unconditionally. All supported systems should have poll(2). If
one is found that doesn't then this can be revisited and some way
of making it conditional can be implemented.
This resolves an issue with applications that have a large
number of open files and want to bump FD_SETSIZE. Since libmilter
no longer uses select(2), the application is free to monkey with
FD_SETSIZE as it pleases.
had a chance to closely examine it, I would prefer it be done
slightly differently. Also, the patch patches multiple files in
direct contravention of pkgsrc guidelines. One of the files is
also patched by a different patch. Having multiple patches applied
to a single file makes maitenance much more difficult.
mail delivery with non local NSS passwd source, such as LDAP.
Stock LDAP uses getpwnam(3) to lookup recipients. As mandated by SUSv2,
getpwnam(3) does not set errno, so Sendmail has no way of distinguishing
a non existing user and an error with a remote NSS source. Therefore,
when the LDAP server goes down, Sendmail bounces mail to valid recipients.
A first workround is to remove F=w from Mlocal in sendmail.cf. This will
inhibit local recipient lookups, but it has a two drawbacks
- ~/.forward do not work anymore
- For multi-recipient mails with a single inexistent user, mail.local
cause a DSN reporting an error for all users, whereas all valid users
do get the message.
A better workaround is this patch, which calls getpwnam_r(3). This newer
API do set errno and do return an error code. Sendmail is therefore able
to detect that it had a transcient error in NSS, and it will react by
queuing the message. This is what you really want to happen when LDAP
is down.
I have not been able to get any feedback from Sendmail developers about
this patch.
Changes since version 8.14.2:
* the MTA accessed storage after it free()d it. This was a regression
introduced in 8.14.2, but the bug only showed up on a few operating
systems.
* ruleset processing: the function cataddr() could cause the addition of
the BlankSub character between some tokens when it should not happen
and thus failures in rule matching. It seems that none of the default
rules were affected by this bug and hence the problem did not show up
for default configurations.
* the libmilter state engine did not deal correctly with milters that
requested the omission of protocol steps during the negotiation callback.
Approved by John Nemeth.
8.14.1/8.14.1 2007/04/03
Even though a milter rejects a recipient the MTA will still keep
it in its list of recipients and deliver to it if the
transaction is accepted. This is a regression introduced
in 8.14.0 due to the change for SMFIP_RCPT_REJ. Bug
found by Andy Fiddaman.
The new DaemonPortOptions which begin with a lower case character
could not be set in 8.14.0.
If a server shut down the connection in response to a STARTTLS
command, sendmail would log a misleading error message
due to an internal inconsistency. Problem found by
Werner Wiethege.
Document how some sendmail.cf options change the behavior of mailq.
Noted by Paul Menchini of the North Carolina School of
Science and Mathematics.
CONFIG: Add confSOFT_BOUNCE m4 option for setting SoftBounce.
CONFIG: 8.14.0's RELEASE_NOTES failed to mention the addition
of the confMAX_NOOP_COMMANDS and confSHARED_MEMORY_KEY_FILE
m4 options for setting MaxNOOPCommands and
SharedMemoryKeyFile.
CONFIG: Add confMILTER_MACROS_EOH and confMILTER_MACROS_DATA m4
options for setting Milter.macros.eoh and Milter.macros.data.
CONTRIB: Use flock() and fcntl() in qtool.pl if necessary.
Patch from Daniel Carroll of Mesa State College.
LIBMILTER: Make sure an unknown command does not affect the
currently available macros. Problem found by Andy Fiddaman.
LIBMILTER: The MTA did not offer SMFIF_SETSYMLIST during option
negotiation. Problem reported by Bryan Costales.
LIBMILTER: Fix several minor errors in the documentation.
Patches from Bryan Costales.
PORTABILITY FIXES:
AIX 5.{1,2}: libsm/util.c failed to compile due to
redefinition of several macros, e.g., SIG_ERR.
Patch from Jim Pirzyk with assistance by Bob
Booth, University of Illinois at Urbana-Champaign.
Add support for QNX.6. Patch from Sean Boudreau of QNX
Software Systems.
New Files:
devtools/M4/depend/QNX6.m4
devtools/OS/QNX.6.x
include/sm/os/sm_os_qnx.h
New Files added in 8.14.0, but not shown in the release notes entry:
libmilter/docs/smfi_chgfrom.html
libmilter/docs/smfi_version.html
8.14.0/8.14.0 2007/01/31
Header field values are now 8 bit clean. Notes:
- header field names are still restricted to 7 bit.
- RFC 2822 allows only 7 bit (US-ASCII) characters in
headers.
Preserve spaces after the colon in a header. Previously, any
number of spaces after the colon would be changed to
exactly one space.
In some cases of deeply nested aliases/forwarding, mail can
be silently lost. Moreover, the MaxAliasRecursion
limit may be reached too early, e.g., the counter
may be off by a factor of 4 in case of a sequence of
.forward files that refer to others. Patch from
Motonori Nakamura of Kyoto University.
Fix a regression in 8.13.8: if InputMailFilters is set then
"sendmail -bs" can trigger an assertion because the
hostname of the client is undefined. It is now set
to "localhost" for the xxfi_connect() callback.
Avoid referencing a freed variable during cleanup when terminating.
Problem reported and diagnosed by Joe Maimon.
New option HeloName to set the name for the HELO/EHLO command.
Patch from Nik Clayton.
New option SoftBounce to issue temporary errors (4xy) instead of
permanent errors (5xy). This can be useful for testing.
New suboptions for DaemonPortOptions to set them individually
per daemon socket:
DeliveryMode DeliveryMode
refuseLA RefuseLA
delayLA DelayLA
queueLA QueueLA
children MaxDaemonChildren
New option -K for LDAP maps to replace %1 through %9 in the
lookup key with the LDAP escaped contents of the
arguments specified in the map lookup. Loosely based
on patch from Wolfgang Hottgenroth.
Log the time after which a greet_pause delay triggered. Patch
from Nik Clayton.
If a client is rejected via TCP wrapper or some other check
performed by validate_connection() (in conf.c) then do
not also invoke greet_pause. Problem noted by Jim Pirzyk
of the University of Illinois at Urbana-Champaign.
If a client terminates the SMTP connection during a pause
introduced by greet_pause, then a misleading message
was logged previously. Problem noted by Vernon Schryver
et.al., patch from Matej Vela.
New command "mstat" for control socket to provide "machine
readable" status.
New named config file rule check_eom which is called at the end
of a message, its parameter is the size of the message.
If the macro {addr_type} indicates that the current address
is a header address it also distinguishes between
recipient and sender addresses (as it is done for
envelope addresses).
When a macro is set in check_relay, then its value is accessible
by all transactions in the same SMTP session.
Increase size of key for ldap lookups to 1024 (MAXKEY).
New option MaxNOOPCommands to override default of 20 for the
number of "useless" commands before the SMTP server will
slow down responding.
New option SharedMemoryKeyFile: if shared memory support is
enabled, the MTA can be asked to select a shared memory
key itself by setting SharedMemoryKey to -1 and specifying
a file where to store the selected key.
Try to deal with open HTTP proxies that are used to send spam
by recognizing some commands from them. If the first command
from the client is GET, POST, CONNECT, or USER, then the
connection is terminated immediately.
New PrivacyOptions noactualrecipient to avoid putting
X-Actual-Recipient lines in DSNs revealing the actual
account that addresses map to. Patch from Dan Harkless.
New options B, z, and Z for DNS maps:
-B: specify a domain that is always appended to queries.
-z: specify the delimiter at which to cut off the result of
a query if it is too long.
-Z: specify the maximum number of entries to be concatenated
to form the result of a lookup.
New target "check" in the Makefile of libsm: instead of running tests
implicitly while building libsm, they must be explicitly
started by using "make check".
Fixed some inconsistent checks for NULL pointers that have been
reported by the SATURN tool which has been developed by
Isil Dillig and Thomas Dillig of Stanford University.
Fix a potential race condition caused by a signal handler for
terminated child processes. Problem noted by David F. Skoll.
When a milter deleted a recipient, that recipient could cause a
queue group selection. This has been disabled as it was not
intended.
New operator 'r' for the arith map to return a random number.
Patch from Motonori Nakamura of Kyoto University.
New compile time option MILTER_NO_NAGLE to turn off the Nagle
algorithm for communication with libmilter ("cork" on Linux),
which may improve the communication performance on some
operating systems. Patch from John Gardiner Myers of
Proofpoint.
If sendmail received input that contained a CR without subsequent LF
(thus violating RFC 2821 (2.3.7)), it could previously
generate an additional blank line in the output as the last
line.
Restarting persistent queue runners by sending a HUP signal to
the "queue control process" (QCP) works now.
Increase the length of an input line to 12288 to deal with
really long lines during SMTP AUTH negotiations.
Problem noted by Werner Wiethege.
If ARPANET mode (-ba) was selected STARTTLS would fail (due to
a missing initialization call for that case). Problem
noted by Neil Rickert of Northern Illinois University.
If sendmail is linked against a library that initializes Cyrus-SASL
before sendmail did it (such as libnss-ldap), then SMTP AUTH
could fail for the sendmail client. A patch by Moritz Both
works around the API design flaw of Cyrus-SASLv2.
CONFIG: Make it possible to unset the StatusFile option by
undefining STATUS_FILE. By not setting StatusFile,
the MTA will not attempt to open a statistics file on
each delivery.
CONFIG: New FEATURE(`require_rdns') to reject messages from SMTP
clients whose IP address does not have proper reverse DNS.
Contributed by Neil Rickert of Northern Illinois University
and John Beck of Sun Microsystems.
CONFIG: New FEATURE(`block_bad_helo') to reject messages from SMTP
clients which provide a HELO/EHLO argument which is either
unqualified, or is one of our own names (i.e., the server
name instead of the client name). Contributed by Neil
Rickert of Northern Illinois University and John Beck of
Sun Microsystems.
CONFIG: New FEATURE(`badmx') to reject envelope sender addresses
(MAIL) whose domain part resolves to a "bad" MX record.
Based on contribution from William Dell Wisner.
CONFIG: New macros SMTP_MAILER_LL and RELAY_MAILER_LL to override
the maximum line length of the smtp mailers.
CONFIG: New option `relaytofulladdress' for FEATURE(`access_db')
to allow entries in the access map to be of the form
To:user@example.com RELAY
CONFIG: New subsuboptions eoh and data to specify the list of
macros a milter should receive at those stages in the
SMTP dialogue.
CONFIG: New option confHELO_NAME for HeloName to set the name
for the HELO/EHLO command.
CONFIG: dnsbl and enhdnsbl can now also discard or quarantine
messages by using those values as second argument.
Patches from Nelson Fung.
CONTRIB: cidrexpand uses a hash symbol as comment character and
ignores everything after it unless it is in quotes or
preceeded by a backslash.
DEVTOOLS: New macro confMKDIR: if set to a program that creates
directories, then it used for "make install" to create
the required installation directories.
DEVTOOLS: New macro confCCLINK to specify the linker to use for
executables (defaults to confCC).
LIBMILTER: A new version of the milter API has been created that
has several changes which are listed below and documented
in the webpages reachable via libmilter/docs/index.html.
LIBMILTER: The meaning of the version macro SMFI_VERSION has been
changed. It now refers only to the version of libmilter,
not to the protocol version (which is used only internally,
it is not user/milter-programmer visible). Additionally,
a version function smfi_version() has been introduced such
that a milter program can check the libmilter version also
at runtime which is useful if a shared library is used.
LIBMILTER: A new callback xxfi_negotiate() can be used to
dynamically (i.e., at runtime) determine the available
protocol actions and features of the MTA and also to
specify which of these a milter wants to use. This allows
for more flexibility than hardcoding these flags in the
xxfi_flags field of the smfiDesc structure.
LIBMILTER: A new callback xxfi_data() is available so milters
can act on the DATA command.
LIBMILTER: A new callback xxfi_unknown() is available so milters
can receive also unknown SMTP commands.
LIBMILTER: A new return code SMFIS_NOREPLY has been added which
can be used by the xxfi_header() callback provided the
milter requested the SMFIP_NOHREPL protocol action.
LIBMILTER: The new return code SMFIS_SKIP can be used in the
xxfi_body() callback to skip over further body chunks
and directly advance to the xxfi_eom() callback. This
is useful if a milter can make a decision based on the
body chunks it already received without reading the entire
rest of the body and the milter wants to invoke functions
that are only available from the xxfi_eom() callback.
LIBMILTER: A new function smfi_addrcpt_par() can be used to add
new recipients including ESMTP parameters.
LIBMILTER: A new function smfi_chgfrom() can be used to change the
envelope sender including ESMTP parameters.
LIBMILTER: A milter can now request to be informed about rejected
recipients (RCPT) too. This requires to set the protocol
flag SMFIP_RCPT_REJ during option negotiation. Whether
a RCPT has been rejected can be checked by comparing the
value of the macro {rcpt_mailer} with "error".
LIBMILTER: A milter can now override the list of macros that it
wants to receive from the MTA for each protocol step
by invoking the function smfi_setsymlist() during option
negotiation.
LIBMILTER: A milter can receive header field values with all
leading spaces by requesting the SMFIP_HDR_LEADSPC
protocol action. Also, if the flag is set then the MTA
does not add a leading space to headers that are added,
inserted, or replaced.
LIBMILTER: If a milter sets the reply code to "421" for the HELO
callback, the SMTP server will terminate the SMTP session
with that error to match the behavior of all other callbacks.
New Files:
cf/feature/badmx.m4
cf/feature/block_bad_helo.m4
cf/feature/require_rdns.m4
devtools/M4/UNIX/check.m4
include/sm/misc.h
include/sm/sendmail.h
include/sm/tailq.h
libmilter/docs/smfi_addrcpt_par.html
libmilter/docs/smfi_setsymlist.html
libmilter/docs/xxfi_data.html
libmilter/docs/xxfi_negotiate.html
libmilter/docs/xxfi_unknown.html
libmilter/example.c
libmilter/monitor.c
libmilter/worker.c
libsm/memstat.c
libsm/t-memstat.c
libsm/t-qic.c
libsm/util.c
sendmail/daemon.h
sendmail/map.h
fixes by patch.)
While here, fix PR pkg/33821 by substituting pkgsrc's BINOWN, BINGRP, and
INSTALL definitions into the installed share/sendmail/cf/Makefile.
8.13.7/8.13.7 2006/06/14
A malformed MIME structure with many parts can cause sendmail to
crash while trying to send a mail due to a stack overflow,
e.g., if the stack size is limited (ulimit -s). This
happens because the recursion of the function mime8to7()
was not restricted. The function is called for MIME 8 to
7 bit conversion and also to enforce MaxMimeHeaderLength.
To work around this problem, recursive calls are limited to
a depth of MAXMIMENESTING (20); message content after this
limit is treated as opaque and is not checked further.
Problem noted by Frank Sheiness.
The changes to the I/O layer in 8.13.6 caused a regression for
SASL mechanisms that use the security layer, e.g.,
DIGEST-MD5. Problem noted by Robert Stampfli.
If a timeout occurs while reading a message (during the DATA phase)
a df file might have been left behind in the queue.
This was another side effect of the changes to the I/O
layer made in 8.13.6.
Several minor problems have been fixed that were found by a
Coverity scan of sendmail 8 as part of the NetBSD
distribution. See http://scan.coverity.com/
Note: the scan generated also a lot of "false positives",
e.g., "error" reports about situations that cannot happen.
Most of those code places are marked with lint(1) comments
like NOTREACHED, but Coverity does not understand those.
Hence an explicit assertion has been added in some cases
to avoid those false positives.
If the start of the sendmail daemon fails due to a configuration
error then in some cases shared memory segments or pid
files were not removed.
If DSN support is disabled via access_db, then related ESMTP
parameters for MAIL and RCPT should be rejected. Problem
reported by Akihiro Sagawa.
Enabling zlib compression in OpenSSL 0.9.8[ab] breaks the padding
bug work-around. Hence if sendmail is linked against
either of these versions and compression is available,
the padding bug work-around is turned off. Based on
patch from Victor Duchovni of Morgan Stanley.
CONFIG: FEATURE(`dnsbl') and FEATURE(`enhdnsbl') used
blackholes.mail-abuse.org as default domain for lookups,
however, that list is no longer available. To avoid
further problems, no default value is available anymore,
but an argument must be specified.
Portability:
Fix compilation on OSF/1 for sfsasl.c. Patch from
Pieter Bowman of the University of Utah.
A malformed MIME structure with many parts can cause sendmail to
crash while trying to send a mail due to a stack overflow,
e.g., if the stack size is limited (ulimit -s). This
happens because the recursion of the function mime8to7()
was not restricted. The function is called for MIME 8 to
7 bit conversion and also to enforce MaxMimeHeaderLength.
To work around this problem, recursive calls are limited to
a depth of MAXMIMENESTING (20); message content after this
limit is treated as opaque and is not checked further.
Use a better boundary check, which doesn't depend on PATH_MAX >> NAME_MAX.
Both changes are from DragonFly and have been reported upstream.
Install only man pages, not the catpages. The installation was
inconsistent before.
Bump revision. OK from tv@.
> 8.13.6/8.13.6 2006/03/22
> SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
> and client side of sendmail with timeouts in the libsm I/O
> layer and fix problems in that code. Also fix handling of
> a buffer in sm_syslog() which could have been used as an
> attack vector to exploit the unsafe handling of
> setjmp(3)/longjmp(3) in combination with signals.
> Problem detected by Mark Dowd of ISS X-Force.
> Handle theoretical integer overflows that could triggered if
> the server accepted headers larger than the maximum
> (signed) integer value. This is prevented in the default
> configuration by restricting the size of a header, and on
> most machines memory allocations would fail before reaching
> those values. Problems found by Phil Brass of ISS.
> If a server returns 421 for an RSET command when trying to start
> another transaction in a session while sending mail, do
> not trigger an internal consistency check. Problem found
> by Allan E Johannesen of Worcester Polytechnic Institute.
> If a server returns a 5xy error code (other than 501) in response
> to a STARTTLS command despite the fact that it advertised
> STARTTLS and that the code is not valid according to RFC
> 2487 treat it nevertheless as a permanent failure instead
> of a protocol error (which has been changed to a
> temporary error in 8.13.5). Problem reported by Jeff
> A. Earickson of Colby College.
> Clear SMTP state after a HELO/EHLO command. Patch from John
> Myers of Proofpoint.
> Observe MinQueueAge option when gathering entries from the queue
> for sorting etc instead of waiting until the entries are
> processed. Patch from Brian Fundakowski Feldman.
> Set up TLS session cache to properly handle clients that try to
> resume a stored TLS session.
> Properly count the number of (direct) child processes such that
> a configured value (MaxDaemonChildren) is not exceeded.
> Based on patch from Attila Bruncsak.
> LIBMILTER: Remove superfluous backslash in macro definition
> (libmilter.h). Based on patch from Mike Kupfer of
> Sun Microsystems.
> LIBMILTER: Don't try to set SO_REUSEADDR on UNIX domain sockets.
> This generates an error message from libmilter on
> Solaris, though other systems appear to just discard the
> request silently.
> LIBMILTER: Deal with sigwait(2) implementations that return
> -1 and set errno instead of returning an error code
> directly. Patch from Chris Adams of HiWAAY Informations
> Services.
> Portability:
> Fix compilation checks for closefrom(3) and statvfs(2)
> in NetBSD. Problem noted by S. Moonesamy, patch from
> Andrew Brown.
- Remove old patch-ai
- From the ChangeLog:
> The bug fixes in 8.13.3 for connection handling uncovered a
> different error which could result in connections that
> stay in CLOSE_WAIT state due to a variable that was not
> properly initialized. Problem noted by Michael Sims.
> Deal with empty hostnames in hostsignature(). This bug could lead
> to an endless loop when doing LMTP deliveries to another
> host. Problem first reported by Martin Lathoud and
> tracked down by Gael Roualland.
> Make sure return parameters are initialized in getmxrr(). Problem
> found by Gael Roualland using valgrind.
> If shared memory is used and the RunAsUser option is set, then the
> owner and group of the shared memory segment is set to
> the ids specified RunAsUser and the access mode is set
> to 0660 to allow for updates by sendmail processes.
> The number of queue entries that is (optionally) kept in shared
> memory was wrong in some cases, e.g., envelope splitting
> and bounce generation.
> Undo a change made in 8.13.0 to silently truncate long strings
> in address rewriting because the message can be triggered
> for header checks where long strings are legitimate.
> Problem reported by Mary Verge DeSisto, and tracked
> down with the help of John Beck of Sun Microsystems.
> The internal stab map did not obey the -m flag. Patch from
> Rob McMahon of Warwick University, England.
> The socket map did not obey the -f flag. Problem noted by
> Dan Ringdahl, forwarded by Andrzej Filip.
> The addition of LDAP recursion in 8.13.0 broke enforcement of
> the LDAP map -1 argument which tells the MTA to only
> return success if and only if a single LDAP match is found.
> Add additional error checks in the MTA for milter communication
> to avoid a possible segmentation fault. Based on patch
> by Joe Maimon.
> Do not trigger an assertion if X509_digest() returns success but
> does not assign a value to its output parameter. Based
> on patch by Brian Kantor.
> Add more checks when resetting internal AUTH data (applies only
> to Cyrus SASL version 2). Otherwise an SMTP session might
> be dropped after an AUTH failure.
> Portability:
> Add LA_LONGLONG as valid LA_TYPE type for systems that use
> "long long" to read load average data, e.g.,
> AIX 5.1 in 32 bit mode. Note: this has to be set
> "by hand", it is not (yet) automatically detected.
> Problem noted by Burak Bilen.
> Use socklen_t for accept(), etc. on AIX 5.x. This should
> fix problems when compiling in 64 bit mode.
> Problem first reported by Harry Meiert of
> University of Bremen.
- Fix smrsh man page patch
- Tidy up MESSAGE
- Replace 8.13.1 errata with 8.13.3 errata
- Remove rename of file outside ${PREFIX} on db2 installs
> 8.13.3/8.13.3 2005/01/11
> Enhance handling of I/O errors, especially EOF, when STARTTLS
> is active.
> Make sure a connection is not reused after it has been closed
> due to a 421 error. Problem found by Allan E Johannesen
> of Worcester Polytechnic Institute.
> Avoid triggering an assertion when sendmail is interrupted while
> closing a connection. Problem found by Allan E Johannesen
> of Worcester Polytechnic Institute.
> Regression: a change in 8.13.2 caused sendmail not to try the
> next MX host (or FallbackMXhost if configured) when, at
> connection open, the current server returns a 4xy or 5xy
> SMTP reply code. Problem noted by Mark Tranchant.
>
> 8.13.2/8.13.2 2004/12/15
> Do not split the first header even if it exceeds the internal
> buffer size. Previously a part of such a header would
> end up in the body of the message. Problem noted by
> Simple Nomad of BindView.
> Do not complain about "cataddr: string too long" when checking
> headers that do not contain RFC 2822 addresses.
> Problem noted by Rich Graves of Brandeis University.
> If a server returns a 421 reply to the RSET command between
> message deliveries, do not attempt to deliver any more
> messages on that connection. This prevents bogus "Bad
> file number" recipient status. Problem noted by
> Allan E Johannesen of Worcester Polytechnic Institute.
> Allow trailing white space in EHLO command as recommended by RFC
> 2821. Problem noted by Ralph Santagato of SBC Services.
> Deal with clients which use AUTH but negotiate a smaller buffer size
> for data exchanges than the value used by sendmail, e.g.,
> Cyrus IMAP lmtp server. Based on patch by Jamie Clark.
> When passing ESMTP arguments for RCPT to a milter, do not cut
> them off at a comma. Problem noted by Krzysztof Oledzki.
> Add more logging to milter change header functions to
> complement existing logging. Based on patch from
> Gurusamy Sarathy of Active State.
> Include <lber.h> in include/sm/config.h when LDAPMAP is defined.
> Patch from Edgar Hoch of the University of Stuttgart.
> Fix DNS lookup if IPv6 is enabled when converting an IP address
> to a hostname for use with SASL. Problem noted by Ken Jones;
> patch from Hajimu UMEMOTO.
> CONFIG: For consistency enable MODIFY_MAILER_FLAGS for the prog
> mailer. Patch from John Beck of Sun Microsystems.
> LIBMILTER: It was possible that xxfi_abort() was called after
> xxfi_eom() for a message if some timeouts were triggered.
> Patch from Alexey Kravchuk.
> LIBMILTER: Slightly rearrange mutex use in listener.c to allow
> different threads to call smfi_opensocket() and smfi_main().
> Patch from Jordan Ritter of Cloudmark.
> MAIL.LOCAL: Properly terminate MBDB before exiting. Problem
> noted by Nelson Fung.
> MAIL.LOCAL: make strip-mail.local used a wrong path to access
> mail.local. Problem noted by William Park.
> VACATION: Properly terminate MBDB before exiting. Problem noted
> by Nelson Fung.
> Portability:
> Add support for DragonFly BSD.
> New Files:
> cf/ostype/dragonfly.m4
> devtools/OS/DragonFly
> include/sm/os/sm_os_dragonfly.h
> Deleted Files:
> libsm/vsscanf.c
pkgsrc changes:
- move to use options.mk framework
- solaris support tidy-up
- fix linux man page extension handling bug
- allow for a user defined smrsh directory
- update MASTER_SITES
- optional SOCKETMAP support and sample script installation
- ok'ed snj@/wiz@
Summary of some of the major changes include:
- New map "socket" to query maps via TCP/IP sockets.
- Connection rate control as well as control over the number of incoming open
connections.
- Several LDAP enhancements such as LDAP recursion and LDAP URI support.
- Message quarantining.
- AUTH EXTERNAL will only be enabled if STARTTLS was successful and the client
has been authenticated, i.e., {verify} is OK.
- Basic support for certificate revocation lists.
- New queue timeouts for DSN messages.
- Experimental support for MTAMark.
For a full list of changes see:
- http://www.sendmail.org/8.13.0.html
- http://www.sendmail.org/8.13.1.html
that do make it into the binary package. Under the default configuration
on NetBSD these files are erroneous. This fix should resolve PR 20852
Here are the details:
1) /etc/mail/statistics
This file is created like so:
statistics:
${CP} /dev/null statistics
This file is not needed because sendmail is configured to use:
O StatusFile=/var/log/sendmail.st
To avoid creating this file, I added to devtools/OS/NetBSD:
define(`confNO_STATISTICS_INSTALL', `')
2) /etc/mail/submit.cf
This file is not needed because we install it as:
${PREFIX}/share/sendmail/cf/submit.cf
To avoid installing /etc/mail/submit.cf, I added to devtools/OS/NetBSD:
define(`confINST_DEP', `')
If confINST_DEP is undefined, then it will default to:
`${DESTDIR}/etc/mail/submit.cf ${DESTDIR}${MSPQ}'
3) /var/db/pkg/sendmail-8.12.8nb1/+INSTALL
This is now created by pkg_add with the binary package.
It appears the problem is resolved.
4) /var/spool/clientmqueue
This directory is not needed because sendmail is configured to use:
O QueueDirectory=/var/spool/mqueue
To avoid installing this directory, I added to devtools/OS/NetBSD:
define(`confINST_DEP', `')
Also SASL 2 support added and PLIST tuning.
8.12.8/8.12.8 2003/02/11
SECURITY: Fix a remote buffer overflow in header parsing by
dropping sender and recipient header comments if the
comments are too long. Problem noted by Mark Dowd
of ISS X-Force.
Fix a potential non-exploitable buffer overflow in parsing the
.cf queue settings and potential buffer underflow in
parsing ident responses. Problem noted by Yichen Xie of
Stanford University Compilation Group.
Fix ETRN #queuegroup command: actually start a queue run for
the selected queue group. Problem noted by Jos Vos.
If MaxMimeHeaderLength is set and a malformed MIME header is fixed,
log the fixup as "Fixed MIME header" instead of "Truncated
MIME header". Problem noted by Ian J Hart.
CONFIG: Fix regression bug in proto.m4 that caused a bogus
error message: "FEATURE() should be before MAILER()".
MAIL.LOCAL: Be more explicit in some error cases, i.e., whether
a mailbox has more than one link or whether it is not
a regular file. Patch from John Beck of Sun Microsystems.
8.12.7/8.12.7 2002/12/29
Properly clean up macros to avoid persistence of session data
across various connections. This could cause session
oriented restrictions, e.g., STARTTLS requirements,
to erroneously allow a connection. Problem noted
by Tim Maletic of Priority Health.
Do not lookup MX records when sorting the MSP queue. The MSP
only needs to relay all mail to the MTA. Problem found
by Gary Mills of the University of Manitoba.
Do not restrict the length of connection information to 100
characters in some logging statements. Problem noted by
Erik Parker.
When converting an enhanced status code to an exit status, use
EX_CONFIG if the first digit is not 2, 4, or 5 or if *.1.5
is used.
Reset macro $x when receiving another MAIL command. Problem
noted by Vlado Potisk of Wigro s.r.o.
Don't bother setting the permissions on the build area statistics
file, the proper permissions will be put on the file at
install time. This fixes installation over NFS for some
users. Problem noted by Martin J. Dellwo of 3-Dimensional
Pharmaceuticals, Inc.
Fix problem of decoding SASLv2 encrypted data. Problem noted by
Alex Deiter of Mobile TeleSystems, Komi Republic.
Log milter socket open errors at MilterLogLevel 1 or higher instead
of 11 or higher.
Print early system errors to the console instead of silently
exiting. Problem noted by James Jong of IBM.
Do not process a queue group if Runners is set to 0, regardless
of whether F=f or sendmail is run in verbose mode (-v).
The use of -qGname will still force queue group "name"
to be run even if Runners=0.
Change the level for logging the fact that a daemon is refusing
connections due to high load from LOG_INFO to LOG_NOTICE.
Patch from John Beck of Sun Microsystems.
Use location information for submit.cf from NetInfo
(/locations/sendmail/submit.cf) if available.
Re-enable ForkEachJob which was lost in 8.12.0. Problem noted by
Neil Rickert of Northern Illinois University.
Make behavior of /canon in debug mode consistent with usage in
rulesets. Patch from Shigeno Kazutaka of IIJ.
Fix a potential memory leak in envelope splitting. Problem noted
by John Majikes of IBM.
Do not try to share an mailbox database LDAP connection across
different processes. Problem noted by Randy Kunkee.
Fix logging for undelivered recipients when the SMTP connection
times out during message collection. Problem noted by Neil
Rickert of Northern Illinois University.
Avoid problems with QueueSortOrder=random due to problems with
qsort() on Solaris (and maybe some other operating systems).
Problem noted by Stephan Schulz of Gruner+Jahr..
If -f "" is specified, set the sender address to "<>". Problem
noted by Matthias Andree.
Fix formatting problem of footnotes for plain text output on some
versions of tmac. Patch from Per Hedeland.
Portability:
Berkeley DB 4.1 support (requires at least 4.1.25).
Some getopt(3) implementations in GNU/Linux are broken
and pass a NULL pointer to an option which requires
an argument, hence the builtin version of
sendmail is used instead. This can be overridden
by using -DSM_CONF_GETOPT=0. Problem noted by
Vlado Potisk of Wigro s.r.o.
Support for nph-1.2.0 from Mark D. Roth of the University
of Illinois at Urbana-Champaign.
Support for FreeBSD 5.0's MAC labeling from Robert Watson
of the TrustedBSD Project.
Support for reading the number of processors on an IRIX
system from Michel Bourget of SGI.
Support for UnixWare 7.1 based on input from Larry Rosenman.
Interix support from Nedelcho Stanev of Atlantic Sky
Corporation.
Update Mac OS X/Darwin portability from Wilfredo Sanchez.
CONFIG: Enforce tls_client restrictions even if delay_checks
is used. Problem noted by Malte Starostik.
CONFIG: Deal with an empty hostname created via bogus
DNS entries to get around access restrictions.
Problem noted by Kai Schlichting.
CONFIG: Use FEATURE(`msp', `[127.0.0.1]') in submit.mc by default
to avoid problems with hostname resolution for localhost
which on many systems does not resolve to 127.0.0.1 (or
::1 for IPv6). If you do not use IPv4 but only IPv6 then
you need to change submit.mc accordingly, see the comment
in the file itself.
CONFIG: Set confDONT_INIT_GROUPS to True in submit.mc to avoid
error messages from initgroups(3) on AIX 4.3 when sending
mail to non-existing users. Problem noted by Mark Roth of
the University of Illinois at Urbana-Champaign.
CONFIG: Allow local_procmail to override local_lmtp settings.
CONFIG: Always allow connections from 127.0.0.1 or IPv6:::1 to
relay.
CONTRIB: cidrexpand: Deal with the prefix tags that may be included
in access_db.
CONTRIB: New version of doublebounce.pl contributed by Leo Bicknell.
LIBMILTER: On Solaris libmilter may get into an endless loop if
an error in the communication from/to the MTA occurs.
Patch from Gurusamy Sarathy of Active State.
LIBMILTER: Ignore EINTR from sigwait(3) which may happen on Tru64.
Patch from from Jose Marcio Martins da Cruz of Ecole
Nationale Superieure des Mines de Paris.
MAIL.LOCAL: Fix a truncation race condition if the close() on
the mailbox fails. Problem noted by Tomoko Fukuzawa of
Sun Microsystems.
MAIL.LOCAL: Fix a potential file descriptor leak if mkstemp(3)
fails. Patch from John Beck of Sun Microsystems.
SMRSH: SECURITY: Only allow regular files or symbolic links to be
used for a command. Problem noted by David Endler of
iDEFENSE, Inc.
New Files:
devtools/OS/Interix
include/sm/bdb.h
Large number of bug fixes and feature enhancements, especially Milter
(Mail Filter) support and by default installation of sendmail does not use
set-user-ID root anymore.
confDELIVERBYMIN and confSHAREDMEMORYKEY have been renamed to
confDELIVER_BY_MIN and confSHARED_MEMORY_KEY, respectively.
The macro {sendmailMTACluster} replaces {LDAPCluster}.
Added FEATURE(`queuegroup') for selecting a queue group in the
access database.
Added OSTYPE(`freebsd4')
sendmail/TUNING gives some hints about performance tuning.
Any IPv6 addresses used in configuration should be prefixed by the
"IPv6:" tag to identify the address properly. For example, if you
want to add the IPv6 address [2002:c0a8:51d2::23f4] to class {w},
you would need to add [IPv6:2002:c0a8:51d2::23f4]; if you want to
use it in the access database, you would need to use
IPv6:2002:c0a8:51d2::23f4 on the left hand side.
8.11.3/8.11.3 2001/02/27
Prevent a segmentation fault when a bogus value was used in the
LDAPDefaultSpec option's -r, -s, or -M flags and if a bogus
option was used. Problem noted by Allan E Johannesen of
Worcester Polytechnic Institute.
Prevent "token too long" message by shortening {currHeader} which
could be too long if the last copied character was a quote.
Problem detected by Jan Krueger of digitalanswers
communications consulting gmbh.
Additional IPv6 check for unspecified addresses. Patch from
Jun-ichiro itojun Hagino of the KAME Project.
Do not ignore the ClientPortOptions setting if DaemonPortOptions
Modifier=b (bind to same interface) is set and the
connection came in from the command line.
Do not bind to the loopback address if DaemonPortOptions
Modifier=b (bind to same interface) is set. Patch from
John Beck of Sun Microsystems.
Properly deal with open failures on non-optional maps used in
check_* rulesets by returning a temporary failure.
Buffered file I/O files were not being properly fsync'ed to disk
when they were committed.
Properly encode '=' for the AUTH= parameter of the MAIL command.
Problem noted by Hadmut Danisch.
Under certain circumstances the macro {server_name} could be set
to the wrong hostname (of a previous connection), which may
cause some rulesets to return wrong results. This would
usually cause mail to be queued up and delivered later on.
Ignore F=z (LMTP) mailer flag if $u is given in the mailer A=
equate. Problem noted by Motonori Nakamura of Kyoto
University.
Work around broken accept() implementations which only partially
fill in the peer address if the socket is closed before
accept() completes.
Return an SMTP "421" temporary failure if the data file can't be
opened where the "354" reply would normally be given.
Prevent a CPU loop in trying to expand a macro which doesn't exist
in a queue run. Problem noted by Gordon Lack of Glaxo
Wellcome.
If delivering via a program and that program exits with EX_TEMPFAIL,
note that fact for the mailq display instead of just showing
"Deferred". Problem noted by Motonori Nakamura of Kyoto
University.
If doing canonification via /etc/hosts, try both the fully
qualified hostname as well as the first portion of the
hostname. Problem noted by David Bremner of the
University of New Brunswick.
Portability:
Fix a compilation problem for mail.local and rmail if SFIO
is in use. Problem noted by Auteria Wally
Winzer Jr. of Champion Nutrition.
IPv6 changes for platforms using KAME. Patch from
Jun-ichiro itojun Hagino of the KAME Project.
OpenBSD 2.7 and higher has srandomdev(3). OpenBSD 2.8 and
higher has BSDI-style login classes. Patch from
Todd C. Miller of Courtesan Consulting.
Unixware 7.1.1 doesn't allow h_errno to be set directly if
sendmail is being compiled with -kthread. Problem
noted by Orion Poplawski of CQG, Inc.
CONTRIB: buildvirtuser: Substitute current domain for $DOMAIN and
current left hand side for $LHS in virtuser files.
DEVTOOLS: Do not pass make targets to recursive Build invocations.
Problem noted by Jeff Bronson of J.D. Bronson, Inc.
MAIL.LOCAL: In LMTP mode, do not return errors regarding problems
storing the temporary message file until after the remote
side has sent the final DATA termination dot. Problem
noted by Allan E Johannesen of Worcester Polytechnic
Institute.
MAIL.LOCAL: If LMTP mode is set, give a temporary error if users
are also specified on the command line. Patch from
Motonori Nakamura of Kyoto University.
PRALIASES: Skip over AliasFile specifications which aren't based on
database files (i.e., only show dbm, hash, and btree).
Renamed Files:
devtools/OS/OSF1.V5.0 => devtools/OS/OSF1.V5.x
8.11.2/8.11.2 2000/12/29
Prevent a segmentation fault when trying to set a class in
address test mode due to a negative array index. Audit
other array indexing. This bug is not believed to be
exploitable. Noted by Michal Zalewski of the "Internet for
Schools" project (IdS).
Add an FFR (for future release) to drop privileges when using
address test mode. This will be turned on in 8.12. It can
be enabled by compiling with:
APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_TESTMODE_DROP_PRIVS')
in your devtools/Site/site.config.m4 file. Suggested by
Michal Zalewski of the "Internet for Schools" project (IdS).
Fix potential problem with Cyrus-SASL security layer which may have
caused I/O errors, especially for mechanism DIGEST-MD5.
When QueueSortOrder was set to host, sendmail might not read
enough of the queue file to determine the host, making the
sort sub-optimal. Problem noted by Jeff Earickson of
Colby College.
Don't issue DSNs for addresses which use the NOTIFY parameter (per
RFC 1891) but don't have FAILURE as value.
Initialize Cyrus-SASL library before the SMTP daemon is started.
This implies that every change to SASL related files requires
a restart of the daemon, e.g., Sendmail.conf, new SASL
mechanisms (in form of shared libraries).
Properly set the STARTTLS related macros during a queue run for
a cached connection. Bug reported by Michael Kellen of
NxNetworks, Inc.
Log the server name in relay= for ruleset tls_server instead of the
client name.
Include original length of bad field/header when reporting
MaxMimeHeaderLength problems. Requested by Ulrich Windl of
the Universitat Regensburg.
Fix delivery to set-user-ID files that are expanded from aliases in
DeliveryMode queue. Problem noted by Ric Anderson of the
University of Arizona.
Fix LDAP map -m (match only) flag. Problem noted by Jeff Giuliano
of Collective Technologies.
Avoid using a negative argument for sleep() calls when delaying answers
to EXPN/VRFY commands on systems which respond very slowly.
Problem noted by Mikolaj J. Habryn of Optus Internet
Engineering.
Make sure the F=u flag is set in the default prog mailer
definition. Problem noted by Kari Hurtta of the Finnish
Meteorological Institute.
Fix IPv6 check for unspecified addresses. Patch from
Jun-ichiro itojun Hagino of the KAME Project.
Fix return values for IRIX nsd map. From Kari Hurtta of the Finnish
Meteorological Institute.
Fix parsing of DaemonPortOptions and ClientPortOptions. Read all
of the parameters to find Family= setting before trying to
interpret Addr= and Port=. Problem noted by Valdis
Kletnieks of Virginia Tech.
When delivering to a file directly from an alias, do not call
initgroups(); instead use the DefaultUser group information.
Problem noted by Marc Schaefer of ALPHANET NF.
RunAsUser now overrides the ownership of the control socket, if
created. Otherwise, sendmail can not remove it upon
close. Problem noted by Werner Wiethege.
Fix ConnectionRateThrottle counting as the option is the number of
overall connections, not the number of connections per
socket. A future version may change this to per socket
counting.
Portability:
Clean up libsmdb so it functions properly on platforms
where sizeof(u_int32_t) != sizeof(size_t). Problem
noted by Rein Tollevik of Basefarm AS.
Fix man page formatting for compatibility with Solaris'
whatis. From Stephen Gildea of InTouch Systems, Inc.
UnixWare 7 includes snprintf() support. From Larry
Rosenman.
IPv6 changes for platforms using KAME. Patch from
Jun-ichiro itojun Hagino of the KAME Project.
Avoid a typedef compile conflict with Berkeley DB 3.X and
Solaris 2.5 or earlier. Problem noted by Bob Hughes
of Pacific Access.
Add preliminary support for AIX 5. Contributed by
Valdis Kletnieks of Virginia Tech.
Solaris 9 load average support from Andrew Tucker of Sun
Microsystems.
CONFIG: Reject addresses of the form a!b if FEATURE(`nouucp', `r')
is used. Problem noted by Phil Homewood of Asia Online,
patch from Neil Rickert of Northern Illinois University.
CONFIG: Change the default DNS based blacklist server for
FEATURE(`dnsbl') to blackholes.mail-abuse.org.
CONFIG: Deal correctly with the 'C' flag in {daemon_flags}, i.e.,
implicitly assume canonical host names.
CONFIG: Deal with "::" in IPv6 addresses for access_db. Based on
patch by Motonori Nakamura of Kyoto University.
CONFIG: New OSTYPE(`aix5') contributed by Valdis Kletnieks of
Virginia Tech.
CONFIG: Pass the illegal header form <list:;> through untouched
instead of making it worse. Problem noted by Motonori
Nakamura of Kyoto University.
CONTRIB: Added buildvirtuser (see `perldoc contrib/buildvirtuser`).
CONTRIB: qtool.pl: An empty queue is not an error. Problem noted
by Jan Krueger of digitalanswers communications consulting
gmbh.
CONTRIB: domainmap.m4: Handle domains with '-' in them. From Mark
Roth of the University of Illinois at Urbana-Champaign.
DEVTOOLS: Change the internal devtools OS, REL, and ARCH m4
variables into bldOS, bldREL, and bldARCH to prevent
namespace collisions. Problem noted by Motonori Nakamura
of Kyoto University.
RMAIL: Undo the 8.11.1 change to use -G when calling sendmail. It
causes some changes in behavior and may break rmail for
installations where sendmail is actually a wrapper to
another MTA. The change will re-appear in a future
version.
SMRSH: Use the vendor supplied directory on HPUX 10.X, HPUX 11.X,
and SunOS 5.8. Requested by Jeff A. Earickson of Colby
College and John Beck of Sun Microsystems.
VACATION: Fix pattern matching for addresses to ignore.
VACATION: Don't reply to addresses of the form owner-*
or *-owner.
New Files:
cf/ostype/aix5.m4
contrib/buildvirtuser
devtools/OS/AIX.5.0
sfio code (no longer depends onto devel/sfio)
8.11.1/8.11.1 2000/09/27
Fix SMTP EXPN command output if the address expands to a single
name. Fix from John Beck of Sun Microsystems.
Don't try STARTTLS in the client if the PRNG has not been properly
seeded. This problem only occurs on systems without
/dev/urandom. Problem detected by Jan Krueger of
digitalanswers communications consulting gmbh and
Neil Rickert of Northern Illinois University.
Don't use the . and .. directories when expanding QueueDirectory
wildcards.
Do not try to cache LDAP connections across processes as a parent
process may close the connection before the child process
has completed. Problem noted by Lai Yiu Fai of the Hong
Kong University of Science and Technology and Wolfgang
Hottgenroth of UUNET.
Use Timeout.fileopen to limit the amount of time spent trying to
read the LDAP secret from a file.
Prevent SIGTERM from removing a command line submitted item after
the user submits the message and before the first delivery
attempt completes. Problem noted by Max France of AlphaNet.
Fix from Neil Rickert of Northern Illinois University.
Deal correctly with MaxMessageSize restriction if message size is
greater than 2^31.
Turn off queue checkpointing if CheckpointInterval is set to zero.
Treat an empty home directory (from getpw*() or $HOME) as
non-existent instead of treating it as /. Problem noted by
Todd C. Miller of Courtesan Consulting.
Don't drop duplicate headers when reading a queued item. Problem
noted by Motonori Nakamura of Kyoto University.
Avoid bogus error text when logging the savemail panic "cannot
save rejected email anywhere". Problem noted by Marc G.
Fournier of Acadia University.
If an LDAP search fails because the LDAP server went down, close
the map so subsequent searches reopen the map. If there are
multiple LDAP servers, the down server will be skipped and
one of the others may be able to take over.
Set the ${load_avg} macro to the current load average, not the
previous load average query result.
If a non-optional map used in a check_* ruleset can't be opened,
return a temporary failure to the remote SMTP client
instead of ignoring the map. Problem noted by Allan E
Johannesen of Worcester Polytechnic Institute.
Avoid a race condition when queuing up split envelopes by saving
the split envelopes before the original envelope.
Fix a bug in the PH_MAP code which caused mail to bounce instead of
defer if the PH server could not be contacted. From Mark
Roth of the University of Illinois at Urbana-Champaign.
Prevent QueueSortOrder=Filename from interfering with -qR, -qS, and
ETRN. Problem noted by Erik R. Leo of SoVerNet.
Change error code for unrecognized parameters to the SMTP MAIL and
RCPT commands from 501 to 555 per RFC 1869. Problem
reported to Postfix by Robert Norris of Monash University.
Prevent overwriting the argument of -B on certain OS. Problem
noted by Matteo Gelosa of I.NET S.p.A.
Use the proper routine for freeing memory with Netscape's LDAP
client libraries. Patch from Paul Hilchey of the
University of British Columbia.
Portability:
Move the NETINET6 define to devtools/OS/SunOS.5.{8,9}
instead of defining it in conf.h so users can
override the setting. Suggested by
Henrik Nordstrom of Ericsson.
On HP-UX 10.X and 11.X, use /usr/sbin/sendmail instead of
/usr/lib/sendmail for rmail and vacation. From
Jeff A. Earickson of Colby College.
On HP-UX 11.X, use /usr/sbin instead of /usr/libexec (which
does not exist). From Jeff A. Earickson of Colby
College.
Avoid using the UCB subsystem on NCR MP-RAS 3.x. From
Tom Moore of NCR.
NeXT 3.X and 4.X installs man pages in /usr/man. From
Hisanori Gogota of NTT/InterCommunicationCenter.
Solaris 8 and later include /var/run. The default PID file
location is now /var/run/sendmail.pid. From John
Beck of Sun Microsystems.
SFIO includes snprintf() for those operating systems
which do not. From Todd C. Miller of Courtesan
Consulting.
CONFIG: Use the result of _CERT_REGEX_SUBJECT_ not {cert_subject}.
Problem noted by Kaspar Brand of futureLab AG.
CONFIG: Change 553 SMTP reply code to 501 to avoid problems with
errors in the MAIL address.
CONFIG: Fix FEATURE(nouucp) usage in example .mc files. Problem
noted by Ron Jarrell of Virginia Tech.
CONFIG: Add support for Solaris 8 (and later) as OSTYPE(solaris8).
Contributed by John Beck of Sun Microsystems.
CONFIG: Set confFROM_HEADER such that the mail hub can possibly add
GECOS information for an address. This more closely
matches pre-8.10 nullclient behavior. From Per Hedeland of
Ericsson.
CONFIG: Fix MODIFY_MAILER_FLAGS(): apply the flag modifications for
SMTP to all *smtp* mailers and those for RELAY to the relay
mailer as described in cf/README.
MAIL.LOCAL: Open the mailbox as the recipient not root so quotas
are obeyed. Problem noted by Damian Kuczynski of NIK.
MAKEMAP: Do not change a map's owner to the TrustedUser if using
makemap to 'unmake' the map.
RMAIL: Avoid overflowing the list of recipients being passed to
sendmail.
RMAIL: Invoke sendmail with '-G' to indicate this is a gateway
submission. Problem noted by Kari Hurtta of the Finnish
Meteorological Institute.
VACATION: Read the complete message to avoid "broken pipe" signals.
VACATION: Do not cut off vacation.msg files which have a single
dot as the only character on the line.
New Files:
cf/ostype/solaris8.m4
confLDOPTS.
the real problem is in sendmail side - M4 macro APPENDDEF chokes if we
pass string with "," inside. we are okay for now, as we don't have any
APPENDDEF against confLDOPTS. in general, we are not sure if the fix works
for everyone.
not sure if we need the similar fix for Solaris or not.
problem report From: Bernd.Ernesti@security.kpnqwest.com (Bernd Ernesti)
the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
