Merge sendmail 8.16.1 to HEAD: See contrib/sendmail/RELEASE_NOTES for details

Includes build infrastructure & config updates required for changes in 8.16.1

MFC after:	5 days
This commit is contained in:
Gregory Neil Shapiro 2020-07-15 18:28:54 +00:00
commit 5b0945b570
236 changed files with 13015 additions and 4861 deletions

View File

@ -1,4 +1,3 @@
# $Id: CACerts,v 8.6 2013-01-18 15:14:17 ca Exp $
# This file contains some CA certificates that are used to sign the # This file contains some CA certificates that are used to sign the
# certificates of mail servers of members of the sendmail consortium # certificates of mail servers of members of the sendmail consortium
# who may reply to questions etc sent to sendmail.org. # who may reply to questions etc sent to sendmail.org.
@ -10,189 +9,92 @@ Certificate:
Data: Data:
Version: 3 (0x2) Version: 3 (0x2)
Serial Number: Serial Number:
92:91:67:de:e0:ef:2c:e4 81:9d:41:0f:40:55:ac:4a
Signature Algorithm: sha1WithRSAEncryption Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2015/emailAddress=ca+ca-rsa2015@esmtp.org Issuer: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=CA/emailAddress=ca+ca-rsa2018@esmtp.org
Validity Validity
Not Before: Mar 2 19:15:29 2015 GMT Not Before: Feb 27 02:30:55 2018 GMT
Not After : Mar 1 19:15:29 2018 GMT Not After : Feb 26 02:30:55 2021 GMT
Subject: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2015/emailAddress=ca+ca-rsa2015@esmtp.org Subject: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=CA/emailAddress=ca+ca-rsa2018@esmtp.org
Subject Public Key Info: Subject Public Key Info:
Public Key Algorithm: rsaEncryption Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit) Public-Key: (2048 bit)
Modulus: Modulus:
00:b9:1a:a1:56:ce:cb:16:af:4f:96:ba:2a:70:31: 00:b8:a3:8d:79:28:c1:1f:9c:11:74:43:26:e1:3b:
70:d3:86:6c:7a:46:26:47:42:3f:de:49:57:3e:08: cc:14:87:5b:6b:64:4c:ed:79:1b:7f:2a:03:d0:7b:
1e:10:25:bf:06:8f:ca:fd:f4:5e:6a:01:7d:31:4d: ef:9e:88:b0:64:36:ee:58:ef:fd:d9:c7:20:b3:71:
50:88:18:43:71:66:65:42:9c:90:97:0d:95:f2:14: e9:6d:1e:a7:bc:c1:7c:3b:fe:2a:e4:16:2f:bc:d6:
ef:d7:5e:77:ef:7d:b5:49:3f:02:bb:83:20:f7:e6: 2c:f5:98:f9:c4:21:1c:ca:c3:7e:57:89:c8:a9:2f:
fc:9a:cd:13:df:60:41:28:8e:39:07:a6:a4:40:98: da:6b:9b:52:d6:c9:9d:98:97:6d:08:7c:a6:37:4e:
15:1e:46:b6:04:2e:f9:ab:32:d1:8b:fe:52:81:f1: d4:26:bb:db:73:b0:38:ef:7d:1e:dd:8e:dd:8e:17:
d2:e1:c3:cf:bf:ab:40:a7:f0:e4:e5:a2:82:37:30: 2f:a0:3d:a9:0e:4d:f0:2b:b8:14:23:33:ad:c8:a0:
8c:10:7d:aa:a8:7c:7e:76:cc:5f:1a:24:d0:8c:94: e5:9d:0f:27:ad:83:a2:78:90:05:ec:29:06:91:07:
f6:f2:7f:4a:be:2f:38:67:c0:06:e6:9e:51:ad:55: 45:6c:5f:ba:8e:1d:f1:d7:1b:2d:f9:99:ba:2e:27:
d0:cb:26:71:cf:f4:af:7d:5a:41:81:16:fb:26:ec: e1:03:7d:e9:d2:54:35:cc:39:79:07:83:d8:93:9b:
f0:35:01:6e:db:f9:e9:00:d7:d0:89:7b:cf:88:16: d6:ef:72:ab:d4:63:8e:6b:f7:00:66:5f:77:e8:b6:
8b:1c:8f:77:1f:5d:ef:70:04:28:76:c5:1b:c6:23: bc:de:5f:8c:d0:ce:1a:c4:db:03:9d:e4:ee:0a:ec:
8d:49:6b:f0:b8:21:56:d6:7d:68:6c:be:21:e3:e6: 77:c5:f2:30:69:7e:70:12:e5:c2:4a:28:3f:e7:19:
e3:1d:6f:a5:ea:dc:83:e4:27:b3:6f:5f:1b:3d:33: eb:af:41:fb:e6:a6:1d:b5:fd:2b:99:03:f5:20:90:
a1:d5:d3:f0:73:1a:12:eb:d9:95:00:71:59:16:b4: 38:73:bd:43:70:da:cf:1f:34:5d:ab:17:4b:73:cf:
e4:60:38:b2:2e:7f:b7:d4:c5:e9:3f:74:e4:48:38: f9:3d:e1:a2:79:14:de:d8:40:85:82:c4:5a:84:82:
29:89 32:f1
Exponent: 65537 (0x10001) Exponent: 65537 (0x10001)
X509v3 extensions: X509v3 extensions:
X509v3 Subject Key Identifier: X509v3 Subject Key Identifier:
B1:69:DB:5E:9B:CE:1A:B4:1D:B2:6A:FC:5A:22:97:B6:24:14:6F:32 42:37:75:E7:8F:12:CF:D9:EB:21:22:7D:8A:E8:49:21:FD:E2:3A:3A
X509v3 Authority Key Identifier: X509v3 Authority Key Identifier:
keyid:B1:69:DB:5E:9B:CE:1A:B4:1D:B2:6A:FC:5A:22:97:B6:24:14:6F:32 keyid:42:37:75:E7:8F:12:CF:D9:EB:21:22:7D:8A:E8:49:21:FD:E2:3A:3A
DirName:/C=US/ST=California/L=Berkeley/O=Endmail Org/OU=MTA/CN=Claus Assmann CA RSA 2015/emailAddress=ca+ca-rsa2015@esmtp.org DirName:/C=US/ST=California/L=Berkeley/O=Endmail Org/OU=MTA/CN=CA/emailAddress=ca+ca-rsa2018@esmtp.org
serial:92:91:67:DE:E0:EF:2C:E4 serial:81:9D:41:0F:40:55:AC:4A
X509v3 Basic Constraints: X509v3 Basic Constraints:
CA:TRUE CA:TRUE
X509v3 Subject Alternative Name: X509v3 Subject Alternative Name:
email:ca+ca-rsa2015@esmtp.org email:ca+ca-rsa2018@esmtp.org
X509v3 Issuer Alternative Name: X509v3 Issuer Alternative Name:
email:ca+ca-rsa2015@esmtp.org email:ca+ca-rsa2018@esmtp.org
Signature Algorithm: sha1WithRSAEncryption Signature Algorithm: sha1WithRSAEncryption
0a:ce:07:39:77:08:c5:3a:00:04:e8:a0:3b:f7:d2:4c:79:02: 0b:4c:e5:c2:ed:0a:e5:7b:95:29:22:d4:8f:5f:cb:1b:b1:e3:
23:0b:da:c0:55:39:82:71:0a:0c:83:e2:de:f2:3b:fe:23:bc: 4c:fc:90:e7:2e:97:87:87:a2:63:0d:6d:4d:f0:1f:0d:84:11:
9b:13:34:d1:29:0a:16:3f:01:7d:9f:fb:4b:aa:12:dc:3b:7e: dc:df:b7:fa:c3:c6:2e:07:e9:a0:e9:a6:9f:54:17:ad:1a:d0:
b9:27:7b:ec:0c:3f:c0:d9:f5:d8:a8:a1:9c:1c:3a:2f:40:df: 36:be:31:cc:a5:85:a0:45:4a:87:45:80:7e:de:ea:97:68:e0:
27:1a:1a:a0:74:00:19:b7:82:0e:f9:45:86:bf:32:da:0e:72: 2b:09:5d:9a:31:6f:f5:78:22:c5:66:2a:99:70:9e:6d:c4:ab:
0a:4c:2c:39:21:63:c3:1f:61:6e:e2:4d:ba:7a:26:1a:15:ce: f6:90:01:70:53:07:66:6c:a6:b5:ce:4b:36:05:83:87:0c:a7:
b1:f6:1a:59:04:70:ed:e8:72:05:4c:fc:84:c6:a5:f4:e2:4a: e0:1e:34:d0:5e:76:a4:20:71:cd:9d:c1:ae:82:27:e0:6f:16:
40:e4:42:70:87:9a:a7:02:26:3a:47:34:09:e0:7b:88:ca:fb: 57:74:e7:63:9f:d0:3d:72:91:6d:97:a4:82:23:84:dd:6e:0d:
99:d9:9b:bb:0c:52:8a:93:d5:59:30:0b:55:42:b4:bb:d2:b1: da:43:00:a7:ce:2f:f8:79:04:67:6a:e5:b0:ab:30:d8:f1:90:
49:55:81:a4:70:a0:49:19:f2:4f:61:94:af:e9:d7:62:68:65: 10:43:3b:09:77:27:34:a4:d4:c0:25:4e:21:32:a3:ab:60:1c:
97:67:00:26:b8:9b:b2:2c:d0:2c:83:7d:3e:b3:31:73:b9:55: 9d:6e:e2:65:39:51:7f:cd:9f:88:3a:7e:f4:38:af:7b:5b:a7:
49:53:fa:a3:ad:1b:02:67:08:9e:ce:9e:eb:9f:47:0d:6c:95: bb:7b:70:97:21:59:fc:5c:55:a1:db:74:0a:37:1e:33:97:5f:
e9:6c:30:92:c1:94:67:ad:d9:e3:b9:61:ea:a9:72:98:81:3a: 70:32:98:b3:d9:99:4e:08:3c:de:01:82:17:9b:49:d7:fa:c9:
62:80:70:20:9a:3e:c4:1f:6f:bd:b4:00:ec:b1:fe:71:da:91: 45:8d:93:cc:42:d6:36:f2:39:3a:47:28:3f:6f:6a:e5:23:f3:
15:89:f7:8f 5c:d4:a3:1b
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgIJAJKRZ97g7yzkMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD MIIE4jCCA8qgAwIBAgIJAIGdQQ9AVaxKMA0GCSqGSIb3DQEBBQUAMIGOMQswCQYD
VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTERMA8GA1UEBwwIQmVya2VsZXkx VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTERMA8GA1UEBwwIQmVya2VsZXkx
FDASBgNVBAoMC0VuZG1haWwgT3JnMQwwCgYDVQQLDANNVEExIjAgBgNVBAMMGUNs FDASBgNVBAoMC0VuZG1haWwgT3JnMQwwCgYDVQQLDANNVEExCzAJBgNVBAMMAkNB
YXVzIEFzc21hbm4gQ0EgUlNBIDIwMTUxJjAkBgkqhkiG9w0BCQEWF2NhK2NhLXJz MSYwJAYJKoZIhvcNAQkBFhdjYStjYS1yc2EyMDE4QGVzbXRwLm9yZzAeFw0xODAy
YTIwMTVAZXNtdHAub3JnMB4XDTE1MDMwMjE5MTUyOVoXDTE4MDMwMTE5MTUyOVow MjcwMjMwNTVaFw0yMTAyMjYwMjMwNTVaMIGOMQswCQYDVQQGEwJVUzETMBEGA1UE
gaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQHDAhC CAwKQ2FsaWZvcm5pYTERMA8GA1UEBwwIQmVya2VsZXkxFDASBgNVBAoMC0VuZG1h
ZXJrZWxleTEUMBIGA1UECgwLRW5kbWFpbCBPcmcxDDAKBgNVBAsMA01UQTEiMCAG aWwgT3JnMQwwCgYDVQQLDANNVEExCzAJBgNVBAMMAkNBMSYwJAYJKoZIhvcNAQkB
A1UEAwwZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAxNTEmMCQGCSqGSIb3DQEJARYX FhdjYStjYS1yc2EyMDE4QGVzbXRwLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEP
Y2ErY2EtcnNhMjAxNUBlc210cC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ADCCAQoCggEBALijjXkowR+cEXRDJuE7zBSHW2tkTO15G38qA9B7756IsGQ27ljv
ggEKAoIBAQC5GqFWzssWr0+WuipwMXDThmx6RiZHQj/eSVc+CB4QJb8Gj8r99F5q /dnHILNx6W0ep7zBfDv+KuQWL7zWLPWY+cQhHMrDfleJyKkv2mubUtbJnZiXbQh8
AX0xTVCIGENxZmVCnJCXDZXyFO/XXnfvfbVJPwK7gyD35vyazRPfYEEojjkHpqRA pjdO1Ca723OwOO99Ht2O3Y4XL6A9qQ5N8Cu4FCMzrcig5Z0PJ62DoniQBewpBpEH
mBUeRrYELvmrMtGL/lKB8dLhw8+/q0Cn8OTlooI3MIwQfaqofH52zF8aJNCMlPby RWxfuo4d8dcbLfmZui4n4QN96dJUNcw5eQeD2JOb1u9yq9Rjjmv3AGZfd+i2vN5f
f0q+LzhnwAbmnlGtVdDLJnHP9K99WkGBFvsm7PA1AW7b+ekA19CJe8+IFoscj3cf jNDOGsTbA53k7grsd8XyMGl+cBLlwkooP+cZ669B++amHbX9K5kD9SCQOHO9Q3Da
Xe9wBCh2xRvGI41Ja/C4IVbWfWhsviHj5uMdb6Xq3IPkJ7NvXxs9M6HV0/BzGhLr zx80XasXS3PP+T3honkU3thAhYLEWoSCMvECAwEAAaOCAT8wggE7MB0GA1UdDgQW
2ZUAcVkWtORgOLIuf7fUxek/dORIOCmJAgMBAAGjggFWMIIBUjAdBgNVHQ4EFgQU BBRCN3XnjxLP2eshIn2K6Ekh/eI6OjCBwwYDVR0jBIG7MIG4gBRCN3XnjxLP2esh
sWnbXpvOGrQdsmr8WiKXtiQUbzIwgdoGA1UdIwSB0jCBz4AUsWnbXpvOGrQdsmr8 In2K6Ekh/eI6OqGBlKSBkTCBjjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlm
WiKXtiQUbzKhgaukgagwgaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9y b3JuaWExETAPBgNVBAcMCEJlcmtlbGV5MRQwEgYDVQQKDAtFbmRtYWlsIE9yZzEM
bmlhMREwDwYDVQQHDAhCZXJrZWxleTEUMBIGA1UECgwLRW5kbWFpbCBPcmcxDDAK MAoGA1UECwwDTVRBMQswCQYDVQQDDAJDQTEmMCQGCSqGSIb3DQEJARYXY2ErY2Et
BgNVBAsMA01UQTEiMCAGA1UEAwwZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAxNTEm cnNhMjAxOEBlc210cC5vcmeCCQCBnUEPQFWsSjAMBgNVHRMEBTADAQH/MCIGA1Ud
MCQGCSqGSIb3DQEJARYXY2ErY2EtcnNhMjAxNUBlc210cC5vcmeCCQCSkWfe4O8s EQQbMBmBF2NhK2NhLXJzYTIwMThAZXNtdHAub3JnMCIGA1UdEgQbMBmBF2NhK2Nh
5DAMBgNVHRMEBTADAQH/MCIGA1UdEQQbMBmBF2NhK2NhLXJzYTIwMTVAZXNtdHAu LXJzYTIwMThAZXNtdHAub3JnMA0GCSqGSIb3DQEBBQUAA4IBAQALTOXC7Qrle5Up
b3JnMCIGA1UdEgQbMBmBF2NhK2NhLXJzYTIwMTVAZXNtdHAub3JnMA0GCSqGSIb3 ItSPX8sbseNM/JDnLpeHh6JjDW1N8B8NhBHc37f6w8YuB+mg6aafVBetGtA2vjHM
DQEBBQUAA4IBAQAKzgc5dwjFOgAE6KA799JMeQIjC9rAVTmCcQoMg+Le8jv+I7yb pYWgRUqHRYB+3uqXaOArCV2aMW/1eCLFZiqZcJ5txKv2kAFwUwdmbKa1zks2BYOH
EzTRKQoWPwF9n/tLqhLcO365J3vsDD/A2fXYqKGcHDovQN8nGhqgdAAZt4IO+UWG DKfgHjTQXnakIHHNncGugifgbxZXdOdjn9A9cpFtl6SCI4Tdbg3aQwCnzi/4eQRn
vzLaDnIKTCw5IWPDH2Fu4k26eiYaFc6x9hpZBHDt6HIFTPyExqX04kpA5EJwh5qn auWwqzDY8ZAQQzsJdyc0pNTAJU4hMqOrYBydbuJlOVF/zZ+IOn70OK97W6e7e3CX
AiY6RzQJ4HuIyvuZ2Zu7DFKKk9VZMAtVQrS70rFJVYGkcKBJGfJPYZSv6ddiaGWX IVn8XFWh23QKNx4zl19wMpiz2ZlOCDzeAYIXm0nX+slFjZPMQtY28jk6Ryg/b2rl
ZwAmuJuyLNAsg30+szFzuVVJU/qjrRsCZwiezp7rn0cNbJXpbDCSwZRnrdnjuWHq I/Nc1KMb
qXKYgTpigHAgmj7EH2+9tADssf5x2pEVifeP
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
f1:41:b3:3d:ba:bd:33:49
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2012/emailAddress=ca+ca-rsa2012@esmtp.org
Validity
Not Before: Mar 10 02:47:46 2012 GMT
Not After : Mar 10 02:47:46 2015 GMT
Subject: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2012/emailAddress=ca+ca-rsa2012@esmtp.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a2:80:fc:c6:ce:7f:60:38:65:f4:38:f9:7a:d9:
87:fd:47:eb:3f:2c:4a:c9:38:77:6a:77:94:92:7f:
83:3d:99:57:2c:5f:37:bb:ba:12:10:17:56:fa:eb:
43:a6:4b:4c:1e:30:32:07:94:2f:5a:d8:65:49:29:
fa:24:d1:f0:0b:45:2d:e5:d5:cb:7d:60:dc:a6:ce:
a4:47:35:30:ee:5e:8d:c2:30:e7:a7:63:32:b0:59:
80:cc:8c:99:64:77:8f:50:8e:88:51:47:36:ea:9a:
f3:b4:c0:8c:a6:ab:c6:42:57:88:b9:5f:9f:61:15:
bb:79:65:93:ca:a9:fd:17:eb:87:26:8b:eb:b7:2b:
7e:33:05:2b:ba:c0:46:f7:08:fd:da:c1:50:9b:3d:
26:83:5c:53:97:89:2c:cc:5f:f2:7b:a8:b7:3d:fb:
f2:b4:89:0d:43:ef:18:5c:21:75:71:cc:f0:c2:a3:
84:69:c0:a7:f3:9b:de:c1:c7:5a:5c:7e:68:da:49:
71:af:58:a8:51:9f:bd:f9:3d:bb:a5:92:fa:7b:1d:
52:f5:fe:90:59:95:27:65:a4:af:97:9a:4f:01:39:
59:7d:08:6f:a1:8f:42:47:49:bf:12:52:53:39:74:
8d:62:3b:bd:4c:4f:05:0f:c4:b9:3e:da:a8:0e:96:
05:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:38:E3:88:92:53:6E:F1:56:69:27:44:B5:4C:A0:18:CA:06:97:EB
X509v3 Authority Key Identifier:
keyid:08:38:E3:88:92:53:6E:F1:56:69:27:44:B5:4C:A0:18:CA:06:97:EB
DirName:/C=US/ST=California/L=Berkeley/O=Endmail Org/OU=MTA/CN=Claus Assmann CA RSA 2012/emailAddress=ca+ca-rsa2012@esmtp.org
serial:F1:41:B3:3D:BA:BD:33:49
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Alternative Name:
email:ca+ca-rsa2012@esmtp.org
X509v3 Issuer Alternative Name:
email:ca+ca-rsa2012@esmtp.org
Signature Algorithm: sha1WithRSAEncryption
9a:8f:4d:23:5b:30:80:e1:94:e4:66:9c:3a:17:8b:79:49:5b:
ec:5d:e5:a1:22:2d:71:37:a1:51:e7:1d:b1:0d:a9:9b:aa:a9:
0d:c7:cd:d6:24:f9:e0:f0:57:be:4f:74:0c:4b:7a:42:4c:70:
19:2e:8e:eb:cb:1b:00:26:27:eb:1c:42:33:d5:ec:32:b4:6c:
7d:a3:04:a1:5c:00:49:c9:0d:4c:4d:28:37:06:22:77:ec:40:
15:25:3a:23:84:ae:1f:da:90:dd:c9:dc:27:ee:7c:ec:e5:df:
b8:ba:1e:3f:ee:c2:91:a2:3f:22:92:1e:f3:06:7e:aa:e9:c3:
11:2d:3d:2f:85:f7:fc:d7:e2:f8:6d:70:a6:40:62:69:e7:52:
ed:1b:19:38:72:86:08:a1:3d:47:c8:68:82:41:db:db:2a:52:
25:d7:49:aa:9e:c5:83:22:7d:2f:0b:df:8c:90:2d:b5:aa:33:
c7:9b:e8:39:8f:bb:79:5b:13:2d:4e:a9:69:59:c7:09:26:e2:
b5:53:80:86:72:bb:7c:be:e9:46:5b:d8:b2:78:42:d6:5d:c3:
bb:3a:3b:5f:0f:e8:c3:60:fb:88:9f:3a:2b:9f:d3:7d:9f:c7:
32:aa:4d:34:a7:66:a1:25:16:95:a6:69:e7:86:a3:5c:b9:b9:
df:58:05:e3
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgIJAPFBsz26vTNJMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD
VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIQmVya2VsZXkx
FDASBgNVBAoTC0VuZG1haWwgT3JnMQwwCgYDVQQLEwNNVEExIjAgBgNVBAMTGUNs
YXVzIEFzc21hbm4gQ0EgUlNBIDIwMTIxJjAkBgkqhkiG9w0BCQEWF2NhK2NhLXJz
YTIwMTJAZXNtdHAub3JnMB4XDTEyMDMxMDAyNDc0NloXDTE1MDMxMDAyNDc0Nlow
gaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhC
ZXJrZWxleTEUMBIGA1UEChMLRW5kbWFpbCBPcmcxDDAKBgNVBAsTA01UQTEiMCAG
A1UEAxMZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAxMjEmMCQGCSqGSIb3DQEJARYX
Y2ErY2EtcnNhMjAxMkBlc210cC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCigPzGzn9gOGX0OPl62Yf9R+s/LErJOHdqd5SSf4M9mVcsXze7uhIQ
F1b660OmS0weMDIHlC9a2GVJKfok0fALRS3l1ct9YNymzqRHNTDuXo3CMOenYzKw
WYDMjJlkd49QjohRRzbqmvO0wIymq8ZCV4i5X59hFbt5ZZPKqf0X64cmi+u3K34z
BSu6wEb3CP3awVCbPSaDXFOXiSzMX/J7qLc9+/K0iQ1D7xhcIXVxzPDCo4RpwKfz
m97Bx1pcfmjaSXGvWKhRn735Pbulkvp7HVL1/pBZlSdlpK+Xmk8BOVl9CG+hj0JH
Sb8SUlM5dI1iO71MTwUPxLk+2qgOlgUtAgMBAAGjggFWMIIBUjAdBgNVHQ4EFgQU
CDjjiJJTbvFWaSdEtUygGMoGl+swgdoGA1UdIwSB0jCBz4AUCDjjiJJTbvFWaSdE
tUygGMoGl+uhgaukgagwgaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y
bmlhMREwDwYDVQQHEwhCZXJrZWxleTEUMBIGA1UEChMLRW5kbWFpbCBPcmcxDDAK
BgNVBAsTA01UQTEiMCAGA1UEAxMZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAxMjEm
MCQGCSqGSIb3DQEJARYXY2ErY2EtcnNhMjAxMkBlc210cC5vcmeCCQDxQbM9ur0z
STAMBgNVHRMEBTADAQH/MCIGA1UdEQQbMBmBF2NhK2NhLXJzYTIwMTJAZXNtdHAu
b3JnMCIGA1UdEgQbMBmBF2NhK2NhLXJzYTIwMTJAZXNtdHAub3JnMA0GCSqGSIb3
DQEBBQUAA4IBAQCaj00jWzCA4ZTkZpw6F4t5SVvsXeWhIi1xN6FR5x2xDambqqkN
x83WJPng8Fe+T3QMS3pCTHAZLo7ryxsAJifrHEIz1ewytGx9owShXABJyQ1MTSg3
BiJ37EAVJTojhK4f2pDdydwn7nzs5d+4uh4/7sKRoj8ikh7zBn6q6cMRLT0vhff8
1+L4bXCmQGJp51LtGxk4coYIoT1HyGiCQdvbKlIl10mqnsWDIn0vC9+MkC21qjPH
m+g5j7t5WxMtTqlpWccJJuK1U4CGcrt8vulGW9iyeELWXcO7OjtfD+jDYPuInzor
n9N9n8cyqk00p2ahJRaVpmnnhqNcubnfWAXj
-----END CERTIFICATE----- -----END CERTIFICATE-----

View File

@ -1,6 +1,6 @@
$FreeBSD$ $FreeBSD$
sendmail 8.15.2 sendmail 8.16.1
originals can be found at: ftp://ftp.sendmail.org/pub/sendmail/ originals can be found at: ftp://ftp.sendmail.org/pub/sendmail/
For the import of sendmail, the following directories were renamed: For the import of sendmail, the following directories were renamed:
@ -13,12 +13,16 @@ http://www.freebsd.org/doc/en_US.ISO8859-1/articles/committers-guide/subversion-
Then merged using: Then merged using:
% set FSVN=svn+ssh://svn.freebsd.org/base % set FSVN=svn+ssh://repo.freebsd.org/base
% svn checkout $FSVN/head/contrib/sendmail head % svn checkout $FSVN/head/contrib/sendmail head
% cd head % cd head
% svn merge --accept=postpone $FSVN/vendor/sendmail/dist . ### Replace XXXXXX with import revision number in next command:
% svn rm --force */Build [e-v]*/*.0 cf/cf/generic-*.cf cf/cf/Build % svn merge -c rXXXXXX --accept=postpone '^/vendor/sendmail/dist' .
% svn rm --force Build devtools doc/op/op.ps src/makesendmail src/sysexits.h % svn resolve --accept working cf/cf/Build \
cf/cf/generic-{bsd4.4,hpux{9,10},linux,mpeix,nextstep3.3,osf1,solaris,sunos4.1,ultrix4}.cf \
devtools doc/op/op.ps editmap/editmap.0 mail.local/mail.local.0 mailstats/mailstats.0 \
makemap/makemap.0 praliases/praliases.0 rmail/rmail.0 smrsh/smrsh.0 \
src/{aliases,mailq,newaliases,sendmail}.0 vacation/vacation.0
% svn propset -R svn:keywords FreeBSD=%H . % svn propset -R svn:keywords FreeBSD=%H .
% svn propdel svn:keywords libmilter/docs/*.jpg % svn propdel svn:keywords libmilter/docs/*.jpg
% svn diff --no-diff-deleted --old=$FSVN/vendor/sendmail/dist --new=. % svn diff --no-diff-deleted --old=$FSVN/vendor/sendmail/dist --new=.
@ -98,4 +102,4 @@ infrastructure in FreeBSD:
usr.sbin/mailwrapper/Makefile usr.sbin/mailwrapper/Makefile
gshapiro@FreeBSD.org gshapiro@FreeBSD.org
06-July-2015 15-July-2020

View File

@ -271,4 +271,3 @@ Kresolve sequence dnsmx canon
be used if set instead of LOCAL_RELAY ($R). This will be fixed in a be used if set instead of LOCAL_RELAY ($R). This will be fixed in a
future version. future version.
$Revision: 8.61 $, Last updated $Date: 2011-04-07 17:48:23 $

View File

@ -37,7 +37,7 @@ each of the following conditions is met:
the "Copyright Notice" refers to the following language: the "Copyright Notice" refers to the following language:
"Copyright (c) 1998-2014 Proofpoint, Inc. All rights reserved." "Copyright (c) 1998-2014 Proofpoint, Inc. All rights reserved."
3. Neither the name of Proofpoint, Inc. nor the University of California nor 4. Neither the name of Proofpoint, Inc. nor the University of California nor
names of their contributors may be used to endorse or promote names of their contributors may be used to endorse or promote
products derived from this software without specific prior written products derived from this software without specific prior written
permission. The name "sendmail" is a trademark of Proofpoint, Inc. permission. The name "sendmail" is a trademark of Proofpoint, Inc.

File diff suppressed because it is too large Load Diff

View File

@ -431,8 +431,7 @@ makemap A program that creates the keyed maps used by the $( ... $)
expect to preprocess must human-convenient formats expect to preprocess must human-convenient formats
using sed scripts before this program will like them. using sed scripts before this program will like them.
But it should be functionally complete. But it should be functionally complete.
praliases A program to print the DBM or NEWDB version of the praliases A program to print the map version of the aliases file.
aliases file.
rmail Source for rmail(8). This is used as a delivery rmail Source for rmail(8). This is used as a delivery
agent for for UUCP, and could presumably be used by agent for for UUCP, and could presumably be used by
other non-socket oriented mailers. Older versions of other non-socket oriented mailers. Older versions of
@ -447,4 +446,3 @@ sendmail Source for the sendmail program itself.
test Some test scripts (currently only for compilation aids). test Some test scripts (currently only for compilation aids).
vacation Source for the vacation program. NOT PART OF SENDMAIL! vacation Source for the vacation program. NOT PART OF SENDMAIL!
$Revision: 8.96 $, Last updated $Date: 2013-11-22 20:51:01 $

View File

@ -5,6 +5,124 @@ This listing shows the version of the sendmail binary, the version
of the sendmail configuration files, the date of release, and a of the sendmail configuration files, the date of release, and a
summary of the changes in that release. summary of the changes in that release.
8.16.1/8.16.1 2020/07/05
SECURITY: If sendmail tried to reuse an SMTP session which had
already been closed by the server, then the connection
cache could have invalid information about the session.
One possible consequence was that STARTTLS was not
used even if offered. This problem has been fixed
by clearing out all relevant status information
when a closed session is encountered.
OpenSSL versions before 0.9.8 are no longer supported.
OpenSSL version 1.1.0 and 1.1.1 are supported.
Initial support for DANE (see RFC 7672 et.al.) is available if
the compile time option DANE is set. Only TLSA RR 3-1-x
is currently implemented.
New options SSLEngine and SSLEnginePath to support OpenSSL engines.
Note: this feature has so far only been tested with the
"chil" engine; please report problems with other engines
if you encounter any.
New option CRLPath to specify a directory which contains
hashes pointing to certificate revocations files.
Based on patch from Al Smith.
New rulesets tls_srv_features and tls_clt_features which
can return a (semicolon separated) list of TLS related
options, e.g., CipherList, CertFile, KeyFile,
see doc/op/op.me for details.
To automatically handle TLS interoperability problems for outgoing
mail, sendmail can now immediately try a connection again
without STARTTLS after a TLS handshake failure.
This can be configured globally via the option
TLSFallbacktoClear or per session via the 'C' flag
of tls_clt_features.
This also adds the new value "CLEAR" for the macro
{verify}: STARTTLS has been disabled internally for
a clear text delivery attempt.
Apply Timeout.starttls also to the server waiting for the TLS
handshake to begin. Based on patch from Simon Hradecky.
New compile time option TLS_EC to enable the use of elliptic
curve cryptography in STARTTLS (previously available as
_FFR_TLS_EC).
Handle MIME boundaries specified in headers which contain CRLF.
Fix detection of loopback net (it was broken when compiled
with NETINET6) and only set the macros {if_addr_out}
and {if_family_out} if the interface of the outgoing
connection does not belong to the loopback net.
Fix logic to enable a milter to delete a recipient in
DeliveryMode=interactive even if it might be subject
to alias expansion.
Log name of a milter making changes (this was missing for
some functions).
Log the actual reply of a server when an SMTP delivery problem
occurs in a "reply=" field if possible.
Log user= for failed AUTH attempts if possible. Based on
patch from Packet Hack, Jim Hranicky, Kevin A. McGrail,
and Joe Quinn.
Add CDB as map type. Note: CDB is a "Constant DataBase", i.e.,
no changes can be made after it is created, hence it
does not work with vacation(1) nor editmap(8) (except
for query mode).
Fix some memory leaks (mostly in error cases) and properly handle
copied varargs in sm_io_vfprintf(). The issues were found
using Coverity Scan and reported (including patches) by
Ondřej Lysoněk of Red Hat.
Do not override ServerSSLOptions and ClientSSLOptions when they
are specified on the command line. Based on patch from
Hiroki Sato.
Add RFC7505 Null MX support for domains that declare they do not
accept mail.
New compile time option LDAP_NETWORK_TIMEOUT which is set
automatically when LDAPMAP is used and
LDAP_OPT_NETWORK_TIMEOUT is available to enable the
new -c option for LDAP maps to specify the network timeout.
CONFIG: New FEATURE(`tls_session_features') to enable standard
rules for tls_srv_features and tls_clt_features; for
details see cf/README.
CONFIG: New options confSSL_ENGINE and confSSL_ENGINE_PATH
for SSLEngine and SSLEnginePath, respectively.
CONFIG: New options confDANE to enable DANE support.
CONFIG: New option confTLS_FALLBACK_TO_CLEAR for TLSFallbacktoClear.
CONFIG: New extension CITag: for TLS restrictions, see cf/README
for details.
CONFIG: FEATURE(`blacklist_recipients') renamed to
FEATURE(`blocklist_recipients').
CONTRIB: cidrexpand updated to support IPv6 CIDR ranges and to
canonicalize IPv6 addresses; if cidrexpand is used with IPv6
addresses then UseCompressedIPv6Addresses must be disabled.
DOC: The dns map can return multiple values in a single result
if the -z option is used.
DOC: Note to set MustQuoteChars=. due to DKIM signatures.
LIBMILTER: Fix typo in a macro. Patch from Ignacio Goyret
of Alcatel-Lucent.
LIBMILTER: Fix reference in xxfi_negotiate documentation.
Patch from Sven Neuhaus.
LIBMILTER: Fix function name in smfi_addrcpt_par documentation.
Patch from G.W. Haywood.
LIBMILTER: Fix a potential memory leak in smfi_setsymlist().
Patch from Martin Svec.
MAKEMAP: New map type "implicit" refers to the first available type,
i.e., it depends on the compile time options NEWDB, DBM,
and CDB. This can be used in conjunction with the
"implicit" map type in sendmail.cf.
Note: makemap, libsmdb, and sendmail must be compiled
with the same options (and library versions of course).
Portability:
Add support for Darwin 14-18 (Mac OS X 10.x).
New option HAS_GETHOSTBYNAME2: set if your system
supports gethostbyname2(2).
Set SM_CONF_SEM=2 for FreeBSD 12 and later due to
changes in sys/sem.h
On Linux set MAXHOSTNAMELEN (the maximum length
of a FQHN) to 256 if it is less than that value.
Added Files:
cf/feature/blocklist_recipients.m4
cf/feature/tls_failures.m4
devtools/OS/Darwin.14.x
devtools/OS/Darwin.15.x
devtools/OS/Darwin.16.x
libsmdb/smcdb.c
sendmail/ratectrl.h
8.15.2/8.15.2 2015/07/03 8.15.2/8.15.2 2015/07/03
If FEATURE(`nopercenthack') is used then some bogus input triggered If FEATURE(`nopercenthack') is used then some bogus input triggered
a recursion which was caught and logged as a recursion which was caught and logged as
@ -104,7 +222,7 @@ summary of the changes in that release.
The option CipherList sets the list of ciphers for STARTTLS. The option CipherList sets the list of ciphers for STARTTLS.
See ciphers(1) for possible values. See ciphers(1) for possible values.
Do not log "STARTTLS: internal error: tls_verify_cb: ssl == NULL" Do not log "STARTTLS: internal error: tls_verify_cb: ssl == NULL"
if a CRLFfile is in use (and LogLevel is 14 or higher.) if a CRLFile is in use (and LogLevel is 14 or higher.)
Store a more specific TLS protocol version in ${tls_version} Store a more specific TLS protocol version in ${tls_version}
instead of a generic one, e.g., TLSv1 instead of instead of a generic one, e.g., TLSv1 instead of
TLSv1/SSLv3. TLSv1/SSLv3.
@ -127,7 +245,7 @@ summary of the changes in that release.
A new map type "arpa" is available to reverse an IP (IPv4 or IPv6) A new map type "arpa" is available to reverse an IP (IPv4 or IPv6)
address. It returns the string for the PTR lookup, but address. It returns the string for the PTR lookup, but
without trailing {ip6,in-addr}.arpa. without trailing {ip6,in-addr}.arpa.
New operation mode 'C' just checks the configuration file, e.g., New operation mode 'C' just checks the configuration file, e.g.,
sendmail -C new.cf -bC sendmail -C new.cf -bC
will perform a basic syntax/consistency check of new.cf. will perform a basic syntax/consistency check of new.cf.
The mailer flag 'I' is deprecated and will be removed in a The mailer flag 'I' is deprecated and will be removed in a
@ -740,7 +858,7 @@ summary of the changes in that release.
Patches from Nelson Fung. Patches from Nelson Fung.
CONTRIB: cidrexpand uses a hash symbol as comment character and CONTRIB: cidrexpand uses a hash symbol as comment character and
ignores everything after it unless it is in quotes or ignores everything after it unless it is in quotes or
preceeded by a backslash. preceded by a backslash.
DEVTOOLS: New macro confMKDIR: if set to a program that creates DEVTOOLS: New macro confMKDIR: if set to a program that creates
directories, then it used for "make install" to create directories, then it used for "make install" to create
the required installation directories. the required installation directories.
@ -2465,7 +2583,7 @@ summary of the changes in that release.
noted by Greg Robinson of the Defence Science and noted by Greg Robinson of the Defence Science and
Technology Organisation of Australia. Technology Organisation of Australia.
CONFIG: dnsbl: If an argument specifies an error message in case CONFIG: dnsbl: If an argument specifies an error message in case
of temporary lookup failures for DNS based blacklists of temporary lookup failures for DNS based blocklists
then use it. then use it.
LIBMILTER: Install mfdef.h, required by mfapi.h. Problem noted by LIBMILTER: Install mfdef.h, required by mfapi.h. Problem noted by
Richard A. Nelson of Debian. Richard A. Nelson of Debian.
@ -2539,7 +2657,7 @@ summary of the changes in that release.
is "pw", which means to use getpwnam(). New mailbox database is "pw", which means to use getpwnam(). New mailbox database
types can be added by adding custom code to libsm/mbdb.c. types can be added by adding custom code to libsm/mbdb.c.
Queue file names are now 15 characters long, rather than 14 characters Queue file names are now 15 characters long, rather than 14 characters
long, to accomodate envelope splitting. File systems with long, to accommodate envelope splitting. File systems with
a 14 character file name length limit are no longer a 14 character file name length limit are no longer
supported. supported.
Recipient list used for delivery now gets internally ordered by Recipient list used for delivery now gets internally ordered by
@ -2580,7 +2698,7 @@ summary of the changes in that release.
New ruleset srv_features to enable/disable certain features in the New ruleset srv_features to enable/disable certain features in the
server per connection. See doc/op/op.me for details. server per connection. See doc/op/op.me for details.
New ruleset tls_rcpt to decide whether to send e-mail to a particular New ruleset tls_rcpt to decide whether to send e-mail to a particular
recipient; useful to decide whether a conection is secure recipient; useful to decide whether a connection is secure
enough on a per recipient basis. enough on a per recipient basis.
New option TLSSrvOptions to modify some aspects of the server New option TLSSrvOptions to modify some aspects of the server
for STARTTLS. for STARTTLS.
@ -2591,7 +2709,7 @@ summary of the changes in that release.
Macro expand filenames/directories for certs and keys in the .cf file. Macro expand filenames/directories for certs and keys in the .cf file.
Proposed by Neil Rickert of Northern Illinois University. Proposed by Neil Rickert of Northern Illinois University.
Generate an ephemeral RSA key for a STARTTLS connection only if Generate an ephemeral RSA key for a STARTTLS connection only if
really required. This change results in a noticable really required. This change results in a noticeable
performance gains on most machines. Moreover, if shared performance gains on most machines. Moreover, if shared
memory is in use, reuse the key several times. memory is in use, reuse the key several times.
Add queue groups which can be used to group queue directories with Add queue groups which can be used to group queue directories with
@ -3500,7 +3618,7 @@ summary of the changes in that release.
CONFIG: Reject addresses of the form a!b if FEATURE(`nouucp', `r') CONFIG: Reject addresses of the form a!b if FEATURE(`nouucp', `r')
is used. Problem noted by Phil Homewood of Asia Online, is used. Problem noted by Phil Homewood of Asia Online,
patch from Neil Rickert of Northern Illinois University. patch from Neil Rickert of Northern Illinois University.
CONFIG: Change the default DNS based blacklist server for CONFIG: Change the default DNS based blocklist server for
FEATURE(`dnsbl') to blackholes.mail-abuse.org. FEATURE(`dnsbl') to blackholes.mail-abuse.org.
CONFIG: Deal correctly with the 'C' flag in {daemon_flags}, i.e., CONFIG: Deal correctly with the 'C' flag in {daemon_flags}, i.e.,
implicitly assume canonical host names. implicitly assume canonical host names.
@ -4736,7 +4854,7 @@ summary of the changes in that release.
from Per Hedeland of Ericsson. from Per Hedeland of Ericsson.
If a resolver ANY query is larger than the UDP packet size, the If a resolver ANY query is larger than the UDP packet size, the
resolver will fall back to TCP. However, some resolver will fall back to TCP. However, some
misconfigured firewalls black 53/TCP so the ANY lookup misconfigured firewalls block 53/TCP so the ANY lookup
fails whereas an MX or A record might succeed. Therefore, fails whereas an MX or A record might succeed. Therefore,
don't fail on ANY queries. don't fail on ANY queries.
If an SMTP recipient is rejected due to syntax errors in the If an SMTP recipient is rejected due to syntax errors in the
@ -5152,7 +5270,7 @@ summary of the changes in that release.
line up into 2046-character output lines (excluding the line up into 2046-character output lines (excluding the
newline). If an input line was 2047 characters long newline). If an input line was 2047 characters long
(excluding CR-LF) and the last character was a '.', (excluding CR-LF) and the last character was a '.',
mail.local saw it as the end of input, transfered it to the mail.local saw it as the end of input, transferred it to the
user mailbox and tried to write an `ok' back to sendmail. user mailbox and tried to write an `ok' back to sendmail.
If the message was much longer, both sendmail and If the message was much longer, both sendmail and
mail.local would deadlock waiting for each other to read mail.local would deadlock waiting for each other to read
@ -6039,7 +6157,7 @@ summary of the changes in that release.
CONFIG: FEATURE(nodns) now warns the user that the feature is a CONFIG: FEATURE(nodns) now warns the user that the feature is a
no-op. Patch from Kari Hurtta of the Finnish no-op. Patch from Kari Hurtta of the Finnish
Meteorological Institute. Meteorological Institute.
CONFIG: OSTYPE(osf1) now sets DefaultUserID (confDEF_USER_ID) to CONFIG: OSTYPE(osf1) now sets DefaultUser (confDEF_USER_ID) to
daemon since DEC's /bin/mail will drop the envelope daemon since DEC's /bin/mail will drop the envelope
sender if run as mailnull. See the Digital UNIX section sender if run as mailnull. See the Digital UNIX section
of src/README for more information. Problem noted by of src/README for more information. Problem noted by
@ -7632,7 +7750,7 @@ summary of the changes in that release.
instead of 0644. Suggested by Ann-Kian Yeo of the instead of 0644. Suggested by Ann-Kian Yeo of the
National University of Singapore. National University of Singapore.
Print errors if setgid/setuid/etc. fail during delivery. This helps Print errors if setgid/setuid/etc. fail during delivery. This helps
detect cases where DefaultUid is set to something that the detect cases where DefaultUser is set to something that the
system can't cope with. system can't cope with.
PORTABILITY FIXES: PORTABILITY FIXES:
Support for AIX/RS 2.2.1 from Mark Whetzel of Western Support for AIX/RS 2.2.1 from Mark Whetzel of Western
@ -9840,7 +9958,7 @@ summary of the changes in that release.
gethostname() (instead of myhostname(), which tries gethostname() (instead of myhostname(), which tries
to fully qualify the name) to be consistent with to fully qualify the name) to be consistent with
SunOS. If your hostname is unqualified, this fixes SunOS. If your hostname is unqualified, this fixes
transfers to slave servers. Bug noted by Keith transfers to secondary servers. Bug noted by Keith
McMillan of Ameritech Services, Inc. McMillan of Ameritech Services, Inc.
Fix Ultrix problem: gethostbyname() can return a very large Fix Ultrix problem: gethostbyname() can return a very large
(> 500) h_length field, which causes the sockaddr (> 500) h_length field, which causes the sockaddr

View File

@ -396,7 +396,7 @@ SMTP_MAILER_MAXMSGS [undefined] If defined, the maximum number of
messages to deliver in a single connection for the messages to deliver in a single connection for the
smtp, smtp8, esmtp, or dsmtp mailers. smtp, smtp8, esmtp, or dsmtp mailers.
SMTP_MAILER_MAXRCPTS [undefined] If defined, the maximum number of SMTP_MAILER_MAXRCPTS [undefined] If defined, the maximum number of
recipients to deliver in a single connection for the recipients to deliver in a single envelope for the
smtp, smtp8, esmtp, or dsmtp mailers. smtp, smtp8, esmtp, or dsmtp mailers.
SMTP_MAILER_ARGS [TCP $h] The arguments passed to the smtp mailer. SMTP_MAILER_ARGS [TCP $h] The arguments passed to the smtp mailer.
About the only reason you would want to change this About the only reason you would want to change this
@ -1250,7 +1250,7 @@ access_db Turns on the access database feature. The access db gives
important information about this feature. Notice: important information about this feature. Notice:
"-T<TMPF>" is meant literal, do not replace it by anything. "-T<TMPF>" is meant literal, do not replace it by anything.
blacklist_recipients blocklist_recipients
Turns on the ability to block incoming mail for certain Turns on the ability to block incoming mail for certain
recipient usernames, hostnames, or addresses. For recipient usernames, hostnames, or addresses. For
example, you can block incoming mail to user nobody, example, you can block incoming mail to user nobody,
@ -1579,7 +1579,7 @@ require_rdns Reject mail from connecting SMTP clients without proper
Entries such as Entries such as
Connect:1.2.3.4 OK Connect:1.2.3.4 OK
Connect:1.2 RELAY Connect:1.2 RELAY
will whitelist IP address 1.2.3.4, so that the rDNS will allowlist IP address 1.2.3.4, so that the rDNS
blocking does apply to that IP address blocking does apply to that IP address
Entries such as Entries such as
@ -2602,7 +2602,7 @@ requires a tag. For example,
From:another.dom REJECT From:another.dom REJECT
This would deny mails from spammer@some.dom but you could still This would deny mails from spammer@some.dom but you could still
send mail to that address even if FEATURE(`blacklist_recipients') send mail to that address even if FEATURE(`blocklist_recipients')
is enabled. Your system will allow relaying to friend.domain, but is enabled. Your system will allow relaying to friend.domain, but
not from it (unless enabled by other means). Connections from that not from it (unless enabled by other means). Connections from that
domain will be allowed even if it ends up in one of the DNS based domain will be allowed even if it ends up in one of the DNS based
@ -2723,7 +2723,7 @@ sender address.
If you use: If you use:
FEATURE(`blacklist_recipients') FEATURE(`blocklist_recipients')
then you can add entries to the map for local users, hosts in your then you can add entries to the map for local users, hosts in your
domains, or addresses in your domain which should not receive mail: domains, or addresses in your domain which should not receive mail:
@ -2747,14 +2747,14 @@ as value part in the access map. Taking the example from above:
Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com. Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com.
That's why tagged entries should be used. That's why tagged entries should be used.
There are several DNS based blacklists which can be found by There are several DNS based blocklists which can be found by
querying a search engine. These are databases of spammers querying a search engine. These are databases of spammers
maintained in DNS. To use such a database, specify maintained in DNS. To use such a database, specify
FEATURE(`dnsbl', `dnsbl.example.com') FEATURE(`dnsbl', `dnsbl.example.com')
This will cause sendmail to reject mail from any site listed in the This will cause sendmail to reject mail from any site listed in the
DNS based blacklist. You must select a DNS based blacklist domain DNS based blocklist. You must select a DNS based blocklist domain
to check by specifying an argument to the FEATURE. The default to check by specifying an argument to the FEATURE. The default
error message is error message is
@ -2789,14 +2789,14 @@ This FEATURE can be included several times to query different
DNS based rejection lists. DNS based rejection lists.
Notice: to avoid checking your own local domains against those Notice: to avoid checking your own local domains against those
blacklists, use the access_db feature and add: blocklists, use the access_db feature and add:
Connect:10.1 OK Connect:10.1 OK
Connect:127.0.0.1 RELAY Connect:127.0.0.1 RELAY
to the access map, where 10.1 is your local network. You may to the access map, where 10.1 is your local network. You may
want to use "RELAY" instead of "OK" to allow also relaying want to use "RELAY" instead of "OK" to allow also relaying
instead of just disabling the DNS lookups in the blacklists. instead of just disabling the DNS lookups in the blocklists.
The features described above make use of the check_relay, check_mail, The features described above make use of the check_relay, check_mail,
@ -2849,7 +2849,7 @@ my.domain and you have
in the access map, then any e-mail with a sender address of in the access map, then any e-mail with a sender address of
<user@my.domain> will not be rejected by check_relay even though <user@my.domain> will not be rejected by check_relay even though
it would match the hostname or IP address. This allows spammers it would match the hostname or IP address. This allows spammers
to get around DNS based blacklist by faking the sender address. To to get around DNS based blocklist by faking the sender address. To
avoid this problem you have to use tagged entries: avoid this problem you have to use tagged entries:
To:my.domain RELAY To:my.domain RELAY
@ -2978,7 +2978,7 @@ limits per client IP address or net. These features can limit the
rate of connections (connections per time unit) or the number of rate of connections (connections per time unit) or the number of
incoming SMTP connections, respectively. If enabled, appropriate incoming SMTP connections, respectively. If enabled, appropriate
rulesets are called at the end of check_relay, i.e., after DNS rulesets are called at the end of check_relay, i.e., after DNS
blacklists and generic access_db operations. The features require blocklists and generic access_db operations. The features require
FEATURE(`access_db') to be listed earlier in the mc file. FEATURE(`access_db') to be listed earlier in the mc file.
Note: FEATURE(`delay_checks') delays those connection control checks Note: FEATURE(`delay_checks') delays those connection control checks
@ -3071,13 +3071,13 @@ rulesets and map lookups, they are modified as follows: each non-printable
character and the characters '<', '>', '(', ')', '"', '+', ' ' are replaced character and the characters '<', '>', '(', ')', '"', '+', ' ' are replaced
by their HEX value with a leading '+'. For example: by their HEX value with a leading '+'. For example:
/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email= /C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/emailAddress=
darth+cert@endmail.org darth+cert@endmail.org
is encoded as: is encoded as:
/C=US/ST=California/O=endmail.org/OU=private/CN= /C=US/ST=California/O=endmail.org/OU=private/CN=
Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org
(line breaks have been inserted for readability). (line breaks have been inserted for readability).
@ -3089,30 +3089,27 @@ Examples:
To allow relaying for everyone who can present a cert signed by To allow relaying for everyone who can present a cert signed by
/C=US/ST=California/O=endmail.org/OU=private/CN= /C=US/ST=California/O=endmail.org/OU=private/CN=
Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org
simply use: simply use:
CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN= CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org RELAY Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org RELAY
To allow relaying only for a subset of machines that have a cert signed by To allow relaying only for a subset of machines that have a cert signed by
/C=US/ST=California/O=endmail.org/OU=private/CN= /C=US/ST=California/O=endmail.org/OU=private/CN=
Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org
use: use:
CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN= CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org SUBJECT Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org SUBJECT
CertSubject:/C=US/ST=California/O=endmail.org/OU=private/CN= CertSubject:/C=US/ST=California/O=endmail.org/OU=private/CN=
DeathStar/Email=deathstar@endmail.org RELAY DeathStar/emailAddress=deathstar@endmail.org RELAY
Notes: Note: line breaks have been inserted after "CN=" for readability,
- line breaks have been inserted after "CN=" for readability, each tagged entry must be one (long) line in the access map.
each tagged entry must be one (long) line in the access map.
- if OpenSSL 0.9.7 or newer is used then the "Email=" part of a DN
is replaced by "emailAddress=".
Of course it is also possible to write a simple ruleset that allows Of course it is also possible to write a simple ruleset that allows
relaying for everyone who can present a cert that can be verified, e.g., relaying for everyone who can present a cert that can be verified, e.g.,
@ -3188,16 +3185,23 @@ CN:name name must match ${cn_subject}
CN ${client_name}/${server_name} must match ${cn_subject} CN ${client_name}/${server_name} must match ${cn_subject}
CS:name name must match ${cert_subject} CS:name name must match ${cert_subject}
CI:name name must match ${cert_issuer} CI:name name must match ${cert_issuer}
CITag:MYTag look up MYTag:${cert_issuer} in access map; the check
only succeeds if it is found with a RHS of OK.
Example: e-mail sent to secure.example.com should only use an encrypted Example: e-mail sent to secure.example.com should only use an encrypted
connection. E-mail received from hosts within the laptop.example.com domain connection. E-mail received from hosts within the laptop.example.com domain
should only be accepted if they have been authenticated. The host which should only be accepted if they have been authenticated. The host which
receives e-mail for darth@endmail.org must present a cert that uses the receives e-mail for darth@endmail.org must present a cert that uses the
CN smtp.endmail.org. CN smtp.endmail.org. E-mail sent to safe.example.com must be verified,
have a matching CN, and must present a cert signed by a CA with one of
the listed DNs.
TLS_Srv:secure.example.com ENCR:112 TLS_Srv:secure.example.com ENCR:112
TLS_Clt:laptop.example.com PERM+VERIFY:112 TLS_Clt:laptop.example.com PERM+VERIFY:112
TLS_Rcpt:darth@endmail.org ENCR:112+CN:smtp.endmail.org TLS_Rcpt:darth@endmail.org ENCR:112+CN:smtp.endmail.org
TLS_Srv:safe.example.net VERIFY+CN++CITag:MyCA
MyCA:/C=US/ST=CA/O=safe/CN=example.net/ OK
MyCA:/C=US/ST=CA/O=secure/CN=example.net/ OK
TLS Options per Session TLS Options per Session
@ -3217,6 +3221,7 @@ options:
- Options: compare {Server,Client}SSLOptions. - Options: compare {Server,Client}SSLOptions.
- CipherList: same as the global option. - CipherList: same as the global option.
- CertFile, KeyFile: {Server,Client}{Cert,Key}File - CertFile, KeyFile: {Server,Client}{Cert,Key}File
- Flags: see doc/op/op.me for details.
If FEATURE(`tls_session_features') is used, then default rulesets If FEATURE(`tls_session_features') is used, then default rulesets
are activated which look up entries in the access map with the tags are activated which look up entries in the access map with the tags
@ -3234,15 +3239,12 @@ If FEATURE(`tls_session_features') is not used the user can provide
their own rulesets which must return the appropriate data. their own rulesets which must return the appropriate data.
If the rulesets are not defined or do not return a value, the If the rulesets are not defined or do not return a value, the
default TLS options are not modified. default TLS options are not modified.
(These rulesets require the sendmail binary to be built with
_FFR_TLS_SE_OPTS enabled.)
About 2): the ruleset try_tls (srv_features) can be used that work About 2): the ruleset try_tls (srv_features) can be used together
together with the access map. Entries for the access map must be with the access map. Entries for the access map must be tagged
tagged with Try_TLS (Srv_Features) and refer to the hostname or IP with Try_TLS (Srv_Features) and refer to the hostname or IP address
address of the connecting system. A default case can be specified of the connecting system. A default case can be specified by using
by using just the tag. For example, the following entries in the just the tag. For example, the following entries in the access map:
access map:
Try_TLS:broken.server NO Try_TLS:broken.server NO
Srv_Features:my.domain v Srv_Features:my.domain v
@ -3654,7 +3656,7 @@ for. In particular:
if your system allows "file giveaways" (that is, if a non-root if your system allows "file giveaways" (that is, if a non-root
user can chown any file they own to any other user). user can chown any file they own to any other user).
* If your system allows file giveaways, DO NOT create a publically * If your system allows file giveaways, DO NOT create a publicly
writable directory for forward files. This will allow anyone writable directory for forward files. This will allow anyone
to steal anyone else's e-mail. Instead, create a script that to steal anyone else's e-mail. Instead, create a script that
copies the .forward file from users' home directories once a copies the .forward file from users' home directories once a
@ -4011,6 +4013,10 @@ confUSERDB_SPEC UserDatabaseSpec
confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host. confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host.
confFALLBACK_SMARTHOST FallbackSmartHost confFALLBACK_SMARTHOST FallbackSmartHost
[undefined] Fallback smart host. [undefined] Fallback smart host.
confTLS_FALLBACK_TO_CLEAR TLSFallbacktoClear
[undefined] If set, immediately try
a connection again without STARTTLS
after a TLS handshake failure.
confTRY_NULL_MX_LIST TryNullMXList [False] If this host is the best MX confTRY_NULL_MX_LIST TryNullMXList [False] If this host is the best MX
for a host and other arrangements for a host and other arrangements
haven't been made, try connecting haven't been made, try connecting
@ -4364,10 +4370,13 @@ confCLIENT_KEY ClientKeyFile [undefined] File containing the
cert. cert.
confCRL CRLFile [undefined] File containing certificate confCRL CRLFile [undefined] File containing certificate
revocation status, useful for X.509v3 revocation status, useful for X.509v3
authentication. Note that CRL requires authentication.
at least OpenSSL version 0.9.7. confCRL_PATH CRLPath [undefined] Directory containing
hashes pointing to certificate
revocation status files.
confDH_PARAMETERS DHParameters [undefined] File containing the confDH_PARAMETERS DHParameters [undefined] File containing the
DH parameters. DH parameters.
confDANE DANE [false] Enable DANE support.
confRAND_FILE RandFile [undefined] File containing random confRAND_FILE RandFile [undefined] File containing random
data (use prefix file:) or the data (use prefix file:) or the
name of the UNIX socket if EGD is name of the UNIX socket if EGD is
@ -4379,6 +4388,9 @@ confCERT_FINGERPRINT_ALGORITHM CertFingerprintAlgorithm
[undefined] The fingerprint algorithm [undefined] The fingerprint algorithm
(digest) to use for the presented (digest) to use for the presented
cert. cert.
confSSL_ENGINE SSLEngine [undefined] Name of SSLEngine.
confSSL_ENGINE_PATH SSLEnginePath [undefined] Path to dynamic library
for SSLEngine.
confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of
queue runners is set the given value queue runners is set the given value
(nice(3)). (nice(3)).
@ -4799,7 +4811,6 @@ M4 DIVERSIONS
5 locally interpreted names (overrides $R) 5 locally interpreted names (overrides $R)
6 local configuration (at top of file) 6 local configuration (at top of file)
7 mailer definitions 7 mailer definitions
8 DNS based blacklists 8 DNS based blocklists
9 special local rulesets (1 and 2) 9 special local rulesets (1 and 2)
$Revision: 8.730 $, Last updated $Date: 2014-01-16 15:55:51 $

View File

@ -103,7 +103,7 @@ M4FILES=\
${CFDIR}/feature/bcc.m4 \ ${CFDIR}/feature/bcc.m4 \
${CFDIR}/feature/bestmx_is_local.m4 \ ${CFDIR}/feature/bestmx_is_local.m4 \
${CFDIR}/feature/bitdomain.m4 \ ${CFDIR}/feature/bitdomain.m4 \
${CFDIR}/feature/blacklist_recipients.m4 \ ${CFDIR}/feature/blocklist_recipients.m4 \
${CFDIR}/feature/conncontrol.m4 \ ${CFDIR}/feature/conncontrol.m4 \
${CFDIR}/feature/dnsbl.m4 \ ${CFDIR}/feature/dnsbl.m4 \
${CFDIR}/feature/domaintable.m4 \ ${CFDIR}/feature/domaintable.m4 \

View File

@ -46,7 +46,7 @@ define(`CYRUS_MAILER_PATH', `/usr/local/cyrus/bin/deliver')
define(`CYRUS_MAILER_FLAGS', `fAh5@/:|') define(`CYRUS_MAILER_FLAGS', `fAh5@/:|')
FEATURE(`access_db') FEATURE(`access_db')
FEATURE(`blacklist_recipients') FEATURE(`blocklist_recipients')
FEATURE(`local_lmtp') FEATURE(`local_lmtp')
FEATURE(`virtusertable') FEATURE(`virtusertable')
FEATURE(`mailertable') FEATURE(`mailertable')
@ -234,7 +234,7 @@ Kstorage macro
LOCAL_RULESETS LOCAL_RULESETS
###################################################################### ######################################################################
### check for the existance of the X-MailScanner Header ### check for the existence of the X-MailScanner Header
HX-MailScanner: $>+CheckXMSc HX-MailScanner: $>+CheckXMSc
D{SobigFPat}Found to be clean D{SobigFPat}Found to be clean
D{SobigFMsg}This message may contain the Sobig.F virus. D{SobigFMsg}This message may contain the Sobig.F virus.

View File

@ -16,8 +16,8 @@
##### #####
##### SENDMAIL CONFIGURATION FILE ##### SENDMAIL CONFIGURATION FILE
##### #####
##### built by ca@sandman.dev-lab.sendmail.com on Thu Jul 2 05:24:31 PDT 2015 ##### built by ca@lab.smi.sendmail.com on Thu Jul 2 22:41:57 PDT 2020
##### in /x/ca/smi.git/sendmail/OpenSource/sendmail-8.15.2/cf/cf ##### in /var/tmp/ca/sm8.git/sendmail/OpenSource/sendmail-8.16.1/cf/cf
##### using ../ as configuration include directory ##### using ../ as configuration include directory
##### #####
###################################################################### ######################################################################
@ -114,7 +114,7 @@ D{MTAHost}[127.0.0.1]
# Configuration version number # Configuration version number
DZ8.15.2/Submit DZ8.16.1/Submit
############### ###############
@ -513,6 +513,12 @@ O PidFile=/var/spool/clientmqueue/sm-client.pid
#O ServerSSLOptions #O ServerSSLOptions
# client side SSL options # client side SSL options
#O ClientSSLOptions #O ClientSSLOptions
# SSL Engine
#O SSLEngine
# Path to dynamic library for SSLEngine
#O SSLEnginePath
# TLS: fall back to clear text after handshake failure?
#O TLSFallbacktoClear
# Input mail filters # Input mail filters
#O InputMailFilters #O InputMailFilters
@ -532,12 +538,16 @@ O PidFile=/var/spool/clientmqueue/sm-client.pid
#O ClientKeyFile #O ClientKeyFile
# File containing certificate revocation lists # File containing certificate revocation lists
#O CRLFile #O CRLFile
# Directory containing hashes pointing to certificate revocation status files
#O CRLPath
# DHParameters (only required if DSA/DH is used) # DHParameters (only required if DSA/DH is used)
#O DHParameters #O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL) # Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile #O RandFile
# fingerprint algorithm (digest) to use for the presented cert # fingerprint algorithm (digest) to use for the presented cert
#O CertFingerprintAlgorithm #O CertFingerprintAlgorithm
# enable DANE?
#O DANE=false
# Maximum number of "useless" commands before slowing down # Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20 #O MaxNOOPCommands=20
@ -1257,6 +1267,7 @@ R$* $| $* $@ $>"TLS_connection" $1
### ${verify} ### ${verify}
###################################################################### ######################################################################
Stls_server Stls_server
R$* $@ $>"TLS_connection" $1 R$* $@ $>"TLS_connection" $1
###################################################################### ######################################################################
@ -1268,6 +1279,7 @@ R$* $@ $>"TLS_connection" $1
###################################################################### ######################################################################
STLS_connection STLS_connection
RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake." RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake."
RDANE_FAIL $#error $@ 4.7.0 $: "403 DANE check failed."

View File

@ -76,7 +76,7 @@ R$* $| $* $: ifelse(len(X`'_ARG3_),`1', `$1', `_ARG3_')
ifdef(`_CANONIFY_BCC_', `dnl ifdef(`_CANONIFY_BCC_', `dnl
R$+ @ $+ $: $1@$2 $| <$(canonicalRcpt $1 @ $2 $: $)> R$+ @ $+ $: $1@$2 $| <$(canonicalRcpt $1 @ $2 $: $)>
R$* $| <> $@ R$* $| <> $@
R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: _TMPFMSG_(`BCC')
R$* $| <$+> $@ $2 map matched? R$* $| <$+> $@ $2 map matched?
') ')

View File

@ -13,7 +13,6 @@ divert(0)
VERSIONID(`$Id: blacklist_recipients.m4,v 8.14 2013-11-22 20:51:11 ca Exp $') VERSIONID(`$Id: blacklist_recipients.m4,v 8.14 2013-11-22 20:51:11 ca Exp $')
divert(-1) divert(-1)
ifdef(`_ACCESS_TABLE_', errprint(`WARNING: FEATURE(blacklist_recipients) is deprecated; use FEATURE(blocklist_recipients.m4).
`define(`_BLACKLIST_RCPT_', 1)', ')
`errprint(`*** ERROR: FEATURE(blacklist_recipients) requires FEATURE(access_db) FEATURE(`blocklist_recipients')
')')

View File

@ -0,0 +1,19 @@
divert(-1)
#
# Copyright (c) 1998, 1999 Proofpoint, Inc. and its suppliers.
# All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
divert(0)
VERSIONID(`$Id: blocklist_recipients.m4,v 8.14 2013-11-22 20:51:11 ca Exp $')
divert(-1)
ifdef(`_ACCESS_TABLE_',
`define(`_BLOCKLIST_RCPT_', 1)',
`errprint(`*** ERROR: FEATURE(blocklist_recipients) requires FEATURE(access_db)
')')

View File

@ -0,0 +1,17 @@
divert(-1)
#
# Copyright (c) 2019 Proofpoint, Inc. and its suppliers.
# All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
divert(0)dnl
VERSIONID(`$Id: block_bad_helo.m4,v 1.2 2013-11-22 20:51:11 ca Exp $')
divert(-1)
define(`_FFR_TLS_ALTNAMES', `1')
divert(6)dnl
O SetCertAltnames=true

View File

@ -17,7 +17,7 @@ define(`_DNSBL_R_',`')
ifelse(defn(`_ARG_'), `', ifelse(defn(`_ARG_'), `',
`errprint(`*** ERROR: missing argument for FEATURE(`dnsbl')')') `errprint(`*** ERROR: missing argument for FEATURE(`dnsbl')')')
LOCAL_CONFIG LOCAL_CONFIG
# map for DNS based blacklist lookups # map for DNS based blocklist lookups
Kdnsbl DNSBL_MAP -T<TMP>ifdef(`DNSBL_MAP_OPT',` DNSBL_MAP_OPT')') Kdnsbl DNSBL_MAP -T<TMP>ifdef(`DNSBL_MAP_OPT',` DNSBL_MAP_OPT')')
divert(-1) divert(-1)
define(`_DNSBL_SRV_', `_ARG_')dnl define(`_DNSBL_SRV_', `_ARG_')dnl

View File

@ -16,7 +16,7 @@ ifdef(`_EDNSBL_R_',`dnl',`dnl
VERSIONID(`$Id: enhdnsbl.m4,v 1.13 2013-11-22 20:51:11 ca Exp $') VERSIONID(`$Id: enhdnsbl.m4,v 1.13 2013-11-22 20:51:11 ca Exp $')
LOCAL_CONFIG LOCAL_CONFIG
define(`_EDNSBL_R_',`')dnl define(`_EDNSBL_R_',`')dnl
# map for enhanced DNS based blacklist lookups # map for enhanced DNS based blocklist lookups
Kednsbl dns -R A -a. -T<TMP> -r`'ifdef(`EDNSBL_TO',`EDNSBL_TO',`5') Kednsbl dns -R A -a. -T<TMP> -r`'ifdef(`EDNSBL_TO',`EDNSBL_TO',`5')
') ')
divert(-1) divert(-1)

View File

@ -0,0 +1,13 @@
divert(-1)
#
# Copyright (c) 2020 Proofpoint, Inc. and its suppliers.
# All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
errprint(`*** ERROR: FEATURE(tls_failures) has been replaced by confTLS_FALLBACK_TO_CLEAR
')
define(`confTLS_FALLBACK_TO_CLEAR', `true')

View File

@ -73,6 +73,15 @@ define(`_ARG9_',`_ACC_ARG_9_(_ARGS_)')
dnl define if not yet defined: if `$1' is not defined it will be `$2' dnl define if not yet defined: if `$1' is not defined it will be `$2'
define(`_DEFIFNOT',`ifdef(`$1',`',`define(`$1',`$2')')') define(`_DEFIFNOT',`ifdef(`$1',`',`define(`$1',`$2')')')
dnl ---------------------------------------- dnl ----------------------------------------
dnl Use a "token" for this error message to make them unique?
dnl Note: this is not a documented option. To enable it, use:
dnl define(`_USETMPFTOKEN_', `1')dnl
ifdef(`_USETMPFTOKEN_', `
define(_TMPFMSG_, `"451 Temporary system failure $1. Please try again later."')
', `dnl
define(_TMPFMSG_, `"451 Temporary system failure. Please try again later."')
')
dnl ----------------------------------------
dnl add a char $2 to a string $1 if it is not there dnl add a char $2 to a string $1 if it is not there
define(`_ADDCHAR_',`define(`_I_',`eval(index(`$1',`$2') >= 0)')`'ifelse(_I_,`1',`$1',`$1$2')') define(`_ADDCHAR_',`define(`_I_',`eval(index(`$1',`$2') >= 0)')`'ifelse(_I_,`1',`$1',`$1$2')')
dnl ---- dnl ----

View File

@ -161,7 +161,7 @@ ifdef(`_ACCESS_TABLE_', `dnl
# access_db acceptance class # access_db acceptance class
C{Accept}OK RELAY C{Accept}OK RELAY
ifdef(`_DELAY_COMPAT_8_10_',`dnl ifdef(`_DELAY_COMPAT_8_10_',`dnl
ifdef(`_BLACKLIST_RCPT_',`dnl ifdef(`_BLOCKLIST_RCPT_',`dnl
# possible access_db RHS for spam friends/haters # possible access_db RHS for spam friends/haters
C{SpamTag}SPAMFRIEND SPAMHATER')')', C{SpamTag}SPAMFRIEND SPAMHATER')')',
`dnl') `dnl')
@ -197,7 +197,9 @@ ifdef(`_MACRO_MAP_', `', `# macro storage map
define(`_MACRO_MAP_', `1')dnl define(`_MACRO_MAP_', `1')dnl
Kmacro macro') Kmacro macro')
# possible values for TLS_connection in access map # possible values for TLS_connection in access map
C{Tls}VERIFY ENCR', `dnl') C{Tls}VERIFY ENCR
C{TlsVerified}OK TRUSTED
dnl', `dnl')
ifdef(`_CERT_REGEX_ISSUER_', `dnl ifdef(`_CERT_REGEX_ISSUER_', `dnl
# extract relevant part from cert issuer # extract relevant part from cert issuer
KCERTIssuer regex _CERT_REGEX_ISSUER_', `dnl') KCERTIssuer regex _CERT_REGEX_ISSUER_', `dnl')
@ -653,6 +655,12 @@ _OPTION(CipherList, `confCIPHER_LIST', `')
_OPTION(ServerSSLOptions, `confSERVER_SSL_OPTIONS', `') _OPTION(ServerSSLOptions, `confSERVER_SSL_OPTIONS', `')
# client side SSL options # client side SSL options
_OPTION(ClientSSLOptions, `confCLIENT_SSL_OPTIONS', `') _OPTION(ClientSSLOptions, `confCLIENT_SSL_OPTIONS', `')
# SSL Engine
_OPTION(SSLEngine, `confSSL_ENGINE', `')
# Path to dynamic library for SSLEngine
_OPTION(SSLEnginePath, `confSSL_ENGINE_PATH', `')
# TLS: fall back to clear text after handshake failure?
_OPTION(TLSFallbacktoClear, `confTLS_FALLBACK_TO_CLEAR', `')
# Input mail filters # Input mail filters
_OPTION(InputMailFilters, `confINPUT_MAIL_FILTERS', `') _OPTION(InputMailFilters, `confINPUT_MAIL_FILTERS', `')
@ -682,12 +690,16 @@ _OPTION(ClientCertFile, `confCLIENT_CERT', `')
_OPTION(ClientKeyFile, `confCLIENT_KEY', `') _OPTION(ClientKeyFile, `confCLIENT_KEY', `')
# File containing certificate revocation lists # File containing certificate revocation lists
_OPTION(CRLFile, `confCRL', `') _OPTION(CRLFile, `confCRL', `')
# Directory containing hashes pointing to certificate revocation status files
_OPTION(CRLPath, `confCRL_PATH', `')
# DHParameters (only required if DSA/DH is used) # DHParameters (only required if DSA/DH is used)
_OPTION(DHParameters, `confDH_PARAMETERS', `') _OPTION(DHParameters, `confDH_PARAMETERS', `')
# Random data source (required for systems without /dev/urandom under OpenSSL) # Random data source (required for systems without /dev/urandom under OpenSSL)
_OPTION(RandFile, `confRAND_FILE', `') _OPTION(RandFile, `confRAND_FILE', `')
# fingerprint algorithm (digest) to use for the presented cert # fingerprint algorithm (digest) to use for the presented cert
_OPTION(CertFingerprintAlgorithm, `confCERT_FINGERPRINT_ALGORITHM', `') _OPTION(CertFingerprintAlgorithm, `confCERT_FINGERPRINT_ALGORITHM', `')
# enable DANE?
_OPTION(DANE, `confDANE', `false')
# Maximum number of "useless" commands before slowing down # Maximum number of "useless" commands before slowing down
_OPTION(MaxNOOPCommands, `confMAX_NOOP_COMMANDS', `20') _OPTION(MaxNOOPCommands, `confMAX_NOOP_COMMANDS', `20')
@ -1500,7 +1512,7 @@ R<$* <TMPF>> <$*> <$+> <$+> <$*> $: $&{opMode} $| TMPF <$&{addr_type}> $| $3
R<$*> <$* <TMPF>> <$+> <$+> <$*> $: $&{opMode} $| TMPF <$&{addr_type}> $| $3 R<$*> <$* <TMPF>> <$+> <$+> <$*> $: $&{opMode} $| TMPF <$&{addr_type}> $| $3
ifelse(_LDAP_ROUTE_MAPTEMP_, `_TEMPFAIL_', `dnl ifelse(_LDAP_ROUTE_MAPTEMP_, `_TEMPFAIL_', `dnl
# ... temp fail RCPT SMTP commands # ... temp fail RCPT SMTP commands
R$={SMTPOpModes} $| TMPF <e r> $| $+ $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."') R$={SMTPOpModes} $| TMPF <e r> $| $+ $#error $@ 4.3.0 $: _TMPFMSG_(`OPM')')
# ... return original address for MTA to queue up # ... return original address for MTA to queue up
R$* $| TMPF <$*> $| $+ $@ $3 R$* $| TMPF <$*> $| $+ $@ $3
@ -1733,7 +1745,7 @@ dnl if mark is <NO> then change it to <RELAY> if domain is "authorized"
dnl what if access map returns something else than RELAY? dnl what if access map returns something else than RELAY?
dnl we are only interested in RELAY entries... dnl we are only interested in RELAY entries...
dnl other To: entries: blacklist recipient; generic entries? dnl other To: entries: blocklist recipient; generic entries?
dnl if it is an error we probably do not want to relay anyway dnl if it is an error we probably do not want to relay anyway
ifdef(`_RELAY_HOSTS_ONLY_', ifdef(`_RELAY_HOSTS_ONLY_',
`R<NO> $* < @ $=R > $: <RELAY> $1 < @ $2 > `R<NO> $* < @ $=R > $: <RELAY> $1 < @ $2 >
@ -1807,7 +1819,7 @@ R<QUARANTINE:$+> <$*> $#error $@ quarantine $: $1
dnl error tag dnl error tag
R<ERROR:$-.$-.$-:$+> <$*> $#error $@ $1.$2.$3 $: $4 R<ERROR:$-.$-.$-:$+> <$*> $#error $@ $1.$2.$3 $: $4
R<ERROR:$+> <$*> $#error $: $1 R<ERROR:$+> <$*> $#error $: $1
ifdef(`_ATMPF_', `R<$* _ATMPF_> <$*> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') ifdef(`_ATMPF_', `R<$* _ATMPF_> <$*> $#error $@ 4.3.0 $: _TMPFMSG_(`CR')', `dnl')
dnl generic error from access map dnl generic error from access map
R<$+> <$*> $#error $: $1', `dnl') R<$+> <$*> $#error $: $1', `dnl')
@ -1976,7 +1988,7 @@ R<REJECT> $* $#error ifdef(`confREJECT_MSG', `$: confREJECT_MSG', `$@ 5.7.1 $:
dnl error tag dnl error tag
R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4 R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
R<ERROR:$+> $* $#error $: $1 R<ERROR:$+> $* $#error $: $1
ifdef(`_ATMPF_', `R<_ATMPF_> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') ifdef(`_ATMPF_', `R<_ATMPF_> $* $#error $@ 4.3.0 $: _TMPFMSG_(`CM')', `dnl')
dnl generic error from access map dnl generic error from access map
R<$+> $* $#error $: $1 error from access db', R<$+> $* $#error $: $1 error from access db',
`dnl') `dnl')
@ -2108,9 +2120,9 @@ R$* $=O $* < @ $* @@ $=w . > $* $@ $>"Rcpt_ok" $1 $2 $3
R$* < @ $* @@ $=w . > $* $: $1 < @ $3 > $4 R$* < @ $* @@ $=w . > $* $: $1 < @ $3 > $4
R$* < @ $* @@ $* > $* $: $1 < @ $2 > $4') R$* < @ $* @@ $* > $* $: $1 < @ $2 > $4')
ifdef(`_BLACKLIST_RCPT_',`dnl ifdef(`_BLOCKLIST_RCPT_',`dnl
ifdef(`_ACCESS_TABLE_', `dnl ifdef(`_ACCESS_TABLE_', `dnl
# blacklist local users or any host from receiving mail # blocklist local users or any host from receiving mail
R$* $: <?> $1 R$* $: <?> $1
dnl user is now tagged with @ to be consistent with check_mail dnl user is now tagged with @ to be consistent with check_mail
dnl and to distinguish users from hosts (com would be host, com@ would be user) dnl and to distinguish users from hosts (com would be host, com@ would be user)
@ -2143,7 +2155,7 @@ R<QUARANTINE:$+> $* $#error $@ quarantine $: $1
dnl error tag dnl error tag
R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4 R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
R<ERROR:$+> $* $#error $: $1 R<ERROR:$+> $* $#error $: $1
ifdef(`_ATMPF_', `R<_ATMPF_> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') ifdef(`_ATMPF_', `R<_ATMPF_> $* $#error $@ 4.3.0 $: _TMPFMSG_(`ROK1')', `dnl')
dnl generic error from access map dnl generic error from access map
R<$+> $* $#error $: $1 error from access db R<$+> $* $#error $: $1 error from access db
R@ $* $1 remove mark', `dnl')', `dnl') R@ $* $1 remove mark', `dnl')', `dnl')
@ -2198,7 +2210,7 @@ R$+ < @ $+ > $| $* $: <$3> <$1 <@ $2>>',
ifdef(`_ACCESS_TABLE_', `dnl ifdef(`_ACCESS_TABLE_', `dnl
dnl workspace: <Result-of-lookup | ?> <localpart<@domain>> dnl workspace: <Result-of-lookup | ?> <localpart<@domain>>
R<RELAY> $* $@ RELAY R<RELAY> $* $@ RELAY
ifdef(`_ATMPF_', `R<$* _ATMPF_> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') ifdef(`_ATMPF_', `R<$* _ATMPF_> $* $#TEMP $@ 4.3.0 $: _TMPFMSG_(`ROK2')', `dnl')
R<$*> <$*> $: $2',`dnl') R<$*> <$*> $: $2',`dnl')
@ -2268,7 +2280,7 @@ dnl Connect:My.Host.Domain RELAY
dnl Connect:My.Net REJECT dnl Connect:My.Net REJECT
dnl since in check_relay client_name is checked before client_addr dnl since in check_relay client_name is checked before client_addr
R<REJECT> $* $@ REJECT rejected IP address') R<REJECT> $* $@ REJECT rejected IP address')
ifdef(`_ATMPF_', `R<_ATMPF_> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') ifdef(`_ATMPF_', `R<_ATMPF_> $* $#TEMP $@ 4.3.0 $: _TMPFMSG_(`YOK1')', `dnl')
R<$*> <$*> $: $2', `dnl') R<$*> <$*> $: $2', `dnl')
R$* $: [ $1 ] put brackets around it... R$* $: [ $1 ] put brackets around it...
R$=w $@ RELAY ... and see if it is local R$=w $@ RELAY ... and see if it is local
@ -2287,7 +2299,7 @@ R<?> $+ < @ $=w > $@ RELAY FROM local', `dnl')
ifdef(`_RELAY_DB_FROM_', `dnl ifdef(`_RELAY_DB_FROM_', `dnl
R<?> $+ < @ $+ > $: <@> $>SearchList <! From> $| <F:$1@$2> ifdef(`_RELAY_DB_FROM_DOMAIN_', ifdef(`_RELAY_HOSTS_ONLY_', `<E:$2>', `<D:$2>')) <> R<?> $+ < @ $+ > $: <@> $>SearchList <! From> $| <F:$1@$2> ifdef(`_RELAY_DB_FROM_DOMAIN_', ifdef(`_RELAY_HOSTS_ONLY_', `<E:$2>', `<D:$2>')) <>
R<@> <RELAY> $@ RELAY RELAY FROM sender ok R<@> <RELAY> $@ RELAY RELAY FROM sender ok
ifdef(`_ATMPF_', `R<@> <_ATMPF_> $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') ifdef(`_ATMPF_', `R<@> <_ATMPF_> $#TEMP $@ 4.3.0 $: _TMPFMSG_(`YOK2')', `dnl')
', `dnl ', `dnl
ifdef(`_RELAY_DB_FROM_DOMAIN_', ifdef(`_RELAY_DB_FROM_DOMAIN_',
`errprint(`*** ERROR: _RELAY_DB_FROM_DOMAIN_ requires _RELAY_DB_FROM_ `errprint(`*** ERROR: _RELAY_DB_FROM_DOMAIN_ requires _RELAY_DB_FROM_
@ -2331,7 +2343,7 @@ ifdef(`_ACCESS_TABLE_', `dnl
R<?> $* $: $>D <$1> <?> <+ Connect> <$1>',`dnl')') R<?> $* $: $>D <$1> <?> <+ Connect> <$1>',`dnl')')
ifdef(`_ACCESS_TABLE_', `dnl ifdef(`_ACCESS_TABLE_', `dnl
R<RELAY> $* $@ RELAY R<RELAY> $* $@ RELAY
ifdef(`_ATMPF_', `R<$* _ATMPF_> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') ifdef(`_ATMPF_', `R<$* _ATMPF_> $* $#TEMP $@ 4.3.0 $: _TMPFMSG_(`YOK3')', `dnl')
R<$*> <$*> $: $2',`dnl') R<$*> <$*> $: $2',`dnl')
dnl end of _PROMISCUOUS_RELAY_ dnl end of _PROMISCUOUS_RELAY_
divert(0) divert(0)
@ -2384,7 +2396,7 @@ ifdef(`_ACCESS_TABLE_', `',
`errprint(`*** ERROR: FEATURE(`delay_checks', `argument') requires FEATURE(`access_db') `errprint(`*** ERROR: FEATURE(`delay_checks', `argument') requires FEATURE(`access_db')
')')dnl ')')dnl
dnl one of the next two rules is supposed to match dnl one of the next two rules is supposed to match
dnl this code has been copied from BLACKLIST... etc dnl this code has been copied from BLOCKLIST... etc
dnl and simplified by omitting some < >. dnl and simplified by omitting some < >.
R<?> $+ < @ $=w > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 > <U: $1@> R<?> $+ < @ $=w > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 > <U: $1@>
R<?> $+ < @ $* > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 > R<?> $+ < @ $* > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 >
@ -2688,7 +2700,7 @@ R<?>$* $: $>A <$&{server_addr}> <?> <! TLS_TRY_TAG> <>
R<?>$* $: <$(access TLS_TRY_TAG`'_TAG_DELIM_ $: ? $)> R<?>$* $: <$(access TLS_TRY_TAG`'_TAG_DELIM_ $: ? $)>
R<?>$* $@ OK R<?>$* $@ OK
ifdef(`_ATMPF_', `dnl tempfail? ifdef(`_ATMPF_', `dnl tempfail?
R<$* _ATMPF_>$* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') R<$* _ATMPF_>$* $#error $@ 4.3.0 $: _TMPFMSG_(`TT')', `dnl')
R<NO>$* $#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]"') R<NO>$* $#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]"')
###################################################################### ######################################################################
@ -2721,7 +2733,7 @@ R$* $| $+ $: $1 $| $>SearchList <! TLS_RCPT_TAG> $| $2 <>
dnl found nothing: stop here dnl found nothing: stop here
R$* $| <?> $@ OK R$* $| <?> $@ OK
ifdef(`_ATMPF_', `dnl tempfail? ifdef(`_ATMPF_', `dnl tempfail?
R$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') R$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: _TMPFMSG_(`TR')', `dnl')
dnl use the generic routine (for now) dnl use the generic routine (for now)
R$* $| <$+> $@ $>"TLS_connection" $&{verify} $| <$2>') R$* $| <$+> $@ $>"TLS_connection" $&{verify} $| <$2>')
@ -2751,7 +2763,7 @@ R$* $| <?>$* $: $1 $| $>A <$&{client_addr}> <?> <! TLS_CLT_TAG> <>
dnl do a default lookup: just TLS_CLT_TAG dnl do a default lookup: just TLS_CLT_TAG
R$* $| <?>$* $: $1 $| <$(access TLS_CLT_TAG`'_TAG_DELIM_ $: ? $)> R$* $| <?>$* $: $1 $| <$(access TLS_CLT_TAG`'_TAG_DELIM_ $: ? $)>
ifdef(`_ATMPF_', `dnl tempfail? ifdef(`_ATMPF_', `dnl tempfail?
R$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') R$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: _TMPFMSG_(`TC')', `dnl')
R$* $@ $>"TLS_connection" $1', `dnl R$* $@ $>"TLS_connection" $1', `dnl
R$* $| $* $@ $>"TLS_connection" $1') R$* $| $* $@ $>"TLS_connection" $1')
@ -2769,6 +2781,8 @@ ifdef(`_LOCAL_TLS_SERVER_', `dnl
R$* $: $1 $| $>"Local_tls_server" $1 R$* $: $1 $| $>"Local_tls_server" $1
R$* $| $#$* $#$2 R$* $| $#$* $#$2
R$* $| $* $: $1', `dnl') R$* $| $* $: $1', `dnl')
ifdef(`_TLS_FAILURES_',`dnl
R$* $: $(macro {saved_verify} $@ $1 $) $1')
ifdef(`_ACCESS_TABLE_', `dnl ifdef(`_ACCESS_TABLE_', `dnl
dnl store name of other side dnl store name of other side
R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1 R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
@ -2777,7 +2791,7 @@ R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! TLS_SRV_TAG> <>
dnl do a default lookup: just TLS_SRV_TAG dnl do a default lookup: just TLS_SRV_TAG
R$* $| <?>$* $: $1 $| <$(access TLS_SRV_TAG`'_TAG_DELIM_ $: ? $)> R$* $| <?>$* $: $1 $| <$(access TLS_SRV_TAG`'_TAG_DELIM_ $: ? $)>
ifdef(`_ATMPF_', `dnl tempfail? ifdef(`_ATMPF_', `dnl tempfail?
R$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') R$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: _TMPFMSG_(`TS')', `dnl')
R$* $@ $>"TLS_connection" $1', `dnl R$* $@ $>"TLS_connection" $1', `dnl
R$* $@ $>"TLS_connection" $1') R$* $@ $>"TLS_connection" $1')
@ -2798,6 +2812,7 @@ STLS_connection
ifdef(`_ACCESS_TABLE_', `dnl', `dnl use default error ifdef(`_ACCESS_TABLE_', `dnl', `dnl use default error
dnl deal with TLS handshake failures: abort dnl deal with TLS handshake failures: abort
RSOFTWARE $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') TLS handshake." RSOFTWARE $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') TLS handshake."
RDANE_FAIL $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') DANE check failed."
divert(-1)') divert(-1)')
dnl common ruleset for tls_{client|server} dnl common ruleset for tls_{client|server}
dnl input: ${verify} $| <ResultOfLookup> [<>] dnl input: ${verify} $| <ResultOfLookup> [<>]
@ -2813,14 +2828,19 @@ R$* $| <$={Tls} $*> $: $1 $| <ifdef(`TLS_PERM_ERR', `503:5.7.0', `403:4.7.0')>
dnl workspace: ${verify} $| [<SMTP:ESC>] <ResultOfLookup> dnl workspace: ${verify} $| [<SMTP:ESC>] <ResultOfLookup>
# deal with TLS handshake failures: abort # deal with TLS handshake failures: abort
RSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed." RSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed."
dnl no <reply:dns> i.e. not requirements in the access map dnl no <reply:dns> i.e. no requirements in the access map
dnl use default error dnl use default error
RSOFTWARE $| $* $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') TLS handshake failed." RSOFTWARE $| $* $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') TLS handshake failed."
# deal with TLS protocol errors: abort # deal with TLS protocol errors: abort
RPROTOCOL $| <$-:$+> $* $#error $@ $2 $: $1 " STARTTLS failed." RPROTOCOL $| <$-:$+> $* $#error $@ $2 $: $1 " STARTTLS failed."
dnl no <reply:dns> i.e. not requirements in the access map dnl no <reply:dns> i.e. no requirements in the access map
dnl use default error dnl use default error
RPROTOCOL $| $* $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') STARTTLS failed." RPROTOCOL $| $* $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') STARTTLS failed."
# deal with DANE errors: abort
RDANE_FAIL $| <$-:$+> $* $#error $@ $2 $: $1 " DANE check failed."
dnl no <reply:dns> i.e. no requirements in the access map
dnl use default error
RDANE_FAIL $| $* $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') DANE check failed."
R$* $| <$*> <VERIFY> $: <$2> <VERIFY> <> $1 R$* $| <$*> <VERIFY> $: <$2> <VERIFY> <> $1
dnl separate optional requirements dnl separate optional requirements
R$* $| <$*> <VERIFY + $+> $: <$2> <VERIFY> <$3> $1 R$* $| <$*> <VERIFY + $+> $: <$2> <VERIFY> <$3> $1
@ -2834,16 +2854,16 @@ R$* $| $* $@ OK
# other side did authenticate (via STARTTLS) # other side did authenticate (via STARTTLS)
dnl workspace: <SMTP:ESC> <{VERIFY,ENCR}[:BITS]> <[extensions]> ${verify} dnl workspace: <SMTP:ESC> <{VERIFY,ENCR}[:BITS]> <[extensions]> ${verify}
dnl only verification required and it succeeded dnl only verification required and it succeeded
R<$*><VERIFY> <> OK $@ OK R<$*><VERIFY> <> $={TlsVerified} $@ OK
dnl verification required and it succeeded but extensions are given dnl verification required and it succeeded but extensions are given
dnl change it to <SMTP:ESC> <REQ:0> <extensions> dnl change it to <SMTP:ESC> <REQ:0> <extensions>
R<$*><VERIFY> <$+> OK $: <$1> <REQ:0> <$2> R<$*><VERIFY> <$+> $={TlsVerified} $: <$1> <REQ:0> <$2>
dnl verification required + some level of encryption dnl verification required + some level of encryption
R<$*><VERIFY:$-> <$*> OK $: <$1> <REQ:$2> <$3> R<$*><VERIFY:$-> <$*> $={TlsVerified} $: <$1> <REQ:$2> <$3>
dnl just some level of encryption required dnl just some level of encryption required
R<$*><ENCR:$-> <$*> $* $: <$1> <REQ:$2> <$3> R<$*><ENCR:$-> <$*> $* $: <$1> <REQ:$2> <$3>
dnl workspace: dnl workspace:
dnl 1. <SMTP:ESC> <VERIFY [:bits]> <[extensions]> {verify} (!= OK) dnl 1. <SMTP:ESC> <VERIFY [:bits]> <[extensions]> {verify} (!~ $={TlsVerified})
dnl 2. <SMTP:ESC> <REQ:bits> <[extensions]> dnl 2. <SMTP:ESC> <REQ:bits> <[extensions]>
dnl verification required but ${verify} is not set (case 1.) dnl verification required but ${verify} is not set (case 1.)
R<$-:$+><VERIFY $*> <$*> $#error $@ $2 $: $1 " authentication required" R<$-:$+><VERIFY $*> <$*> $#error $@ $2 $: $1 " authentication required"
@ -2851,6 +2871,7 @@ R<$-:$+><VERIFY $*> <$*> FAIL $#error $@ $2 $: $1 " authentication failed"
R<$-:$+><VERIFY $*> <$*> NO $#error $@ $2 $: $1 " not authenticated" R<$-:$+><VERIFY $*> <$*> NO $#error $@ $2 $: $1 " not authenticated"
R<$-:$+><VERIFY $*> <$*> NOT $#error $@ $2 $: $1 " no authentication requested" R<$-:$+><VERIFY $*> <$*> NOT $#error $@ $2 $: $1 " no authentication requested"
R<$-:$+><VERIFY $*> <$*> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS" R<$-:$+><VERIFY $*> <$*> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS"
R<$-:$+><VERIFY $*> <$*> CLEAR $#error $@ $2 $: $1 " STARTTLS disabled locally"
dnl some other value for ${verify} dnl some other value for ${verify}
R<$-:$+><VERIFY $*> <$*> $+ $#error $@ $2 $: $1 " authentication failure " $4 R<$-:$+><VERIFY $*> <$*> $+ $#error $@ $2 $: $1 " authentication failure " $4
dnl some level of encryption required: get the maximum level (case 2.) dnl some level of encryption required: get the maximum level (case 2.)
@ -2884,7 +2905,6 @@ R<$-:$+> $+ $@ $>"TLS_req" $3 $| <$1:$2>
dnl further requirements for this ruleset: dnl further requirements for this ruleset:
dnl name of "other side" is stored is {TLS_name} (client/server_name) dnl name of "other side" is stored is {TLS_name} (client/server_name)
dnl dnl
dnl currently only CN[:common_name] is implemented
dnl right now this is only a logical AND dnl right now this is only a logical AND
dnl i.e. all requirements must be true dnl i.e. all requirements must be true
dnl how about an OR? CN must be X or CN must be Y or .. dnl how about an OR? CN must be X or CN must be Y or ..
@ -2896,6 +2916,11 @@ dnl no additional requirements: ok
R $| $+ $@ OK R $| $+ $@ OK
dnl require CN: but no CN specified: use name of other side dnl require CN: but no CN specified: use name of other side
R<CN> $* $| <$+> $: <CN:$&{TLS_Name}> $1 $| <$2> R<CN> $* $| <$+> $: <CN:$&{TLS_Name}> $1 $| <$2>
ifdef(`_FFR_TLS_ALTNAMES', `dnl
R<CN:$={cert_altnames}> $* $| <$+> $@ $>"TLS_req" $2 $| <$3>
R<CN:$-.$+> $* $| <$+> $: <CN:*.$2> $3 $| <$4>
R<CN:$={cert_altnames}> $* $| <$+> $@ $>"TLS_req" $3 $| <$3>
R<CN:$*> $* $| <$+> $: <CN:$&{TLS_Name}> $2 $| <$3>', `dnl')
dnl match, check rest dnl match, check rest
R<CN:$&{cn_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2> R<CN:$&{cn_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
dnl CN does not match dnl CN does not match
@ -2911,6 +2936,10 @@ R<CI:$&{cert_issuer}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
dnl CI does not match dnl CI does not match
dnl 1 2 3 4 dnl 1 2 3 4
R<CI:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Issuer " $&{cert_issuer} " does not match " $1 R<CI:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Issuer " $&{cert_issuer} " does not match " $1
dnl
R<CITag:$-> $* $| <$+> $: <$(access $1:$&{cert_issuer} $: ? $)> $2 $| <$3>
R<?> $* $| <$-:$+> $#error $@ $3 $: $2 " Cert Issuer " $&{cert_issuer} " not acceptable"
R<OK> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
dnl return from recursive call dnl return from recursive call
ROK $@ OK ROK $@ OK
@ -2970,7 +2999,7 @@ dnl if it returns SUBJECT we perform a similar check on the
dnl cert subject. dnl cert subject.
ifdef(`_ACCESS_TABLE_', `dnl ifdef(`_ACCESS_TABLE_', `dnl
R$* $: <?> $&{verify} R$* $: <?> $&{verify}
R<?> OK $: OK authenticated: continue R<?> $={TlsVerified} $: OK authenticated: continue
R<?> $* $@ NO not authenticated R<?> $* $@ NO not authenticated
ifdef(`_CERT_REGEX_ISSUER_', `dnl ifdef(`_CERT_REGEX_ISSUER_', `dnl
R$* $: $(CERTIssuer $&{cert_issuer} $)', R$* $: $(CERTIssuer $&{cert_issuer} $)',
@ -3029,7 +3058,7 @@ R$+ $: $>SearchList <! ClientRate> $| $1 <>
dnl found nothing: stop here dnl found nothing: stop here
R<?> $@ OK R<?> $@ OK
ifdef(`_ATMPF_', `dnl tempfail? ifdef(`_ATMPF_', `dnl tempfail?
R<$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') R<$* _ATMPF_> $#error $@ 4.3.0 $: _TMPFMSG_(`RC')', `dnl')
dnl use the generic routine (for now) dnl use the generic routine (for now)
R<0> $@ OK no limit R<0> $@ OK no limit
R<$+> $: <$1> $| $(arith l $@ $1 $@ $&{client_rate} $) R<$+> $: <$1> $| $(arith l $@ $1 $@ $&{client_rate} $)
@ -3051,7 +3080,7 @@ R$+ $: $>SearchList <! ClientConn> $| $1 <>
dnl found nothing: stop here dnl found nothing: stop here
R<?> $@ OK R<?> $@ OK
ifdef(`_ATMPF_', `dnl tempfail? ifdef(`_ATMPF_', `dnl tempfail?
R<$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl') R<$* _ATMPF_> $#error $@ 4.3.0 $: _TMPFMSG_(`CC')', `dnl')
dnl use the generic routine (for now) dnl use the generic routine (for now)
R<0> $@ OK no limit R<0> $@ OK no limit
R<$+> $: <$1> $| $(arith l $@ $1 $@ $&{client_connections} $) R<$+> $: <$1> $| $(arith l $@ $1 $@ $&{client_connections} $)

View File

@ -1,6 +1,6 @@
divert(-1) divert(-1)
# #
# Copyright (c) 1998-2015 Proofpoint, Inc. and its suppliers. # Copyright (c) 1998-2016 Proofpoint, Inc. and its suppliers.
# All rights reserved. # All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved. # Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993 # Copyright (c) 1988, 1993
@ -15,4 +15,4 @@ VERSIONID(`$Id: version.m4,v 8.237 2014-01-27 12:55:17 ca Exp $')
# #
divert(0) divert(0)
# Configuration version number # Configuration version number
DZ8.15.2`'ifdef(`confCF_VERSION', `/confCF_VERSION') DZ8.16.1`'ifdef(`confCF_VERSION', `/confCF_VERSION')

View File

@ -23,5 +23,5 @@ ifdef(`LOCAL_SHELL_PATH',, `define(`LOCAL_SHELL_PATH', /usr/bin/sh)')dnl
ifdef(`UUCP_MAILER_ARGS',, `define(`UUCP_MAILER_ARGS', `uux - -r -a$g -gC $h!rmail ($u)')')dnl ifdef(`UUCP_MAILER_ARGS',, `define(`UUCP_MAILER_ARGS', `uux - -r -a$g -gC $h!rmail ($u)')')dnl
define(`confTIME_ZONE', `USE_TZ')dnl define(`confTIME_ZONE', `USE_TZ')dnl
dnl dnl
dnl For maximum compability with HP-UX, use: dnl For maximum compatibility with HP-UX, use:
dnl define(`confME_TOO', True)dnl dnl define(`confME_TOO', True)dnl

View File

@ -23,5 +23,5 @@ ifdef(`UUCP_MAILER_ARGS',, `define(`UUCP_MAILER_ARGS', `uux - -r -a$g -gC $h!rma
define(`confTIME_ZONE', `USE_TZ')dnl define(`confTIME_ZONE', `USE_TZ')dnl
define(`confEBINDIR', `/usr/lib')dnl define(`confEBINDIR', `/usr/lib')dnl
dnl dnl
dnl For maximum compability with HP-UX, use: dnl For maximum compatibility with HP-UX, use:
dnl define(`confME_TOO', True)dnl dnl define(`confME_TOO', True)dnl

View File

@ -1,6 +1,7 @@
#!/usr/bin/perl -w #!/usr/bin/perl -w
#
# $Id: cidrexpand,v 8.8 2006-08-07 17:18:37 ca Exp $ # usage:
# cidrexpand < /etc/mail/access | makemap -r hash /etc/mail/access
# #
# v 0.4 # v 0.4
# #
@ -28,7 +29,7 @@
# Added clarification in the notes for what to do if you have # Added clarification in the notes for what to do if you have
# exceptions to a larger CIDR block. # exceptions to a larger CIDR block.
# #
# 26 Jul 2006 Richard Rognlie (richard@sendmail.com> # 26 Jul 2006 Richard Rognlie (richard@sendmail.com)
# Added code to strip "comments" (anything after a non-escaped #) # Added code to strip "comments" (anything after a non-escaped #)
# # characters after a \ or within quotes (single and double) are # # characters after a \ or within quotes (single and double) are
# left intact. # left intact.
@ -39,37 +40,66 @@
# From:1.2.3.4 550 Die spammer # From:1.2.3.4 550 Die spammer
# #
# 3 August 2006 # 3 August 2006
#
# Corrected a bug to have it handle the special case of "0.0.0.0/0" # Corrected a bug to have it handle the special case of "0.0.0.0/0"
# since Net::CIDR doesn't handle it properly. # since Net::CIDR doesn't handle it properly.
# #
# usage: # 27 April 2016
# cidrexpand < /etc/mail/access | makemap -r hash /etc/mail/access # Corrected IPv6 handling. Note that UseCompressedIPv6Addresses must
# be turned off for this to work; there are three reasons for this:
# 1) if the MTA uses compressed IPv6 addresses then CIDR 'cuts'
# in the compressed range *cannot* be matched, as the MTA simply
# won't look for them. E.g., there's no way to accurately
# match "IPv6:fe80::/64" when for the address "IPv6:fe80::54ad"
# the MTA doesn't lookup up "IPv6:fe80:0:0:0"
# 2) cidrexpand only generates uncompressed addresses, so CIDR
# 'cuts' to the right of the compressed range won't be matched
# either. Why doesn't it generate compressed address output?
# Oh, because:
# 3) compressed addresses are ambiguous when colon-groups are
# chopped off! You want an access map entry for
# IPv6:fe80::0:5420
# but not for
# IPv6:fe80::5420:1234
# ? Sorry, the former is really
# IPv6:fe80::5420
# which will also match the latter!
# #
# 25 July 2016
# Since cidrexpand already requires UseCompressedIPv6Addresses to be
# turned off, it can also canonicalize non-CIDR IPv6 addresses to the
# format that sendmail looks up, expanding compressed addresses and
# trimming superfluous leading zeros.
# #
# Report bugs to: <dredd@megacity.org> # Report bugs to: <dredd@megacity.org>
# #
use strict; use strict;
use Net::CIDR; use Net::CIDR qw(cidr2octets cidrvalidate);
use Getopt::Std; use Getopt::Std;
our ($opt_c,$opt_t); sub print_expanded_v4network;
getopts('ct:'); sub print_expanded_v6network;
my $spaceregex = '\s+'; our %opts;
if ($opt_t) getopts('ct:', \%opts);
{
$spaceregex = $opt_t; # Delimiter between the key and value
} my $space_re = exists $opts{t} ? $opts{t} : '\s+';
# Regexp that matches IPv4 address literals
my $ipv4_re = qr"(?:\d+\.){3}\d+";
# Regexp that matches IPv6 address literals, plus a lot more.
# Further checks are required for verifying that it's really one
my $ipv6_re = qr"[0-9A-Fa-f:]{2,39}(?:\.\d+\.\d+\.\d+)?";
while (<>) while (<>)
{ {
chomp; chomp;
my ($prefix,$left,$right,$space); my ($prefix, $network, $len, $right);
if ( (/\#/) && $opt_c ) if ( (/\#/) && $opts{c} )
{ {
# print "checking...\n"; # print "checking...\n";
my $i; my $i;
@ -98,41 +128,54 @@ while (<>)
} }
} }
if (! /^(|\S\S*:)(\d+\.){3}\d+\/\d\d?$spaceregex.*/ ) if (($prefix, $network, $len, $right) =
m!^(|\S+:)(${ipv4_re})/(\d+)(${space_re}.*)$!)
{ {
print "$_\n"; print_expanded_v4network($network, $len, $prefix, $right);
}
elsif ((($prefix, $network, $len, $right) =
m!^((?:\S+:)?[Ii][Pp][Vv]6:)(${ipv6_re})(?:/(\d+))?(${space_re}.*)$!) &&
(!defined($len) || $len <= 128) &&
defined(cidrvalidate($network)))
{
print_expanded_v6network($network, $len // 128, $prefix, $right);
} }
else else
{ {
($prefix,$left,$space,$right) = print "$_\n";
/^(|\S\S*:)((?:\d+\.){3}\d+\/\d\d?)($spaceregex)(.*)$/;
my @new_lefts = expand_network($left);
foreach my $nl (@new_lefts)
{
print "$prefix$nl$space$right\n";
}
} }
} }
sub expand_network sub print_expanded_v4network
{ {
my $left_input = shift; my ($network, $len, $prefix, $suffix) = @_;
my @rc = ($left_input);
my ($network,$mask) = split /\//, $left_input;
if (defined $mask)
{
return (0..255) if $mask == 0;
my @parts = split /\./, $network; # cidr2octets() doesn't handle a prefix-length of zero, so do
while ($#parts < 3) # that ourselves
{ foreach my $nl ($len == 0 ? (0..255) : cidr2octets("$network/$len"))
push @parts, "0"; {
} print "$prefix$nl$suffix\n";
my $clean_input = join '.', @parts; }
$clean_input .= "/$mask"; }
my @octets = Net::CIDR::cidr2octets($clean_input);
@rc = @octets; sub print_expanded_v6network
{
my ($network, $len, $prefix, $suffix) = @_;
# cidr2octets() doesn't handle a prefix-length of zero, so do
# that ourselves. Easiest is to just recurse on bottom and top
# halves with a length of 1
if ($len == 0) {
print_expanded_v6network("::", 1, $prefix, $suffix);
print_expanded_v6network("8000::", 1, $prefix, $suffix);
}
else
{
foreach my $nl (cidr2octets("$network/$len"))
{
# trim leading zeros from each group
$nl =~ s/(^|:)0+(?=[^:])/$1/g;
print "$prefix$nl$suffix\n";
}
} }
return @rc;
} }

View File

@ -24,7 +24,7 @@ dnl ## email. A tempfail-message value of `t' temporarily rejects
dnl ## with a default message. Otherwise the value should be your dnl ## with a default message. Otherwise the value should be your
dnl ## own message. The keytag is used to lookup the access map to dnl ## own message. The keytag is used to lookup the access map to
dnl ## further refine the result. I recommend a qualified keytag dnl ## further refine the result. I recommend a qualified keytag
dnl ## (containing a ".") as less likely to accidently conflict with dnl ## (containing a ".") as less likely to accidentally conflict with
dnl ## other access tags. dnl ## other access tags.
dnl ## dnl ##
dnl ## This is best illustrated with an example. Please do not use dnl ## This is best illustrated with an example. Please do not use
@ -66,7 +66,7 @@ ifdef(`_ACCESS_TABLE_', `dnl',
ifdef(`_EDNSBL_R_',`dnl',`dnl ifdef(`_EDNSBL_R_',`dnl',`dnl
define(`_EDNSBL_R_', `1')dnl ## prevent multiple redefines of the map. define(`_EDNSBL_R_', `1')dnl ## prevent multiple redefines of the map.
LOCAL_CONFIG LOCAL_CONFIG
# map for enhanced DNS based blacklist lookups # map for enhanced DNS based blocklist lookups
Kednsbl dns -R A -a. -T<TMP> -r`'ifdef(`EDNSBL_TO',`EDNSBL_TO',`5') Kednsbl dns -R A -a. -T<TMP> -r`'ifdef(`EDNSBL_TO',`EDNSBL_TO',`5')
') ')
divert(-1) divert(-1)

View File

@ -945,7 +945,7 @@ sub mxredirect
return undef; return undef;
} }
# follow mx records, return a hostname # follow mx records, return a hostname
# also follow temporary redirections comming from &domainify and # also follow temporary redirections coming from &domainify and
# &mxlookup # &mxlookup
sub mx sub mx
{ {

View File

@ -268,7 +268,7 @@ sed 's/^X//' << 'SHAR_EOF' > 'libs/date.pl' &&
;# Fixed a couple of problems with &ls as pointed out by ;# Fixed a couple of problems with &ls as pointed out by
;# Thomas Richter (richter@ki1.chemie.fu-berlin.de), thanks Thomas! ;# Thomas Richter (richter@ki1.chemie.fu-berlin.de), thanks Thomas!
;# Also added a couple of SunOS 4.1.1 strftime-ish formats, %i and %k ;# Also added a couple of SunOS 4.1.1 strftime-ish formats, %i and %k
;# for space padded hours (` 1' to `12' and ` 0' to `23' respectivly), ;# for space padded hours (` 1' to `12' and ` 0' to `23' respectively),
;# and %C for locale long date/time format. Changed &ampmH to take a ;# and %C for locale long date/time format. Changed &ampmH to take a
;# pad char parameter to make to evaled code for %i and %k simpler. ;# pad char parameter to make to evaled code for %i and %k simpler.
;# Added %E for suffixed day-of-month (ie 1st, 3rd, 4th etc). ;# Added %E for suffixed day-of-month (ie 1st, 3rd, 4th etc).
@ -398,7 +398,7 @@ X
X # watch out in 2070... X # watch out in 2070...
X $year += ($year < 70) ? 2000 : 1900; X $year += ($year < 70) ? 2000 : 1900;
X X
X # now loop throught the supplied format looking for tags... X # now loop through the supplied format looking for tags...
X while (($pos = index ($format, '%')) != -1) { X while (($pos = index ($format, '%')) != -1) {
X X
X # grab the format tag X # grab the format tag
@ -471,7 +471,7 @@ sub ls {
X return ((&gettime ($TZ, time))[5] == @_[0]) ? "%R" : " %Y"; X return ((&gettime ($TZ, time))[5] == @_[0]) ? "%R" : " %Y";
} }
X X
# pad - pad $in with leading $pad until lenght $len # pad - pad $in with leading $pad until length $len
sub pad { sub pad {
X local ($in, $len, $pad) = @_; X local ($in, $len, $pad) = @_;
X local ($out) = "$in"; X local ($out) = "$in";
@ -661,7 +661,7 @@ X
;# otherwise, $Status will be 0 and $Error_Msg will contain an error message. ;# otherwise, $Status will be 0 and $Error_Msg will contain an error message.
;# ;#
;# If $Use_Sendmail is 1 then sendmail is used to send the message. Normally ;# If $Use_Sendmail is 1 then sendmail is used to send the message. Normally
;# a mailer such as Mail is used. By specifiying this you can include ;# a mailer such as Mail is used. By specifying this you can include
;# headers in addition to text in either $Message or $Message_Is_File. ;# headers in addition to text in either $Message or $Message_Is_File.
;# If either $Message or $Message_Is_File contain a Subject: header then ;# If either $Message or $Message_Is_File contain a Subject: header then
;# $Subject is ignored; otherwise, a Subject: header is automatically created. ;# $Subject is ignored; otherwise, a Subject: header is automatically created.
@ -1026,15 +1026,15 @@ X
;# ;#
;# Does not care about order of switches, options, and arguments like ;# Does not care about order of switches, options, and arguments like
;# getopts.pl. Thus all non-switches/options will be kept in ARGV even if they ;# getopts.pl. Thus all non-switches/options will be kept in ARGV even if they
;# are not at the end. If $Pass_Invalid is set all unkown options will be ;# are not at the end. If $Pass_Invalid is set all unknown options will be
;# passed back to the caller by keeping them in @ARGV. This is useful when ;# passed back to the caller by keeping them in @ARGV. This is useful when
;# parsing a command line for your script while ignoring options that you ;# parsing a command line for your script while ignoring options that you
;# may pass to another script. If this is set New_Getopts tries to maintain ;# may pass to another script. If this is set New_Getopts tries to maintain
;# the switch clustering on the unkown switches. ;# the switch clustering on the unknown switches.
;# ;#
;# Accepts the special argument -usage to print the Usage string. Also accepts ;# Accepts the special argument -usage to print the Usage string. Also accepts
;# the special option -version which prints the contents of the string ;# the special option -version which prints the contents of the string
;# $VERSION. $VERSION may or may not have an embeded \n in it. If -usage ;# $VERSION. $VERSION may or may not have an embedded \n in it. If -usage
;# or -version are specified a status of -1 is returned. Note that the usage ;# or -version are specified a status of -1 is returned. Note that the usage
;# option is only accepted if the usage string is not null. ;# option is only accepted if the usage string is not null.
;# ;#
@ -1048,8 +1048,8 @@ X
;# $Switch_To_Order {"v"} = 1; ;# $Switch_To_Order {"v"} = 1;
;# $Switch_To_Order {"x"} = 2; ;# $Switch_To_Order {"x"} = 2;
;# ;#
;# Note that in the case of multiple occurances of an option $Switch_To_Order ;# Note that in the case of multiple occurrences of an option $Switch_To_Order
;# will store each occurance of the argument via a string that emulates ;# will store each occurrence of the argument via a string that emulates
;# an array. This is done by using join ($;, ...). You can retrieve the ;# an array. This is done by using join ($;, ...). You can retrieve the
;# array by using split (/$;/, ...). ;# array by using split (/$;/, ...).
;# ;#
@ -1062,7 +1062,7 @@ X
;# Another exciting ;-) feature that newgetopts has. Along with creating the ;# Another exciting ;-) feature that newgetopts has. Along with creating the
;# normal $opt_ scalars for the last value of an argument the list @opt_ is ;# normal $opt_ scalars for the last value of an argument the list @opt_ is
;# created. It is an array which contains all the values of arguments to the ;# created. It is an array which contains all the values of arguments to the
;# basename of the variable. They are stored in the order which they occured ;# basename of the variable. They are stored in the order which they occurred
;# on the command line starting with $[. Note that blank arguments are stored ;# on the command line starting with $[. Note that blank arguments are stored
;# as "". Along with providing support for multiple options on the command ;# as "". Along with providing support for multiple options on the command
;# line this also provides a method of counting the number of times an option ;# line this also provides a method of counting the number of times an option
@ -1293,8 +1293,8 @@ X
;# All other lines will be indented to match the amount of whitespace of ;# All other lines will be indented to match the amount of whitespace of
;# $Offset. ;# $Offset.
;# ;#
;# + If $Bullet_Indent is $TRUE $Offset will only be applied to the begining ;# + If $Bullet_Indent is $TRUE $Offset will only be applied to the beginning
;# of lines as they occured in the original $String. Lines that are created ;# of lines as they occurred in the original $String. Lines that are created
;# by this routine will always be indented by blank spaces. ;# by this routine will always be indented by blank spaces.
;# ;#
;# + If $Columns is 0 no word-wrap is done. This might be useful to still ;# + If $Columns is 0 no word-wrap is done. This might be useful to still
@ -1306,7 +1306,7 @@ X
;# + If $Offset_Blank is $TRUE then empty lines will have $Offset pre-pended ;# + If $Offset_Blank is $TRUE then empty lines will have $Offset pre-pended
;# to them. Otherwise, they will still empty. ;# to them. Otherwise, they will still empty.
;# ;#
;# This is a realy workhorse routine that I use in many places because of its ;# This is a really workhorse routine that I use in many places because of its
;# veratility. ;# veratility.
;# ;#
;# Arguments: ;# Arguments:
@ -1668,7 +1668,7 @@ sed 's/^X//' << 'SHAR_EOF' > 'man/postclip.1' &&
of the message. This keeps bounced mail private and helps to avoid disk space problems. \*(mp tries its best to keep as much of the header trail as possible. of the message. This keeps bounced mail private and helps to avoid disk space problems. \*(mp tries its best to keep as much of the header trail as possible.
Hopefully only the original body of the message will be filtered. Only messages Hopefully only the original body of the message will be filtered. Only messages
that have a subject that begins with 'Returned mail:' are filtered. This that have a subject that begins with 'Returned mail:' are filtered. This
ensures that other mail is not accidently mucked with. Finally, note that ensures that other mail is not accidentally mucked with. Finally, note that
\fBsendmail\fR is used to deliver the message after it has been (possibly) \fBsendmail\fR is used to deliver the message after it has been (possibly)
filtered. All of the original headers will remain intact. filtered. All of the original headers will remain intact.
.sp 1 .sp 1

View File

@ -90,10 +90,9 @@ Proofpoint, Inc.
.de Ve .de Ve
Version \\$2 Version \\$2
.. ..
.Ve $Revision: 8.759 $
.rm Ve .rm Ve
.sp .sp
For Sendmail Version 8.15 For Sendmail Version 8.16
.)l .)l
.(f .(f
Sendmail is a trademark of Proofpoint, Inc. Sendmail is a trademark of Proofpoint, Inc.
@ -149,8 +148,9 @@ RFC 2554 (SMTP Service Extension for Authentication),
RFC 2821 (Simple Mail Transfer Protocol), RFC 2821 (Simple Mail Transfer Protocol),
RFC 2822 (Internet Message Format), RFC 2822 (Internet Message Format),
RFC 2852 (Deliver By SMTP Service Extension), RFC 2852 (Deliver By SMTP Service Extension),
RFC 2920 (SMTP Service Extension for Command Pipelining),
and and
RFC 2920 (SMTP Service Extension for Command Pipelining). RFC 7505 (A "Null MX" No Service Resource Record for Domains That Accept No Mail).
However, since However, since
.i sendmail .i sendmail
is designed to work in a wider world, is designed to work in a wider world,
@ -309,9 +309,8 @@ program; for details see
.sh 3 "Creating a Site Configuration File" .sh 3 "Creating a Site Configuration File"
.\"XXX .\"XXX
.pp .pp
(This section is not yet complete. See sendmail/README for various compilation flags that can be set,
For now, see the file devtools/README for details.) and devtools/README for details how to set them.
See sendmail/README for various compilation flags that can be set.
.sh 3 "Tweaking the Makefile" .sh 3 "Tweaking the Makefile"
.pp .pp
.\" .b "XXX This should all be in the Site Configuration File section." .\" .b "XXX This should all be in the Site Configuration File section."
@ -323,6 +322,8 @@ notably the
database. database.
At least one of these should be defined if at all possible. At least one of these should be defined if at all possible.
.nr ii 1i .nr ii 1i
.ip CDB
Constant DataBase (tinycdb).
.ip NDBM .ip NDBM
The ``new DBM'' format, The ``new DBM'' format,
available on nearly all systems around today. available on nearly all systems around today.
@ -1224,7 +1225,9 @@ A recipient address is mapped to a queue group as follows.
First, if there is a ruleset called ``queuegroup'', First, if there is a ruleset called ``queuegroup'',
and if this ruleset maps the address to a queue group name, and if this ruleset maps the address to a queue group name,
then that queue group is chosen. then that queue group is chosen.
That is, the argument for the ruleset is the recipient address That is, the argument for the ruleset is
the recipient address
(i.e., the address part of the resolved triple)
and the result should be and the result should be
.b $# .b $#
followed by the name of a queue group. followed by the name of a queue group.
@ -1282,7 +1285,7 @@ In case one of the queue runners tries delivery to a slow recipient site
at the end of a queue run, the next queue run may be substantially delayed. at the end of a queue run, the next queue run may be substantially delayed.
In general this should be smoothed out due to the distribution of In general this should be smoothed out due to the distribution of
those slow jobs, however, for sites with small number of those slow jobs, however, for sites with small number of
queue entries this might introduce noticable delays. queue entries this might introduce noticeable delays.
In general, persistent queue runners are only useful for In general, persistent queue runners are only useful for
sites with big queues. sites with big queues.
.sh 3 "Manual Intervention" .sh 3 "Manual Intervention"
@ -2908,7 +2911,7 @@ Therefore it is necessary to run the client mail queue periodically.
.pp .pp
.i Sendmail .i Sendmail
has several parameters to control resource usage. has several parameters to control resource usage.
Besides those mentionted in the previous section, there are at least Besides those mentioned in the previous section, there are at least
.b MaxDaemonChildren , .b MaxDaemonChildren ,
.b ConnectionRateThrottle , .b ConnectionRateThrottle ,
.b MaxQueueChildren , .b MaxQueueChildren ,
@ -3038,8 +3041,9 @@ should not be used by the SMTP server.
.pp .pp
The level of logging can be set for The level of logging can be set for
.i sendmail . .i sendmail .
The default using a standard configuration table is level 9. The default using a standard configuration is level 9.
The levels are as follows: The levels are approximately as follows
(some log types are using different level depending on various factors):
.nr ii 0.5i .nr ii 0.5i
.ip 0 .ip 0
Minimal logging. Minimal logging.
@ -3078,7 +3082,7 @@ questionable situations.
.ip 14 .ip 14
Logs refused connections. Logs refused connections.
.ip 15 .ip 15
Log all incoming and outgoing SMTP commands. Log all incoming SMTP commands.
.ip 20 .ip 20
Logs attempts to run locked queue files. Logs attempts to run locked queue files.
These are not errors, These are not errors,
@ -3280,7 +3284,7 @@ Accept group-writable
.i \&.forward .i \&.forward
files as safe for program and file delivery. files as safe for program and file delivery.
.ip GroupWritableIncludeFile .ip GroupWritableIncludeFile
Allow group wriable Allow group writable
.i :include: .i :include:
files. files.
.ip GroupWritableIncludeFileSafe .ip GroupWritableIncludeFileSafe
@ -3355,7 +3359,7 @@ Allow world writable
.i \&.forward .i \&.forward
files. files.
.ip WorldWritableIncludefile .ip WorldWritableIncludefile
Allow world wriable Allow world writable
.i :include: .i :include:
files. files.
.ip WriteMapToHardLink .ip WriteMapToHardLink
@ -3932,7 +3936,7 @@ The complete syntax for ruleset 0 is:
.)b .)b
This specifies the This specifies the
{mailer, host, user} {mailer, host, user}
3-tuple necessary to direct the mailer. 3-tuple (triple) necessary to direct the mailer.
Note: the third element ( Note: the third element (
.i user .i user
) is often also called ) is often also called
@ -3964,9 +3968,11 @@ If the
is the built-in IPC mailer, is the built-in IPC mailer,
the the
.i host .i host
may be a colon-separated list of hosts may be a colon (or comma) separated list of hosts.
that are searched in order for the first working address Each is separately MX expanded and the results are concatenated
(exactly like MX records). to make (essentially) one long MX list.
Hosts separated by a comma have the same MX preference,
and for each colon separated host the MX preference is increased.
The The
.i user .i user
is later rewritten by the mailer-specific envelope rewriting set is later rewritten by the mailer-specific envelope rewriting set
@ -4148,7 +4154,7 @@ macro
for use in the argv expansion of the specified mailer. for use in the argv expansion of the specified mailer.
Notice: since the envelope sender address will be used if Notice: since the envelope sender address will be used if
a delivery status notification must be send, a delivery status notification must be send,
i.e., is may specify a recipient, i.e., it may specify a recipient,
it is also run through ruleset zero. it is also run through ruleset zero.
If ruleset zero returns a temporary error If ruleset zero returns a temporary error
.b 4xy .b 4xy
@ -4515,7 +4521,7 @@ for details, as well as
and note this warning: and note this warning:
Options already set before are not cleared! Options already set before are not cleared!
.ip CipherList .ip CipherList
Specify cipher list for STARTTLS, Specify cipher list for STARTTLS (does not apply to TLSv1.3),
see see
.i ciphers (1) .i ciphers (1)
for possible values. for possible values.
@ -4526,6 +4532,28 @@ for the session.
File containing a certificate. File containing a certificate.
.ip KeyFile .ip KeyFile
File containing the private key for the certificate. File containing the private key for the certificate.
.ip Flags
Currently the only valid flags are
.br
.i R
to require a CRL for each encountered certificate during verification
(by default a missing CRL is ignored),
.br
.i c
and
.i C
which basically clears/sets the option
.i TLSFallbacktoClear
for just this session, respectively,
.br
.i d
to turn off DANE which is obviously only valid for
.i tls_clt_features
and requires DANE to be compiled in.
This might be needed in case of a misconfiguration,
e.g.,
specifying invalid TLSA RRs.
.br
.lp .lp
.lp .lp
Example: Example:
@ -4550,9 +4578,6 @@ and
.i KeyFile .i KeyFile
must be specified together; must be specified together;
specifying only one is an error. specifying only one is an error.
.pp
These rulesets require the sendmail binary to be built with _FFR_TLS_SE_OPTS
enabled (see the "For Future Release" section).
.sh 4 "authinfo" .sh 4 "authinfo"
.pp .pp
The The
@ -4589,9 +4614,9 @@ is ignored (even if the ruleset does not return a ``useful'' result).
The The
.i queuegroup .i queuegroup
ruleset is used to map a recipient address to a queue group name. ruleset is used to map a recipient address to a queue group name.
The input for the ruleset is a recipient address as specified by the The input for the ruleset is
.sm "SMTP RCPT" the recipient address
command. (i.e., the address part of the resolved triple)
The ruleset should return The ruleset should return
.b $# .b $#
followed by the name of a queue group. followed by the name of a queue group.
@ -4615,7 +4640,7 @@ pause.
If the return value starts with anything else or is not a number, If the return value starts with anything else or is not a number,
it is silently ignored. it is silently ignored.
Note: this ruleset is not invoked (and hence the feature is disabled) Note: this ruleset is not invoked (and hence the feature is disabled)
when the smtps (SMTP over SSL) is used, i.e., when smtps (SMTP over SSL) is used, i.e.,
the the
.i s .i s
modifier is set for the daemon via modifier is set for the daemon via
@ -4651,9 +4676,11 @@ to an IP host address.
.pp .pp
The host name passed in after the The host name passed in after the
.q $@ .q $@
may also be a colon-separated list of hosts. may also be a colon or comma separated list of hosts.
Each is separately MX expanded and the results are concatenated Each is separately MX expanded and the results are concatenated
to make (essentially) one long MX list. to make (essentially) one long MX list.
Hosts separated by a comma have the same MX preference,
and for each colon separated host the MX preference is increased.
The intent here is to create The intent here is to create
.q fake .q fake
MX records that are not published in DNS MX records that are not published in DNS
@ -5224,7 +5251,7 @@ The output of the
function, i.e., the number of seconds since 0 hours, 0 minutes, function, i.e., the number of seconds since 0 hours, 0 minutes,
0 seconds, January 1, 1970, Coordinated Universal Time (UTC). 0 seconds, January 1, 1970, Coordinated Universal Time (UTC).
.ip ${tls_version} .ip ${tls_version}
The TLS/SSL version used for the connection, e.g., TLSv1, SSLv3, SSLv2; The TLS/SSL version used for the connection, e.g., TLSv1.2, TLSv1;
defined after STARTTLS has been used. defined after STARTTLS has been used.
.ip ${total_rate} .ip ${total_rate}
The total number of incoming connections over the time interval specified The total number of incoming connections over the time interval specified
@ -5241,6 +5268,7 @@ NOT no cert requested.
FAIL cert presented but could not be verified, FAIL cert presented but could not be verified,
e.g., the signing CA is missing. e.g., the signing CA is missing.
NONE STARTTLS has not been performed. NONE STARTTLS has not been performed.
CLEAR STARTTLS has been disabled internally for a clear text delivery attempt.
TEMP temporary error occurred. TEMP temporary error occurred.
PROTOCOL some protocol error occurred PROTOCOL some protocol error occurred
at the ESMTP level (not TLS). at the ESMTP level (not TLS).
@ -5859,7 +5887,7 @@ Do User Database rewriting on recipients as well as senders.
Normally when Normally when
.i sendmail .i sendmail
connects to a host via SMTP, connects to a host via SMTP,
it checks to make sure that this isn't accidently the same host name it checks to make sure that this isn't accidentally the same host name
as might happen if as might happen if
.i sendmail .i sendmail
is misconfigured or if a long-haul network interface is set in loopback mode. is misconfigured or if a long-haul network interface is set in loopback mode.
@ -5893,7 +5921,7 @@ macro occurs in the
part of the mailer definition, part of the mailer definition,
that field will be repeated as necessary that field will be repeated as necessary
for all qualifying users. for all qualifying users.
Removing this flag can defeat duplicate supression on a remote site Removing this flag can defeat duplicate suppression on a remote site
as each recipient is sent in a separate transaction. as each recipient is sent in a separate transaction.
.ip M\(dg .ip M\(dg
This mailer wants a This mailer wants a
@ -6519,6 +6547,10 @@ is specified),
(if (if
.sm NDBM .sm NDBM
is specified), is specified),
.q cdb
(if
.sm CDB
is specified),
.q stab .q stab
(internal symbol table \*- not normally used (internal symbol table \*- not normally used
unless you have no other database lookup), unless you have no other database lookup),
@ -6647,7 +6679,7 @@ see section about STARTTLS for more information.
Specify the fingerprint algorithm (digest) to use for the presented cert. Specify the fingerprint algorithm (digest) to use for the presented cert.
If the option is not set, If the option is not set,
md5 is used and the macro md5 is used and the macro
.p ${cert_md5} .b ${cert_md5}
contains the cert fingerprint. contains the cert fingerprint.
If the option is explicitly set, If the option is explicitly set,
the specified algorithm (e.g., sha1) is used the specified algorithm (e.g., sha1) is used
@ -6655,7 +6687,7 @@ and the macro
.b ${cert_fp} .b ${cert_fp}
contains the cert fingerprint. contains the cert fingerprint.
.ip CipherList .ip CipherList
Specify cipher list for STARTTLS. Specify cipher list for STARTTLS (does not apply to TLSv1.3).
See See
.i ciphers (1) .i ciphers (1)
for possible values. for possible values.
@ -6756,7 +6788,7 @@ By default,
.i -SSL_OP_TLSEXT_PADDING .i -SSL_OP_TLSEXT_PADDING
are used are used
(if those options are available). (if those options are available).
Options can be cleared by preceeding them with a minus sign. Options can be cleared by preceding them with a minus sign.
It is also possible to specify numerical values, e.g., It is also possible to specify numerical values, e.g.,
.b -0x0010 . .b -0x0010 .
.ip ColonOkInAddr .ip ColonOkInAddr
@ -6851,9 +6883,18 @@ Solaris and pre-4.4BSD kernel users should see the note in sendmail/README .
[no short name] [no short name]
Name of file that contains certificate Name of file that contains certificate
revocation status, useful for X.509v3 authentication. revocation status, useful for X.509v3 authentication.
CRL checking requires at least OpenSSL version 0.9.7.
Note: if a CRLFile is specified but the file is unusable, Note: if a CRLFile is specified but the file is unusable,
STARTTLS is disabled. STARTTLS is disabled.
.ip CRLPath=\fIname\fP
[no short name]
Name of directory that contains hashes pointing to
certificate revocation status files.
Symbolic links can be generated with the following
two (Bourne) shell commands:
.(b
C=FileName_of_CRL
ln -s $C `openssl crl -noout -hash < $C`.r0
.)b
.ip DHParameters .ip DHParameters
This option applies to the server side only. This option applies to the server side only.
Possible values are: Possible values are:
@ -6948,7 +6989,7 @@ can be a sequence (without any delimiters)
of the following characters: of the following characters:
.(b .(b
.ta 1i .ta 1i
a always require authentication a always require AUTH
b bind to interface through which mail has been received b bind to interface through which mail has been received
c perform hostname canonification (.cf) c perform hostname canonification (.cf)
f require fully qualified hostname (.cf) f require fully qualified hostname (.cf)
@ -6961,7 +7002,7 @@ O optional; if opening the socket fails ignore it
S don't offer STARTTLS S don't offer STARTTLS
.)b .)b
That is, one way to specify a message submission agent (MSA) that That is, one way to specify a message submission agent (MSA) that
always requires authentication is: always requires AUTH is:
.(b .(b
O DaemonPortOptions=Name=MSA, Port=587, M=Ea O DaemonPortOptions=Name=MSA, Port=587, M=Ea
.)b .)b
@ -7000,7 +7041,7 @@ This will also override possible settings via
Note, Note,
.i sendmail .i sendmail
will listen on a new socket will listen on a new socket
for each occurence of the for each occurrence of the
.b DaemonPortOptions .b DaemonPortOptions
option in a configuration file. option in a configuration file.
The modifier ``O'' causes sendmail to ignore a socket The modifier ``O'' causes sendmail to ignore a socket
@ -7296,6 +7337,18 @@ are:
.\"8BITMIME\(->7BIT conversions are done. .\"8BITMIME\(->7BIT conversions are done.
In all cases properly declared 8BITMIME data will be converted to 7BIT In all cases properly declared 8BITMIME data will be converted to 7BIT
as needed. as needed.
.p
Note: if an automatic conversion is performed, a header with
the following format will be added:
.(b
X-MIME-Autoconverted: from OLD to NEW by $j id $i
.)b
where
.\" format?
OLD
and
NEW
describe the original format and the converted format, respectively.
.ip ErrorHeader=\fIfile-or-message\fP .ip ErrorHeader=\fIfile-or-message\fP
[E] [E]
Prepend error messages with the indicated message. Prepend error messages with the indicated message.
@ -7393,6 +7446,10 @@ and then in
.ip HeloName=\fIname\fP .ip HeloName=\fIname\fP
[no short name] [no short name]
Set the name to be used for HELO/EHLO (instead of $j). Set the name to be used for HELO/EHLO (instead of $j).
.ip HelpFile=\fIfile\fP
[H]
Specify the help file for SMTP.
If no file name is specified, "helpfile" is used.
.ip HoldExpensive .ip HoldExpensive
[c] [c]
If an outgoing mailer is marked as being expensive, If an outgoing mailer is marked as being expensive,
@ -7520,9 +7577,10 @@ If not set, there is no limit to the number of children --
that is, the system load average controls this. that is, the system load average controls this.
.ip MaxHeadersLength=\fIN\fP .ip MaxHeadersLength=\fIN\fP
[no short name] [no short name]
The maximum length of the sum of all headers. If set to a value greater than zero it specifies
the maximum length of the sum of all headers.
This can be used to prevent a denial of service attack. This can be used to prevent a denial of service attack.
The default is no limit. The default is 32K.
.ip MaxHopCount=\fIN\fP .ip MaxHopCount=\fIN\fP
[h] [h]
The maximum hop count. The maximum hop count.
@ -7706,6 +7764,12 @@ Sets the list of characters that must be quoted if used in a full name
that is in the phrase part of a ``phrase <address>'' syntax. that is in the phrase part of a ``phrase <address>'' syntax.
The default is ``\'.''. The default is ``\'.''.
The characters ``@,;:\e()[]'' are always added to this list. The characters ``@,;:\e()[]'' are always added to this list.
Note: To avoid potential breakage of
DKIM signatures it is useful to set
.(b
O MustQuoteChars=.
.)b
Moreover, relaxed header signing should be used for DKIM signatures.
.ip NiceQueueRun .ip NiceQueueRun
[no short name] [no short name]
The priority of queue runners (nice(3)). The priority of queue runners (nice(3)).
@ -8189,7 +8253,7 @@ By default,
.i -SSL_OP_TLSEXT_PADDING .i -SSL_OP_TLSEXT_PADDING
are used are used
(if those options are available). (if those options are available).
Options can be cleared by preceeding them with a minus sign. Options can be cleared by preceding them with a minus sign.
It is also possible to specify numerical values, e.g., It is also possible to specify numerical values, e.g.,
.b -0x0010 . .b -0x0010 .
.ip ServiceSwitchFile=\fIfilename\fP .ip ServiceSwitchFile=\fIfilename\fP
@ -8301,6 +8365,31 @@ Defaults to
If set, issue temporary errors (4xy) instead of permanent errors (5xy). If set, issue temporary errors (4xy) instead of permanent errors (5xy).
This can be useful during testing of a new configuration to avoid This can be useful during testing of a new configuration to avoid
erroneous bouncing of mails. erroneous bouncing of mails.
.ip SSLEngine
Name of SSL engine to use.
The available values depend on the OpenSSL version against which
.i sendmail
is compiled,
see
.(b
openssl engine -v
.)b
for some information.
.ip SSLEnginePath
Path to dynamic library for SSL engine.
This option is only useful if
.i SSLEngine
is set.
If both are set, the engine will be loaded dynamically at runtime
using the concatenation of the path,
a slash "/",
the string "lib",
the value of
.i SSLEngine ,
and the string ".so".
If only
.i SSLEngine
is set then the static version of the engine is used.
.ip StatusFile=\fIfile\fP .ip StatusFile=\fIfile\fP
[S] [S]
Log summary statistics in the named Log summary statistics in the named
@ -8340,6 +8429,22 @@ PostMilter is useful only when
.i sendmail .i sendmail
is running as an SMTP server; in all other situations it is running as an SMTP server; in all other situations it
acts the same as True. acts the same as True.
.ip TLSFallbacktoClear
[no short name]
If set,
.i sendmail
immediately tries an outbound connection again without STARTTLS
after a TLS handshake failure.
Note:
this applies to all connections even if TLS specific requirements are set
(see rulesets
.i tls_rcpt
and
.i tls_client
).
Hence such requirements will cause an error on a retry without STARTTLS.
Therefore they should only trigger a temporary failure so the connection
is later on tried again.
.ip TLSSrvOptions .ip TLSSrvOptions
[no short name] [no short name]
List of options for SMTP STARTTLS for the server List of options for SMTP STARTTLS for the server
@ -8824,6 +8929,12 @@ $[\fIhostname\fP$]
.)b .)b
.pp .pp
There are many defined classes. There are many defined classes.
.ip cdb
Database lookups using the cdb(3) library.
.i Sendmail
must be compiled with
.b CDB
defined.
.ip dbm .ip dbm
Database lookups using the ndbm(3) library. Database lookups using the ndbm(3) library.
.i Sendmail .i Sendmail
@ -8885,7 +8996,7 @@ only the first value will be returned
unless the unless the
.b \-z .b \-z
(value separator) (value separator)
map flag is set. map option is set.
Also, the Also, the
.b \-1 .b \-1
map flag will treat a multiple value return map flag will treat a multiple value return
@ -8906,14 +9017,11 @@ The format of the text file is defined by the
and and
.b \-z .b \-z
(field delimiter) (field delimiter)
flags. options.
.ip ph .ip ph
PH query map. PH query map.
Contributed and supported by Contributed and supported by
Mark Roth, roth@uiuc.edu. Mark Roth, roth@uiuc.edu.
For more information,
consult the web site
.q http://www-dev.cites.uiuc.edu/sendmail/ .
.ip nsd .ip nsd
nsd map for IRIX 6.5 and later. nsd map for IRIX 6.5 and later.
Contributed and supported by Bob Mende of SGI, Contributed and supported by Bob Mende of SGI,
@ -8922,11 +9030,15 @@ mende@sgi.com.
Internal symbol table lookups. Internal symbol table lookups.
Used internally for aliasing. Used internally for aliasing.
.ip implicit .ip implicit
Really should be called Sequentially try a list of available map types:
.q alias .i hash ,
\(em this is used to get the default lookups .i dbm ,
for alias files, and
and is the default if no class is specified for alias files. .i cdb .
It is the default for alias files if no class is specified.
If is no matching map type is found,
the text version is used for the alias file,
but other maps fail to open.
.ip user .ip user
Looks up users using Looks up users using
.i getpwnam (3). .i getpwnam (3).
@ -8948,15 +9060,24 @@ This can be used to find out if this machine is the target for an MX record,
and mail can be accepted on that basis. and mail can be accepted on that basis.
If the If the
.b \-z .b \-z
flag is given, then all MX names are returned, option is given, then all MX names are returned,
separated by the given delimiter. separated by the given delimiter.
Note: the return value is deterministic,
i.e., even if multiple MX records have the same preference,
they will be returned in the same order.
.ip dns .ip dns
This map requires the option -R to specify the DNS resource record This map requires the option -R to specify the DNS resource record
type to lookup. The following types are supported: type to lookup.
The following types are supported:
A, AAAA, AFSDB, CNAME, MX, NS, PTR, SRV, and TXT. A, AAAA, AFSDB, CNAME, MX, NS, PTR, SRV, and TXT.
A map lookup will return only one record. A map lookup will return only one record
unless the
.b \-z
(value separator)
option is set.
Hence for some types, e.g., MX records, the return value might be a random Hence for some types, e.g., MX records, the return value might be a random
element of the list due to randomizing in the DNS resolver. element of the results due to randomizing in the DNS resolver,
if only one element is returned.
.ip arpa .ip arpa
Returns the ``reverse'' for the given IP (IPv4 or IPv6) address, Returns the ``reverse'' for the given IP (IPv4 or IPv6) address,
i.e., the string for the PTR lookup, i.e., the string for the PTR lookup,
@ -9069,33 +9190,45 @@ if used, it is substituted by the substring matches, delimited by
.b $| .b $|
or the string specified with the the or the string specified with the the
.b \-d .b \-d
flag. The flags available for the map are option.
The options available for the map are
.(b .(b
.ta 4n .ta 4n
-n not -n not
-f case sensitive -f case sensitive
-b basic regular expressions (default is extended) -b basic regular expressions (default is extended)
-s substring match -s substring match
-d set the delimiter used for -s -d set the delimiter string used for -s
-a append string to key -a append string to key
-m match only, do not replace/discard value -m match only, do not replace/discard value
-D perform no lookup in deferred delivery mode. -D perform no lookup in deferred delivery mode.
.)b .)b
The The
.b \-s .b \-s
flag can include an optional parameter which can be used option can include an optional parameter which can be used
to select the substrings in the result of the lookup. For example, to select the substrings in the result of the lookup.
For example,
.(b .(b
-s1,3,4 -s1,3,4
.)b .)b
The delimiter string specified via the
.b \-d
option is the sequence of characters after
.b d
ending at the first space.
Hence it isn't possible to specify a space as delimiter,
so if the option is immediately followed by a space
the delimiter string is empty,
which means the substrings are joined.
Notes: to match a Notes: to match a
.b $ .b $
in a string, in a string,
\\$$ \\$$
must be used. must be used.
If the pattern contains spaces, they must be replaced If the pattern contains spaces,
with the blank substitution character, unless it is they must be replaced with the blank substitution character,
space itself. unless it is space itself.
.ip program .ip program
The arguments on the The arguments on the
.b K .b K
@ -9185,9 +9318,9 @@ and is one of the following upper case words:
.ta 9n .ta 9n
OK the key was found, result contains the looked up value OK the key was found, result contains the looked up value
NOTFOUND the key was not found, the result is empty NOTFOUND the key was not found, the result is empty
TEMP a temporary failure occured TEMP a temporary failure occurred
TIMEOUT a timeout occured on the server side TIMEOUT a timeout occurred on the server side
PERM a permanent failure occured PERM a permanent failure occurred
.)b .)b
In case of errors (status TEMP, TIMEOUT or PERM) the result field may In case of errors (status TEMP, TIMEOUT or PERM) the result field may
@ -9331,7 +9464,7 @@ or
to indicate newline or tab respectively. to indicate newline or tab respectively.
If omitted entirely, If omitted entirely,
the column separator is any sequence of white space. the column separator is any sequence of white space.
For LDAP maps this is the separator character For LDAP and some other maps this is the separator character
to combine multiple values to combine multiple values
into a single return string. into a single return string.
If not set, If not set,
@ -9413,6 +9546,11 @@ timeout: specify the timeout (in seconds) for communication
with the socket map server. with the socket map server.
.pp .pp
The following additional flags are present in the ldap map only: The following additional flags are present in the ldap map only:
.ip "\-c\fItimeout\fP"
Set the LDAP network timeout.
sendmail must be compiled with
.b \-DLDAP_OPT_NETWORK_TIMEOUT
to use this flag.
.ip "\-R" .ip "\-R"
Do not auto chase referrals. sendmail must be compiled with Do not auto chase referrals. sendmail must be compiled with
.b \-DLDAP_REFERRALS .b \-DLDAP_REFERRALS
@ -9480,6 +9618,9 @@ Should be one of
.b LDAP_AUTH_SIMPLE , .b LDAP_AUTH_SIMPLE ,
or or
.b LDAP_AUTH_KRBV4 . .b LDAP_AUTH_KRBV4 .
The leading
.b LDAP_AUTH_
can be omitted and the value is case-insensitive.
.ip "\-P\fIpasswordfile\fP" .ip "\-P\fIpasswordfile\fP"
The file containing the secret key for the The file containing the secret key for the
.b LDAP_AUTH_SIMPLE .b LDAP_AUTH_SIMPLE
@ -9530,8 +9671,9 @@ and the data is located in
.pp .pp
The program The program
.i makemap (8) .i makemap (8)
can be used to build any of the three database-oriented maps. can be used to build database-oriented maps.
It takes the following flags: It takes at least the following flags
(for a complete list see its man page):
.ip \-f .ip \-f
Do not fold upper to lower case in the map. Do not fold upper to lower case in the map.
.ip \-N .ip \-N
@ -9980,8 +10122,10 @@ configuration file.
If set, If set,
the new version of the DBM library the new version of the DBM library
that allows multiple databases will be used. that allows multiple databases will be used.
If neither NDBM nor NEWDB are set, If neither CDB, NDBM, nor NEWDB are set,
a much less efficient method of alias lookup is used. a much less efficient method of alias lookup is used.
.ip CWDB
If set, use the cdb (tinycdb) package.
.ip NEWDB .ip NEWDB
If set, use the new database package from Berkeley (from 4.4BSD). If set, use the new database package from Berkeley (from 4.4BSD).
This package is substantially faster than DBM or NDBM. This package is substantially faster than DBM or NDBM.
@ -10418,7 +10562,7 @@ Addresses in this header should receive error messages.
This header is a Content-Transfer-Encoding header. This header is a Content-Transfer-Encoding header.
.ip H_CTYPE .ip H_CTYPE
This header is a Content-Type header. This header is a Content-Type header.
.ip H_STRIPVAL .ip H_BCC
Strip the value from the header (for Bcc:). Strip the value from the header (for Bcc:).
.nr ii 5n .nr ii 5n
.lp .lp
@ -10440,7 +10584,7 @@ struct hdrinfo HdrInfo[] =
"to", H_RCPT, "to", H_RCPT,
"resent-to", H_RCPT, "resent-to", H_RCPT,
"cc", H_RCPT, "cc", H_RCPT,
"bcc", H_RCPT\^|\^H_STRIPVAL, "bcc", H_RCPT\^|\^H_BCC,
/* message identification and control */ /* message identification and control */
"message", H_EOH, "message", H_EOH,
"text", H_EOH, "text", H_EOH,
@ -10864,7 +11008,7 @@ it is necessary to understand at least some basics about X.509 certificates
and public key cryptography. and public key cryptography.
This information can be found in books about SSL/TLS This information can be found in books about SSL/TLS
or on WWW sites, e.g., or on WWW sites, e.g.,
.q http://www.OpenSSL.org/ . .q https://www.OpenSSL.org/ .
.sh 3 "Certificates for STARTTLS" .sh 3 "Certificates for STARTTLS"
.pp .pp
When acting as a server, When acting as a server,
@ -11003,6 +11147,43 @@ The macros which are subject to this encoding are
{cert_subject}, {cert_issuer}, {cn_subject}, {cn_issuer}, {cert_subject}, {cert_issuer}, {cn_subject}, {cn_issuer},
as well as as well as
{auth_authen} and {auth_author}. {auth_authen} and {auth_author}.
.sh 2 "DANE"
.pp
Initial support for DANE (see RFC 7672 et.al.)
is available if
.i sendmail
is compiled with the option
.b DANE .
Only TLSA RR 3-1-x (DANE-EE) is currently implemented.
The option
.(b
O DANE=true
.)b
enables this feature at run time
and it automatically adds
.b use_dnssec
and
.b use_edns0
to
.(b
O ResolverOptions
.)b
This requires a (preferrably local)
validating DNS resolver which supports those options.
If the client finds a usable TLSA RR and the check
succeeds the macro
.b ${verify}
is set to
.b TRUSTED .
All non-DNS maps are considered
.i secure
just like DNS lookups with DNSSEC.
Be aware that the implementation might not handle all
error conditions as required by the RFCs.
Moreover, TLSA RRs are not looked up for some features,
e.g.,
.i FallBackSmartHost .
.sh 1 "ACKNOWLEDGEMENTS" .sh 1 "ACKNOWLEDGEMENTS"
.pp .pp
I've worked on I've worked on
@ -11243,7 +11424,6 @@ this is equivalent to using \-p.)
.ip \-q\fItime\fP .ip \-q\fItime\fP
Try to process the queued up mail. Try to process the queued up mail.
If the time is given, If the time is given,
a
.i sendmail .i sendmail
will start one or more processes to run through the queue(s) at the specified will start one or more processes to run through the queue(s) at the specified
time interval to deliver queued mail; otherwise, it only runs once. time interval to deliver queued mail; otherwise, it only runs once.
@ -11307,7 +11487,7 @@ together, and items with different key letters
.q and'ed .q and'ed
together. together.
.ip "\-Q[reason]" .ip "\-Q[reason]"
Quarantine a normal queue items with the given reason or Quarantine normal queue items with the given reason or
unquarantine quarantined queue items if no reason is given. unquarantine quarantined queue items if no reason is given.
This should only be used with some sort of item matching using This should only be used with some sort of item matching using
.b \-q[!]\fIXstring\fP .b \-q[!]\fIXstring\fP
@ -11512,11 +11692,10 @@ but is actually realiased when the job is processed.
There will be one line for each recipient. There will be one line for each recipient.
Version 1 qf files Version 1 qf files
also include a leading colon-terminated list of flags, also include a leading colon-terminated list of flags,
which can be some of which are
`S' to return a message on successful final delivery, `S' to return a message on successful final delivery,
`F' to return a message on failure, `F' to return a message on failure,
`D' to return a message if the message is delayed, `D' to return a message if the message is delayed,
`B' to indicate that the body should be returned,
`N' to suppress returning the body, `N' to suppress returning the body,
and and
`P' to declare this as a ``primary'' (command line or SMTP-session) address. `P' to declare this as a ``primary'' (command line or SMTP-session) address.
@ -11727,7 +11906,6 @@ replace it with a blank sheet for double-sided output.
.\".sz 10 .\".sz 10
.\"Eric Allman .\"Eric Allman
.\".sp .\".sp
.\"Version $Revision: 8.759 $
.\".ce 0 .\".ce 0
.bp 3 .bp 3
.ce .ce

View File

@ -8,6 +8,8 @@ all: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@ $(SHELL) $(BUILD) $(OPTIONS) $@
clean: FRC clean: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@ $(SHELL) $(BUILD) $(OPTIONS) $@
check: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
install: FRC install: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@ $(SHELL) $(BUILD) $(OPTIONS) $@

View File

@ -23,19 +23,19 @@ SM_UNUSED(static char copyright[]) =
#ifndef lint #ifndef lint
SM_UNUSED(static char id[]) = "@(#)$Id: editmap.c,v 1.26 2013-11-22 20:51:26 ca Exp $"; SM_UNUSED(static char id[]) = "@(#)$Id: editmap.c,v 1.26 2013-11-22 20:51:26 ca Exp $";
#endif /* ! lint */ #endif
#include <sys/types.h> #include <sys/types.h>
#ifndef ISC_UNIX #ifndef ISC_UNIX
# include <sys/file.h> # include <sys/file.h>
#endif /* ! ISC_UNIX */ #endif
#include <ctype.h> #include <ctype.h>
#include <stdlib.h> #include <stdlib.h>
#include <unistd.h> #include <unistd.h>
#ifdef EX_OK #ifdef EX_OK
# undef EX_OK /* unistd.h may have another use for this */ # undef EX_OK /* unistd.h may have another use for this */
#endif /* EX_OK */ #endif
#include <sysexits.h> #include <sysexits.h>
#include <assert.h> #include <assert.h>
#include <sendmail/sendmail.h> #include <sendmail/sendmail.h>
@ -100,7 +100,7 @@ main(argc, argv)
#if HASFCHOWN #if HASFCHOWN
FILE *cfp; FILE *cfp;
char buf[MAXLINE]; char buf[MAXLINE];
#endif /* HASFCHOWN */ #endif
static char rnamebuf[MAXNAME]; /* holds RealUserName */ static char rnamebuf[MAXNAME]; /* holds RealUserName */
extern char *optarg; extern char *optarg;
extern int optind; extern int optind;

View File

@ -43,11 +43,11 @@
/* Only need to export C interface if used by C++ source code */ /* Only need to export C interface if used by C++ source code */
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif /* __cplusplus */ #endif
#ifndef _SOCK_ADDR #ifndef _SOCK_ADDR
# define _SOCK_ADDR struct sockaddr # define _SOCK_ADDR struct sockaddr
#endif /* ! _SOCK_ADDR */ #endif
/* /*
** libmilter functions return one of the following to indicate ** libmilter functions return one of the following to indicate
@ -58,7 +58,7 @@ extern "C" {
#define MI_FAILURE (-1) #define MI_FAILURE (-1)
#if _FFR_WORKERS_POOL #if _FFR_WORKERS_POOL
# define MI_CONTINUE 1 # define MI_CONTINUE 1
#endif /* _FFR_WORKERS_POOL */ #endif
/* "forward" declarations */ /* "forward" declarations */
typedef struct smfi_str SMFICTX; typedef struct smfi_str SMFICTX;
@ -76,17 +76,17 @@ typedef int sfsistat;
#if defined(__linux__) && defined(__GNUC__) && defined(__cplusplus) && __GNUC_MINOR__ >= 8 #if defined(__linux__) && defined(__GNUC__) && defined(__cplusplus) && __GNUC_MINOR__ >= 8
# define SM__P(X) __PMT(X) # define SM__P(X) __PMT(X)
#else /* __linux__ && __GNUC__ && __cplusplus && _GNUC_MINOR__ >= 8 */ #else
# define SM__P(X) __P(X) # define SM__P(X) __P(X)
#endif /* __linux__ && __GNUC__ && __cplusplus && _GNUC_MINOR__ >= 8 */ #endif
/* Some platforms don't define __P -- do it for them here: */ /* Some platforms don't define __P -- do it for them here: */
#ifndef __P #ifndef __P
# ifdef __STDC__ # ifdef __STDC__
# define __P(X) X # define __P(X) X
# else /* __STDC__ */ # else
# define __P(X) () # define __P(X) ()
# endif /* __STDC__ */ # endif
#endif /* __P */ #endif /* __P */
#if SM_CONF_STDBOOL_H #if SM_CONF_STDBOOL_H
@ -464,7 +464,7 @@ LIBMILTER_API int smfi_chgheader __P((SMFICTX *, char *, int, char *));
** **
** SMFICTX *ctx; Opaque context structure ** SMFICTX *ctx; Opaque context structure
** char *headerf; Header field name ** char *headerf; Header field name
** int index; The Nth occurence of header field name ** int index; The Nth occurrence of header field name
** char *headerv; New header field value (empty for delete header) ** char *headerv; New header field value (empty for delete header)
*/ */
@ -594,10 +594,10 @@ LIBMILTER_API int smfi_setsymlist __P((SMFICTX *, int, char *));
#if _FFR_THREAD_MONITOR #if _FFR_THREAD_MONITOR
LIBMILTER_API int smfi_set_max_exec_time __P((unsigned int)); LIBMILTER_API int smfi_set_max_exec_time __P((unsigned int));
#endif /* _FFR_THREAD_MONITOR */ #endif
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif /* __cplusplus */ #endif
#endif /* ! _LIBMILTER_MFAPI_H */ #endif /* ! _LIBMILTER_MFAPI_H */

View File

@ -19,7 +19,7 @@
#ifndef SMFI_PROT_VERSION #ifndef SMFI_PROT_VERSION
# define SMFI_PROT_VERSION 6 /* MTA - libmilter protocol version */ # define SMFI_PROT_VERSION 6 /* MTA - libmilter protocol version */
#endif /* SMFI_PROT_VERSION */ #endif
/* Shared protocol constants */ /* Shared protocol constants */
#define MILTER_LEN_BYTES 4 /* length of 32 bit integer in bytes */ #define MILTER_LEN_BYTES 4 /* length of 32 bit integer in bytes */
@ -121,6 +121,6 @@
#if _FFR_MILTER_CHECK #if _FFR_MILTER_CHECK
# define SMFIP_TEST 0x80000000L # define SMFIP_TEST 0x80000000L
#endif /* _FFR_MILTER_CHECK */ #endif
#endif /* !_LIBMILTER_MFDEF_H */ #endif /* !_LIBMILTER_MFDEF_H */

View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1999-2002 Proofpoint, Inc. and its suppliers. * Copyright (c) 1999-2002, 2018 Proofpoint, Inc. and its suppliers.
* All rights reserved. * All rights reserved.
* *
* By using this file, you agree to the terms and conditions set * By using this file, you agree to the terms and conditions set
@ -18,13 +18,13 @@
# include <sm/gen.h> # include <sm/gen.h>
# include <sm/errstring.h> # include <sm/errstring.h>
# ifdef NDBM # if NDBM
# include <ndbm.h> # include <ndbm.h>
# endif /* NDBM */ # endif
# ifdef NEWDB # if NEWDB
# include "sm/bdb.h" # include "sm/bdb.h"
# endif /* NEWDB */ # endif
/* /*
** Some size constants ** Some size constants
@ -119,7 +119,6 @@ typedef int (*db_get_func) __P((SMDB_DATABASE *db,
** flags -- put options: ** flags -- put options:
** SMDBF_NO_OVERWRITE - Return an error if key alread ** SMDBF_NO_OVERWRITE - Return an error if key alread
** exists. ** exists.
** SMDBF_ALLOW_DUP - Allow duplicates in btree maps.
** **
** Returns: ** Returns:
** 0 - Success, otherwise errno. ** 0 - Success, otherwise errno.
@ -190,6 +189,7 @@ struct database_struct
db_lockfd_func smdb_lockfd; db_lockfd_func smdb_lockfd;
void *smdb_impl; void *smdb_impl;
}; };
/* /*
** DB_CURSOR_CLOSE -- Close a cursor ** DB_CURSOR_CLOSE -- Close a cursor
** **
@ -244,10 +244,10 @@ typedef int (*db_cursor_get_func) __P((SMDB_CURSOR *cursor,
** Flags for DB_CURSOR_GET ** Flags for DB_CURSOR_GET
*/ */
#define SMDB_CURSOR_GET_FIRST 0 #define SMDB_CURSOR_GET_FIRST 0 /* NOT USED by any application */
#define SMDB_CURSOR_GET_LAST 1 #define SMDB_CURSOR_GET_LAST 1 /* NOT USED by any application */
#define SMDB_CURSOR_GET_NEXT 2 #define SMDB_CURSOR_GET_NEXT 2
#define SMDB_CURSOR_GET_RANGE 3 #define SMDB_CURSOR_GET_RANGE 3 /* NOT USED by any application */
/* /*
** DB_CURSOR_PUT -- Put the key/value at this cursor. ** DB_CURSOR_PUT -- Put the key/value at this cursor.
@ -313,12 +313,34 @@ typedef unsigned int SMDB_FLAG;
# define SMDB_TYPE_DEFAULT NULL # define SMDB_TYPE_DEFAULT NULL
# define SMDB_TYPE_DEFAULT_LEN 0 # define SMDB_TYPE_DEFAULT_LEN 0
# define SMDB_TYPE_IMPL "implicit"
# define SMDB_TYPE_IMPL_LEN 9
# define SMDB_TYPE_HASH "hash" # define SMDB_TYPE_HASH "hash"
# define SMDB_TYPE_HASH_LEN 5 # define SMDB_TYPE_HASH_LEN 5
# define SMDB_TYPE_BTREE "btree" # define SMDB_TYPE_BTREE "btree"
# define SMDB_TYPE_BTREE_LEN 6 # define SMDB_TYPE_BTREE_LEN 6
# define SMDB_TYPE_NDBM "dbm" # define SMDB_TYPE_NDBM "dbm"
# define SMDB_TYPE_NDBM_LEN 4 # define SMDB_TYPE_NDBM_LEN 4
# define SMDB_TYPE_CDB "cdb"
# define SMDB_TYPE_CDB_LEN 4
# define SMDB_IS_TYPE_HASH(type) (strncmp(type, SMDB_TYPE_HASH, SMDB_TYPE_HASH_LEN) == 0)
# define SMDB_IS_TYPE_BTREE(type) (strncmp(type, SMDB_TYPE_BTREE, SMDB_TYPE_BTREE_LEN) == 0)
# define SMDB_IS_TYPE_NDBM(type) (strncmp(type, SMDB_TYPE_NDBM, SMDB_TYPE_NDBM_LEN) == 0)
# define SMDB_IS_TYPE_CDB(type) (strncmp(type, SMDB_TYPE_CDB, SMDB_TYPE_CDB_LEN) == 0)
# define SMDB_IS_TYPE_DEFAULT(t) (((t) == SMDB_TYPE_DEFAULT) \
|| (strncmp(type, SMDB_TYPE_IMPL, SMDB_TYPE_IMPL_LEN) == 0) \
)
# if CDB >= 2
# define SMCDB_FILE_EXTENSION "db"
# else
# define SMCDB_FILE_EXTENSION "cdb"
# endif
# define SMDB1_FILE_EXTENSION "db"
# define SMDB2_FILE_EXTENSION "db"
# define SMNDB_DIR_FILE_EXTENSION "dir"
/* /*
** These are flags ** These are flags
@ -326,26 +348,22 @@ typedef unsigned int SMDB_FLAG;
/* Flags for put */ /* Flags for put */
# define SMDBF_NO_OVERWRITE 0x00000001 # define SMDBF_NO_OVERWRITE 0x00000001
# define SMDBF_ALLOW_DUP 0x00000002
typedef int (smdb_open_func) __P((SMDB_DATABASE **, char *, int, int, long, SMDB_DBTYPE, SMDB_USER_INFO *, SMDB_DBPARAMS *));
extern SMDB_DATABASE *smdb_malloc_database __P((void)); extern SMDB_DATABASE *smdb_malloc_database __P((void));
extern void smdb_free_database __P((SMDB_DATABASE *)); extern void smdb_free_database __P((SMDB_DATABASE *));
extern int smdb_open_database __P((SMDB_DATABASE **, char *, int, extern smdb_open_func smdb_open_database;
int, long, SMDB_DBTYPE, # if NEWDB
SMDB_USER_INFO *, extern smdb_open_func smdb_db_open;
SMDB_DBPARAMS *)); # else
# ifdef NEWDB # define smdb_db_open NULL
extern int smdb_db_open __P((SMDB_DATABASE **, char *, int, int, # endif
long, SMDB_DBTYPE, SMDB_USER_INFO *, # if NDBM
SMDB_DBPARAMS *)); extern smdb_open_func smdb_ndbm_open;
# endif /* NEWDB */ # else
# ifdef NDBM # define smdb_ndbm_open NULL
extern int smdb_ndbm_open __P((SMDB_DATABASE **, char *, int, int, # endif
long, SMDB_DBTYPE,
SMDB_USER_INFO *,
SMDB_DBPARAMS *));
# endif /* NDBM */
extern int smdb_add_extension __P((char *, int, char *, char *)); extern int smdb_add_extension __P((char *, int, char *, char *));
extern int smdb_setup_file __P((char *, char *, int, long, extern int smdb_setup_file __P((char *, char *, int, long,
SMDB_USER_INFO *, struct stat *)); SMDB_USER_INFO *, struct stat *));
@ -353,8 +371,15 @@ extern int smdb_lock_file __P((int *, char *, int, long, char *));
extern int smdb_unlock_file __P((int)); extern int smdb_unlock_file __P((int));
extern int smdb_filechanged __P((char *, char *, int, extern int smdb_filechanged __P((char *, char *, int,
struct stat *)); struct stat *));
extern void smdb_print_available_types __P((void)); extern void smdb_print_available_types __P((bool));
extern bool smdb_is_db_type __P((const char *));
extern char *smdb_db_definition __P((SMDB_DBTYPE)); extern char *smdb_db_definition __P((SMDB_DBTYPE));
extern int smdb_lock_map __P((SMDB_DATABASE *, int)); extern int smdb_lock_map __P((SMDB_DATABASE *, int));
extern int smdb_unlock_map __P((SMDB_DATABASE *)); extern int smdb_unlock_map __P((SMDB_DATABASE *));
# if CDB
extern smdb_open_func smdb_cdb_open;
# else
# define smdb_cdb_open NULL
# endif
#endif /* ! _SMDB_H_ */ #endif /* ! _SMDB_H_ */

View File

@ -19,34 +19,34 @@
# ifndef _PATH_SENDMAILCF # ifndef _PATH_SENDMAILCF
# if defined(USE_VENDOR_CF_PATH) && defined(_PATH_VENDOR_CF) # if defined(USE_VENDOR_CF_PATH) && defined(_PATH_VENDOR_CF)
# define _PATH_SENDMAILCF _PATH_VENDOR_CF # define _PATH_SENDMAILCF _PATH_VENDOR_CF
# else /* defined(USE_VENDOR_CF_PATH) && defined(_PATH_VENDOR_CF) */ # else
# define _PATH_SENDMAILCF "/etc/mail/sendmail.cf" # define _PATH_SENDMAILCF "/etc/mail/sendmail.cf"
# endif /* defined(USE_VENDOR_CF_PATH) && defined(_PATH_VENDOR_CF) */ # endif
# endif /* ! _PATH_SENDMAILCF */ # endif /* ! _PATH_SENDMAILCF */
# ifndef _PATH_SENDMAILPID # ifndef _PATH_SENDMAILPID
# ifdef BSD4_4 # ifdef BSD4_4
# define _PATH_SENDMAILPID "/var/run/sendmail.pid" # define _PATH_SENDMAILPID "/var/run/sendmail.pid"
# else /* BSD4_4 */ # else
# define _PATH_SENDMAILPID "/etc/mail/sendmail.pid" # define _PATH_SENDMAILPID "/etc/mail/sendmail.pid"
# endif /* BSD4_4 */ # endif
# endif /* ! _PATH_SENDMAILPID */ # endif /* ! _PATH_SENDMAILPID */
# ifndef _PATH_SENDMAIL # ifndef _PATH_SENDMAIL
# define _PATH_SENDMAIL "/usr/lib/sendmail" # define _PATH_SENDMAIL "/usr/lib/sendmail"
# endif /* ! _PATH_SENDMAIL */ # endif
# ifndef _PATH_MAILDIR # ifndef _PATH_MAILDIR
# define _PATH_MAILDIR "/var/spool/mail" # define _PATH_MAILDIR "/var/spool/mail"
# endif /* ! _PATH_MAILDIR */ # endif
# ifndef _PATH_LOCTMP # ifndef _PATH_LOCTMP
# define _PATH_LOCTMP "/tmp/local.XXXXXX" # define _PATH_LOCTMP "/tmp/local.XXXXXX"
# endif /* ! _PATH_LOCTMP */ # endif
# ifndef _PATH_HOSTS # ifndef _PATH_HOSTS
# define _PATH_HOSTS "/etc/hosts" # define _PATH_HOSTS "/etc/hosts"
# endif /* ! _PATH_HOSTS */ # endif

View File

@ -29,7 +29,7 @@
**********************************************************************/ **********************************************************************/
#ifndef MAXMAILERS #ifndef MAXMAILERS
# define MAXMAILERS 25 /* maximum mailers known to system */ # define MAXMAILERS 25 /* maximum mailers known to system */
#endif /* ! MAXMAILERS */ #endif
/* /*
** Flags passed to safefile/safedirpath. ** Flags passed to safefile/safedirpath.

View File

@ -47,19 +47,19 @@ sm_abort __P((
# ifndef SM_CHECK_ALL # ifndef SM_CHECK_ALL
# define SM_CHECK_ALL 1 # define SM_CHECK_ALL 1
# endif /* ! SM_CHECK_ALL */ # endif
# ifndef SM_CHECK_REQUIRE # ifndef SM_CHECK_REQUIRE
# define SM_CHECK_REQUIRE SM_CHECK_ALL # define SM_CHECK_REQUIRE SM_CHECK_ALL
# endif /* ! SM_CHECK_REQUIRE */ # endif
# ifndef SM_CHECK_ENSURE # ifndef SM_CHECK_ENSURE
# define SM_CHECK_ENSURE SM_CHECK_ALL # define SM_CHECK_ENSURE SM_CHECK_ALL
# endif /* ! SM_CHECK_ENSURE */ # endif
# ifndef SM_CHECK_ASSERT # ifndef SM_CHECK_ASSERT
# define SM_CHECK_ASSERT SM_CHECK_ALL # define SM_CHECK_ASSERT SM_CHECK_ALL
# endif /* ! SM_CHECK_ASSERT */ # endif
# if SM_CHECK_REQUIRE # if SM_CHECK_REQUIRE
# if defined(__STDC__) || defined(__cplusplus) # if defined(__STDC__) || defined(__cplusplus)

View File

@ -17,7 +17,7 @@
# include <db.h> # include <db.h>
# ifndef DB_VERSION_MAJOR # ifndef DB_VERSION_MAJOR
# define DB_VERSION_MAJOR 1 # define DB_VERSION_MAJOR 1
# endif /* ! DB_VERSION_MAJOR */ # endif
# if (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1) || DB_VERSION_MAJOR >= 5 # if (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1) || DB_VERSION_MAJOR >= 5

View File

@ -6,7 +6,7 @@
* forth in the LICENSE file which can be found at the top level of * forth in the LICENSE file which can be found at the top level of
* the sendmail distribution. * the sendmail distribution.
* *
* $Id: cdefs.h,v 1.17 2013-11-22 20:51:31 ca Exp $ * $Id: cdefs.h,v 1.17 2013/11/22 20:51:31 ca Exp $
*/ */
/* /*
@ -27,7 +27,7 @@
# if SM_CONF_SYS_CDEFS_H # if SM_CONF_SYS_CDEFS_H
# include <sys/cdefs.h> # include <sys/cdefs.h>
# endif /* SM_CONF_SYS_CDEFS_H */ # endif
/* /*
** Define the standard C language portability macros ** Define the standard C language portability macros
@ -86,9 +86,9 @@
# if __GNUC__ >= 2 # if __GNUC__ >= 2
# if __GNUC__ == 2 && __GNUC_MINOR__ < 7 # if __GNUC__ == 2 && __GNUC_MINOR__ < 7
# define SM_UNUSED(decl) decl # define SM_UNUSED(decl) decl
# else /* __GNUC__ == 2 && __GNUC_MINOR__ < 7 */ # else
# define SM_UNUSED(decl) decl __attribute__((__unused__)) # define SM_UNUSED(decl) decl __attribute__((__unused__))
# endif /* __GNUC__ == 2 && __GNUC_MINOR__ < 7 */ # endif
# else /* __GNUC__ >= 2 */ # else /* __GNUC__ >= 2 */
# define SM_UNUSED(decl) decl # define SM_UNUSED(decl) decl
# endif /* __GNUC__ >= 2 */ # endif /* __GNUC__ >= 2 */
@ -112,9 +112,9 @@
# ifdef SM_OMIT_BOGUS_WARNINGS # ifdef SM_OMIT_BOGUS_WARNINGS
# define SM_NONVOLATILE volatile # define SM_NONVOLATILE volatile
# else /* SM_OMIT_BOGUS_WARNINGS */ # else
# define SM_NONVOLATILE # define SM_NONVOLATILE
# endif /* SM_OMIT_BOGUS_WARNINGS */ # endif
/* /*
** Turn on format string argument checking. ** Turn on format string argument checking.
@ -131,17 +131,17 @@
# ifndef PRINTFLIKE # ifndef PRINTFLIKE
# if SM_CONF_FORMAT_TEST # if SM_CONF_FORMAT_TEST
# define PRINTFLIKE(x,y) __attribute__ ((__format__ (__printf__, x, y))) # define PRINTFLIKE(x,y) __attribute__ ((__format__ (__printf__, x, y)))
# else /* SM_CONF_FORMAT_TEST */ # else
# define PRINTFLIKE(x,y) # define PRINTFLIKE(x,y)
# endif /* SM_CONF_FORMAT_TEST */ # endif
# endif /* ! PRINTFLIKE */ # endif /* ! PRINTFLIKE */
# ifndef SCANFLIKE # ifndef SCANFLIKE
# if SM_CONF_FORMAT_TEST # if SM_CONF_FORMAT_TEST
# define SCANFLIKE(x,y) __attribute__ ((__format__ (__scanf__, x, y))) # define SCANFLIKE(x,y) __attribute__ ((__format__ (__scanf__, x, y)))
# else /* SM_CONF_FORMAT_TEST */ # else
# define SCANFLIKE(x,y) # define SCANFLIKE(x,y)
# endif /* SM_CONF_FORMAT_TEST */ # endif
# endif /* ! SCANFLIKE */ # endif /* ! SCANFLIKE */
#endif /* ! SM_CDEFS_H */ #endif /* ! SM_CDEFS_H */

View File

@ -22,7 +22,7 @@
# include <sm/signal.h> # include <sm/signal.h>
# if SM_CONF_SETITIMER # if SM_CONF_SETITIMER
# include <sys/time.h> # include <sys/time.h>
# endif /* SM_CONF_SETITIMER */ # endif
/* /*
** STRUCT SM_EVENT -- event queue. ** STRUCT SM_EVENT -- event queue.
@ -37,9 +37,9 @@ struct sm_event
{ {
# if SM_CONF_SETITIMER # if SM_CONF_SETITIMER
struct timeval ev_time; /* time of the call (microseconds) */ struct timeval ev_time; /* time of the call (microseconds) */
# else /* SM_CONF_SETITIMER */ # else
time_t ev_time; /* time of the call (seconds) */ time_t ev_time; /* time of the call (seconds) */
# endif /* SM_CONF_SETITIMER */ # endif
void (*ev_func)__P((int)); void (*ev_func)__P((int));
/* function to call */ /* function to call */
int ev_arg; /* argument to ev_func */ int ev_arg; /* argument to ev_func */

File diff suppressed because it is too large Load Diff

View File

@ -31,9 +31,9 @@
# ifndef SM_CONF_STDBOOL_H # ifndef SM_CONF_STDBOOL_H
# if !defined(__clang__) && defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L # if !defined(__clang__) && defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L
# define SM_CONF_STDBOOL_H 1 # define SM_CONF_STDBOOL_H 1
# else /* !defined(__clang__) && defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L */ # else
# define SM_CONF_STDBOOL_H 0 # define SM_CONF_STDBOOL_H 0
# endif /* !defined(__clang__) && defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L */ # endif
# endif /* ! SM_CONF_STDBOOL_H */ # endif /* ! SM_CONF_STDBOOL_H */
/* /*
@ -42,7 +42,7 @@
# ifndef SM_CONF_SYS_CDEFS_H # ifndef SM_CONF_SYS_CDEFS_H
# define SM_CONF_SYS_CDEFS_H 0 # define SM_CONF_SYS_CDEFS_H 0
# endif /* ! SM_CONF_SYS_CDEFS_H */ # endif
/* /*
** SM_CONF_STDDEF_H is 1 if <stddef.h> exists ** SM_CONF_STDDEF_H is 1 if <stddef.h> exists
@ -50,7 +50,7 @@
# ifndef SM_CONF_STDDEF_H # ifndef SM_CONF_STDDEF_H
# define SM_CONF_STDDEF_H 1 # define SM_CONF_STDDEF_H 1
# endif /* ! SM_CONF_STDDEF_H */ # endif
/* /*
** Configuration macro that specifies whether strlcpy/strlcat are available. ** Configuration macro that specifies whether strlcpy/strlcat are available.
@ -60,7 +60,7 @@
# ifndef SM_CONF_STRL # ifndef SM_CONF_STRL
# define SM_CONF_STRL 0 # define SM_CONF_STRL 0
# endif /* ! SM_CONF_STRL */ # endif
/* /*
** Configuration macro indicating that setitimer is available ** Configuration macro indicating that setitimer is available
@ -68,7 +68,7 @@
# ifndef SM_CONF_SETITIMER # ifndef SM_CONF_SETITIMER
# define SM_CONF_SETITIMER 1 # define SM_CONF_SETITIMER 1
# endif /* ! SM_CONF_SETITIMER */ # endif
/* /*
** Does <sys/types.h> define uid_t and gid_t? ** Does <sys/types.h> define uid_t and gid_t?
@ -76,14 +76,14 @@
# ifndef SM_CONF_UID_GID # ifndef SM_CONF_UID_GID
# define SM_CONF_UID_GID 1 # define SM_CONF_UID_GID 1
# endif /* ! SM_CONF_UID_GID */ # endif
/* /*
** Does <sys/types.h> define ssize_t? ** Does <sys/types.h> define ssize_t?
*/ */
# ifndef SM_CONF_SSIZE_T # ifndef SM_CONF_SSIZE_T
# define SM_CONF_SSIZE_T 1 # define SM_CONF_SSIZE_T 1
# endif /* ! SM_CONF_SSIZE_T */ # endif
/* /*
** Does the C compiler support long long? ** Does the C compiler support long long?
@ -95,9 +95,9 @@
# else /* defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L */ # else /* defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L */
# if defined(__GNUC__) # if defined(__GNUC__)
# define SM_CONF_LONGLONG 1 # define SM_CONF_LONGLONG 1
# else /* defined(__GNUC__) */ # else
# define SM_CONF_LONGLONG 0 # define SM_CONF_LONGLONG 0
# endif /* defined(__GNUC__) */ # endif
# endif /* defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L */ # endif /* defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L */
# endif /* ! SM_CONF_LONGLONG */ # endif /* ! SM_CONF_LONGLONG */
@ -108,7 +108,7 @@
# ifndef SM_CONF_QUAD_T # ifndef SM_CONF_QUAD_T
# define SM_CONF_QUAD_T 0 # define SM_CONF_QUAD_T 0
# endif /* ! SM_CONF_QUAD_T */ # endif
/* /*
** Configuration macro indicating that shared memory is available ** Configuration macro indicating that shared memory is available
@ -116,7 +116,7 @@
# ifndef SM_CONF_SHM # ifndef SM_CONF_SHM
# define SM_CONF_SHM 0 # define SM_CONF_SHM 0
# endif /* ! SM_CONF_SHM */ # endif
/* /*
** Does <setjmp.h> define sigsetjmp? ** Does <setjmp.h> define sigsetjmp?
@ -124,7 +124,7 @@
# ifndef SM_CONF_SIGSETJMP # ifndef SM_CONF_SIGSETJMP
# define SM_CONF_SIGSETJMP 1 # define SM_CONF_SIGSETJMP 1
# endif /* ! SM_CONF_SIGSETJMP */ # endif
/* /*
** Does <sysexits.h> exist, and define the EX_* macros with values ** Does <sysexits.h> exist, and define the EX_* macros with values
@ -133,17 +133,17 @@
# ifndef SM_CONF_SYSEXITS_H # ifndef SM_CONF_SYSEXITS_H
# define SM_CONF_SYSEXITS_H 0 # define SM_CONF_SYSEXITS_H 0
# endif /* ! SM_CONF_SYSEXITS_H */ # endif
/* has memchr() prototype? (if not: needs memory.h) */ /* has memchr() prototype? (if not: needs memory.h) */
# ifndef SM_CONF_MEMCHR # ifndef SM_CONF_MEMCHR
# define SM_CONF_MEMCHR 1 # define SM_CONF_MEMCHR 1
# endif /* ! SM_CONF_MEMCHR */ # endif
/* try LLONG tests in libsm/t-types.c? */ /* try LLONG tests in libsm/t-types.c? */
# ifndef SM_CONF_TEST_LLONG # ifndef SM_CONF_TEST_LLONG
# define SM_CONF_TEST_LLONG 1 # define SM_CONF_TEST_LLONG 1
# endif /* !SM_CONF_TEST_LLONG */ # endif
/* LDAP Checks */ /* LDAP Checks */
# if LDAPMAP # if LDAPMAP
@ -161,9 +161,9 @@
# if USING_NETSCAPE_LDAP || LDAP_API_VERSION >= 2004 # if USING_NETSCAPE_LDAP || LDAP_API_VERSION >= 2004
# define SM_CONF_LDAP_MEMFREE 1 # define SM_CONF_LDAP_MEMFREE 1
# else /* USING_NETSCAPE_LDAP || LDAP_API_VERSION >= 2004 */ # else
# define SM_CONF_LDAP_MEMFREE 0 # define SM_CONF_LDAP_MEMFREE 0
# endif /* USING_NETSCAPE_LDAP || LDAP_API_VERSION >= 2004 */ # endif
# endif /* ! SM_CONF_LDAP_MEMFREE */ # endif /* ! SM_CONF_LDAP_MEMFREE */
/* Does the LDAP library have ldap_initialize()? */ /* Does the LDAP library have ldap_initialize()? */
@ -177,13 +177,13 @@
/* OpenLDAP does it with LDAP_OPT_URI */ /* OpenLDAP does it with LDAP_OPT_URI */
# ifdef LDAP_OPT_URI # ifdef LDAP_OPT_URI
# define SM_CONF_LDAP_INITIALIZE 1 # define SM_CONF_LDAP_INITIALIZE 1
# endif /* LDAP_OPT_URI */ # endif
# endif /* !SM_CONF_LDAP_INITIALIZE */ # endif /* !SM_CONF_LDAP_INITIALIZE */
# endif /* LDAPMAP */ # endif /* LDAPMAP */
/* don't use strcpy() */ /* don't use strcpy() */
# ifndef DO_NOT_USE_STRCPY # ifndef DO_NOT_USE_STRCPY
# define DO_NOT_USE_STRCPY 1 # define DO_NOT_USE_STRCPY 1
# endif /* ! DO_NOT_USE_STRCPY */ # endif
#endif /* ! SM_CONFIG_H */ #endif /* ! SM_CONFIG_H */

View File

@ -94,7 +94,7 @@ struct sm_debug
# ifndef SM_DEBUG_CHECK # ifndef SM_DEBUG_CHECK
# define SM_DEBUG_CHECK 1 # define SM_DEBUG_CHECK 1
# endif /* ! SM_DEBUG_CHECK */ # endif
# if SM_DEBUG_CHECK # if SM_DEBUG_CHECK
/* /*

View File

@ -18,12 +18,12 @@
#if defined(__QNX__) #if defined(__QNX__)
# define E_PSEUDOBASE 512 # define E_PSEUDOBASE 512
#endif /* defined(__QNX__) */ #endif
#include <errno.h> #include <errno.h>
#if NEEDINTERRNO #if NEEDINTERRNO
extern int errno; extern int errno;
#endif /* NEEDINTERRNO */ #endif
/* /*
** These are used in a few cases where we need some special ** These are used in a few cases where we need some special
@ -33,7 +33,7 @@ extern int errno;
#ifndef E_PSEUDOBASE #ifndef E_PSEUDOBASE
# define E_PSEUDOBASE 256 # define E_PSEUDOBASE 256
#endif /* ! E_PSEUDOBASE */ #endif
#define E_SM_OPENTIMEOUT (E_PSEUDOBASE + 0) /* Timeout on file open */ #define E_SM_OPENTIMEOUT (E_PSEUDOBASE + 0) /* Timeout on file open */
#define E_SM_NOSLINK (E_PSEUDOBASE + 1) /* Symbolic links not allowed */ #define E_SM_NOSLINK (E_PSEUDOBASE + 1) /* Symbolic links not allowed */
@ -88,7 +88,6 @@ extern int errno;
#define SMDBE_OLD_VERSION (E_SMDBBASE + 23) #define SMDBE_OLD_VERSION (E_SMDBBASE + 23)
#define SMDBE_VERSION_MISMATCH (E_SMDBBASE + 24) #define SMDBE_VERSION_MISMATCH (E_SMDBBASE + 24)
extern const char *sm_errstring __P((int _errno)); extern const char *sm_errstring __P((int _errnum));
#endif /* SM_ERRSTRING_H */ #endif /* SM_ERRSTRING_H */

View File

@ -43,7 +43,7 @@
# else /* SM_CONF_STDDEF_H */ # else /* SM_CONF_STDDEF_H */
# ifndef NULL # ifndef NULL
# define NULL 0 # define NULL 0
# endif /* ! NULL */ # endif
# define offsetof(type, member) ((size_t)(&((type *)0)->member)) # define offsetof(type, member) ((size_t)(&((type *)0)->member))
# endif /* SM_CONF_STDDEF_H */ # endif /* SM_CONF_STDDEF_H */

View File

@ -25,7 +25,7 @@
/* change default to 0 for production? */ /* change default to 0 for production? */
# ifndef SM_HEAP_CHECK # ifndef SM_HEAP_CHECK
# define SM_HEAP_CHECK 1 # define SM_HEAP_CHECK 1
# endif /* ! SM_HEAP_CHECK */ # endif
# if SM_HEAP_CHECK # if SM_HEAP_CHECK
# define sm_malloc_x(sz) sm_malloc_tagged_x(sz, __FILE__, __LINE__, SmHeapGroup) # define sm_malloc_x(sz) sm_malloc_tagged_x(sz, __FILE__, __LINE__, SmHeapGroup)

View File

@ -53,7 +53,7 @@
#define SM_IO_WHAT_MODE 1 #define SM_IO_WHAT_MODE 1
#define SM_IO_WHAT_VECTORS 2 #define SM_IO_WHAT_VECTORS 2
#define SM_IO_WHAT_FD 3 #define SM_IO_WHAT_FD 3
#define SM_IO_WHAT_TYPE 4 /* was WHAT_TYPE 4 unused */
#define SM_IO_WHAT_ISTYPE 5 #define SM_IO_WHAT_ISTYPE 5
#define SM_IO_IS_READABLE 6 #define SM_IO_IS_READABLE 6
#define SM_IO_WHAT_TIMEOUT 7 #define SM_IO_WHAT_TIMEOUT 7
@ -342,7 +342,7 @@ __END_DECLS
__BEGIN_DECLS __BEGIN_DECLS
int sm_rget __P((SM_FILE_T *, int)); int sm_rget __P((SM_FILE_T *, int));
int sm_vfscanf __P((SM_FILE_T *, int SM_NONVOLATILE, const char *, int sm_vfscanf __P((SM_FILE_T *, int SM_NONVOLATILE, const char *,
va_list SM_NONVOLATILE)); va_list));
int sm_wbuf __P((SM_FILE_T *, int, int)); int sm_wbuf __P((SM_FILE_T *, int, int));
__END_DECLS __END_DECLS
@ -383,7 +383,7 @@ __END_DECLS
# ifndef _POSIX_SOURCE # ifndef _POSIX_SOURCE
# define sm_io_getc(fp, t) sm_getc(fp, t) # define sm_io_getc(fp, t) sm_getc(fp, t)
# define sm_io_putc(fp, t, x) sm_putc(fp, t, x) # define sm_io_putc(fp, t, x) sm_putc(fp, t, x)
# endif /* _POSIX_SOURCE */ # endif
#endif /* lint */ #endif /* lint */
#endif /* SM_IO_H */ #endif /* SM_IO_H */

View File

@ -22,13 +22,13 @@
# ifndef LDAPMAP_MAX_ATTR # ifndef LDAPMAP_MAX_ATTR
# define LDAPMAP_MAX_ATTR 64 # define LDAPMAP_MAX_ATTR 64
# endif /* ! LDAPMAP_MAX_ATTR */ # endif
# ifndef LDAPMAP_MAX_FILTER # ifndef LDAPMAP_MAX_FILTER
# define LDAPMAP_MAX_FILTER 1024 # define LDAPMAP_MAX_FILTER 1024
# endif /* ! LDAPMAP_MAX_FILTER */ # endif
# ifndef LDAPMAP_MAX_PASSWD # ifndef LDAPMAP_MAX_PASSWD
# define LDAPMAP_MAX_PASSWD 256 # define LDAPMAP_MAX_PASSWD 256
# endif /* ! LDAPMAP_MAX_PASSWD */ # endif
# if LDAPMAP # if LDAPMAP
@ -91,9 +91,12 @@ struct sm_ldap_struct
/* ldapmap_lookup options */ /* ldapmap_lookup options */
char ldap_attrsep; char ldap_attrsep;
# if _FFR_LDAP_NETWORK_TIMEOUT # if LDAP_NETWORK_TIMEOUT
int ldap_networktmo; int ldap_networktmo;
# endif /* _FFR_LDAP_NETWORK_TIMEOUT */ # endif
# if _FFR_SM_LDAP_DBG
int ldap_debug;
# endif
/* Linked list of maps sharing the same LDAP binding */ /* Linked list of maps sharing the same LDAP binding */
void *ldap_next; void *ldap_next;
@ -135,7 +138,7 @@ extern void sm_ldap_close __P((SM_LDAP_STRUCT *));
/* Portability defines */ /* Portability defines */
# if !SM_CONF_LDAP_MEMFREE # if !SM_CONF_LDAP_MEMFREE
# define ldap_memfree(x) ((void) 0) # define ldap_memfree(x) ((void) 0)
# endif /* !SM_CONF_LDAP_MEMFREE */ # endif
# endif /* LDAPMAP */ # endif /* LDAPMAP */
#endif /* ! SM_LDAP_H */ #endif /* ! SM_LDAP_H */

View File

@ -31,13 +31,13 @@
# ifndef LLONG_MIN # ifndef LLONG_MIN
# define LLONG_MIN ((LONGLONG_T)(~(ULLONG_MAX >> 1))) # define LLONG_MIN ((LONGLONG_T)(~(ULLONG_MAX >> 1)))
# endif /* ! LLONG_MIN */ # endif
# ifndef LLONG_MAX # ifndef LLONG_MAX
# define LLONG_MAX ((LONGLONG_T)(ULLONG_MAX >> 1)) # define LLONG_MAX ((LONGLONG_T)(ULLONG_MAX >> 1))
# endif /* ! LLONG_MAX */ # endif
# ifndef ULLONG_MAX # ifndef ULLONG_MAX
# define ULLONG_MAX ((ULONGLONG_T)(-1)) # define ULLONG_MAX ((ULONGLONG_T)(-1))
# endif /* ! ULLONG_MAX */ # endif
/* /*
** PATH_MAX is defined by the POSIX standard. All modern systems ** PATH_MAX is defined by the POSIX standard. All modern systems
@ -47,9 +47,9 @@
# ifndef PATH_MAX # ifndef PATH_MAX
# ifdef MAXPATHLEN # ifdef MAXPATHLEN
# define PATH_MAX MAXPATHLEN # define PATH_MAX MAXPATHLEN
# else /* MAXPATHLEN */ # else
# define PATH_MAX 2048 # define PATH_MAX 2048
# endif /* MAXPATHLEN */ # endif
# endif /* ! PATH_MAX */ # endif /* ! PATH_MAX */
#endif /* ! SM_LIMITS_H */ #endif /* ! SM_LIMITS_H */

View File

@ -0,0 +1,19 @@
/*
* Copyright (c) 2016 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#ifndef SM_NOTIFY_H
#define SM_NOTIFY_H
int sm_notify_init __P((int));
int sm_notify_start __P((bool, int));
int sm_notify_stop __P((bool, int));
int sm_notify_rcv __P((char *, size_t, int));
int sm_notify_snd __P((char *, size_t));
#endif /* ! SM_MSG_H */

View File

@ -1,12 +1,10 @@
/* /*
* Copyright (c) 2000-2001 Proofpoint, Inc. and its suppliers. * Copyright (c) 2000-2001, 2018 Proofpoint, Inc. and its suppliers.
* All rights reserved. * All rights reserved.
* *
* By using this file, you agree to the terms and conditions set * By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of * forth in the LICENSE file which can be found at the top level of
* the sendmail distribution. * the sendmail distribution.
*
* $Id: sm_os_freebsd.h,v 1.12 2013-11-22 20:51:34 ca Exp $
*/ */
/* /*
@ -32,10 +30,14 @@
#ifndef SM_CONF_SHM #ifndef SM_CONF_SHM
# define SM_CONF_SHM 1 # define SM_CONF_SHM 1
#endif /* SM_CONF_SHM */ #endif
#ifndef SM_CONF_SEM #ifndef SM_CONF_SEM
# define SM_CONF_SEM 2 # if __FreeBSD__ > 11
#endif /* SM_CONF_SEM */ # define SM_CONF_SEM 2 /* union semun is now longer available by default */
# else
# define SM_CONF_SEM 1
# endif
#endif
#ifndef SM_CONF_MSG #ifndef SM_CONF_MSG
# define SM_CONF_MSG 1 # define SM_CONF_MSG 1
#endif /* SM_CONF_MSG */ #endif

View File

@ -123,7 +123,7 @@ typedef struct
#if _FFR_PERF_RPOOL #if _FFR_PERF_RPOOL
int sm_nbigblocks; int sm_nbigblocks;
int sm_npools; int sm_npools;
#endif /* _FFR_PERF_RPOOL */ #endif
} SM_RPOOL_T; } SM_RPOOL_T;
@ -167,10 +167,10 @@ sm_rpool_malloc __P((
#if DO_NOT_USE_STRCPY #if DO_NOT_USE_STRCPY
extern char *sm_rpool_strdup_x __P((SM_RPOOL_T *rpool, const char *s)); extern char *sm_rpool_strdup_x __P((SM_RPOOL_T *rpool, const char *s));
#else /* DO_NOT_USE_STRCPY */ #else
# define sm_rpool_strdup_x(rpool, str) \ # define sm_rpool_strdup_x(rpool, str) \
strcpy(sm_rpool_malloc_x(rpool, strlen(str) + 1), str) strcpy(sm_rpool_malloc_x(rpool, strlen(str) + 1), str)
#endif /* DO_NOT_USE_STRCPY */ #endif
extern SM_RPOOL_ATTACH_T extern SM_RPOOL_ATTACH_T
sm_rpool_attach_x __P(( sm_rpool_attach_x __P((

View File

@ -35,10 +35,10 @@ union semun
# ifndef SEM_A # ifndef SEM_A
# define SEM_A 0200 # define SEM_A 0200
# endif /* SEM_A */ # endif
# ifndef SEM_R # ifndef SEM_R
# define SEM_R 0400 # define SEM_R 0400
# endif /* SEM_R */ # endif
# define SM_NSEM 1 # define SM_NSEM 1

View File

@ -34,10 +34,10 @@ extern int sm_shmsetowner __P((int, uid_t, gid_t, mode_t));
/* for those braindead systems... (e.g., SunOS 4) */ /* for those braindead systems... (e.g., SunOS 4) */
# ifndef SHM_R # ifndef SHM_R
# define SHM_R 0400 # define SHM_R 0400
# endif /* SHM_R */ # endif
# ifndef SHM_W # ifndef SHM_W
# define SHM_W 0200 # define SHM_W 0200
# endif /* SHM_W */ # endif
# endif /* SM_CONF_SHM */ # endif /* SM_CONF_SHM */
#endif /* ! SM_SHM_H */ #endif /* ! SM_SHM_H */

View File

@ -30,7 +30,7 @@ extern bool
sm_match __P((const char *_str, const char *_pattern)); sm_match __P((const char *_str, const char *_pattern));
extern char * extern char *
sm_strdup __P((char *)); sm_strdup __P((const char *));
extern char * extern char *
sm_strndup_x __P((const char *_str, size_t _len)); sm_strndup_x __P((const char *_str, size_t _len));
@ -87,7 +87,7 @@ sm_strlcpyn __P((char *,
# if !HASSTRERROR # if !HASSTRERROR
extern char * extern char *
strerror __P((int _errno)); strerror __P((int _errno));
# endif /* !HASSTRERROR */ # endif
extern int extern int
sm_strrevcmp __P((const char *, const char *)); sm_strrevcmp __P((const char *, const char *));
@ -109,5 +109,7 @@ sm_strtoull __P((const char *, char**, int));
extern void extern void
stripquotes __P((char *)); stripquotes __P((char *));
extern void
unfoldstripquotes __P((char *));
#endif /* SM_STRING_H */ #endif /* SM_STRING_H */

View File

@ -20,9 +20,9 @@
# if defined(__STDC__) || defined(__cplusplus) # if defined(__STDC__) || defined(__cplusplus)
# define SM_TEST(cond) sm_test(cond, #cond, __FILE__, __LINE__) # define SM_TEST(cond) sm_test(cond, #cond, __FILE__, __LINE__)
# else /* defined(__STDC__) || defined(__cplusplus) */ # else
# define SM_TEST(cond) sm_test(cond, "cond", __FILE__, __LINE__) # define SM_TEST(cond) sm_test(cond, "cond", __FILE__, __LINE__)
# endif /* defined(__STDC__) || defined(__cplusplus) */ # endif
extern int SmTestIndex; extern int SmTestIndex;
extern int SmTestNumErrors; extern int SmTestNumErrors;

View File

@ -38,11 +38,11 @@
# if !SM_CONF_UID_GID # if !SM_CONF_UID_GID
# define uid_t int # define uid_t int
# define gid_t int # define gid_t int
# endif /* !SM_CONF_UID_GID */ # endif
# if !SM_CONF_SSIZE_T # if !SM_CONF_SSIZE_T
# define ssize_t int # define ssize_t int
# endif /* !SM_CONF_SSIZE_T */ # endif
/* /*
** Define LONGLONG_T and ULONGLONG_T, which are portable locutions ** Define LONGLONG_T and ULONGLONG_T, which are portable locutions

View File

@ -32,6 +32,11 @@
# define SM_VA_COPY(dst, src) __va_copy((dst), (src)) # define SM_VA_COPY(dst, src) __va_copy((dst), (src))
# else # else
# define SM_VA_COPY(dst, src) memcpy(&(dst), &(src), sizeof((dst))) # define SM_VA_COPY(dst, src) memcpy(&(dst), &(src), sizeof((dst)))
# define SM_VA_END_COPY(ap) do { } while (0)
# endif
# ifndef SM_VA_END_COPY
# define SM_VA_END_COPY(ap) va_end(ap)
# endif # endif
/* /*

View File

@ -25,9 +25,9 @@ extern SM_DEBUG_T SmXtrapReport;
# if SM_DEBUG_CHECK # if SM_DEBUG_CHECK
# define sm_xtrap_check() (++SmXtrapCount == sm_debug_level(&SmXtrapDebug)) # define sm_xtrap_check() (++SmXtrapCount == sm_debug_level(&SmXtrapDebug))
# else /* SM_DEBUG_CHECK */ # else
# define sm_xtrap_check() (0) # define sm_xtrap_check() (0)
# endif /* SM_DEBUG_CHECK */ # endif
# define sm_xtrap_raise_x(exc) \ # define sm_xtrap_raise_x(exc) \
if (sm_xtrap_check()) \ if (sm_xtrap_check()) \

View File

@ -6,10 +6,10 @@ OPTIONS= $(CONFIG) $(FLAGS)
all: FRC all: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@ $(SHELL) $(BUILD) $(OPTIONS) $@
check: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
clean: FRC clean: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@ $(SHELL) $(BUILD) $(OPTIONS) $@
check: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
install: FRC install: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@ $(SHELL) $(BUILD) $(OPTIONS) $@

View File

@ -207,28 +207,19 @@ libmilter requires pthread support in the operating system. Moreover, it
requires that the library functions it uses are thread safe; which is true requires that the library functions it uses are thread safe; which is true
for the operating systems libmilter has been developed and tested on. On for the operating systems libmilter has been developed and tested on. On
some operating systems this requires special compile time options (e.g., some operating systems this requires special compile time options (e.g.,
not just -pthread). libmilter is currently known to work on (modulo problems not just -pthread).
in the pthread support of some specific versions):
FreeBSD 3.x, 4.x
SunOS 5.x (x >= 5)
AIX 4.3.x
HP UX 11.x
Linux (recent versions/distributions)
libmilter is currently not supported on:
So far, libmilter is not supported on:
IRIX 6.x IRIX 6.x
Ultrix Ultrix
Feedback about problems (and possible fixes) is welcome. Feedback about problems (and possible fixes) is welcome.
+--------------------------+ +--------------------------+
| SOURCE FOR SAMPLE FILTER | | SOURCE FOR SAMPLE FILTER |
+--------------------------+ +--------------------------+
Note that the filter example.c may not be thread safe on some operating Note that the filter example.c may not be thread safe on some operating
systems. You should check your system man pages for the functions used systems. You should check your system man pages for the functions used
below to verify the functions are thread safe. to verify they are thread safe.
$Revision: 8.42 $, Last updated $Date: 2006-06-29 17:10:16 $

View File

@ -139,9 +139,9 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name)
} }
#if _FFR_ADD_NULL #if _FFR_ADD_NULL
buf = malloc(expl + 1); buf = malloc(expl + 1);
#else /* _FFR_ADD_NULL */ #else
buf = malloc(expl); buf = malloc(expl);
#endif /* _FFR_ADD_NULL */ #endif
if (buf == NULL) if (buf == NULL)
{ {
*cmd = SMFIC_MALLOC; *cmd = SMFIC_MALLOC;
@ -194,7 +194,7 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name)
#if _FFR_ADD_NULL #if _FFR_ADD_NULL
/* makes life simpler for common string routines */ /* makes life simpler for common string routines */
buf[expl] = '\0'; buf[expl] = '\0';
#endif /* _FFR_ADD_NULL */ #endif
return buf; return buf;
} }
i += len; i += len;

View File

@ -26,8 +26,9 @@ Each function will return either MI_SUCCESS or MI_FAILURE to
indicate the status of the operation. indicate the status of the operation.
<P> <P>
None of these functions communicate with the MTA. All alter the None of these functions communicate with the MTA.
library's state, some of which is communicated to the MTA inside All alter the library's state, some of which
is communicated to the MTA inside
<A HREF="smfi_main.html">smfi_main</A>. <A HREF="smfi_main.html">smfi_main</A>.
<P> <P>
@ -80,26 +81,31 @@ The following functions change a message's contents and attributes.
<EM>They may only be called in <A HREF="xxfi_eom.html">xxfi_eom</A></EM>. <EM>They may only be called in <A HREF="xxfi_eom.html">xxfi_eom</A></EM>.
All of these functions may invoke additional communication with the MTA. All of these functions may invoke additional communication with the MTA.
They will return either MI_SUCCESS or MI_FAILURE to indicate the status of They will return either MI_SUCCESS or MI_FAILURE to indicate the status of
the operation. Message data (senders, recipients, headers, body chunks) the operation.
Message data (senders, recipients, headers, body chunks)
passed to these functions via parameters is copied and does not need to be passed to these functions via parameters is copied and does not need to be
preserved (i.e., allocated memory can be freed). preserved (i.e., allocated memory can be freed).
<P> <P>
A filter must have set the appropriate flag (listed below) in the A filter which might call a message modification function
description passed to <A HREF="smfi_register.html">smfi_register</A> must set the appropriate flag
to call any message modification function. Failure to do so will (<A HREF="#SMFIF">listed below</A>),
cause the MTA to treat a call to the function as a failure of the either
filter, terminating its connection. in the description passed to <A HREF="smfi_register.html">smfi_register</A>
or via <A HREF="xxfi_negotiate.html">xxfi_negotiate</A>.
Failure to do so will cause the MTA to treat a call to the function
as a failure of the filter, terminating its connection.
<P> <P>
Note that the status returned indicates only whether or not the Note that the status returned indicates only whether or not the
filter's message was successfully sent to the MTA, not whether or not filter's message was successfully sent to the MTA, not whether or not
the MTA performed the requested operation. For example, the MTA performed the requested operation.
For example,
<A HREF="smfi_addheader.html">smfi_addheader</A>, when called with an <A HREF="smfi_addheader.html">smfi_addheader</A>, when called with an
illegal header name, will return MI_SUCCESS even though the MTA may illegal header name, will return MI_SUCCESS even though the MTA may
later refuse to add the illegal header. later refuse to add the illegal header.
<P> <P>
<TABLE BORDER="1" CELLSPACING=0 CELLPADDING=2><TR BGCOLOR="#dddddd"><TH>Function</TH><TH>Description</TH><TH>SMFIF_* flag</TR> <TABLE BORDER="1" CELLSPACING=0 CELLPADDING=2><TR BGCOLOR="#dddddd"><TH>Function</TH><TH>Description</TH><TH><A NAME="SMFIF">SMFIF_* flag</A></TH></TR>
<TR><TD><A HREF="smfi_addheader.html">smfi_addheader</A></TD><TD>Add a header to <TR><TD><A HREF="smfi_addheader.html">smfi_addheader</A></TD><TD>Add a header to
the message.</TD><TD>SMFIF_ADDHDRS</TD></TR> the message.</TD><TD>SMFIF_ADDHDRS</TD></TR>
@ -180,27 +186,30 @@ which are registered via <A HREF="smfi_register.html">smfi_register</A>:
<TR><TD><A HREF="xxfi_close.html">xxfi_close</A></TD><TD>connection cleanup</TD></TR> <TR><TD><A HREF="xxfi_close.html">xxfi_close</A></TD><TD>connection cleanup</TD></TR>
<TR><TD><A HREF="xxfi_negotiate.html">xxfi_negotiate</A></TD><TD>option negotiattion</TD></TR> <TR><TD><A HREF="xxfi_negotiate.html">xxfi_negotiate</A></TD><TD>option negotiation</TD></TR>
</TABLE> </TABLE>
<P> <P>
The above callbacks should all return one of the following return values, The above callbacks should all return one of the following return values,
having the indicated meanings. Any return other than one of the below having the indicated meanings.
values constitutes an error, and will cause sendmail to terminate its Any return other than one of the below values constitutes an error,
connection to the offending filter. and will cause sendmail to terminate its connection to the offending filter.
<P><A NAME="conn-spec">Milter</A> distinguishes between recipient-, <P><A NAME="conn-spec">Milter</A> distinguishes between recipient-,
message-, and connection-oriented routines. Recipient-oriented message-, and connection-oriented routines.
callbacks may affect the processing of a single message recipient; Recipient-oriented callbacks may affect the processing
message-oriented callbacks, a single message; connection-oriented of a single message recipient;
callbacks, an entire connection (during which multiple messages may be message-oriented callbacks, a single message;
delivered to multiple sets of recipients). connection-oriented callbacks, an entire connection
(during which multiple messages may be delivered
to multiple sets of recipients).
<A HREF="xxfi_envrcpt.html">xxfi_envrcpt</A> is recipient-oriented. <A HREF="xxfi_envrcpt.html">xxfi_envrcpt</A> is recipient-oriented.
<A HREF="xxfi_negotiate.html">xxfi_negotiate</A>,
<A HREF="xxfi_connect.html">xxfi_connect</A>, <A HREF="xxfi_connect.html">xxfi_connect</A>,
<A HREF="xxfi_helo.html">xxfi_helo</A> and <A HREF="xxfi_helo.html">xxfi_helo</A> and
<A HREF="xxfi_close.html">xxfi_close</A> are connection-oriented. All <A HREF="xxfi_close.html">xxfi_close</A> are connection-oriented.
other callbacks are message-oriented. All other callbacks are message-oriented.
<P> <P>
<TABLE BORDER="1" CELLSPACING=0 CELLPADDING=2> <TABLE BORDER="1" CELLSPACING=0 CELLPADDING=2>
@ -233,8 +242,8 @@ other callbacks are message-oriented.
<TR valign="top"> <TR valign="top">
<TD>SMFIS_TEMPFAIL</TD> <TD>SMFIS_TEMPFAIL</TD>
<TD>Return a temporary failure, i.e., the corresponding SMTP command will return an appropriate 4xx status code. <TD>Return a temporary failure, i.e., the corresponding SMTP command will return an appropriate 4xx status code.
For a message-oriented routine (except <A HREF="xxfi_envfrom.html">xxfi_envfrom</A>), fail for this message. <BR> For a message-oriented routine (except <A HREF="xxfi_envfrom.html">xxfi_envfrom</A>), fail for this message.<BR>
For a connection-oriented routine, fail for this connection; call <A HREF="xxfi_close.html">xxfi_close</A>. <BR> For a connection-oriented routine, fail for this connection; call <A HREF="xxfi_close.html">xxfi_close</A>.<BR>
For a recipient-oriented routine, only fail for the current recipient; continue message processing. For a recipient-oriented routine, only fail for the current recipient; continue message processing.
</TD> </TD>
</TR> </TR>

View File

@ -31,11 +31,15 @@ administrator to combine multiple independently-developed filters.
<P> <P>
We expect to see both vendor-supplied, configurable mail filtering We expect to see both vendor-supplied, configurable mail filtering
applications and a multiplicity of script-like filters designed by and applications and a multiplicity of script-like filters designed by and
for MTA administrators. A certain degree of coding sophistication and for MTA administrators.
domain knowledge on the part of the filter provider is assumed. This A certain degree of coding sophistication and
allows filters to exercise fine-grained control at the SMTP level. domain knowledge on the part of the filter provider is assumed.
This allows filters to exercise fine-grained control at the SMTP level.
However, as will be seen in the example, many filtering applications However, as will be seen in the example, many filtering applications
can be written with relatively little protocol knowledge. can be written with relatively little protocol knowledge,
but a basic understanding (e.g., as documented in RFC 5321:
<EM>The dialog is purposely lock-step, one-at-a-time</EM>)
is necessary.
<P> <P>
Given these expectations, the API is designed to achieve the following Given these expectations, the API is designed to achieve the following

View File

@ -71,7 +71,7 @@ connection.
The MTA will try to contact the filter again on each new connection. The MTA will try to contact the filter again on each new connection.
<P> <P>
There are three fields inside of the <CODE>T=</CODE> equate: S, R, and E. There are four fields inside of the <CODE>T=</CODE> equate: C, S, R, and E.
Note the separator between each is a ";" (semicolon), as "," Note the separator between each is a ";" (semicolon), as ","
(comma) already separates equates. (comma) already separates equates.
The value of each field is a decimal number followed by a single letter The value of each field is a decimal number followed by a single letter

View File

@ -59,6 +59,8 @@ returns to <CODE>MESSAGE</CODE>.
<PRE> <PRE>
For each of N connections For each of N connections
{ {
For each filter
egotiate MTA/milter capabilities/requirements (<A HREF="xxfi_negotiate.html">xxfi_negotiate</A>)
For each filter For each filter
process connection (<A HREF="xxfi_connect.html">xxfi_connect</A>) process connection (<A HREF="xxfi_connect.html">xxfi_connect</A>)
For each filter For each filter
@ -203,11 +205,21 @@ communication with the MTA happens.
Filters are not terminated asynchronously Filters are not terminated asynchronously
(except by signals that can't be caught). (except by signals that can't be caught).
In the case of <TT>Abort</TT> the In the case of <TT>Abort</TT> the
<A HREF="xxfi_abort.html">xxfi_abort</A> callback is invoked. <A HREF="xxfi_abort.html">xxfi_abort</A> callback is usually invoked
if there is an active transaction.
However, if an invoked callback takes too long to execute
(the maximum time <TT>Abort</TT> waits is currently 5s)
<!-- XREF: MI_CHK_TIME -->
then the filter is simply terminated, i.e.,
neither the
<A HREF="xxfi_abort.html">xxfi_abort</A> callback
nor the
<A HREF="xxfi_close.html">xxfi_close</A> callback
is invoked.
<HR size="1"> <HR size="1">
<FONT size="-1"> <FONT size="-1">
Copyright (c) 2000, 2001, 2003, 2006 Proofpoint, Inc. and its suppliers. Copyright (c) 2000, 2001, 2003, 2006, 2018 Proofpoint, Inc. and its suppliers.
All rights reserved. All rights reserved.
<BR> <BR>
By using this file, you agree to the terms and conditions set By using this file, you agree to the terms and conditions set

View File

@ -187,7 +187,7 @@ sfsistat
++argc; ++argc;
/* log this recipient */ /* log this recipient */
if (reject != NULL && rcptaddr != NULL && if (reject != NULL &amp;&amp; rcptaddr != NULL &amp;&amp;
(strcasecmp(rcptaddr, reject) == 0)) (strcasecmp(rcptaddr, reject) == 0))
{ {
if (fprintf(priv-&gt;mlfi_fp, "RCPT %s -- REJECTED\n", if (fprintf(priv-&gt;mlfi_fp, "RCPT %s -- REJECTED\n",
@ -298,7 +298,7 @@ mlfi_cleanup(ctx, ok)
return rstat; return rstat;
/* close the archive file */ /* close the archive file */
if (priv-&gt;mlfi_fp != NULL && fclose(priv-&gt;mlfi_fp) == EOF) if (priv-&gt;mlfi_fp != NULL &amp;&amp; fclose(priv-&gt;mlfi_fp) == EOF)
{ {
/* failed; we have to wait until later */ /* failed; we have to wait until later */
fprintf(stderr, "Couldn't close archive file %s: %s\n", fprintf(stderr, "Couldn't close archive file %s: %s\n",

View File

@ -32,6 +32,7 @@ Add a header to the current message.
<TD>Adds a header to the current message.</TD> <TD>Adds a header to the current message.</TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -59,7 +60,7 @@ Add a header to the current message.
<LI>Adding headers in the current connection state is invalid. <LI>Adding headers in the current connection state is invalid.
<LI>Memory allocation fails. <LI>Memory allocation fails.
<LI>A network error occurs. <LI>A network error occurs.
<LI>SMFIF_ADDHDRS was not set when <A href="smfi_register.html">smfi_register</A> was called. <LI><A HREF="smfi_register.html#SMFIF_ADDHDRS">SMFIF_ADDHDRS</A> is not set.
</UL> </UL>
Otherwise, it returns MI_SUCCESS. Otherwise, it returns MI_SUCCESS.
</TD> </TD>
@ -72,9 +73,8 @@ Otherwise, it returns MI_SUCCESS.
<UL><LI>smfi_addheader does not change a message's existing headers. <UL><LI>smfi_addheader does not change a message's existing headers.
To change a header's current value, use To change a header's current value, use
<A HREF="smfi_chgheader.html">smfi_chgheader</A>. <A HREF="smfi_chgheader.html">smfi_chgheader</A>.
<LI>A filter which calls smfi_addheader must have set the SMFIF_ADDHDRS <LI>A filter which calls smfi_addheader must have set the
flag in the smfiDesc_str passed to <A HREF="smfi_register.html#SMFIF_ADDHDRS">SMFIF_ADDHDRS</A> flag.
<A href="smfi_register.html">smfi_register</A>.
<LI>For smfi_addheader, filter order is important. <LI>For smfi_addheader, filter order is important.
<B>Later filters will see the header changes made by earlier ones.</B> <B>Later filters will see the header changes made by earlier ones.</B>
<LI>Neither the name nor the value of the header is checked for <LI>Neither the name nor the value of the header is checked for

View File

@ -31,6 +31,7 @@ Add a recipient for the current message.
<TD>Add a recipient to the message envelope.</TD> <TD>Add a recipient to the message envelope.</TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -53,7 +54,7 @@ Add a recipient for the current message.
<UL><LI>rcpt is NULL. <UL><LI>rcpt is NULL.
<LI>Adding recipients in the current connection state is invalid. <LI>Adding recipients in the current connection state is invalid.
<LI>A network error occurs. <LI>A network error occurs.
<LI>SMFIF_ADDRCPT was not set when <A href="smfi_register.html">smfi_register</A> was called. <LI><A HREF="smfi_register.html#SMFIF_ADDRCPT">SMFIF_ADDRCPT</A> is not set.
</UL> </UL>
Otherwise, it will return MI_SUCCESS. Otherwise, it will return MI_SUCCESS.
</TD> </TD>
@ -63,9 +64,8 @@ Otherwise, it will return MI_SUCCESS.
<TR align="left" valign=top> <TR align="left" valign=top>
<TH>NOTES</TH> <TH>NOTES</TH>
<TD> <TD>
A filter which calls smfi_addrcpt must have set the SMFIF_ADDRCPT flag A filter which calls smfi_addrcpt must have set the
in the smfiDesc_str passed to <A HREF="smfi_register.html#SMFIF_ADDRCPT">SMFIF_ADDRCPT</A> flag.
<A href="smfi_register.html">smfi_register</A>.
</TD> </TD>
</TR> </TR>

View File

@ -32,6 +32,7 @@ Add a recipient for the current message including ESMTP arguments.
<TD>Add a recipient to the message envelope.</TD> <TD>Add a recipient to the message envelope.</TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -53,12 +54,11 @@ Add a recipient for the current message including ESMTP arguments.
<TR> <TR>
<TH valign="top" align=left>RETURN VALUES</TH> <TH valign="top" align=left>RETURN VALUES</TH>
<TD>smfi_addrcpt will fail and return MI_FAILURE if: <TD>smfi_addrcpt_par will fail and return MI_FAILURE if:
<UL><LI>rcpt is NULL. <UL><LI>rcpt is NULL.
<LI>Adding recipients in the current connection state is invalid. <LI>Adding recipients in the current connection state is invalid.
<LI>A network error occurs. <LI>A network error occurs.
<LI>SMFIF_ADDRCPT_PAR was not set when <LI><A HREF="smfi_register.html#SMFIF_ADDRCPT_PAR">SMFIF_ADDRCPT_PAR</A> is not set._PAR
<A href="smfi_register.html">smfi_register</A> was called.
</UL> </UL>
Otherwise, it will return MI_SUCCESS. Otherwise, it will return MI_SUCCESS.
</TD> </TD>
@ -68,9 +68,8 @@ Otherwise, it will return MI_SUCCESS.
<TR align="left" valign=top> <TR align="left" valign=top>
<TH>NOTES</TH> <TH>NOTES</TH>
<TD> <TD>
A filter which calls smfi_addrcpt must have set the SMFIF_ADDRCPT_PAR flag A filter which calls smfi_addrcpt_par must have set the
in the smfiDesc_str passed to <A HREF="smfi_register.html#SMFIF_ADDRCPT_PAR">SMFIF_ADDRCPT_PAR</A> flag.
<A href="smfi_register.html">smfi_register</A>.
</TD> </TD>
</TR> </TR>

View File

@ -32,6 +32,7 @@ Change the envelope sender (MAIL From) of the current message.
<TD>Change the envelope sender (MAIL From) of the current message.</TD> <TD>Change the envelope sender (MAIL From) of the current message.</TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -57,7 +58,7 @@ Change the envelope sender (MAIL From) of the current message.
<UL><LI>mail is NULL. <UL><LI>mail is NULL.
<LI>Changing the sender in the current connection state is invalid. <LI>Changing the sender in the current connection state is invalid.
<LI>A network error occurs. <LI>A network error occurs.
<LI>SMFIF_CHGFROM was not set when <A href="smfi_register.html">smfi_register</A> was called. <LI><A HREF="smfi_register.html#SMFIF_CHGFROM">SMFIF_CHGFROM</A> is not set.
</UL> </UL>
Otherwise, it will return MI_SUCCESS. Otherwise, it will return MI_SUCCESS.
</TD> </TD>
@ -67,9 +68,8 @@ Otherwise, it will return MI_SUCCESS.
<TR align="left" valign=top> <TR align="left" valign=top>
<TH>NOTES</TH> <TH>NOTES</TH>
<TD> <TD>
A filter which calls smfi_chgfrom must have set the SMFIF_CHGFROM flag A filter which calls smfi_chgfrom must have set the
in the smfiDesc_str passed to <A HREF="smfi_register.html#SMFIF_CHGFROM">SMFIF_CHGFROM</A> flag.
<A href="smfi_register.html">smfi_register</A>.
<BR> <BR>
Even though all ESMTP arguments could be set via this call, Even though all ESMTP arguments could be set via this call,
it does not make sense to do so for many of them, it does not make sense to do so for many of them,

View File

@ -33,6 +33,7 @@ Change or delete a message header.
<TD>Changes a header's value for the current message.</TD> <TD>Changes a header's value for the current message.</TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -63,17 +64,18 @@ smfi_chgheader will return MI_FAILURE if
<LI>Modifying headers in the current connection state is invalid. <LI>Modifying headers in the current connection state is invalid.
<LI>Memory allocation fails. <LI>Memory allocation fails.
<LI>A network error occurs. <LI>A network error occurs.
<LI>SMFIF_CHGHDRS was not set when <A href="smfi_register.html">smfi_register</A> was called. <LI><A HREF="smfi_register.html#SMFIF_CHGHDRS">SMFIF_CHGHDRS</A> is not set.
</UL> </UL>
Otherwise, it returns MI_SUCCESS. Otherwise, it returns MI_SUCCESS.
</TR> </TD></TR>
<!----------- Notes ----------> <!----------- Notes ---------->
<TR align="left" valign=top> <TR align="left" valign=top>
<TH>NOTES</TH> <TH>NOTES</TH>
<TD> <TD>
<UL><LI>While smfi_chgheader may be used to add new headers, it is more efficient and far safer to use <A href="smfi_addheader.html">smfi_addheader</A>. <UL><LI>While smfi_chgheader may be used to add new headers, it is more efficient and far safer to use <A href="smfi_addheader.html">smfi_addheader</A>.
<LI>A filter which calls smfi_chgheader must have set the SMFIF_CHGHDRS flag in the smfiDesc_str passed to <A href="smfi_register.html">smfi_register</A>. <LI>A filter which calls smfi_chgheader must have set the
<A HREF="smfi_register.html#SMFIF_CHGHDRS">SMFIF_CHGHDRS</A> flag.
<LI>For smfi_chgheader, filter order is important. <B>Later filters will see the header changes made by earlier ones.</B> <LI>For smfi_chgheader, filter order is important. <B>Later filters will see the header changes made by earlier ones.</B>
<LI>Neither the name nor the value of the header is checked for <LI>Neither the name nor the value of the header is checked for
standards compliance. However, each line of the header must be under standards compliance. However, each line of the header must be under

View File

@ -31,6 +31,7 @@ Remove a recipient from the current message's envelope.
<TD>smfi_delrcpt removes the named recipient from the current message's envelope.</TD> <TD>smfi_delrcpt removes the named recipient from the current message's envelope.</TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -54,7 +55,7 @@ Remove a recipient from the current message's envelope.
<LI>rcpt is NULL. <LI>rcpt is NULL.
<LI>Deleting recipients in the current connection state is invalid. <LI>Deleting recipients in the current connection state is invalid.
<LI>A network error occurs. <LI>A network error occurs.
<LI>SMFIF_DELRCPT was not set when <A href="smfi_register.html">smfi_register</A> was called. <LI><A HREF="smfi_register.html#SMFIF_DELRCPT">SMFIF_DELRCPT</A> is not set.
</UL> </UL>
Otherwise, it will return MI_SUCCESS Otherwise, it will return MI_SUCCESS
</TD> </TD>
@ -64,7 +65,11 @@ Otherwise, it will return MI_SUCCESS
<TR align="left" valign=top> <TR align="left" valign=top>
<TH>NOTES</TH> <TH>NOTES</TH>
<TD> <TD>
<LI>
The addresses to be removed must match exactly. For example, an address and its expanded form do not match. The addresses to be removed must match exactly. For example, an address and its expanded form do not match.
<LI>
A filter which calls smfi_delrcpt must have set the
<A HREF="smfi_register.html#SMFIF_DELRCPT">SMFIF_DELRCPT</A> flag.
</TD> </TD>
</TR> </TR>

View File

@ -30,6 +30,7 @@ Get the connection-specific data pointer for this connection.
<TD>None.</TD> <TD>None.</TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

View File

@ -31,6 +31,7 @@ Get the value of a sendmail macro.
<TD>None.</TD> <TD>None.</TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

View File

@ -33,6 +33,7 @@ Prepend a header to the current message.
<TD>Prepends a header to the current message.</TD> <TD>Prepends a header to the current message.</TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -63,7 +64,7 @@ Prepend a header to the current message.
<LI>Adding headers in the current connection state is invalid. <LI>Adding headers in the current connection state is invalid.
<LI>Memory allocation fails. <LI>Memory allocation fails.
<LI>A network error occurs. <LI>A network error occurs.
<LI>SMFIF_ADDHDRS was not set when <A href="smfi_register.html">smfi_register</A> was called. <LI><A HREF="smfi_register.html#SMFIF_ADDHDRS">SMFIF_ADDHDRS</A> is not set.
</UL> </UL>
Otherwise, it returns MI_SUCCESS. Otherwise, it returns MI_SUCCESS.
</TD> </TD>
@ -77,9 +78,9 @@ Otherwise, it returns MI_SUCCESS.
<LI>smfi_insheader does not change a message's existing headers. <LI>smfi_insheader does not change a message's existing headers.
To change a header's current value, use To change a header's current value, use
<A HREF="smfi_chgheader.html">smfi_chgheader</A>. <A HREF="smfi_chgheader.html">smfi_chgheader</A>.
<LI>A filter which calls smfi_insheader must have set the SMFIF_ADDHDRS <LI>A filter which calls smfi_insheader must have set the
flag in the smfiDesc_str passed to <A HREF="smfi_register.html#SMFIF_ADDHDRS">SMFIF_ADDHDRS</A>
<A href="smfi_register.html">smfi_register</A>. flag.
<LI>For smfi_insheader, filter order is important. <LI>For smfi_insheader, filter order is important.
<B>Later filters will see the header changes made by earlier ones.</B> <B>Later filters will see the header changes made by earlier ones.</B>
<LI>A filter will receive <EM>only</EM> headers that have been sent <LI>A filter will receive <EM>only</EM> headers that have been sent

View File

@ -29,6 +29,7 @@ Hand control to libmilter event loop.
<TD>smfi_main hands control to the Milter event loop.</TD> <TD>smfi_main hands control to the Milter event loop.</TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Return values ----------> <!----------- Return values ---------->
<TR> <TR>

View File

@ -34,13 +34,14 @@ but before calling <TT>smfi_main()</TT>.
<TD>smfi_opensocket attempts to create the socket specified previously by <TD>smfi_opensocket attempts to create the socket specified previously by
a call to <TT>smfi_setconn()</TT> which will be the interface between MTAs a call to <TT>smfi_setconn()</TT> which will be the interface between MTAs
and the filter. and the filter.
This allows the calling application to ensure that the This allows the calling application to ensure that the socket can be created.
socket can be created.
If this is not called, If this is not called,
<TT>smfi_main()</TT> will do so implicitly. <TT>smfi_main()</TT> will create the socket implicitly
(without removing a potentially existing UNIX domain socket).
</TD> </TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

View File

@ -31,6 +31,7 @@ Notify the MTA that an operation is still in progress.
on a message, causing the MTA to re-start its timeouts.</TD> on a message, causing the MTA to re-start its timeouts.</TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

View File

@ -31,6 +31,7 @@ Quarantine the message using the given reason.
<TD>smfi_quarantine quarantines the message using the given reason.</TD> <TD>smfi_quarantine quarantines the message using the given reason.</TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -53,7 +54,7 @@ Quarantine the message using the given reason.
<UL> <UL>
<LI>reason is NULL or empty. <LI>reason is NULL or empty.
<LI>A network error occurs. <LI>A network error occurs.
<LI>SMFIF_QUARANTINE was not set when <A href="smfi_register.html">smfi_register</A> was called. <LI><A HREF="smfi_register.html#SMFIF_QUARANTINE">SMFIF_QUARANTINE</A> is not set.
</UL> </UL>
Otherwise, it will return MI_SUCCESS Otherwise, it will return MI_SUCCESS
</TD> </TD>

View File

@ -37,6 +37,7 @@ is obeyed.
</TD> </TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -110,7 +111,7 @@ smfi_register may return MI_FAILURE for any of the following reasons:
<!----------- Notes ----------> <!----------- Notes ---------->
<TR align="left" valign=top> <TR align="left" valign=top>
<TH>NOTES</TH> <TH><A NAME=Notes>NOTES</A></TH>
<TD> <TD>
<A NAME="flags">The xxfi_flags</A> <A NAME="flags">The xxfi_flags</A>
@ -120,7 +121,7 @@ the following values, describing the actions the filter may take:
<TR valign="top" bgcolor="#dddddd"><TH align="left">Flag</TH><TH align="center">Description</TH></TR> <TR valign="top" bgcolor="#dddddd"><TH align="left">Flag</TH><TH align="center">Description</TH></TR>
<TR align="left" valign=top> <TR align="left" valign=top>
<TD> <TD>
SMFIF_ADDHDRS <A NAME="SMFIF_ADDHDRS">SMFIF_ADDHDRS</A>
</TD> </TD>
<TD> <TD>
This filter may <A HREF="smfi_addheader.html">add headers</A>. This filter may <A HREF="smfi_addheader.html">add headers</A>.
@ -128,7 +129,7 @@ the following values, describing the actions the filter may take:
</TR> </TR>
<TR align="left" valign=top> <TR align="left" valign=top>
<TD> <TD>
SMFIF_CHGHDRS <A NAME="SMFIF_CHGHDRS">SMFIF_CHGHDRS</A>
</TD> </TD>
<TD> <TD>
This filter may This filter may
@ -137,7 +138,7 @@ the following values, describing the actions the filter may take:
</TR> </TR>
<TR align="left" valign=top> <TR align="left" valign=top>
<TD VALIGN="TOP"> <TD VALIGN="TOP">
SMFIF_CHGBODY <A NAME="SMFIF_CHGBODY">SMFIF_CHGBODY</A>
</TD> </TD>
<TD> <TD>
This filter may This filter may
@ -148,7 +149,7 @@ the following values, describing the actions the filter may take:
</TR> </TR>
<TR> <TR>
<TD VALIGN="TOP"> <TD VALIGN="TOP">
SMFIF_ADDRCPT <A NAME="SMFIF_ADDRCPT">SMFIF_ADDRCPT</A>
</TD> </TD>
<TD> <TD>
This filter may This filter may
@ -158,7 +159,7 @@ the following values, describing the actions the filter may take:
</TR> </TR>
<TR> <TR>
<TD VALIGN="TOP"> <TD VALIGN="TOP">
SMFIF_ADDRCPT_PAR <A NAME="SMFIF_ADDRCPT_PAR">SMFIF_ADDRCPT_PAR</A>
</TD> </TD>
<TD> <TD>
This filter may This filter may
@ -167,7 +168,7 @@ the following values, describing the actions the filter may take:
</TR> </TR>
<TR> <TR>
<TD VALIGN="TOP"> <TD VALIGN="TOP">
SMFIF_DELRCPT <A NAME="SMFIF_DELRCPT">SMFIF_DELRCPT</A>
</TD> </TD>
<TD> <TD>
This filter may This filter may
@ -176,7 +177,7 @@ the following values, describing the actions the filter may take:
</TR> </TR>
<TR> <TR>
<TD VALIGN="TOP"> <TD VALIGN="TOP">
SMFIF_QUARANTINE <A NAME="SMFIF_QUARANTINE">SMFIF_QUARANTINE</A>
</TD> </TD>
<TD> <TD>
This filter may This filter may
@ -186,7 +187,7 @@ the following values, describing the actions the filter may take:
<TR> <TR>
<TD VALIGN="TOP"> <TD VALIGN="TOP">
SMFIF_CHGFROM <A NAME="SMFIF_CHGFROM">SMFIF_CHGFROM</A>
</TD> </TD>
<TD> <TD>
This filter may This filter may
@ -196,7 +197,7 @@ the following values, describing the actions the filter may take:
<TR> <TR>
<TD VALIGN="TOP"> <TD VALIGN="TOP">
SMFIF_SETSYMLIST <A NAME="SMFIF_SETSYMLIST">SMFIF_SETSYMLIST</A>
</TD> </TD>
<TD> <TD>
This filter can This filter can

View File

@ -35,6 +35,7 @@ body.
</TD> </TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -61,7 +62,7 @@ body.
<LI>bodyp == NULL and bodylen &gt; 0. <LI>bodyp == NULL and bodylen &gt; 0.
<LI>Changing the body in the current connection state is invalid. <LI>Changing the body in the current connection state is invalid.
<LI>A network error occurs. <LI>A network error occurs.
<LI>SMFIF_CHGBODY was not set when <A href="smfi_register.html">smfi_register</A> was called. <LI><A HREF="smfi_register.html#SMFIF_CHGBODY">SMFIF_CHGBODY</A> is not set.
</UL> </UL>
Otherwise, it will return MI_SUCCESS. Otherwise, it will return MI_SUCCESS.
</TD> </TD>
@ -72,9 +73,11 @@ Otherwise, it will return MI_SUCCESS.
<TH>NOTES</TH> <TH>NOTES</TH>
<TD> <TD>
<UL> <UL>
<LI>Since the message body may be very large, setting SMFIF_CHGBODY may significantly affect filter performance. <LI>Since the message body may be very large, calling smfi_replacebody may significantly affect filter performance.
<LI>If a filter sets SMFIF_CHGBODY but does not call smfi_replacebody, the original body remains unchanged. <LI>If a filter sets SMFIF_CHGBODY but does not call smfi_replacebody, the original body remains unchanged.
<LI>For smfi_replacebody, filter order is important. <B>Later filters will see the new body contents created by earlier ones.</B> <LI>For smfi_replacebody, filter order is important. <B>Later filters will see the new body contents created by earlier ones.</B>
<LI>A filter which calls smfi_replacebody must have set the
<A HREF="smfi_register.html#SMFIF_CHGBODY">SMFIF_CHGBODY</A> flag.
</UL> </UL>
</TD> </TD>
</TR> </TR>

View File

@ -31,6 +31,7 @@ Set the filter's <CODE>listen(2)</CODE> backlog value.
If smfi_setbacklog is not called, the operating system default is used.</TD> If smfi_setbacklog is not called, the operating system default is used.</TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

View File

@ -30,6 +30,7 @@ Set the socket through which this filter should communicate with sendmail.
<TD>Sets the socket through which the filter communicates with sendmail.</TD> <TD>Sets the socket through which the filter communicates with sendmail.</TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

View File

@ -34,6 +34,7 @@ A level of zero turns off debugging. The greater
the current, highest, useful value.</TD> the current, highest, useful value.</TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

View File

@ -38,6 +38,7 @@ This code will be used on subsequent error replies resulting from actions
taken by this filter.</TD> taken by this filter.</TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -92,7 +93,7 @@ For example, the code:<BR>
<UL> <UL>
<LI>The rcode or xcode argument is invalid. <LI>The rcode or xcode argument is invalid.
<LI>A memory-allocation failure occurs. <LI>A memory-allocation failure occurs.
<LI>If any text line contains a carraige return or line feed. <LI>If any text line contains a carriage return or line feed.
<LI>The length of any text line is more than MAXREPLYLEN (980). <LI>The length of any text line is more than MAXREPLYLEN (980).
<LI>More than 32 lines of text replies are given. <LI>More than 32 lines of text replies are given.
</UL> </UL>

View File

@ -31,6 +31,7 @@ Set the private data pointer for this connection.
<TD>Sets the private data pointer for the context ctx.</TD> <TD>Sets the private data pointer for the context ctx.</TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

View File

@ -36,6 +36,7 @@ will be used on subsequent error replies resulting from actions taken by
this filter.</TD> this filter.</TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -67,6 +68,8 @@ this filter.</TD>
<UL> <UL>
<LI>The rcode or xcode argument is invalid. <LI>The rcode or xcode argument is invalid.
<LI>A memory-allocation failure occurs. <LI>A memory-allocation failure occurs.
<LI>The length of any text line is more than MAXREPLYLEN (980).
<LI>The message argument contains a carriage return or line feed.
</UL> </UL>
Otherwise, it return MI_SUCCESS. Otherwise, it return MI_SUCCESS.
</TD> </TD>

View File

@ -37,6 +37,7 @@ milter wants to receive from the MTA.
</TD> </TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

View File

@ -33,6 +33,7 @@ If smfi_settimeout is not called, a default timeout of 7210 seconds is used.
</TD> </TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -61,10 +62,7 @@ and may break the communication with the MTA.
Do <EM>not</EM> decrease this value without making sure that Do <EM>not</EM> decrease this value without making sure that
the MTA also uses lower timeouts for communication the MTA also uses lower timeouts for communication
(with the milter and with the SMTP client). (with the milter and with the SMTP client).
</TR> </TD></TR>
</TABLE>
</TABLE> </TABLE>
<HR size="1"> <HR size="1">

View File

@ -36,6 +36,7 @@ which may then exit or warm-restart.
</TD> </TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

View File

@ -32,6 +32,7 @@ Get the (runtime) version of libmilter.
<TD>None.</TD> <TD>None.</TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH VALIGN="TOP" ALIGN=LEFT>ARGUMENTS</TH><TD> <TR><TH VALIGN="TOP" ALIGN=LEFT>ARGUMENTS</TH><TD>

View File

@ -30,6 +30,7 @@ Handle the current message's being aborted.
<TD>Do nothing; return SMFIS_CONTINUE.</TD> <TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

View File

@ -32,6 +32,7 @@ Handle a piece of a message's body.
<TD>Do nothing; return SMFIS_CONTINUE.</TD> <TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

View File

@ -30,6 +30,7 @@ The current connection is being closed.
<TD>Do nothing; return SMFIS_CONTINUE.</TD> <TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

View File

@ -29,6 +29,7 @@ sfsistat (*xxfi_connect)(
<TD>Do nothing; return SMFIS_CONTINUE.</TD> <TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR> </TR>
</TABLE> </TABLE>
<!-- <!--
This callback function is invoked on each connection to the mail This callback function is invoked on each connection to the mail
filter program. filter program.
@ -37,8 +38,9 @@ The name of the callback can be any valid function name.
The function pointer is to be assigned to the The function pointer is to be assigned to the
smfiDesc.xxfi_connect and the pointer to the smfiDesc structure smfiDesc.xxfi_connect and the pointer to the smfiDesc structure
is passed to smfi_register(). is passed to smfi_register().
</TD></TR>
--> -->
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0> <TABLE border="1" cellspacing=0>

View File

@ -23,13 +23,14 @@ Handle the DATA command.
<TABLE border="1" cellspacing=1 cellpadding=4> <TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top> <TR align="left" valign=top>
<TH width="80">Called When</TH> <TH width="80">Called When</TH>
<TD>xxfi_data is called when the client uses the DATA command. <TD>xxfi_data is called when the client uses the DATA command.</TD>
</TR> </TR>
<TR align="left" valign=top> <TR align="left" valign=top>
<TH>Default Behavior</TH> <TH>Default Behavior</TH>
<TD>Do nothing; return SMFIS_CONTINUE.</TD> <TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -67,7 +68,7 @@ Handle the DATA command.
</TD> </TD>
</TR> </TR>
</TABLE> </TABLE>
</TR> </TD></TR>
<!----------- Notes ----------> <!----------- Notes ---------->
<TR> <TR>

View File

@ -33,6 +33,7 @@ before xxfi_envrcpt.</TD>
<TD>Do nothing; return SMFIS_CONTINUE.</TD> <TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -75,7 +76,7 @@ before xxfi_envrcpt.</TD>
</TD> </TD>
</TR> </TR>
</TABLE> </TABLE>
</TR> </TD></TR>
<!----------- Notes ----------> <!----------- Notes ---------->
<TR> <TR>

View File

@ -31,6 +31,7 @@ Handle the envelope RCPT command.
<TD>Do nothing; return SMFIS_CONTINUE.</TD> <TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -76,7 +77,7 @@ Handle the envelope RCPT command.
</TD> </TD>
</TR> </TR>
</TABLE> </TABLE>
</TR> </TD></TR>
<!----------- Notes ----------> <!----------- Notes ---------->
<TR> <TR>

View File

@ -31,6 +31,7 @@ Handle the end of message headers.
<TD>Do nothing; return SMFIS_CONTINUE.</TD> <TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

View File

@ -30,6 +30,7 @@ End of a message.
<TD>Do nothing; return SMFIS_CONTINUE.</TD> <TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR> </TR>
</TABLE> </TABLE>
</TD></TR>
<!----------- Arguments ----------> <!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD> <TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

Some files were not shown because too many files have changed in this diff Show More