|
share/sendmail/domain/EECS.Berkeley.EDU.m4
|
|
|
|
|
share/sendmail/domain/S2K.Berkeley.EDU.m4
|
|
|
|
|
share/sendmail/domain/berkeley-only.m4
|
upgrade to 8.11.0 from sendmail.org.
the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
2000-07-24 06:22:31 +02:00
|
|
|
share/sendmail/domain/generic.m4
|
|
|
|
|
share/sendmail/feature/accept_unqualified_senders.m4
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/feature/accept_unresolvable_domains.m4
|
|
|
|
|
share/sendmail/feature/access_db.m4
|
|
|
|
|
share/sendmail/feature/allmasquerade.m4
|
|
|
|
|
share/sendmail/feature/always_add_domain.m4
|
2002-09-23 14:56:57 +02:00
|
|
|
share/sendmail/feature/authinfo.m4
|
Update to sendmail-8.14.1. Major changes since sendmail-8.13.8:
8.14.1/8.14.1 2007/04/03
Even though a milter rejects a recipient the MTA will still keep
it in its list of recipients and deliver to it if the
transaction is accepted. This is a regression introduced
in 8.14.0 due to the change for SMFIP_RCPT_REJ. Bug
found by Andy Fiddaman.
The new DaemonPortOptions which begin with a lower case character
could not be set in 8.14.0.
If a server shut down the connection in response to a STARTTLS
command, sendmail would log a misleading error message
due to an internal inconsistency. Problem found by
Werner Wiethege.
Document how some sendmail.cf options change the behavior of mailq.
Noted by Paul Menchini of the North Carolina School of
Science and Mathematics.
CONFIG: Add confSOFT_BOUNCE m4 option for setting SoftBounce.
CONFIG: 8.14.0's RELEASE_NOTES failed to mention the addition
of the confMAX_NOOP_COMMANDS and confSHARED_MEMORY_KEY_FILE
m4 options for setting MaxNOOPCommands and
SharedMemoryKeyFile.
CONFIG: Add confMILTER_MACROS_EOH and confMILTER_MACROS_DATA m4
options for setting Milter.macros.eoh and Milter.macros.data.
CONTRIB: Use flock() and fcntl() in qtool.pl if necessary.
Patch from Daniel Carroll of Mesa State College.
LIBMILTER: Make sure an unknown command does not affect the
currently available macros. Problem found by Andy Fiddaman.
LIBMILTER: The MTA did not offer SMFIF_SETSYMLIST during option
negotiation. Problem reported by Bryan Costales.
LIBMILTER: Fix several minor errors in the documentation.
Patches from Bryan Costales.
PORTABILITY FIXES:
AIX 5.{1,2}: libsm/util.c failed to compile due to
redefinition of several macros, e.g., SIG_ERR.
Patch from Jim Pirzyk with assistance by Bob
Booth, University of Illinois at Urbana-Champaign.
Add support for QNX.6. Patch from Sean Boudreau of QNX
Software Systems.
New Files:
devtools/M4/depend/QNX6.m4
devtools/OS/QNX.6.x
include/sm/os/sm_os_qnx.h
New Files added in 8.14.0, but not shown in the release notes entry:
libmilter/docs/smfi_chgfrom.html
libmilter/docs/smfi_version.html
8.14.0/8.14.0 2007/01/31
Header field values are now 8 bit clean. Notes:
- header field names are still restricted to 7 bit.
- RFC 2822 allows only 7 bit (US-ASCII) characters in
headers.
Preserve spaces after the colon in a header. Previously, any
number of spaces after the colon would be changed to
exactly one space.
In some cases of deeply nested aliases/forwarding, mail can
be silently lost. Moreover, the MaxAliasRecursion
limit may be reached too early, e.g., the counter
may be off by a factor of 4 in case of a sequence of
.forward files that refer to others. Patch from
Motonori Nakamura of Kyoto University.
Fix a regression in 8.13.8: if InputMailFilters is set then
"sendmail -bs" can trigger an assertion because the
hostname of the client is undefined. It is now set
to "localhost" for the xxfi_connect() callback.
Avoid referencing a freed variable during cleanup when terminating.
Problem reported and diagnosed by Joe Maimon.
New option HeloName to set the name for the HELO/EHLO command.
Patch from Nik Clayton.
New option SoftBounce to issue temporary errors (4xy) instead of
permanent errors (5xy). This can be useful for testing.
New suboptions for DaemonPortOptions to set them individually
per daemon socket:
DeliveryMode DeliveryMode
refuseLA RefuseLA
delayLA DelayLA
queueLA QueueLA
children MaxDaemonChildren
New option -K for LDAP maps to replace %1 through %9 in the
lookup key with the LDAP escaped contents of the
arguments specified in the map lookup. Loosely based
on patch from Wolfgang Hottgenroth.
Log the time after which a greet_pause delay triggered. Patch
from Nik Clayton.
If a client is rejected via TCP wrapper or some other check
performed by validate_connection() (in conf.c) then do
not also invoke greet_pause. Problem noted by Jim Pirzyk
of the University of Illinois at Urbana-Champaign.
If a client terminates the SMTP connection during a pause
introduced by greet_pause, then a misleading message
was logged previously. Problem noted by Vernon Schryver
et.al., patch from Matej Vela.
New command "mstat" for control socket to provide "machine
readable" status.
New named config file rule check_eom which is called at the end
of a message, its parameter is the size of the message.
If the macro {addr_type} indicates that the current address
is a header address it also distinguishes between
recipient and sender addresses (as it is done for
envelope addresses).
When a macro is set in check_relay, then its value is accessible
by all transactions in the same SMTP session.
Increase size of key for ldap lookups to 1024 (MAXKEY).
New option MaxNOOPCommands to override default of 20 for the
number of "useless" commands before the SMTP server will
slow down responding.
New option SharedMemoryKeyFile: if shared memory support is
enabled, the MTA can be asked to select a shared memory
key itself by setting SharedMemoryKey to -1 and specifying
a file where to store the selected key.
Try to deal with open HTTP proxies that are used to send spam
by recognizing some commands from them. If the first command
from the client is GET, POST, CONNECT, or USER, then the
connection is terminated immediately.
New PrivacyOptions noactualrecipient to avoid putting
X-Actual-Recipient lines in DSNs revealing the actual
account that addresses map to. Patch from Dan Harkless.
New options B, z, and Z for DNS maps:
-B: specify a domain that is always appended to queries.
-z: specify the delimiter at which to cut off the result of
a query if it is too long.
-Z: specify the maximum number of entries to be concatenated
to form the result of a lookup.
New target "check" in the Makefile of libsm: instead of running tests
implicitly while building libsm, they must be explicitly
started by using "make check".
Fixed some inconsistent checks for NULL pointers that have been
reported by the SATURN tool which has been developed by
Isil Dillig and Thomas Dillig of Stanford University.
Fix a potential race condition caused by a signal handler for
terminated child processes. Problem noted by David F. Skoll.
When a milter deleted a recipient, that recipient could cause a
queue group selection. This has been disabled as it was not
intended.
New operator 'r' for the arith map to return a random number.
Patch from Motonori Nakamura of Kyoto University.
New compile time option MILTER_NO_NAGLE to turn off the Nagle
algorithm for communication with libmilter ("cork" on Linux),
which may improve the communication performance on some
operating systems. Patch from John Gardiner Myers of
Proofpoint.
If sendmail received input that contained a CR without subsequent LF
(thus violating RFC 2821 (2.3.7)), it could previously
generate an additional blank line in the output as the last
line.
Restarting persistent queue runners by sending a HUP signal to
the "queue control process" (QCP) works now.
Increase the length of an input line to 12288 to deal with
really long lines during SMTP AUTH negotiations.
Problem noted by Werner Wiethege.
If ARPANET mode (-ba) was selected STARTTLS would fail (due to
a missing initialization call for that case). Problem
noted by Neil Rickert of Northern Illinois University.
If sendmail is linked against a library that initializes Cyrus-SASL
before sendmail did it (such as libnss-ldap), then SMTP AUTH
could fail for the sendmail client. A patch by Moritz Both
works around the API design flaw of Cyrus-SASLv2.
CONFIG: Make it possible to unset the StatusFile option by
undefining STATUS_FILE. By not setting StatusFile,
the MTA will not attempt to open a statistics file on
each delivery.
CONFIG: New FEATURE(`require_rdns') to reject messages from SMTP
clients whose IP address does not have proper reverse DNS.
Contributed by Neil Rickert of Northern Illinois University
and John Beck of Sun Microsystems.
CONFIG: New FEATURE(`block_bad_helo') to reject messages from SMTP
clients which provide a HELO/EHLO argument which is either
unqualified, or is one of our own names (i.e., the server
name instead of the client name). Contributed by Neil
Rickert of Northern Illinois University and John Beck of
Sun Microsystems.
CONFIG: New FEATURE(`badmx') to reject envelope sender addresses
(MAIL) whose domain part resolves to a "bad" MX record.
Based on contribution from William Dell Wisner.
CONFIG: New macros SMTP_MAILER_LL and RELAY_MAILER_LL to override
the maximum line length of the smtp mailers.
CONFIG: New option `relaytofulladdress' for FEATURE(`access_db')
to allow entries in the access map to be of the form
To:user@example.com RELAY
CONFIG: New subsuboptions eoh and data to specify the list of
macros a milter should receive at those stages in the
SMTP dialogue.
CONFIG: New option confHELO_NAME for HeloName to set the name
for the HELO/EHLO command.
CONFIG: dnsbl and enhdnsbl can now also discard or quarantine
messages by using those values as second argument.
Patches from Nelson Fung.
CONTRIB: cidrexpand uses a hash symbol as comment character and
ignores everything after it unless it is in quotes or
preceeded by a backslash.
DEVTOOLS: New macro confMKDIR: if set to a program that creates
directories, then it used for "make install" to create
the required installation directories.
DEVTOOLS: New macro confCCLINK to specify the linker to use for
executables (defaults to confCC).
LIBMILTER: A new version of the milter API has been created that
has several changes which are listed below and documented
in the webpages reachable via libmilter/docs/index.html.
LIBMILTER: The meaning of the version macro SMFI_VERSION has been
changed. It now refers only to the version of libmilter,
not to the protocol version (which is used only internally,
it is not user/milter-programmer visible). Additionally,
a version function smfi_version() has been introduced such
that a milter program can check the libmilter version also
at runtime which is useful if a shared library is used.
LIBMILTER: A new callback xxfi_negotiate() can be used to
dynamically (i.e., at runtime) determine the available
protocol actions and features of the MTA and also to
specify which of these a milter wants to use. This allows
for more flexibility than hardcoding these flags in the
xxfi_flags field of the smfiDesc structure.
LIBMILTER: A new callback xxfi_data() is available so milters
can act on the DATA command.
LIBMILTER: A new callback xxfi_unknown() is available so milters
can receive also unknown SMTP commands.
LIBMILTER: A new return code SMFIS_NOREPLY has been added which
can be used by the xxfi_header() callback provided the
milter requested the SMFIP_NOHREPL protocol action.
LIBMILTER: The new return code SMFIS_SKIP can be used in the
xxfi_body() callback to skip over further body chunks
and directly advance to the xxfi_eom() callback. This
is useful if a milter can make a decision based on the
body chunks it already received without reading the entire
rest of the body and the milter wants to invoke functions
that are only available from the xxfi_eom() callback.
LIBMILTER: A new function smfi_addrcpt_par() can be used to add
new recipients including ESMTP parameters.
LIBMILTER: A new function smfi_chgfrom() can be used to change the
envelope sender including ESMTP parameters.
LIBMILTER: A milter can now request to be informed about rejected
recipients (RCPT) too. This requires to set the protocol
flag SMFIP_RCPT_REJ during option negotiation. Whether
a RCPT has been rejected can be checked by comparing the
value of the macro {rcpt_mailer} with "error".
LIBMILTER: A milter can now override the list of macros that it
wants to receive from the MTA for each protocol step
by invoking the function smfi_setsymlist() during option
negotiation.
LIBMILTER: A milter can receive header field values with all
leading spaces by requesting the SMFIP_HDR_LEADSPC
protocol action. Also, if the flag is set then the MTA
does not add a leading space to headers that are added,
inserted, or replaced.
LIBMILTER: If a milter sets the reply code to "421" for the HELO
callback, the SMTP server will terminate the SMTP session
with that error to match the behavior of all other callbacks.
New Files:
cf/feature/badmx.m4
cf/feature/block_bad_helo.m4
cf/feature/require_rdns.m4
devtools/M4/UNIX/check.m4
include/sm/misc.h
include/sm/sendmail.h
include/sm/tailq.h
libmilter/docs/smfi_addrcpt_par.html
libmilter/docs/smfi_setsymlist.html
libmilter/docs/xxfi_data.html
libmilter/docs/xxfi_negotiate.html
libmilter/docs/xxfi_unknown.html
libmilter/example.c
libmilter/monitor.c
libmilter/worker.c
libsm/memstat.c
libsm/t-memstat.c
libsm/t-qic.c
libsm/util.c
sendmail/daemon.h
sendmail/map.h
2007-04-26 08:26:27 +02:00
|
|
|
share/sendmail/feature/badmx.m4
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/feature/bestmx_is_local.m4
|
|
|
|
|
share/sendmail/feature/bitdomain.m4
|
|
|
|
|
share/sendmail/feature/blacklist_recipients.m4
|
Update to sendmail-8.14.1. Major changes since sendmail-8.13.8:
8.14.1/8.14.1 2007/04/03
Even though a milter rejects a recipient the MTA will still keep
it in its list of recipients and deliver to it if the
transaction is accepted. This is a regression introduced
in 8.14.0 due to the change for SMFIP_RCPT_REJ. Bug
found by Andy Fiddaman.
The new DaemonPortOptions which begin with a lower case character
could not be set in 8.14.0.
If a server shut down the connection in response to a STARTTLS
command, sendmail would log a misleading error message
due to an internal inconsistency. Problem found by
Werner Wiethege.
Document how some sendmail.cf options change the behavior of mailq.
Noted by Paul Menchini of the North Carolina School of
Science and Mathematics.
CONFIG: Add confSOFT_BOUNCE m4 option for setting SoftBounce.
CONFIG: 8.14.0's RELEASE_NOTES failed to mention the addition
of the confMAX_NOOP_COMMANDS and confSHARED_MEMORY_KEY_FILE
m4 options for setting MaxNOOPCommands and
SharedMemoryKeyFile.
CONFIG: Add confMILTER_MACROS_EOH and confMILTER_MACROS_DATA m4
options for setting Milter.macros.eoh and Milter.macros.data.
CONTRIB: Use flock() and fcntl() in qtool.pl if necessary.
Patch from Daniel Carroll of Mesa State College.
LIBMILTER: Make sure an unknown command does not affect the
currently available macros. Problem found by Andy Fiddaman.
LIBMILTER: The MTA did not offer SMFIF_SETSYMLIST during option
negotiation. Problem reported by Bryan Costales.
LIBMILTER: Fix several minor errors in the documentation.
Patches from Bryan Costales.
PORTABILITY FIXES:
AIX 5.{1,2}: libsm/util.c failed to compile due to
redefinition of several macros, e.g., SIG_ERR.
Patch from Jim Pirzyk with assistance by Bob
Booth, University of Illinois at Urbana-Champaign.
Add support for QNX.6. Patch from Sean Boudreau of QNX
Software Systems.
New Files:
devtools/M4/depend/QNX6.m4
devtools/OS/QNX.6.x
include/sm/os/sm_os_qnx.h
New Files added in 8.14.0, but not shown in the release notes entry:
libmilter/docs/smfi_chgfrom.html
libmilter/docs/smfi_version.html
8.14.0/8.14.0 2007/01/31
Header field values are now 8 bit clean. Notes:
- header field names are still restricted to 7 bit.
- RFC 2822 allows only 7 bit (US-ASCII) characters in
headers.
Preserve spaces after the colon in a header. Previously, any
number of spaces after the colon would be changed to
exactly one space.
In some cases of deeply nested aliases/forwarding, mail can
be silently lost. Moreover, the MaxAliasRecursion
limit may be reached too early, e.g., the counter
may be off by a factor of 4 in case of a sequence of
.forward files that refer to others. Patch from
Motonori Nakamura of Kyoto University.
Fix a regression in 8.13.8: if InputMailFilters is set then
"sendmail -bs" can trigger an assertion because the
hostname of the client is undefined. It is now set
to "localhost" for the xxfi_connect() callback.
Avoid referencing a freed variable during cleanup when terminating.
Problem reported and diagnosed by Joe Maimon.
New option HeloName to set the name for the HELO/EHLO command.
Patch from Nik Clayton.
New option SoftBounce to issue temporary errors (4xy) instead of
permanent errors (5xy). This can be useful for testing.
New suboptions for DaemonPortOptions to set them individually
per daemon socket:
DeliveryMode DeliveryMode
refuseLA RefuseLA
delayLA DelayLA
queueLA QueueLA
children MaxDaemonChildren
New option -K for LDAP maps to replace %1 through %9 in the
lookup key with the LDAP escaped contents of the
arguments specified in the map lookup. Loosely based
on patch from Wolfgang Hottgenroth.
Log the time after which a greet_pause delay triggered. Patch
from Nik Clayton.
If a client is rejected via TCP wrapper or some other check
performed by validate_connection() (in conf.c) then do
not also invoke greet_pause. Problem noted by Jim Pirzyk
of the University of Illinois at Urbana-Champaign.
If a client terminates the SMTP connection during a pause
introduced by greet_pause, then a misleading message
was logged previously. Problem noted by Vernon Schryver
et.al., patch from Matej Vela.
New command "mstat" for control socket to provide "machine
readable" status.
New named config file rule check_eom which is called at the end
of a message, its parameter is the size of the message.
If the macro {addr_type} indicates that the current address
is a header address it also distinguishes between
recipient and sender addresses (as it is done for
envelope addresses).
When a macro is set in check_relay, then its value is accessible
by all transactions in the same SMTP session.
Increase size of key for ldap lookups to 1024 (MAXKEY).
New option MaxNOOPCommands to override default of 20 for the
number of "useless" commands before the SMTP server will
slow down responding.
New option SharedMemoryKeyFile: if shared memory support is
enabled, the MTA can be asked to select a shared memory
key itself by setting SharedMemoryKey to -1 and specifying
a file where to store the selected key.
Try to deal with open HTTP proxies that are used to send spam
by recognizing some commands from them. If the first command
from the client is GET, POST, CONNECT, or USER, then the
connection is terminated immediately.
New PrivacyOptions noactualrecipient to avoid putting
X-Actual-Recipient lines in DSNs revealing the actual
account that addresses map to. Patch from Dan Harkless.
New options B, z, and Z for DNS maps:
-B: specify a domain that is always appended to queries.
-z: specify the delimiter at which to cut off the result of
a query if it is too long.
-Z: specify the maximum number of entries to be concatenated
to form the result of a lookup.
New target "check" in the Makefile of libsm: instead of running tests
implicitly while building libsm, they must be explicitly
started by using "make check".
Fixed some inconsistent checks for NULL pointers that have been
reported by the SATURN tool which has been developed by
Isil Dillig and Thomas Dillig of Stanford University.
Fix a potential race condition caused by a signal handler for
terminated child processes. Problem noted by David F. Skoll.
When a milter deleted a recipient, that recipient could cause a
queue group selection. This has been disabled as it was not
intended.
New operator 'r' for the arith map to return a random number.
Patch from Motonori Nakamura of Kyoto University.
New compile time option MILTER_NO_NAGLE to turn off the Nagle
algorithm for communication with libmilter ("cork" on Linux),
which may improve the communication performance on some
operating systems. Patch from John Gardiner Myers of
Proofpoint.
If sendmail received input that contained a CR without subsequent LF
(thus violating RFC 2821 (2.3.7)), it could previously
generate an additional blank line in the output as the last
line.
Restarting persistent queue runners by sending a HUP signal to
the "queue control process" (QCP) works now.
Increase the length of an input line to 12288 to deal with
really long lines during SMTP AUTH negotiations.
Problem noted by Werner Wiethege.
If ARPANET mode (-ba) was selected STARTTLS would fail (due to
a missing initialization call for that case). Problem
noted by Neil Rickert of Northern Illinois University.
If sendmail is linked against a library that initializes Cyrus-SASL
before sendmail did it (such as libnss-ldap), then SMTP AUTH
could fail for the sendmail client. A patch by Moritz Both
works around the API design flaw of Cyrus-SASLv2.
CONFIG: Make it possible to unset the StatusFile option by
undefining STATUS_FILE. By not setting StatusFile,
the MTA will not attempt to open a statistics file on
each delivery.
CONFIG: New FEATURE(`require_rdns') to reject messages from SMTP
clients whose IP address does not have proper reverse DNS.
Contributed by Neil Rickert of Northern Illinois University
and John Beck of Sun Microsystems.
CONFIG: New FEATURE(`block_bad_helo') to reject messages from SMTP
clients which provide a HELO/EHLO argument which is either
unqualified, or is one of our own names (i.e., the server
name instead of the client name). Contributed by Neil
Rickert of Northern Illinois University and John Beck of
Sun Microsystems.
CONFIG: New FEATURE(`badmx') to reject envelope sender addresses
(MAIL) whose domain part resolves to a "bad" MX record.
Based on contribution from William Dell Wisner.
CONFIG: New macros SMTP_MAILER_LL and RELAY_MAILER_LL to override
the maximum line length of the smtp mailers.
CONFIG: New option `relaytofulladdress' for FEATURE(`access_db')
to allow entries in the access map to be of the form
To:user@example.com RELAY
CONFIG: New subsuboptions eoh and data to specify the list of
macros a milter should receive at those stages in the
SMTP dialogue.
CONFIG: New option confHELO_NAME for HeloName to set the name
for the HELO/EHLO command.
CONFIG: dnsbl and enhdnsbl can now also discard or quarantine
messages by using those values as second argument.
Patches from Nelson Fung.
CONTRIB: cidrexpand uses a hash symbol as comment character and
ignores everything after it unless it is in quotes or
preceeded by a backslash.
DEVTOOLS: New macro confMKDIR: if set to a program that creates
directories, then it used for "make install" to create
the required installation directories.
DEVTOOLS: New macro confCCLINK to specify the linker to use for
executables (defaults to confCC).
LIBMILTER: A new version of the milter API has been created that
has several changes which are listed below and documented
in the webpages reachable via libmilter/docs/index.html.
LIBMILTER: The meaning of the version macro SMFI_VERSION has been
changed. It now refers only to the version of libmilter,
not to the protocol version (which is used only internally,
it is not user/milter-programmer visible). Additionally,
a version function smfi_version() has been introduced such
that a milter program can check the libmilter version also
at runtime which is useful if a shared library is used.
LIBMILTER: A new callback xxfi_negotiate() can be used to
dynamically (i.e., at runtime) determine the available
protocol actions and features of the MTA and also to
specify which of these a milter wants to use. This allows
for more flexibility than hardcoding these flags in the
xxfi_flags field of the smfiDesc structure.
LIBMILTER: A new callback xxfi_data() is available so milters
can act on the DATA command.
LIBMILTER: A new callback xxfi_unknown() is available so milters
can receive also unknown SMTP commands.
LIBMILTER: A new return code SMFIS_NOREPLY has been added which
can be used by the xxfi_header() callback provided the
milter requested the SMFIP_NOHREPL protocol action.
LIBMILTER: The new return code SMFIS_SKIP can be used in the
xxfi_body() callback to skip over further body chunks
and directly advance to the xxfi_eom() callback. This
is useful if a milter can make a decision based on the
body chunks it already received without reading the entire
rest of the body and the milter wants to invoke functions
that are only available from the xxfi_eom() callback.
LIBMILTER: A new function smfi_addrcpt_par() can be used to add
new recipients including ESMTP parameters.
LIBMILTER: A new function smfi_chgfrom() can be used to change the
envelope sender including ESMTP parameters.
LIBMILTER: A milter can now request to be informed about rejected
recipients (RCPT) too. This requires to set the protocol
flag SMFIP_RCPT_REJ during option negotiation. Whether
a RCPT has been rejected can be checked by comparing the
value of the macro {rcpt_mailer} with "error".
LIBMILTER: A milter can now override the list of macros that it
wants to receive from the MTA for each protocol step
by invoking the function smfi_setsymlist() during option
negotiation.
LIBMILTER: A milter can receive header field values with all
leading spaces by requesting the SMFIP_HDR_LEADSPC
protocol action. Also, if the flag is set then the MTA
does not add a leading space to headers that are added,
inserted, or replaced.
LIBMILTER: If a milter sets the reply code to "421" for the HELO
callback, the SMTP server will terminate the SMTP session
with that error to match the behavior of all other callbacks.
New Files:
cf/feature/badmx.m4
cf/feature/block_bad_helo.m4
cf/feature/require_rdns.m4
devtools/M4/UNIX/check.m4
include/sm/misc.h
include/sm/sendmail.h
include/sm/tailq.h
libmilter/docs/smfi_addrcpt_par.html
libmilter/docs/smfi_setsymlist.html
libmilter/docs/xxfi_data.html
libmilter/docs/xxfi_negotiate.html
libmilter/docs/xxfi_unknown.html
libmilter/example.c
libmilter/monitor.c
libmilter/worker.c
libsm/memstat.c
libsm/t-memstat.c
libsm/t-qic.c
libsm/util.c
sendmail/daemon.h
sendmail/map.h
2007-04-26 08:26:27 +02:00
|
|
|
share/sendmail/feature/block_bad_helo.m4
|
2002-09-23 14:56:57 +02:00
|
|
|
share/sendmail/feature/compat_check.m4
|
2004-08-30 22:16:28 +02:00
|
|
|
share/sendmail/feature/conncontrol.m4
|
upgrade to 8.11.0 from sendmail.org.
the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
2000-07-24 06:22:31 +02:00
|
|
|
share/sendmail/feature/delay_checks.m4
|
|
|
|
|
share/sendmail/feature/dnsbl.m4
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/feature/domaintable.m4
|
2002-09-23 14:56:57 +02:00
|
|
|
share/sendmail/feature/enhdnsbl.m4
|
upgrade to 8.11.0 from sendmail.org.
the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
2000-07-24 06:22:31 +02:00
|
|
|
share/sendmail/feature/generics_entire_domain.m4
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/feature/genericstable.m4
|
2004-08-30 22:16:28 +02:00
|
|
|
share/sendmail/feature/greet_pause.m4
|
upgrade to 8.11.0 from sendmail.org.
the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
2000-07-24 06:22:31 +02:00
|
|
|
share/sendmail/feature/ldap_routing.m4
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/feature/limited_masquerade.m4
|
|
|
|
|
share/sendmail/feature/local_lmtp.m4
|
2002-09-23 14:56:57 +02:00
|
|
|
share/sendmail/feature/local_no_masquerade.m4
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/feature/local_procmail.m4
|
2002-09-23 14:56:57 +02:00
|
|
|
share/sendmail/feature/lookupdotdomain.m4
|
upgrade to 8.11.0 from sendmail.org.
the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
2000-07-24 06:22:31 +02:00
|
|
|
share/sendmail/feature/loose_relay_check.m4
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/feature/mailertable.m4
|
|
|
|
|
share/sendmail/feature/masquerade_entire_domain.m4
|
|
|
|
|
share/sendmail/feature/masquerade_envelope.m4
|
2002-09-23 14:56:57 +02:00
|
|
|
share/sendmail/feature/msp.m4
|
2004-08-30 22:16:28 +02:00
|
|
|
share/sendmail/feature/mtamark.m4
|
upgrade to 8.11.0 from sendmail.org.
the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
2000-07-24 06:22:31 +02:00
|
|
|
share/sendmail/feature/no_default_msa.m4
|
|
|
|
|
share/sendmail/feature/nocanonify.m4
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/feature/notsticky.m4
|
|
|
|
|
share/sendmail/feature/nouucp.m4
|
|
|
|
|
share/sendmail/feature/nullclient.m4
|
2002-09-23 14:56:57 +02:00
|
|
|
share/sendmail/feature/preserve_local_plus_detail.m4
|
|
|
|
|
share/sendmail/feature/preserve_luser_host.m4
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/feature/promiscuous_relay.m4
|
2002-09-23 14:56:57 +02:00
|
|
|
share/sendmail/feature/queuegroup.m4
|
2004-08-30 22:16:28 +02:00
|
|
|
share/sendmail/feature/ratecontrol.m4
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/feature/redirect.m4
|
|
|
|
|
share/sendmail/feature/relay_based_on_MX.m4
|
|
|
|
|
share/sendmail/feature/relay_entire_domain.m4
|
|
|
|
|
share/sendmail/feature/relay_hosts_only.m4
|
|
|
|
|
share/sendmail/feature/relay_local_from.m4
|
upgrade to 8.11.0 from sendmail.org.
the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
2000-07-24 06:22:31 +02:00
|
|
|
share/sendmail/feature/relay_mail_from.m4
|
Update to sendmail-8.14.1. Major changes since sendmail-8.13.8:
8.14.1/8.14.1 2007/04/03
Even though a milter rejects a recipient the MTA will still keep
it in its list of recipients and deliver to it if the
transaction is accepted. This is a regression introduced
in 8.14.0 due to the change for SMFIP_RCPT_REJ. Bug
found by Andy Fiddaman.
The new DaemonPortOptions which begin with a lower case character
could not be set in 8.14.0.
If a server shut down the connection in response to a STARTTLS
command, sendmail would log a misleading error message
due to an internal inconsistency. Problem found by
Werner Wiethege.
Document how some sendmail.cf options change the behavior of mailq.
Noted by Paul Menchini of the North Carolina School of
Science and Mathematics.
CONFIG: Add confSOFT_BOUNCE m4 option for setting SoftBounce.
CONFIG: 8.14.0's RELEASE_NOTES failed to mention the addition
of the confMAX_NOOP_COMMANDS and confSHARED_MEMORY_KEY_FILE
m4 options for setting MaxNOOPCommands and
SharedMemoryKeyFile.
CONFIG: Add confMILTER_MACROS_EOH and confMILTER_MACROS_DATA m4
options for setting Milter.macros.eoh and Milter.macros.data.
CONTRIB: Use flock() and fcntl() in qtool.pl if necessary.
Patch from Daniel Carroll of Mesa State College.
LIBMILTER: Make sure an unknown command does not affect the
currently available macros. Problem found by Andy Fiddaman.
LIBMILTER: The MTA did not offer SMFIF_SETSYMLIST during option
negotiation. Problem reported by Bryan Costales.
LIBMILTER: Fix several minor errors in the documentation.
Patches from Bryan Costales.
PORTABILITY FIXES:
AIX 5.{1,2}: libsm/util.c failed to compile due to
redefinition of several macros, e.g., SIG_ERR.
Patch from Jim Pirzyk with assistance by Bob
Booth, University of Illinois at Urbana-Champaign.
Add support for QNX.6. Patch from Sean Boudreau of QNX
Software Systems.
New Files:
devtools/M4/depend/QNX6.m4
devtools/OS/QNX.6.x
include/sm/os/sm_os_qnx.h
New Files added in 8.14.0, but not shown in the release notes entry:
libmilter/docs/smfi_chgfrom.html
libmilter/docs/smfi_version.html
8.14.0/8.14.0 2007/01/31
Header field values are now 8 bit clean. Notes:
- header field names are still restricted to 7 bit.
- RFC 2822 allows only 7 bit (US-ASCII) characters in
headers.
Preserve spaces after the colon in a header. Previously, any
number of spaces after the colon would be changed to
exactly one space.
In some cases of deeply nested aliases/forwarding, mail can
be silently lost. Moreover, the MaxAliasRecursion
limit may be reached too early, e.g., the counter
may be off by a factor of 4 in case of a sequence of
.forward files that refer to others. Patch from
Motonori Nakamura of Kyoto University.
Fix a regression in 8.13.8: if InputMailFilters is set then
"sendmail -bs" can trigger an assertion because the
hostname of the client is undefined. It is now set
to "localhost" for the xxfi_connect() callback.
Avoid referencing a freed variable during cleanup when terminating.
Problem reported and diagnosed by Joe Maimon.
New option HeloName to set the name for the HELO/EHLO command.
Patch from Nik Clayton.
New option SoftBounce to issue temporary errors (4xy) instead of
permanent errors (5xy). This can be useful for testing.
New suboptions for DaemonPortOptions to set them individually
per daemon socket:
DeliveryMode DeliveryMode
refuseLA RefuseLA
delayLA DelayLA
queueLA QueueLA
children MaxDaemonChildren
New option -K for LDAP maps to replace %1 through %9 in the
lookup key with the LDAP escaped contents of the
arguments specified in the map lookup. Loosely based
on patch from Wolfgang Hottgenroth.
Log the time after which a greet_pause delay triggered. Patch
from Nik Clayton.
If a client is rejected via TCP wrapper or some other check
performed by validate_connection() (in conf.c) then do
not also invoke greet_pause. Problem noted by Jim Pirzyk
of the University of Illinois at Urbana-Champaign.
If a client terminates the SMTP connection during a pause
introduced by greet_pause, then a misleading message
was logged previously. Problem noted by Vernon Schryver
et.al., patch from Matej Vela.
New command "mstat" for control socket to provide "machine
readable" status.
New named config file rule check_eom which is called at the end
of a message, its parameter is the size of the message.
If the macro {addr_type} indicates that the current address
is a header address it also distinguishes between
recipient and sender addresses (as it is done for
envelope addresses).
When a macro is set in check_relay, then its value is accessible
by all transactions in the same SMTP session.
Increase size of key for ldap lookups to 1024 (MAXKEY).
New option MaxNOOPCommands to override default of 20 for the
number of "useless" commands before the SMTP server will
slow down responding.
New option SharedMemoryKeyFile: if shared memory support is
enabled, the MTA can be asked to select a shared memory
key itself by setting SharedMemoryKey to -1 and specifying
a file where to store the selected key.
Try to deal with open HTTP proxies that are used to send spam
by recognizing some commands from them. If the first command
from the client is GET, POST, CONNECT, or USER, then the
connection is terminated immediately.
New PrivacyOptions noactualrecipient to avoid putting
X-Actual-Recipient lines in DSNs revealing the actual
account that addresses map to. Patch from Dan Harkless.
New options B, z, and Z for DNS maps:
-B: specify a domain that is always appended to queries.
-z: specify the delimiter at which to cut off the result of
a query if it is too long.
-Z: specify the maximum number of entries to be concatenated
to form the result of a lookup.
New target "check" in the Makefile of libsm: instead of running tests
implicitly while building libsm, they must be explicitly
started by using "make check".
Fixed some inconsistent checks for NULL pointers that have been
reported by the SATURN tool which has been developed by
Isil Dillig and Thomas Dillig of Stanford University.
Fix a potential race condition caused by a signal handler for
terminated child processes. Problem noted by David F. Skoll.
When a milter deleted a recipient, that recipient could cause a
queue group selection. This has been disabled as it was not
intended.
New operator 'r' for the arith map to return a random number.
Patch from Motonori Nakamura of Kyoto University.
New compile time option MILTER_NO_NAGLE to turn off the Nagle
algorithm for communication with libmilter ("cork" on Linux),
which may improve the communication performance on some
operating systems. Patch from John Gardiner Myers of
Proofpoint.
If sendmail received input that contained a CR without subsequent LF
(thus violating RFC 2821 (2.3.7)), it could previously
generate an additional blank line in the output as the last
line.
Restarting persistent queue runners by sending a HUP signal to
the "queue control process" (QCP) works now.
Increase the length of an input line to 12288 to deal with
really long lines during SMTP AUTH negotiations.
Problem noted by Werner Wiethege.
If ARPANET mode (-ba) was selected STARTTLS would fail (due to
a missing initialization call for that case). Problem
noted by Neil Rickert of Northern Illinois University.
If sendmail is linked against a library that initializes Cyrus-SASL
before sendmail did it (such as libnss-ldap), then SMTP AUTH
could fail for the sendmail client. A patch by Moritz Both
works around the API design flaw of Cyrus-SASLv2.
CONFIG: Make it possible to unset the StatusFile option by
undefining STATUS_FILE. By not setting StatusFile,
the MTA will not attempt to open a statistics file on
each delivery.
CONFIG: New FEATURE(`require_rdns') to reject messages from SMTP
clients whose IP address does not have proper reverse DNS.
Contributed by Neil Rickert of Northern Illinois University
and John Beck of Sun Microsystems.
CONFIG: New FEATURE(`block_bad_helo') to reject messages from SMTP
clients which provide a HELO/EHLO argument which is either
unqualified, or is one of our own names (i.e., the server
name instead of the client name). Contributed by Neil
Rickert of Northern Illinois University and John Beck of
Sun Microsystems.
CONFIG: New FEATURE(`badmx') to reject envelope sender addresses
(MAIL) whose domain part resolves to a "bad" MX record.
Based on contribution from William Dell Wisner.
CONFIG: New macros SMTP_MAILER_LL and RELAY_MAILER_LL to override
the maximum line length of the smtp mailers.
CONFIG: New option `relaytofulladdress' for FEATURE(`access_db')
to allow entries in the access map to be of the form
To:user@example.com RELAY
CONFIG: New subsuboptions eoh and data to specify the list of
macros a milter should receive at those stages in the
SMTP dialogue.
CONFIG: New option confHELO_NAME for HeloName to set the name
for the HELO/EHLO command.
CONFIG: dnsbl and enhdnsbl can now also discard or quarantine
messages by using those values as second argument.
Patches from Nelson Fung.
CONTRIB: cidrexpand uses a hash symbol as comment character and
ignores everything after it unless it is in quotes or
preceeded by a backslash.
DEVTOOLS: New macro confMKDIR: if set to a program that creates
directories, then it used for "make install" to create
the required installation directories.
DEVTOOLS: New macro confCCLINK to specify the linker to use for
executables (defaults to confCC).
LIBMILTER: A new version of the milter API has been created that
has several changes which are listed below and documented
in the webpages reachable via libmilter/docs/index.html.
LIBMILTER: The meaning of the version macro SMFI_VERSION has been
changed. It now refers only to the version of libmilter,
not to the protocol version (which is used only internally,
it is not user/milter-programmer visible). Additionally,
a version function smfi_version() has been introduced such
that a milter program can check the libmilter version also
at runtime which is useful if a shared library is used.
LIBMILTER: A new callback xxfi_negotiate() can be used to
dynamically (i.e., at runtime) determine the available
protocol actions and features of the MTA and also to
specify which of these a milter wants to use. This allows
for more flexibility than hardcoding these flags in the
xxfi_flags field of the smfiDesc structure.
LIBMILTER: A new callback xxfi_data() is available so milters
can act on the DATA command.
LIBMILTER: A new callback xxfi_unknown() is available so milters
can receive also unknown SMTP commands.
LIBMILTER: A new return code SMFIS_NOREPLY has been added which
can be used by the xxfi_header() callback provided the
milter requested the SMFIP_NOHREPL protocol action.
LIBMILTER: The new return code SMFIS_SKIP can be used in the
xxfi_body() callback to skip over further body chunks
and directly advance to the xxfi_eom() callback. This
is useful if a milter can make a decision based on the
body chunks it already received without reading the entire
rest of the body and the milter wants to invoke functions
that are only available from the xxfi_eom() callback.
LIBMILTER: A new function smfi_addrcpt_par() can be used to add
new recipients including ESMTP parameters.
LIBMILTER: A new function smfi_chgfrom() can be used to change the
envelope sender including ESMTP parameters.
LIBMILTER: A milter can now request to be informed about rejected
recipients (RCPT) too. This requires to set the protocol
flag SMFIP_RCPT_REJ during option negotiation. Whether
a RCPT has been rejected can be checked by comparing the
value of the macro {rcpt_mailer} with "error".
LIBMILTER: A milter can now override the list of macros that it
wants to receive from the MTA for each protocol step
by invoking the function smfi_setsymlist() during option
negotiation.
LIBMILTER: A milter can receive header field values with all
leading spaces by requesting the SMFIP_HDR_LEADSPC
protocol action. Also, if the flag is set then the MTA
does not add a leading space to headers that are added,
inserted, or replaced.
LIBMILTER: If a milter sets the reply code to "421" for the HELO
callback, the SMTP server will terminate the SMTP session
with that error to match the behavior of all other callbacks.
New Files:
cf/feature/badmx.m4
cf/feature/block_bad_helo.m4
cf/feature/require_rdns.m4
devtools/M4/UNIX/check.m4
include/sm/misc.h
include/sm/sendmail.h
include/sm/tailq.h
libmilter/docs/smfi_addrcpt_par.html
libmilter/docs/smfi_setsymlist.html
libmilter/docs/xxfi_data.html
libmilter/docs/xxfi_negotiate.html
libmilter/docs/xxfi_unknown.html
libmilter/example.c
libmilter/monitor.c
libmilter/worker.c
libsm/memstat.c
libsm/t-memstat.c
libsm/t-qic.c
libsm/util.c
sendmail/daemon.h
sendmail/map.h
2007-04-26 08:26:27 +02:00
|
|
|
share/sendmail/feature/require_rdns.m4
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/feature/smrsh.m4
|
|
|
|
|
share/sendmail/feature/stickyhost.m4
|
2004-08-30 22:16:28 +02:00
|
|
|
share/sendmail/feature/use_client_ptr.m4
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/feature/use_ct_file.m4
|
|
|
|
|
share/sendmail/feature/use_cw_file.m4
|
|
|
|
|
share/sendmail/feature/uucpdomain.m4
|
upgrade to 8.11.0 from sendmail.org.
the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
2000-07-24 06:22:31 +02:00
|
|
|
share/sendmail/feature/virtuser_entire_domain.m4
|
|
|
|
|
share/sendmail/feature/virtusertable.m4
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/hack/cssubdomain.m4
|
|
|
|
|
share/sendmail/m4/cf.m4
|
|
|
|
|
share/sendmail/m4/cfhead.m4
|
|
|
|
|
share/sendmail/m4/proto.m4
|
|
|
|
|
share/sendmail/m4/version.m4
|
upgrade to 8.11.0 from sendmail.org.
the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
2000-07-24 06:22:31 +02:00
|
|
|
share/sendmail/mailer/cyrus.m4
|
2002-09-23 14:56:57 +02:00
|
|
|
share/sendmail/mailer/cyrusv2.m4
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/mailer/fax.m4
|
|
|
|
|
share/sendmail/mailer/local.m4
|
|
|
|
|
share/sendmail/mailer/mail11.m4
|
|
|
|
|
share/sendmail/mailer/phquery.m4
|
|
|
|
|
share/sendmail/mailer/pop.m4
|
|
|
|
|
share/sendmail/mailer/procmail.m4
|
upgrade to 8.11.0 from sendmail.org.
the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
2000-07-24 06:22:31 +02:00
|
|
|
share/sendmail/mailer/qpage.m4
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/mailer/smtp.m4
|
|
|
|
|
share/sendmail/mailer/usenet.m4
|
upgrade to 8.11.0 from sendmail.org.
the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
2000-07-24 06:22:31 +02:00
|
|
|
share/sendmail/mailer/uucp.m4
|
2002-09-23 14:56:57 +02:00
|
|
|
share/sendmail/ostype/a-ux.m4
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/ostype/aix3.m4
|
|
|
|
|
share/sendmail/ostype/aix4.m4
|
upgrade to sendmail 8.11.2.
8.11.2/8.11.2 2000/12/29
Prevent a segmentation fault when trying to set a class in
address test mode due to a negative array index. Audit
other array indexing. This bug is not believed to be
exploitable. Noted by Michal Zalewski of the "Internet for
Schools" project (IdS).
Add an FFR (for future release) to drop privileges when using
address test mode. This will be turned on in 8.12. It can
be enabled by compiling with:
APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_TESTMODE_DROP_PRIVS')
in your devtools/Site/site.config.m4 file. Suggested by
Michal Zalewski of the "Internet for Schools" project (IdS).
Fix potential problem with Cyrus-SASL security layer which may have
caused I/O errors, especially for mechanism DIGEST-MD5.
When QueueSortOrder was set to host, sendmail might not read
enough of the queue file to determine the host, making the
sort sub-optimal. Problem noted by Jeff Earickson of
Colby College.
Don't issue DSNs for addresses which use the NOTIFY parameter (per
RFC 1891) but don't have FAILURE as value.
Initialize Cyrus-SASL library before the SMTP daemon is started.
This implies that every change to SASL related files requires
a restart of the daemon, e.g., Sendmail.conf, new SASL
mechanisms (in form of shared libraries).
Properly set the STARTTLS related macros during a queue run for
a cached connection. Bug reported by Michael Kellen of
NxNetworks, Inc.
Log the server name in relay= for ruleset tls_server instead of the
client name.
Include original length of bad field/header when reporting
MaxMimeHeaderLength problems. Requested by Ulrich Windl of
the Universitat Regensburg.
Fix delivery to set-user-ID files that are expanded from aliases in
DeliveryMode queue. Problem noted by Ric Anderson of the
University of Arizona.
Fix LDAP map -m (match only) flag. Problem noted by Jeff Giuliano
of Collective Technologies.
Avoid using a negative argument for sleep() calls when delaying answers
to EXPN/VRFY commands on systems which respond very slowly.
Problem noted by Mikolaj J. Habryn of Optus Internet
Engineering.
Make sure the F=u flag is set in the default prog mailer
definition. Problem noted by Kari Hurtta of the Finnish
Meteorological Institute.
Fix IPv6 check for unspecified addresses. Patch from
Jun-ichiro itojun Hagino of the KAME Project.
Fix return values for IRIX nsd map. From Kari Hurtta of the Finnish
Meteorological Institute.
Fix parsing of DaemonPortOptions and ClientPortOptions. Read all
of the parameters to find Family= setting before trying to
interpret Addr= and Port=. Problem noted by Valdis
Kletnieks of Virginia Tech.
When delivering to a file directly from an alias, do not call
initgroups(); instead use the DefaultUser group information.
Problem noted by Marc Schaefer of ALPHANET NF.
RunAsUser now overrides the ownership of the control socket, if
created. Otherwise, sendmail can not remove it upon
close. Problem noted by Werner Wiethege.
Fix ConnectionRateThrottle counting as the option is the number of
overall connections, not the number of connections per
socket. A future version may change this to per socket
counting.
Portability:
Clean up libsmdb so it functions properly on platforms
where sizeof(u_int32_t) != sizeof(size_t). Problem
noted by Rein Tollevik of Basefarm AS.
Fix man page formatting for compatibility with Solaris'
whatis. From Stephen Gildea of InTouch Systems, Inc.
UnixWare 7 includes snprintf() support. From Larry
Rosenman.
IPv6 changes for platforms using KAME. Patch from
Jun-ichiro itojun Hagino of the KAME Project.
Avoid a typedef compile conflict with Berkeley DB 3.X and
Solaris 2.5 or earlier. Problem noted by Bob Hughes
of Pacific Access.
Add preliminary support for AIX 5. Contributed by
Valdis Kletnieks of Virginia Tech.
Solaris 9 load average support from Andrew Tucker of Sun
Microsystems.
CONFIG: Reject addresses of the form a!b if FEATURE(`nouucp', `r')
is used. Problem noted by Phil Homewood of Asia Online,
patch from Neil Rickert of Northern Illinois University.
CONFIG: Change the default DNS based blacklist server for
FEATURE(`dnsbl') to blackholes.mail-abuse.org.
CONFIG: Deal correctly with the 'C' flag in {daemon_flags}, i.e.,
implicitly assume canonical host names.
CONFIG: Deal with "::" in IPv6 addresses for access_db. Based on
patch by Motonori Nakamura of Kyoto University.
CONFIG: New OSTYPE(`aix5') contributed by Valdis Kletnieks of
Virginia Tech.
CONFIG: Pass the illegal header form <list:;> through untouched
instead of making it worse. Problem noted by Motonori
Nakamura of Kyoto University.
CONTRIB: Added buildvirtuser (see `perldoc contrib/buildvirtuser`).
CONTRIB: qtool.pl: An empty queue is not an error. Problem noted
by Jan Krueger of digitalanswers communications consulting
gmbh.
CONTRIB: domainmap.m4: Handle domains with '-' in them. From Mark
Roth of the University of Illinois at Urbana-Champaign.
DEVTOOLS: Change the internal devtools OS, REL, and ARCH m4
variables into bldOS, bldREL, and bldARCH to prevent
namespace collisions. Problem noted by Motonori Nakamura
of Kyoto University.
RMAIL: Undo the 8.11.1 change to use -G when calling sendmail. It
causes some changes in behavior and may break rmail for
installations where sendmail is actually a wrapper to
another MTA. The change will re-appear in a future
version.
SMRSH: Use the vendor supplied directory on HPUX 10.X, HPUX 11.X,
and SunOS 5.8. Requested by Jeff A. Earickson of Colby
College and John Beck of Sun Microsystems.
VACATION: Fix pattern matching for addresses to ignore.
VACATION: Don't reply to addresses of the form owner-*
or *-owner.
New Files:
cf/ostype/aix5.m4
contrib/buildvirtuser
devtools/OS/AIX.5.0
2001-01-04 13:09:28 +01:00
|
|
|
share/sendmail/ostype/aix5.m4
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/ostype/altos.m4
|
|
|
|
|
share/sendmail/ostype/amdahl-uts.m4
|
|
|
|
|
share/sendmail/ostype/bsd4.3.m4
|
|
|
|
|
share/sendmail/ostype/bsd4.4.m4
|
upgrade to 8.11.0 from sendmail.org.
the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
2000-07-24 06:22:31 +02:00
|
|
|
share/sendmail/ostype/bsdi.m4
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/ostype/bsdi1.0.m4
|
|
|
|
|
share/sendmail/ostype/bsdi2.0.m4
|
upgrade to 8.11.0 from sendmail.org.
the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
2000-07-24 06:22:31 +02:00
|
|
|
share/sendmail/ostype/darwin.m4
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/ostype/dgux.m4
|
|
|
|
|
share/sendmail/ostype/domainos.m4
|
2005-02-10 23:17:24 +01:00
|
|
|
share/sendmail/ostype/dragonfly.m4
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/ostype/dynix3.2.m4
|
update to 8.11.4. security related change included (no exploit available yet)
8.11.4/8.11.4 2001/05/28
Clean up signal handling routines to reduce the chances of heap
corruption and other potential race conditions.
Terminating and restarting the daemon may not be
instantaneous due to this change. Also, non-root users can
no longer send out-of-band signals. Problem reported by
Michal Zalewski of BindView.
If LogLevel is greater than 9 and SASL fails to negotiate an
encryption layer, avoid core dump logging the encryption
strength. Problem noted by Miroslav Zubcic of Crol.
If a server offers "AUTH=" and "AUTH " and the list of mechanisms is
different in those two lines, sendmail might not have
recognized (and used) all of the offered mechanisms.
Fix an IP address lookup problem on Solaris 2.0 - 2.3. Patch
from Kenji Miyake.
This time, really don't use the .. directory when expanding
QueueDirectory wildcards.
If a process is interrupted while closing a map, don't try to close
the same map again while exiting.
Allow local mailers (F=l) to contact remote hosts (e.g., via
LMTP). Problem noted by Norbert Klasen of the University
of Tuebingen.
If Timeout.QueueReturn was set to a value less the time it took
to write a new queue file (e.g., 0 seconds), the bounce
message would be lost. Problem noted by Lorraine L Goff of
Oklahoma State University.
Pass map argument vector into map rewriting engine for the regex
and prog map types. Problem noted by Stephen Gildea of
InTouch Systems, Inc.
When closing an LDAP map due to a temporary error, close all of the
other LDAP maps which share the original map's connection
to the LDAP server. Patch from Victor Duchovni of
Morgan Stanley.
To detect changes of NDBM aliases files check the timestamp of the
.pag file instead of the .dir file. Problem noted by Neil
Rickert of Northern Illinois University.
Don't treat temporary hesiod lookup failures as permanent. Patch
from Werner Wiethege.
If ClientPortOptions is set, make sure to create the outgoing socket
with the family set in that option. Patch from Sean Farley.
Avoid a segmentation fault trying to dereference a NULL pointer
when logging a MaxHopCount exceeded error with an empty
recipient list. Problem noted by Chris Adams of HiWAAY
Internet Services.
Fix DSN for "Too many hops" bounces. Problem noticed by Ulrich
Windl of the Universitaet Regensburg.
Fix DSN for "mail loops back to me" bounces. Problem noticed by
Kari Hurtta of the Finnish Meteorological Institute.
Portability:
OpenBSD has a broken setreuid() implementation.
CONFIG: Undo change from 8.11.1: change 501 SMTP reply code back
to 553 since it is allowed by DRUMS.
CONFIG: Add OSTYPE(freebsd4) for FreeBSD 4.X.
DEVTOOLS: install.sh did not properly handle paths in the source
file name argument. Noted by Kari Hurtta of the Finnish
Meteorological Institute.
DEVTOOLS: Add FAST_PID_RECYCLE to compile time options for OpenBSD
since it generates random process ids.
PRALIASES: Add back adaptive algorithm to deal with different endings
of entries in the database (with/without trailing '\0').
Patch from John Beck of Sun Microsystems.
New Files:
cf/ostype/freebsd4.m4
2001-05-29 05:31:26 +02:00
|
|
|
share/sendmail/ostype/freebsd4.m4
|
2002-09-23 14:56:57 +02:00
|
|
|
share/sendmail/ostype/freebsd5.m4
|
2005-10-14 10:36:02 +02:00
|
|
|
share/sendmail/ostype/freebsd6.m4
|
upgrade to 8.11.0 from sendmail.org.
the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
2000-07-24 06:22:31 +02:00
|
|
|
share/sendmail/ostype/gnu.m4
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/ostype/hpux10.m4
|
upgrade to 8.11.0 from sendmail.org.
the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
2000-07-24 06:22:31 +02:00
|
|
|
share/sendmail/ostype/hpux11.m4
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/ostype/hpux9.m4
|
|
|
|
|
share/sendmail/ostype/irix4.m4
|
|
|
|
|
share/sendmail/ostype/irix5.m4
|
|
|
|
|
share/sendmail/ostype/irix6.m4
|
|
|
|
|
share/sendmail/ostype/isc4.1.m4
|
|
|
|
|
share/sendmail/ostype/linux.m4
|
|
|
|
|
share/sendmail/ostype/maxion.m4
|
|
|
|
|
share/sendmail/ostype/mklinux.m4
|
2002-09-23 14:56:57 +02:00
|
|
|
share/sendmail/ostype/mpeix.m4
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/ostype/nextstep.m4
|
upgrade to 8.11.0 from sendmail.org.
the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
2000-07-24 06:22:31 +02:00
|
|
|
share/sendmail/ostype/openbsd.m4
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/ostype/osf1.m4
|
|
|
|
|
share/sendmail/ostype/powerux.m4
|
|
|
|
|
share/sendmail/ostype/ptx2.m4
|
|
|
|
|
share/sendmail/ostype/qnx.m4
|
|
|
|
|
share/sendmail/ostype/riscos4.5.m4
|
|
|
|
|
share/sendmail/ostype/sco-uw-2.1.m4
|
upgrade to 8.11.0 from sendmail.org.
the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
2000-07-24 06:22:31 +02:00
|
|
|
share/sendmail/ostype/sco3.2.m4
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/ostype/sinix.m4
|
|
|
|
|
share/sendmail/ostype/solaris2.m4
|
|
|
|
|
share/sendmail/ostype/solaris2.ml.m4
|
upgrade to 8.11.0 from sendmail.org.
the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
2000-07-24 06:22:31 +02:00
|
|
|
share/sendmail/ostype/solaris2.pre5.m4
|
2000-11-19 08:44:38 +01:00
|
|
|
share/sendmail/ostype/solaris8.m4
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/ostype/sunos3.5.m4
|
|
|
|
|
share/sendmail/ostype/sunos4.1.m4
|
|
|
|
|
share/sendmail/ostype/svr4.m4
|
|
|
|
|
share/sendmail/ostype/ultrix4.m4
|
2004-08-30 22:16:28 +02:00
|
|
|
share/sendmail/ostype/unicos.m4
|
|
|
|
|
share/sendmail/ostype/unicosmk.m4
|
|
|
|
|
share/sendmail/ostype/unicosmp.m4
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/ostype/unixware7.m4
|
|
|
|
|
share/sendmail/ostype/unknown.m4
|
upgrade to 8.11.0 from sendmail.org.
the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
2000-07-24 06:22:31 +02:00
|
|
|
share/sendmail/ostype/uxpds.m4
|
2002-09-23 14:56:57 +02:00
|
|
|
share/sendmail/sendmail.schema
|
1999-04-09 01:00:33 +02:00
|
|
|
share/sendmail/sh/makeinfo.sh
|
upgrade to 8.11.0 from sendmail.org.
the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
2000-07-24 06:22:31 +02:00
|
|
|
share/sendmail/siteconfig/uucp.cogsci.m4
|
|
|
|
|
share/sendmail/siteconfig/uucp.old.arpa.m4
|
|
|
|
|
share/sendmail/siteconfig/uucp.ucbarpa.m4
|
|
|
|
|
share/sendmail/siteconfig/uucp.ucbvax.m4
|
Update to 8.14.4:
8.14.4/8.14.4 2009/12/30
SECURITY: Handle bogus certificates containing NUL characters
in CNs by placing a string indicating a bad certificate
in the {cn_subject} or {cn_issuer} macro. Patch inspired
by Matthias Andree's changes for fetchmail.
During the generation of a queue identifier an integer overflow
could occur which might result in bogus characters
being used. Based on patch from John Vannoy of
Pepperdine University.
The value of headers, e.g., Precedence, Content-Type, et.al.,
was not processed correctly. Patch from Per Hedeland.
Between 8.11.7 and 8.12.0 the length limitation on a return
path was erroneously reduced from MAXNAME (256) to
MAXSHORTSTR (203). Patch from John Gardiner Myers
of Proofpoint; the problem was also noted by Steve
Hubert of University of Washington.
Prevent a crash when a hostname lookup returns a seemingly
valid result which contains a NULL pointer (this seems
to be happening on some Linux versions).
The process title was missing the current load average when
the MTA was delaying connections due to DelayLA.
Patch from Dick St.Peters of NetHeaven.
Do not reset the number of queue entries in shared memory if
only some of them are processed.
Fix overflow of an internal array when parsing some replies
from a milter. Problem found by Scott Rotondo
of Sun Microsystems.
If STARTTLS is turned off in the server (via M=S) then it
would not be initialized for use in the client either.
Patch from Kazuteru Okahashi of IIJ.
If a Diffie-Hellman cipher is selected for STARTTLS, the
handshake could fail with some TLS implementations
because the prime used by the server is not long enough.
Note: the initialization of the DSA/DH parameters for
the server can take a significant amount of time on slow
machines. This can be turned off by setting DHParameters
to none or a file (see doc/op/op.me). Patch from
Petr Lampa of the Brno University of Technology.
Fix handling of `b' modifier for DaemonPortOptions on little
endian machines for loopback address. Patch from
John Beck of Sun Microsystems.
Fix a potential memory leak in libsmdb/smdb1.c found by parfait.
Based on patch from Jonathan Gray of OpenBSD.
If a milter sets the reply code to "421" during the transfer
of the body, the SMTP server will terminate the SMTP session
with that error to match the behavior of the other callbacks.
Return EX_IOERR (instead of 0) if a mail submission fails due to
missing disk space in the mail queue. Based on patch
from Martin Poole of RedHat.
CONFIG: Using FEATURE(`ldap_routing')'s `nodomain' argument would
cause addresses not found in LDAP to be misparsed.
CONFIG: Using a CN restriction did not work for TLS_Clt as it
referred to a wrong macro. Patch from John Gardiner
Myers of Proofpoint.
CONFIG: The option relaytofulladdress of FEATURE(`access_db')
did not work if FEATURE(`relay_hosts_only') is used too.
Problem noted by Kristian Shaw.
CONFIG: The internal function lower() was broken and hence
strcasecmp() did not work either, which could cause
problems for some FEATURE()s if upper case arguments
were used. Patch from Vesa-Matti J Kari of the
University of Helsinki.
LIBMILTER: Fix internal check whether a milter application
is compiled against the same version of libmilter as
it is linked against (especially useful for dynamic
libraries).
LIBMILTER: Fix memory leak that occurred when smfi_setsymlist()
was used. Based on patch by Dan Lukes.
LIBMILTER: Document the effect of SMFIP_HDR_LEADSPC for filters
which add, insert, or replace headers. From Benjamin
Pineau.
LIBMILTER: Fix error messages which refer to "select()" to be
correct if SM_CONF_POLL is used. Based on patch from
John Nemeth.
LIBSM: Fix handling of LDAP search failures where the error is
carried in the search result itself, such as seen with
OpenLDAP proxy servers.
VACATION: Do not refer to a local variable outside its scope.
Based on patch from Mark Costlow of Southwest Cyberport.
Portability:
Enable HAVE_NANOSLEEP for SunOS 5.11. Patch from
John Beck of Sun Microsystems.
Drop NISPLUS from default SunOS 5.11 map definitions.
Patch from John Beck of Sun Microsystems.
2010-01-16 01:31:13 +01:00
|
|
|
@pkgdir libexec/sm.bin
|
