Merge sendmail 8.16.1 to HEAD: See contrib/sendmail/RELEASE_NOTES for details
Includes build infrastructure & config updates required for changes in 8.16.1 MFC after: 5 days
This commit is contained in:
commit
64b18ad7a6
@ -1,4 +1,3 @@
|
||||
# $Id: CACerts,v 8.6 2013-01-18 15:14:17 ca Exp $
|
||||
# This file contains some CA certificates that are used to sign the
|
||||
# certificates of mail servers of members of the sendmail consortium
|
||||
# who may reply to questions etc sent to sendmail.org.
|
||||
@ -10,189 +9,92 @@ Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number:
|
||||
92:91:67:de:e0:ef:2c:e4
|
||||
81:9d:41:0f:40:55:ac:4a
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
Issuer: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2015/emailAddress=ca+ca-rsa2015@esmtp.org
|
||||
Issuer: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=CA/emailAddress=ca+ca-rsa2018@esmtp.org
|
||||
Validity
|
||||
Not Before: Mar 2 19:15:29 2015 GMT
|
||||
Not After : Mar 1 19:15:29 2018 GMT
|
||||
Subject: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2015/emailAddress=ca+ca-rsa2015@esmtp.org
|
||||
Not Before: Feb 27 02:30:55 2018 GMT
|
||||
Not After : Feb 26 02:30:55 2021 GMT
|
||||
Subject: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=CA/emailAddress=ca+ca-rsa2018@esmtp.org
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:b9:1a:a1:56:ce:cb:16:af:4f:96:ba:2a:70:31:
|
||||
70:d3:86:6c:7a:46:26:47:42:3f:de:49:57:3e:08:
|
||||
1e:10:25:bf:06:8f:ca:fd:f4:5e:6a:01:7d:31:4d:
|
||||
50:88:18:43:71:66:65:42:9c:90:97:0d:95:f2:14:
|
||||
ef:d7:5e:77:ef:7d:b5:49:3f:02:bb:83:20:f7:e6:
|
||||
fc:9a:cd:13:df:60:41:28:8e:39:07:a6:a4:40:98:
|
||||
15:1e:46:b6:04:2e:f9:ab:32:d1:8b:fe:52:81:f1:
|
||||
d2:e1:c3:cf:bf:ab:40:a7:f0:e4:e5:a2:82:37:30:
|
||||
8c:10:7d:aa:a8:7c:7e:76:cc:5f:1a:24:d0:8c:94:
|
||||
f6:f2:7f:4a:be:2f:38:67:c0:06:e6:9e:51:ad:55:
|
||||
d0:cb:26:71:cf:f4:af:7d:5a:41:81:16:fb:26:ec:
|
||||
f0:35:01:6e:db:f9:e9:00:d7:d0:89:7b:cf:88:16:
|
||||
8b:1c:8f:77:1f:5d:ef:70:04:28:76:c5:1b:c6:23:
|
||||
8d:49:6b:f0:b8:21:56:d6:7d:68:6c:be:21:e3:e6:
|
||||
e3:1d:6f:a5:ea:dc:83:e4:27:b3:6f:5f:1b:3d:33:
|
||||
a1:d5:d3:f0:73:1a:12:eb:d9:95:00:71:59:16:b4:
|
||||
e4:60:38:b2:2e:7f:b7:d4:c5:e9:3f:74:e4:48:38:
|
||||
29:89
|
||||
00:b8:a3:8d:79:28:c1:1f:9c:11:74:43:26:e1:3b:
|
||||
cc:14:87:5b:6b:64:4c:ed:79:1b:7f:2a:03:d0:7b:
|
||||
ef:9e:88:b0:64:36:ee:58:ef:fd:d9:c7:20:b3:71:
|
||||
e9:6d:1e:a7:bc:c1:7c:3b:fe:2a:e4:16:2f:bc:d6:
|
||||
2c:f5:98:f9:c4:21:1c:ca:c3:7e:57:89:c8:a9:2f:
|
||||
da:6b:9b:52:d6:c9:9d:98:97:6d:08:7c:a6:37:4e:
|
||||
d4:26:bb:db:73:b0:38:ef:7d:1e:dd:8e:dd:8e:17:
|
||||
2f:a0:3d:a9:0e:4d:f0:2b:b8:14:23:33:ad:c8:a0:
|
||||
e5:9d:0f:27:ad:83:a2:78:90:05:ec:29:06:91:07:
|
||||
45:6c:5f:ba:8e:1d:f1:d7:1b:2d:f9:99:ba:2e:27:
|
||||
e1:03:7d:e9:d2:54:35:cc:39:79:07:83:d8:93:9b:
|
||||
d6:ef:72:ab:d4:63:8e:6b:f7:00:66:5f:77:e8:b6:
|
||||
bc:de:5f:8c:d0:ce:1a:c4:db:03:9d:e4:ee:0a:ec:
|
||||
77:c5:f2:30:69:7e:70:12:e5:c2:4a:28:3f:e7:19:
|
||||
eb:af:41:fb:e6:a6:1d:b5:fd:2b:99:03:f5:20:90:
|
||||
38:73:bd:43:70:da:cf:1f:34:5d:ab:17:4b:73:cf:
|
||||
f9:3d:e1:a2:79:14:de:d8:40:85:82:c4:5a:84:82:
|
||||
32:f1
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Subject Key Identifier:
|
||||
B1:69:DB:5E:9B:CE:1A:B4:1D:B2:6A:FC:5A:22:97:B6:24:14:6F:32
|
||||
42:37:75:E7:8F:12:CF:D9:EB:21:22:7D:8A:E8:49:21:FD:E2:3A:3A
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:B1:69:DB:5E:9B:CE:1A:B4:1D:B2:6A:FC:5A:22:97:B6:24:14:6F:32
|
||||
DirName:/C=US/ST=California/L=Berkeley/O=Endmail Org/OU=MTA/CN=Claus Assmann CA RSA 2015/emailAddress=ca+ca-rsa2015@esmtp.org
|
||||
serial:92:91:67:DE:E0:EF:2C:E4
|
||||
|
||||
keyid:42:37:75:E7:8F:12:CF:D9:EB:21:22:7D:8A:E8:49:21:FD:E2:3A:3A
|
||||
DirName:/C=US/ST=California/L=Berkeley/O=Endmail Org/OU=MTA/CN=CA/emailAddress=ca+ca-rsa2018@esmtp.org
|
||||
serial:81:9D:41:0F:40:55:AC:4A
|
||||
X509v3 Basic Constraints:
|
||||
CA:TRUE
|
||||
X509v3 Subject Alternative Name:
|
||||
email:ca+ca-rsa2015@esmtp.org
|
||||
email:ca+ca-rsa2018@esmtp.org
|
||||
X509v3 Issuer Alternative Name:
|
||||
email:ca+ca-rsa2015@esmtp.org
|
||||
email:ca+ca-rsa2018@esmtp.org
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
0a:ce:07:39:77:08:c5:3a:00:04:e8:a0:3b:f7:d2:4c:79:02:
|
||||
23:0b:da:c0:55:39:82:71:0a:0c:83:e2:de:f2:3b:fe:23:bc:
|
||||
9b:13:34:d1:29:0a:16:3f:01:7d:9f:fb:4b:aa:12:dc:3b:7e:
|
||||
b9:27:7b:ec:0c:3f:c0:d9:f5:d8:a8:a1:9c:1c:3a:2f:40:df:
|
||||
27:1a:1a:a0:74:00:19:b7:82:0e:f9:45:86:bf:32:da:0e:72:
|
||||
0a:4c:2c:39:21:63:c3:1f:61:6e:e2:4d:ba:7a:26:1a:15:ce:
|
||||
b1:f6:1a:59:04:70:ed:e8:72:05:4c:fc:84:c6:a5:f4:e2:4a:
|
||||
40:e4:42:70:87:9a:a7:02:26:3a:47:34:09:e0:7b:88:ca:fb:
|
||||
99:d9:9b:bb:0c:52:8a:93:d5:59:30:0b:55:42:b4:bb:d2:b1:
|
||||
49:55:81:a4:70:a0:49:19:f2:4f:61:94:af:e9:d7:62:68:65:
|
||||
97:67:00:26:b8:9b:b2:2c:d0:2c:83:7d:3e:b3:31:73:b9:55:
|
||||
49:53:fa:a3:ad:1b:02:67:08:9e:ce:9e:eb:9f:47:0d:6c:95:
|
||||
e9:6c:30:92:c1:94:67:ad:d9:e3:b9:61:ea:a9:72:98:81:3a:
|
||||
62:80:70:20:9a:3e:c4:1f:6f:bd:b4:00:ec:b1:fe:71:da:91:
|
||||
15:89:f7:8f
|
||||
0b:4c:e5:c2:ed:0a:e5:7b:95:29:22:d4:8f:5f:cb:1b:b1:e3:
|
||||
4c:fc:90:e7:2e:97:87:87:a2:63:0d:6d:4d:f0:1f:0d:84:11:
|
||||
dc:df:b7:fa:c3:c6:2e:07:e9:a0:e9:a6:9f:54:17:ad:1a:d0:
|
||||
36:be:31:cc:a5:85:a0:45:4a:87:45:80:7e:de:ea:97:68:e0:
|
||||
2b:09:5d:9a:31:6f:f5:78:22:c5:66:2a:99:70:9e:6d:c4:ab:
|
||||
f6:90:01:70:53:07:66:6c:a6:b5:ce:4b:36:05:83:87:0c:a7:
|
||||
e0:1e:34:d0:5e:76:a4:20:71:cd:9d:c1:ae:82:27:e0:6f:16:
|
||||
57:74:e7:63:9f:d0:3d:72:91:6d:97:a4:82:23:84:dd:6e:0d:
|
||||
da:43:00:a7:ce:2f:f8:79:04:67:6a:e5:b0:ab:30:d8:f1:90:
|
||||
10:43:3b:09:77:27:34:a4:d4:c0:25:4e:21:32:a3:ab:60:1c:
|
||||
9d:6e:e2:65:39:51:7f:cd:9f:88:3a:7e:f4:38:af:7b:5b:a7:
|
||||
bb:7b:70:97:21:59:fc:5c:55:a1:db:74:0a:37:1e:33:97:5f:
|
||||
70:32:98:b3:d9:99:4e:08:3c:de:01:82:17:9b:49:d7:fa:c9:
|
||||
45:8d:93:cc:42:d6:36:f2:39:3a:47:28:3f:6f:6a:e5:23:f3:
|
||||
5c:d4:a3:1b
|
||||
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFJzCCBA+gAwIBAgIJAJKRZ97g7yzkMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD
|
||||
MIIE4jCCA8qgAwIBAgIJAIGdQQ9AVaxKMA0GCSqGSIb3DQEBBQUAMIGOMQswCQYD
|
||||
VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTERMA8GA1UEBwwIQmVya2VsZXkx
|
||||
FDASBgNVBAoMC0VuZG1haWwgT3JnMQwwCgYDVQQLDANNVEExIjAgBgNVBAMMGUNs
|
||||
YXVzIEFzc21hbm4gQ0EgUlNBIDIwMTUxJjAkBgkqhkiG9w0BCQEWF2NhK2NhLXJz
|
||||
YTIwMTVAZXNtdHAub3JnMB4XDTE1MDMwMjE5MTUyOVoXDTE4MDMwMTE5MTUyOVow
|
||||
gaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQHDAhC
|
||||
ZXJrZWxleTEUMBIGA1UECgwLRW5kbWFpbCBPcmcxDDAKBgNVBAsMA01UQTEiMCAG
|
||||
A1UEAwwZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAxNTEmMCQGCSqGSIb3DQEJARYX
|
||||
Y2ErY2EtcnNhMjAxNUBlc210cC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
|
||||
ggEKAoIBAQC5GqFWzssWr0+WuipwMXDThmx6RiZHQj/eSVc+CB4QJb8Gj8r99F5q
|
||||
AX0xTVCIGENxZmVCnJCXDZXyFO/XXnfvfbVJPwK7gyD35vyazRPfYEEojjkHpqRA
|
||||
mBUeRrYELvmrMtGL/lKB8dLhw8+/q0Cn8OTlooI3MIwQfaqofH52zF8aJNCMlPby
|
||||
f0q+LzhnwAbmnlGtVdDLJnHP9K99WkGBFvsm7PA1AW7b+ekA19CJe8+IFoscj3cf
|
||||
Xe9wBCh2xRvGI41Ja/C4IVbWfWhsviHj5uMdb6Xq3IPkJ7NvXxs9M6HV0/BzGhLr
|
||||
2ZUAcVkWtORgOLIuf7fUxek/dORIOCmJAgMBAAGjggFWMIIBUjAdBgNVHQ4EFgQU
|
||||
sWnbXpvOGrQdsmr8WiKXtiQUbzIwgdoGA1UdIwSB0jCBz4AUsWnbXpvOGrQdsmr8
|
||||
WiKXtiQUbzKhgaukgagwgaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9y
|
||||
bmlhMREwDwYDVQQHDAhCZXJrZWxleTEUMBIGA1UECgwLRW5kbWFpbCBPcmcxDDAK
|
||||
BgNVBAsMA01UQTEiMCAGA1UEAwwZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAxNTEm
|
||||
MCQGCSqGSIb3DQEJARYXY2ErY2EtcnNhMjAxNUBlc210cC5vcmeCCQCSkWfe4O8s
|
||||
5DAMBgNVHRMEBTADAQH/MCIGA1UdEQQbMBmBF2NhK2NhLXJzYTIwMTVAZXNtdHAu
|
||||
b3JnMCIGA1UdEgQbMBmBF2NhK2NhLXJzYTIwMTVAZXNtdHAub3JnMA0GCSqGSIb3
|
||||
DQEBBQUAA4IBAQAKzgc5dwjFOgAE6KA799JMeQIjC9rAVTmCcQoMg+Le8jv+I7yb
|
||||
EzTRKQoWPwF9n/tLqhLcO365J3vsDD/A2fXYqKGcHDovQN8nGhqgdAAZt4IO+UWG
|
||||
vzLaDnIKTCw5IWPDH2Fu4k26eiYaFc6x9hpZBHDt6HIFTPyExqX04kpA5EJwh5qn
|
||||
AiY6RzQJ4HuIyvuZ2Zu7DFKKk9VZMAtVQrS70rFJVYGkcKBJGfJPYZSv6ddiaGWX
|
||||
ZwAmuJuyLNAsg30+szFzuVVJU/qjrRsCZwiezp7rn0cNbJXpbDCSwZRnrdnjuWHq
|
||||
qXKYgTpigHAgmj7EH2+9tADssf5x2pEVifeP
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number:
|
||||
f1:41:b3:3d:ba:bd:33:49
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
Issuer: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2012/emailAddress=ca+ca-rsa2012@esmtp.org
|
||||
Validity
|
||||
Not Before: Mar 10 02:47:46 2012 GMT
|
||||
Not After : Mar 10 02:47:46 2015 GMT
|
||||
Subject: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2012/emailAddress=ca+ca-rsa2012@esmtp.org
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:a2:80:fc:c6:ce:7f:60:38:65:f4:38:f9:7a:d9:
|
||||
87:fd:47:eb:3f:2c:4a:c9:38:77:6a:77:94:92:7f:
|
||||
83:3d:99:57:2c:5f:37:bb:ba:12:10:17:56:fa:eb:
|
||||
43:a6:4b:4c:1e:30:32:07:94:2f:5a:d8:65:49:29:
|
||||
fa:24:d1:f0:0b:45:2d:e5:d5:cb:7d:60:dc:a6:ce:
|
||||
a4:47:35:30:ee:5e:8d:c2:30:e7:a7:63:32:b0:59:
|
||||
80:cc:8c:99:64:77:8f:50:8e:88:51:47:36:ea:9a:
|
||||
f3:b4:c0:8c:a6:ab:c6:42:57:88:b9:5f:9f:61:15:
|
||||
bb:79:65:93:ca:a9:fd:17:eb:87:26:8b:eb:b7:2b:
|
||||
7e:33:05:2b:ba:c0:46:f7:08:fd:da:c1:50:9b:3d:
|
||||
26:83:5c:53:97:89:2c:cc:5f:f2:7b:a8:b7:3d:fb:
|
||||
f2:b4:89:0d:43:ef:18:5c:21:75:71:cc:f0:c2:a3:
|
||||
84:69:c0:a7:f3:9b:de:c1:c7:5a:5c:7e:68:da:49:
|
||||
71:af:58:a8:51:9f:bd:f9:3d:bb:a5:92:fa:7b:1d:
|
||||
52:f5:fe:90:59:95:27:65:a4:af:97:9a:4f:01:39:
|
||||
59:7d:08:6f:a1:8f:42:47:49:bf:12:52:53:39:74:
|
||||
8d:62:3b:bd:4c:4f:05:0f:c4:b9:3e:da:a8:0e:96:
|
||||
05:2d
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Subject Key Identifier:
|
||||
08:38:E3:88:92:53:6E:F1:56:69:27:44:B5:4C:A0:18:CA:06:97:EB
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:08:38:E3:88:92:53:6E:F1:56:69:27:44:B5:4C:A0:18:CA:06:97:EB
|
||||
DirName:/C=US/ST=California/L=Berkeley/O=Endmail Org/OU=MTA/CN=Claus Assmann CA RSA 2012/emailAddress=ca+ca-rsa2012@esmtp.org
|
||||
serial:F1:41:B3:3D:BA:BD:33:49
|
||||
|
||||
X509v3 Basic Constraints:
|
||||
CA:TRUE
|
||||
X509v3 Subject Alternative Name:
|
||||
email:ca+ca-rsa2012@esmtp.org
|
||||
X509v3 Issuer Alternative Name:
|
||||
email:ca+ca-rsa2012@esmtp.org
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
9a:8f:4d:23:5b:30:80:e1:94:e4:66:9c:3a:17:8b:79:49:5b:
|
||||
ec:5d:e5:a1:22:2d:71:37:a1:51:e7:1d:b1:0d:a9:9b:aa:a9:
|
||||
0d:c7:cd:d6:24:f9:e0:f0:57:be:4f:74:0c:4b:7a:42:4c:70:
|
||||
19:2e:8e:eb:cb:1b:00:26:27:eb:1c:42:33:d5:ec:32:b4:6c:
|
||||
7d:a3:04:a1:5c:00:49:c9:0d:4c:4d:28:37:06:22:77:ec:40:
|
||||
15:25:3a:23:84:ae:1f:da:90:dd:c9:dc:27:ee:7c:ec:e5:df:
|
||||
b8:ba:1e:3f:ee:c2:91:a2:3f:22:92:1e:f3:06:7e:aa:e9:c3:
|
||||
11:2d:3d:2f:85:f7:fc:d7:e2:f8:6d:70:a6:40:62:69:e7:52:
|
||||
ed:1b:19:38:72:86:08:a1:3d:47:c8:68:82:41:db:db:2a:52:
|
||||
25:d7:49:aa:9e:c5:83:22:7d:2f:0b:df:8c:90:2d:b5:aa:33:
|
||||
c7:9b:e8:39:8f:bb:79:5b:13:2d:4e:a9:69:59:c7:09:26:e2:
|
||||
b5:53:80:86:72:bb:7c:be:e9:46:5b:d8:b2:78:42:d6:5d:c3:
|
||||
bb:3a:3b:5f:0f:e8:c3:60:fb:88:9f:3a:2b:9f:d3:7d:9f:c7:
|
||||
32:aa:4d:34:a7:66:a1:25:16:95:a6:69:e7:86:a3:5c:b9:b9:
|
||||
df:58:05:e3
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFJzCCBA+gAwIBAgIJAPFBsz26vTNJMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD
|
||||
VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIQmVya2VsZXkx
|
||||
FDASBgNVBAoTC0VuZG1haWwgT3JnMQwwCgYDVQQLEwNNVEExIjAgBgNVBAMTGUNs
|
||||
YXVzIEFzc21hbm4gQ0EgUlNBIDIwMTIxJjAkBgkqhkiG9w0BCQEWF2NhK2NhLXJz
|
||||
YTIwMTJAZXNtdHAub3JnMB4XDTEyMDMxMDAyNDc0NloXDTE1MDMxMDAyNDc0Nlow
|
||||
gaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhC
|
||||
ZXJrZWxleTEUMBIGA1UEChMLRW5kbWFpbCBPcmcxDDAKBgNVBAsTA01UQTEiMCAG
|
||||
A1UEAxMZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAxMjEmMCQGCSqGSIb3DQEJARYX
|
||||
Y2ErY2EtcnNhMjAxMkBlc210cC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
|
||||
ggEKAoIBAQCigPzGzn9gOGX0OPl62Yf9R+s/LErJOHdqd5SSf4M9mVcsXze7uhIQ
|
||||
F1b660OmS0weMDIHlC9a2GVJKfok0fALRS3l1ct9YNymzqRHNTDuXo3CMOenYzKw
|
||||
WYDMjJlkd49QjohRRzbqmvO0wIymq8ZCV4i5X59hFbt5ZZPKqf0X64cmi+u3K34z
|
||||
BSu6wEb3CP3awVCbPSaDXFOXiSzMX/J7qLc9+/K0iQ1D7xhcIXVxzPDCo4RpwKfz
|
||||
m97Bx1pcfmjaSXGvWKhRn735Pbulkvp7HVL1/pBZlSdlpK+Xmk8BOVl9CG+hj0JH
|
||||
Sb8SUlM5dI1iO71MTwUPxLk+2qgOlgUtAgMBAAGjggFWMIIBUjAdBgNVHQ4EFgQU
|
||||
CDjjiJJTbvFWaSdEtUygGMoGl+swgdoGA1UdIwSB0jCBz4AUCDjjiJJTbvFWaSdE
|
||||
tUygGMoGl+uhgaukgagwgaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y
|
||||
bmlhMREwDwYDVQQHEwhCZXJrZWxleTEUMBIGA1UEChMLRW5kbWFpbCBPcmcxDDAK
|
||||
BgNVBAsTA01UQTEiMCAGA1UEAxMZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAxMjEm
|
||||
MCQGCSqGSIb3DQEJARYXY2ErY2EtcnNhMjAxMkBlc210cC5vcmeCCQDxQbM9ur0z
|
||||
STAMBgNVHRMEBTADAQH/MCIGA1UdEQQbMBmBF2NhK2NhLXJzYTIwMTJAZXNtdHAu
|
||||
b3JnMCIGA1UdEgQbMBmBF2NhK2NhLXJzYTIwMTJAZXNtdHAub3JnMA0GCSqGSIb3
|
||||
DQEBBQUAA4IBAQCaj00jWzCA4ZTkZpw6F4t5SVvsXeWhIi1xN6FR5x2xDambqqkN
|
||||
x83WJPng8Fe+T3QMS3pCTHAZLo7ryxsAJifrHEIz1ewytGx9owShXABJyQ1MTSg3
|
||||
BiJ37EAVJTojhK4f2pDdydwn7nzs5d+4uh4/7sKRoj8ikh7zBn6q6cMRLT0vhff8
|
||||
1+L4bXCmQGJp51LtGxk4coYIoT1HyGiCQdvbKlIl10mqnsWDIn0vC9+MkC21qjPH
|
||||
m+g5j7t5WxMtTqlpWccJJuK1U4CGcrt8vulGW9iyeELWXcO7OjtfD+jDYPuInzor
|
||||
n9N9n8cyqk00p2ahJRaVpmnnhqNcubnfWAXj
|
||||
FDASBgNVBAoMC0VuZG1haWwgT3JnMQwwCgYDVQQLDANNVEExCzAJBgNVBAMMAkNB
|
||||
MSYwJAYJKoZIhvcNAQkBFhdjYStjYS1yc2EyMDE4QGVzbXRwLm9yZzAeFw0xODAy
|
||||
MjcwMjMwNTVaFw0yMTAyMjYwMjMwNTVaMIGOMQswCQYDVQQGEwJVUzETMBEGA1UE
|
||||
CAwKQ2FsaWZvcm5pYTERMA8GA1UEBwwIQmVya2VsZXkxFDASBgNVBAoMC0VuZG1h
|
||||
aWwgT3JnMQwwCgYDVQQLDANNVEExCzAJBgNVBAMMAkNBMSYwJAYJKoZIhvcNAQkB
|
||||
FhdjYStjYS1yc2EyMDE4QGVzbXRwLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEP
|
||||
ADCCAQoCggEBALijjXkowR+cEXRDJuE7zBSHW2tkTO15G38qA9B7756IsGQ27ljv
|
||||
/dnHILNx6W0ep7zBfDv+KuQWL7zWLPWY+cQhHMrDfleJyKkv2mubUtbJnZiXbQh8
|
||||
pjdO1Ca723OwOO99Ht2O3Y4XL6A9qQ5N8Cu4FCMzrcig5Z0PJ62DoniQBewpBpEH
|
||||
RWxfuo4d8dcbLfmZui4n4QN96dJUNcw5eQeD2JOb1u9yq9Rjjmv3AGZfd+i2vN5f
|
||||
jNDOGsTbA53k7grsd8XyMGl+cBLlwkooP+cZ669B++amHbX9K5kD9SCQOHO9Q3Da
|
||||
zx80XasXS3PP+T3honkU3thAhYLEWoSCMvECAwEAAaOCAT8wggE7MB0GA1UdDgQW
|
||||
BBRCN3XnjxLP2eshIn2K6Ekh/eI6OjCBwwYDVR0jBIG7MIG4gBRCN3XnjxLP2esh
|
||||
In2K6Ekh/eI6OqGBlKSBkTCBjjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlm
|
||||
b3JuaWExETAPBgNVBAcMCEJlcmtlbGV5MRQwEgYDVQQKDAtFbmRtYWlsIE9yZzEM
|
||||
MAoGA1UECwwDTVRBMQswCQYDVQQDDAJDQTEmMCQGCSqGSIb3DQEJARYXY2ErY2Et
|
||||
cnNhMjAxOEBlc210cC5vcmeCCQCBnUEPQFWsSjAMBgNVHRMEBTADAQH/MCIGA1Ud
|
||||
EQQbMBmBF2NhK2NhLXJzYTIwMThAZXNtdHAub3JnMCIGA1UdEgQbMBmBF2NhK2Nh
|
||||
LXJzYTIwMThAZXNtdHAub3JnMA0GCSqGSIb3DQEBBQUAA4IBAQALTOXC7Qrle5Up
|
||||
ItSPX8sbseNM/JDnLpeHh6JjDW1N8B8NhBHc37f6w8YuB+mg6aafVBetGtA2vjHM
|
||||
pYWgRUqHRYB+3uqXaOArCV2aMW/1eCLFZiqZcJ5txKv2kAFwUwdmbKa1zks2BYOH
|
||||
DKfgHjTQXnakIHHNncGugifgbxZXdOdjn9A9cpFtl6SCI4Tdbg3aQwCnzi/4eQRn
|
||||
auWwqzDY8ZAQQzsJdyc0pNTAJU4hMqOrYBydbuJlOVF/zZ+IOn70OK97W6e7e3CX
|
||||
IVn8XFWh23QKNx4zl19wMpiz2ZlOCDzeAYIXm0nX+slFjZPMQtY28jk6Ryg/b2rl
|
||||
I/Nc1KMb
|
||||
-----END CERTIFICATE-----
|
||||
|
@ -1,6 +1,6 @@
|
||||
$FreeBSD$
|
||||
|
||||
sendmail 8.15.2
|
||||
sendmail 8.16.1
|
||||
originals can be found at: ftp://ftp.sendmail.org/pub/sendmail/
|
||||
|
||||
For the import of sendmail, the following directories were renamed:
|
||||
@ -13,12 +13,16 @@ http://www.freebsd.org/doc/en_US.ISO8859-1/articles/committers-guide/subversion-
|
||||
|
||||
Then merged using:
|
||||
|
||||
% set FSVN=svn+ssh://svn.freebsd.org/base
|
||||
% set FSVN=svn+ssh://repo.freebsd.org/base
|
||||
% svn checkout $FSVN/head/contrib/sendmail head
|
||||
% cd head
|
||||
% svn merge --accept=postpone $FSVN/vendor/sendmail/dist .
|
||||
% svn rm --force */Build [e-v]*/*.0 cf/cf/generic-*.cf cf/cf/Build
|
||||
% svn rm --force Build devtools doc/op/op.ps src/makesendmail src/sysexits.h
|
||||
### Replace XXXXXX with import revision number in next command:
|
||||
% svn merge -c rXXXXXX --accept=postpone '^/vendor/sendmail/dist' .
|
||||
% svn resolve --accept working cf/cf/Build \
|
||||
cf/cf/generic-{bsd4.4,hpux{9,10},linux,mpeix,nextstep3.3,osf1,solaris,sunos4.1,ultrix4}.cf \
|
||||
devtools doc/op/op.ps editmap/editmap.0 mail.local/mail.local.0 mailstats/mailstats.0 \
|
||||
makemap/makemap.0 praliases/praliases.0 rmail/rmail.0 smrsh/smrsh.0 \
|
||||
src/{aliases,mailq,newaliases,sendmail}.0 vacation/vacation.0
|
||||
% svn propset -R svn:keywords FreeBSD=%H .
|
||||
% svn propdel svn:keywords libmilter/docs/*.jpg
|
||||
% svn diff --no-diff-deleted --old=$FSVN/vendor/sendmail/dist --new=.
|
||||
@ -98,4 +102,4 @@ infrastructure in FreeBSD:
|
||||
usr.sbin/mailwrapper/Makefile
|
||||
|
||||
gshapiro@FreeBSD.org
|
||||
06-July-2015
|
||||
15-July-2020
|
||||
|
@ -271,4 +271,3 @@ Kresolve sequence dnsmx canon
|
||||
be used if set instead of LOCAL_RELAY ($R). This will be fixed in a
|
||||
future version.
|
||||
|
||||
$Revision: 8.61 $, Last updated $Date: 2011-04-07 17:48:23 $
|
||||
|
@ -37,7 +37,7 @@ each of the following conditions is met:
|
||||
the "Copyright Notice" refers to the following language:
|
||||
"Copyright (c) 1998-2014 Proofpoint, Inc. All rights reserved."
|
||||
|
||||
3. Neither the name of Proofpoint, Inc. nor the University of California nor
|
||||
4. Neither the name of Proofpoint, Inc. nor the University of California nor
|
||||
names of their contributors may be used to endorse or promote
|
||||
products derived from this software without specific prior written
|
||||
permission. The name "sendmail" is a trademark of Proofpoint, Inc.
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -431,8 +431,7 @@ makemap A program that creates the keyed maps used by the $( ... $)
|
||||
expect to preprocess must human-convenient formats
|
||||
using sed scripts before this program will like them.
|
||||
But it should be functionally complete.
|
||||
praliases A program to print the DBM or NEWDB version of the
|
||||
aliases file.
|
||||
praliases A program to print the map version of the aliases file.
|
||||
rmail Source for rmail(8). This is used as a delivery
|
||||
agent for for UUCP, and could presumably be used by
|
||||
other non-socket oriented mailers. Older versions of
|
||||
@ -447,4 +446,3 @@ sendmail Source for the sendmail program itself.
|
||||
test Some test scripts (currently only for compilation aids).
|
||||
vacation Source for the vacation program. NOT PART OF SENDMAIL!
|
||||
|
||||
$Revision: 8.96 $, Last updated $Date: 2013-11-22 20:51:01 $
|
||||
|
@ -5,6 +5,124 @@ This listing shows the version of the sendmail binary, the version
|
||||
of the sendmail configuration files, the date of release, and a
|
||||
summary of the changes in that release.
|
||||
|
||||
8.16.1/8.16.1 2020/07/05
|
||||
SECURITY: If sendmail tried to reuse an SMTP session which had
|
||||
already been closed by the server, then the connection
|
||||
cache could have invalid information about the session.
|
||||
One possible consequence was that STARTTLS was not
|
||||
used even if offered. This problem has been fixed
|
||||
by clearing out all relevant status information
|
||||
when a closed session is encountered.
|
||||
OpenSSL versions before 0.9.8 are no longer supported.
|
||||
OpenSSL version 1.1.0 and 1.1.1 are supported.
|
||||
Initial support for DANE (see RFC 7672 et.al.) is available if
|
||||
the compile time option DANE is set. Only TLSA RR 3-1-x
|
||||
is currently implemented.
|
||||
New options SSLEngine and SSLEnginePath to support OpenSSL engines.
|
||||
Note: this feature has so far only been tested with the
|
||||
"chil" engine; please report problems with other engines
|
||||
if you encounter any.
|
||||
New option CRLPath to specify a directory which contains
|
||||
hashes pointing to certificate revocations files.
|
||||
Based on patch from Al Smith.
|
||||
New rulesets tls_srv_features and tls_clt_features which
|
||||
can return a (semicolon separated) list of TLS related
|
||||
options, e.g., CipherList, CertFile, KeyFile,
|
||||
see doc/op/op.me for details.
|
||||
To automatically handle TLS interoperability problems for outgoing
|
||||
mail, sendmail can now immediately try a connection again
|
||||
without STARTTLS after a TLS handshake failure.
|
||||
This can be configured globally via the option
|
||||
TLSFallbacktoClear or per session via the 'C' flag
|
||||
of tls_clt_features.
|
||||
This also adds the new value "CLEAR" for the macro
|
||||
{verify}: STARTTLS has been disabled internally for
|
||||
a clear text delivery attempt.
|
||||
Apply Timeout.starttls also to the server waiting for the TLS
|
||||
handshake to begin. Based on patch from Simon Hradecky.
|
||||
New compile time option TLS_EC to enable the use of elliptic
|
||||
curve cryptography in STARTTLS (previously available as
|
||||
_FFR_TLS_EC).
|
||||
Handle MIME boundaries specified in headers which contain CRLF.
|
||||
Fix detection of loopback net (it was broken when compiled
|
||||
with NETINET6) and only set the macros {if_addr_out}
|
||||
and {if_family_out} if the interface of the outgoing
|
||||
connection does not belong to the loopback net.
|
||||
Fix logic to enable a milter to delete a recipient in
|
||||
DeliveryMode=interactive even if it might be subject
|
||||
to alias expansion.
|
||||
Log name of a milter making changes (this was missing for
|
||||
some functions).
|
||||
Log the actual reply of a server when an SMTP delivery problem
|
||||
occurs in a "reply=" field if possible.
|
||||
Log user= for failed AUTH attempts if possible. Based on
|
||||
patch from Packet Hack, Jim Hranicky, Kevin A. McGrail,
|
||||
and Joe Quinn.
|
||||
Add CDB as map type. Note: CDB is a "Constant DataBase", i.e.,
|
||||
no changes can be made after it is created, hence it
|
||||
does not work with vacation(1) nor editmap(8) (except
|
||||
for query mode).
|
||||
Fix some memory leaks (mostly in error cases) and properly handle
|
||||
copied varargs in sm_io_vfprintf(). The issues were found
|
||||
using Coverity Scan and reported (including patches) by
|
||||
Ondřej Lysoněk of Red Hat.
|
||||
Do not override ServerSSLOptions and ClientSSLOptions when they
|
||||
are specified on the command line. Based on patch from
|
||||
Hiroki Sato.
|
||||
Add RFC7505 Null MX support for domains that declare they do not
|
||||
accept mail.
|
||||
New compile time option LDAP_NETWORK_TIMEOUT which is set
|
||||
automatically when LDAPMAP is used and
|
||||
LDAP_OPT_NETWORK_TIMEOUT is available to enable the
|
||||
new -c option for LDAP maps to specify the network timeout.
|
||||
CONFIG: New FEATURE(`tls_session_features') to enable standard
|
||||
rules for tls_srv_features and tls_clt_features; for
|
||||
details see cf/README.
|
||||
CONFIG: New options confSSL_ENGINE and confSSL_ENGINE_PATH
|
||||
for SSLEngine and SSLEnginePath, respectively.
|
||||
CONFIG: New options confDANE to enable DANE support.
|
||||
CONFIG: New option confTLS_FALLBACK_TO_CLEAR for TLSFallbacktoClear.
|
||||
CONFIG: New extension CITag: for TLS restrictions, see cf/README
|
||||
for details.
|
||||
CONFIG: FEATURE(`blacklist_recipients') renamed to
|
||||
FEATURE(`blocklist_recipients').
|
||||
CONTRIB: cidrexpand updated to support IPv6 CIDR ranges and to
|
||||
canonicalize IPv6 addresses; if cidrexpand is used with IPv6
|
||||
addresses then UseCompressedIPv6Addresses must be disabled.
|
||||
DOC: The dns map can return multiple values in a single result
|
||||
if the -z option is used.
|
||||
DOC: Note to set MustQuoteChars=. due to DKIM signatures.
|
||||
LIBMILTER: Fix typo in a macro. Patch from Ignacio Goyret
|
||||
of Alcatel-Lucent.
|
||||
LIBMILTER: Fix reference in xxfi_negotiate documentation.
|
||||
Patch from Sven Neuhaus.
|
||||
LIBMILTER: Fix function name in smfi_addrcpt_par documentation.
|
||||
Patch from G.W. Haywood.
|
||||
LIBMILTER: Fix a potential memory leak in smfi_setsymlist().
|
||||
Patch from Martin Svec.
|
||||
MAKEMAP: New map type "implicit" refers to the first available type,
|
||||
i.e., it depends on the compile time options NEWDB, DBM,
|
||||
and CDB. This can be used in conjunction with the
|
||||
"implicit" map type in sendmail.cf.
|
||||
Note: makemap, libsmdb, and sendmail must be compiled
|
||||
with the same options (and library versions of course).
|
||||
Portability:
|
||||
Add support for Darwin 14-18 (Mac OS X 10.x).
|
||||
New option HAS_GETHOSTBYNAME2: set if your system
|
||||
supports gethostbyname2(2).
|
||||
Set SM_CONF_SEM=2 for FreeBSD 12 and later due to
|
||||
changes in sys/sem.h
|
||||
On Linux set MAXHOSTNAMELEN (the maximum length
|
||||
of a FQHN) to 256 if it is less than that value.
|
||||
Added Files:
|
||||
cf/feature/blocklist_recipients.m4
|
||||
cf/feature/tls_failures.m4
|
||||
devtools/OS/Darwin.14.x
|
||||
devtools/OS/Darwin.15.x
|
||||
devtools/OS/Darwin.16.x
|
||||
libsmdb/smcdb.c
|
||||
sendmail/ratectrl.h
|
||||
|
||||
8.15.2/8.15.2 2015/07/03
|
||||
If FEATURE(`nopercenthack') is used then some bogus input triggered
|
||||
a recursion which was caught and logged as
|
||||
@ -104,7 +222,7 @@ summary of the changes in that release.
|
||||
The option CipherList sets the list of ciphers for STARTTLS.
|
||||
See ciphers(1) for possible values.
|
||||
Do not log "STARTTLS: internal error: tls_verify_cb: ssl == NULL"
|
||||
if a CRLFfile is in use (and LogLevel is 14 or higher.)
|
||||
if a CRLFile is in use (and LogLevel is 14 or higher.)
|
||||
Store a more specific TLS protocol version in ${tls_version}
|
||||
instead of a generic one, e.g., TLSv1 instead of
|
||||
TLSv1/SSLv3.
|
||||
@ -740,7 +858,7 @@ summary of the changes in that release.
|
||||
Patches from Nelson Fung.
|
||||
CONTRIB: cidrexpand uses a hash symbol as comment character and
|
||||
ignores everything after it unless it is in quotes or
|
||||
preceeded by a backslash.
|
||||
preceded by a backslash.
|
||||
DEVTOOLS: New macro confMKDIR: if set to a program that creates
|
||||
directories, then it used for "make install" to create
|
||||
the required installation directories.
|
||||
@ -2465,7 +2583,7 @@ summary of the changes in that release.
|
||||
noted by Greg Robinson of the Defence Science and
|
||||
Technology Organisation of Australia.
|
||||
CONFIG: dnsbl: If an argument specifies an error message in case
|
||||
of temporary lookup failures for DNS based blacklists
|
||||
of temporary lookup failures for DNS based blocklists
|
||||
then use it.
|
||||
LIBMILTER: Install mfdef.h, required by mfapi.h. Problem noted by
|
||||
Richard A. Nelson of Debian.
|
||||
@ -2539,7 +2657,7 @@ summary of the changes in that release.
|
||||
is "pw", which means to use getpwnam(). New mailbox database
|
||||
types can be added by adding custom code to libsm/mbdb.c.
|
||||
Queue file names are now 15 characters long, rather than 14 characters
|
||||
long, to accomodate envelope splitting. File systems with
|
||||
long, to accommodate envelope splitting. File systems with
|
||||
a 14 character file name length limit are no longer
|
||||
supported.
|
||||
Recipient list used for delivery now gets internally ordered by
|
||||
@ -2580,7 +2698,7 @@ summary of the changes in that release.
|
||||
New ruleset srv_features to enable/disable certain features in the
|
||||
server per connection. See doc/op/op.me for details.
|
||||
New ruleset tls_rcpt to decide whether to send e-mail to a particular
|
||||
recipient; useful to decide whether a conection is secure
|
||||
recipient; useful to decide whether a connection is secure
|
||||
enough on a per recipient basis.
|
||||
New option TLSSrvOptions to modify some aspects of the server
|
||||
for STARTTLS.
|
||||
@ -2591,7 +2709,7 @@ summary of the changes in that release.
|
||||
Macro expand filenames/directories for certs and keys in the .cf file.
|
||||
Proposed by Neil Rickert of Northern Illinois University.
|
||||
Generate an ephemeral RSA key for a STARTTLS connection only if
|
||||
really required. This change results in a noticable
|
||||
really required. This change results in a noticeable
|
||||
performance gains on most machines. Moreover, if shared
|
||||
memory is in use, reuse the key several times.
|
||||
Add queue groups which can be used to group queue directories with
|
||||
@ -3500,7 +3618,7 @@ summary of the changes in that release.
|
||||
CONFIG: Reject addresses of the form a!b if FEATURE(`nouucp', `r')
|
||||
is used. Problem noted by Phil Homewood of Asia Online,
|
||||
patch from Neil Rickert of Northern Illinois University.
|
||||
CONFIG: Change the default DNS based blacklist server for
|
||||
CONFIG: Change the default DNS based blocklist server for
|
||||
FEATURE(`dnsbl') to blackholes.mail-abuse.org.
|
||||
CONFIG: Deal correctly with the 'C' flag in {daemon_flags}, i.e.,
|
||||
implicitly assume canonical host names.
|
||||
@ -4736,7 +4854,7 @@ summary of the changes in that release.
|
||||
from Per Hedeland of Ericsson.
|
||||
If a resolver ANY query is larger than the UDP packet size, the
|
||||
resolver will fall back to TCP. However, some
|
||||
misconfigured firewalls black 53/TCP so the ANY lookup
|
||||
misconfigured firewalls block 53/TCP so the ANY lookup
|
||||
fails whereas an MX or A record might succeed. Therefore,
|
||||
don't fail on ANY queries.
|
||||
If an SMTP recipient is rejected due to syntax errors in the
|
||||
@ -5152,7 +5270,7 @@ summary of the changes in that release.
|
||||
line up into 2046-character output lines (excluding the
|
||||
newline). If an input line was 2047 characters long
|
||||
(excluding CR-LF) and the last character was a '.',
|
||||
mail.local saw it as the end of input, transfered it to the
|
||||
mail.local saw it as the end of input, transferred it to the
|
||||
user mailbox and tried to write an `ok' back to sendmail.
|
||||
If the message was much longer, both sendmail and
|
||||
mail.local would deadlock waiting for each other to read
|
||||
@ -6039,7 +6157,7 @@ summary of the changes in that release.
|
||||
CONFIG: FEATURE(nodns) now warns the user that the feature is a
|
||||
no-op. Patch from Kari Hurtta of the Finnish
|
||||
Meteorological Institute.
|
||||
CONFIG: OSTYPE(osf1) now sets DefaultUserID (confDEF_USER_ID) to
|
||||
CONFIG: OSTYPE(osf1) now sets DefaultUser (confDEF_USER_ID) to
|
||||
daemon since DEC's /bin/mail will drop the envelope
|
||||
sender if run as mailnull. See the Digital UNIX section
|
||||
of src/README for more information. Problem noted by
|
||||
@ -7632,7 +7750,7 @@ summary of the changes in that release.
|
||||
instead of 0644. Suggested by Ann-Kian Yeo of the
|
||||
National University of Singapore.
|
||||
Print errors if setgid/setuid/etc. fail during delivery. This helps
|
||||
detect cases where DefaultUid is set to something that the
|
||||
detect cases where DefaultUser is set to something that the
|
||||
system can't cope with.
|
||||
PORTABILITY FIXES:
|
||||
Support for AIX/RS 2.2.1 from Mark Whetzel of Western
|
||||
@ -9840,7 +9958,7 @@ summary of the changes in that release.
|
||||
gethostname() (instead of myhostname(), which tries
|
||||
to fully qualify the name) to be consistent with
|
||||
SunOS. If your hostname is unqualified, this fixes
|
||||
transfers to slave servers. Bug noted by Keith
|
||||
transfers to secondary servers. Bug noted by Keith
|
||||
McMillan of Ameritech Services, Inc.
|
||||
Fix Ultrix problem: gethostbyname() can return a very large
|
||||
(> 500) h_length field, which causes the sockaddr
|
||||
|
@ -396,7 +396,7 @@ SMTP_MAILER_MAXMSGS [undefined] If defined, the maximum number of
|
||||
messages to deliver in a single connection for the
|
||||
smtp, smtp8, esmtp, or dsmtp mailers.
|
||||
SMTP_MAILER_MAXRCPTS [undefined] If defined, the maximum number of
|
||||
recipients to deliver in a single connection for the
|
||||
recipients to deliver in a single envelope for the
|
||||
smtp, smtp8, esmtp, or dsmtp mailers.
|
||||
SMTP_MAILER_ARGS [TCP $h] The arguments passed to the smtp mailer.
|
||||
About the only reason you would want to change this
|
||||
@ -1250,7 +1250,7 @@ access_db Turns on the access database feature. The access db gives
|
||||
important information about this feature. Notice:
|
||||
"-T<TMPF>" is meant literal, do not replace it by anything.
|
||||
|
||||
blacklist_recipients
|
||||
blocklist_recipients
|
||||
Turns on the ability to block incoming mail for certain
|
||||
recipient usernames, hostnames, or addresses. For
|
||||
example, you can block incoming mail to user nobody,
|
||||
@ -1579,7 +1579,7 @@ require_rdns Reject mail from connecting SMTP clients without proper
|
||||
Entries such as
|
||||
Connect:1.2.3.4 OK
|
||||
Connect:1.2 RELAY
|
||||
will whitelist IP address 1.2.3.4, so that the rDNS
|
||||
will allowlist IP address 1.2.3.4, so that the rDNS
|
||||
blocking does apply to that IP address
|
||||
|
||||
Entries such as
|
||||
@ -2602,7 +2602,7 @@ requires a tag. For example,
|
||||
From:another.dom REJECT
|
||||
|
||||
This would deny mails from spammer@some.dom but you could still
|
||||
send mail to that address even if FEATURE(`blacklist_recipients')
|
||||
send mail to that address even if FEATURE(`blocklist_recipients')
|
||||
is enabled. Your system will allow relaying to friend.domain, but
|
||||
not from it (unless enabled by other means). Connections from that
|
||||
domain will be allowed even if it ends up in one of the DNS based
|
||||
@ -2723,7 +2723,7 @@ sender address.
|
||||
|
||||
If you use:
|
||||
|
||||
FEATURE(`blacklist_recipients')
|
||||
FEATURE(`blocklist_recipients')
|
||||
|
||||
then you can add entries to the map for local users, hosts in your
|
||||
domains, or addresses in your domain which should not receive mail:
|
||||
@ -2747,14 +2747,14 @@ as value part in the access map. Taking the example from above:
|
||||
Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com.
|
||||
That's why tagged entries should be used.
|
||||
|
||||
There are several DNS based blacklists which can be found by
|
||||
There are several DNS based blocklists which can be found by
|
||||
querying a search engine. These are databases of spammers
|
||||
maintained in DNS. To use such a database, specify
|
||||
|
||||
FEATURE(`dnsbl', `dnsbl.example.com')
|
||||
|
||||
This will cause sendmail to reject mail from any site listed in the
|
||||
DNS based blacklist. You must select a DNS based blacklist domain
|
||||
DNS based blocklist. You must select a DNS based blocklist domain
|
||||
to check by specifying an argument to the FEATURE. The default
|
||||
error message is
|
||||
|
||||
@ -2789,14 +2789,14 @@ This FEATURE can be included several times to query different
|
||||
DNS based rejection lists.
|
||||
|
||||
Notice: to avoid checking your own local domains against those
|
||||
blacklists, use the access_db feature and add:
|
||||
blocklists, use the access_db feature and add:
|
||||
|
||||
Connect:10.1 OK
|
||||
Connect:127.0.0.1 RELAY
|
||||
|
||||
to the access map, where 10.1 is your local network. You may
|
||||
want to use "RELAY" instead of "OK" to allow also relaying
|
||||
instead of just disabling the DNS lookups in the blacklists.
|
||||
instead of just disabling the DNS lookups in the blocklists.
|
||||
|
||||
|
||||
The features described above make use of the check_relay, check_mail,
|
||||
@ -2849,7 +2849,7 @@ my.domain and you have
|
||||
in the access map, then any e-mail with a sender address of
|
||||
<user@my.domain> will not be rejected by check_relay even though
|
||||
it would match the hostname or IP address. This allows spammers
|
||||
to get around DNS based blacklist by faking the sender address. To
|
||||
to get around DNS based blocklist by faking the sender address. To
|
||||
avoid this problem you have to use tagged entries:
|
||||
|
||||
To:my.domain RELAY
|
||||
@ -2978,7 +2978,7 @@ limits per client IP address or net. These features can limit the
|
||||
rate of connections (connections per time unit) or the number of
|
||||
incoming SMTP connections, respectively. If enabled, appropriate
|
||||
rulesets are called at the end of check_relay, i.e., after DNS
|
||||
blacklists and generic access_db operations. The features require
|
||||
blocklists and generic access_db operations. The features require
|
||||
FEATURE(`access_db') to be listed earlier in the mc file.
|
||||
|
||||
Note: FEATURE(`delay_checks') delays those connection control checks
|
||||
@ -3071,13 +3071,13 @@ rulesets and map lookups, they are modified as follows: each non-printable
|
||||
character and the characters '<', '>', '(', ')', '"', '+', ' ' are replaced
|
||||
by their HEX value with a leading '+'. For example:
|
||||
|
||||
/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email=
|
||||
/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/emailAddress=
|
||||
darth+cert@endmail.org
|
||||
|
||||
is encoded as:
|
||||
|
||||
/C=US/ST=California/O=endmail.org/OU=private/CN=
|
||||
Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
|
||||
Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org
|
||||
|
||||
(line breaks have been inserted for readability).
|
||||
|
||||
@ -3089,30 +3089,27 @@ Examples:
|
||||
To allow relaying for everyone who can present a cert signed by
|
||||
|
||||
/C=US/ST=California/O=endmail.org/OU=private/CN=
|
||||
Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
|
||||
Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org
|
||||
|
||||
simply use:
|
||||
|
||||
CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
|
||||
Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org RELAY
|
||||
Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org RELAY
|
||||
|
||||
To allow relaying only for a subset of machines that have a cert signed by
|
||||
|
||||
/C=US/ST=California/O=endmail.org/OU=private/CN=
|
||||
Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
|
||||
Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org
|
||||
|
||||
use:
|
||||
|
||||
CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
|
||||
Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org SUBJECT
|
||||
Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org SUBJECT
|
||||
CertSubject:/C=US/ST=California/O=endmail.org/OU=private/CN=
|
||||
DeathStar/Email=deathstar@endmail.org RELAY
|
||||
DeathStar/emailAddress=deathstar@endmail.org RELAY
|
||||
|
||||
Notes:
|
||||
- line breaks have been inserted after "CN=" for readability,
|
||||
each tagged entry must be one (long) line in the access map.
|
||||
- if OpenSSL 0.9.7 or newer is used then the "Email=" part of a DN
|
||||
is replaced by "emailAddress=".
|
||||
Note: line breaks have been inserted after "CN=" for readability,
|
||||
each tagged entry must be one (long) line in the access map.
|
||||
|
||||
Of course it is also possible to write a simple ruleset that allows
|
||||
relaying for everyone who can present a cert that can be verified, e.g.,
|
||||
@ -3188,16 +3185,23 @@ CN:name name must match ${cn_subject}
|
||||
CN ${client_name}/${server_name} must match ${cn_subject}
|
||||
CS:name name must match ${cert_subject}
|
||||
CI:name name must match ${cert_issuer}
|
||||
CITag:MYTag look up MYTag:${cert_issuer} in access map; the check
|
||||
only succeeds if it is found with a RHS of OK.
|
||||
|
||||
Example: e-mail sent to secure.example.com should only use an encrypted
|
||||
connection. E-mail received from hosts within the laptop.example.com domain
|
||||
should only be accepted if they have been authenticated. The host which
|
||||
receives e-mail for darth@endmail.org must present a cert that uses the
|
||||
CN smtp.endmail.org.
|
||||
CN smtp.endmail.org. E-mail sent to safe.example.com must be verified,
|
||||
have a matching CN, and must present a cert signed by a CA with one of
|
||||
the listed DNs.
|
||||
|
||||
TLS_Srv:secure.example.com ENCR:112
|
||||
TLS_Clt:laptop.example.com PERM+VERIFY:112
|
||||
TLS_Rcpt:darth@endmail.org ENCR:112+CN:smtp.endmail.org
|
||||
TLS_Srv:safe.example.net VERIFY+CN++CITag:MyCA
|
||||
MyCA:/C=US/ST=CA/O=safe/CN=example.net/ OK
|
||||
MyCA:/C=US/ST=CA/O=secure/CN=example.net/ OK
|
||||
|
||||
|
||||
TLS Options per Session
|
||||
@ -3217,6 +3221,7 @@ options:
|
||||
- Options: compare {Server,Client}SSLOptions.
|
||||
- CipherList: same as the global option.
|
||||
- CertFile, KeyFile: {Server,Client}{Cert,Key}File
|
||||
- Flags: see doc/op/op.me for details.
|
||||
|
||||
If FEATURE(`tls_session_features') is used, then default rulesets
|
||||
are activated which look up entries in the access map with the tags
|
||||
@ -3234,15 +3239,12 @@ If FEATURE(`tls_session_features') is not used the user can provide
|
||||
their own rulesets which must return the appropriate data.
|
||||
If the rulesets are not defined or do not return a value, the
|
||||
default TLS options are not modified.
|
||||
(These rulesets require the sendmail binary to be built with
|
||||
_FFR_TLS_SE_OPTS enabled.)
|
||||
|
||||
About 2): the ruleset try_tls (srv_features) can be used that work
|
||||
together with the access map. Entries for the access map must be
|
||||
tagged with Try_TLS (Srv_Features) and refer to the hostname or IP
|
||||
address of the connecting system. A default case can be specified
|
||||
by using just the tag. For example, the following entries in the
|
||||
access map:
|
||||
About 2): the ruleset try_tls (srv_features) can be used together
|
||||
with the access map. Entries for the access map must be tagged
|
||||
with Try_TLS (Srv_Features) and refer to the hostname or IP address
|
||||
of the connecting system. A default case can be specified by using
|
||||
just the tag. For example, the following entries in the access map:
|
||||
|
||||
Try_TLS:broken.server NO
|
||||
Srv_Features:my.domain v
|
||||
@ -3654,7 +3656,7 @@ for. In particular:
|
||||
if your system allows "file giveaways" (that is, if a non-root
|
||||
user can chown any file they own to any other user).
|
||||
|
||||
* If your system allows file giveaways, DO NOT create a publically
|
||||
* If your system allows file giveaways, DO NOT create a publicly
|
||||
writable directory for forward files. This will allow anyone
|
||||
to steal anyone else's e-mail. Instead, create a script that
|
||||
copies the .forward file from users' home directories once a
|
||||
@ -4011,6 +4013,10 @@ confUSERDB_SPEC UserDatabaseSpec
|
||||
confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host.
|
||||
confFALLBACK_SMARTHOST FallbackSmartHost
|
||||
[undefined] Fallback smart host.
|
||||
confTLS_FALLBACK_TO_CLEAR TLSFallbacktoClear
|
||||
[undefined] If set, immediately try
|
||||
a connection again without STARTTLS
|
||||
after a TLS handshake failure.
|
||||
confTRY_NULL_MX_LIST TryNullMXList [False] If this host is the best MX
|
||||
for a host and other arrangements
|
||||
haven't been made, try connecting
|
||||
@ -4364,10 +4370,13 @@ confCLIENT_KEY ClientKeyFile [undefined] File containing the
|
||||
cert.
|
||||
confCRL CRLFile [undefined] File containing certificate
|
||||
revocation status, useful for X.509v3
|
||||
authentication. Note that CRL requires
|
||||
at least OpenSSL version 0.9.7.
|
||||
authentication.
|
||||
confCRL_PATH CRLPath [undefined] Directory containing
|
||||
hashes pointing to certificate
|
||||
revocation status files.
|
||||
confDH_PARAMETERS DHParameters [undefined] File containing the
|
||||
DH parameters.
|
||||
confDANE DANE [false] Enable DANE support.
|
||||
confRAND_FILE RandFile [undefined] File containing random
|
||||
data (use prefix file:) or the
|
||||
name of the UNIX socket if EGD is
|
||||
@ -4379,6 +4388,9 @@ confCERT_FINGERPRINT_ALGORITHM CertFingerprintAlgorithm
|
||||
[undefined] The fingerprint algorithm
|
||||
(digest) to use for the presented
|
||||
cert.
|
||||
confSSL_ENGINE SSLEngine [undefined] Name of SSLEngine.
|
||||
confSSL_ENGINE_PATH SSLEnginePath [undefined] Path to dynamic library
|
||||
for SSLEngine.
|
||||
confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of
|
||||
queue runners is set the given value
|
||||
(nice(3)).
|
||||
@ -4799,7 +4811,6 @@ M4 DIVERSIONS
|
||||
5 locally interpreted names (overrides $R)
|
||||
6 local configuration (at top of file)
|
||||
7 mailer definitions
|
||||
8 DNS based blacklists
|
||||
8 DNS based blocklists
|
||||
9 special local rulesets (1 and 2)
|
||||
|
||||
$Revision: 8.730 $, Last updated $Date: 2014-01-16 15:55:51 $
|
||||
|
@ -103,7 +103,7 @@ M4FILES=\
|
||||
${CFDIR}/feature/bcc.m4 \
|
||||
${CFDIR}/feature/bestmx_is_local.m4 \
|
||||
${CFDIR}/feature/bitdomain.m4 \
|
||||
${CFDIR}/feature/blacklist_recipients.m4 \
|
||||
${CFDIR}/feature/blocklist_recipients.m4 \
|
||||
${CFDIR}/feature/conncontrol.m4 \
|
||||
${CFDIR}/feature/dnsbl.m4 \
|
||||
${CFDIR}/feature/domaintable.m4 \
|
||||
|
@ -46,7 +46,7 @@ define(`CYRUS_MAILER_PATH', `/usr/local/cyrus/bin/deliver')
|
||||
define(`CYRUS_MAILER_FLAGS', `fAh5@/:|')
|
||||
|
||||
FEATURE(`access_db')
|
||||
FEATURE(`blacklist_recipients')
|
||||
FEATURE(`blocklist_recipients')
|
||||
FEATURE(`local_lmtp')
|
||||
FEATURE(`virtusertable')
|
||||
FEATURE(`mailertable')
|
||||
@ -234,7 +234,7 @@ Kstorage macro
|
||||
|
||||
LOCAL_RULESETS
|
||||
######################################################################
|
||||
### check for the existance of the X-MailScanner Header
|
||||
### check for the existence of the X-MailScanner Header
|
||||
HX-MailScanner: $>+CheckXMSc
|
||||
D{SobigFPat}Found to be clean
|
||||
D{SobigFMsg}This message may contain the Sobig.F virus.
|
||||
|
@ -16,8 +16,8 @@
|
||||
#####
|
||||
##### SENDMAIL CONFIGURATION FILE
|
||||
#####
|
||||
##### built by ca@sandman.dev-lab.sendmail.com on Thu Jul 2 05:24:31 PDT 2015
|
||||
##### in /x/ca/smi.git/sendmail/OpenSource/sendmail-8.15.2/cf/cf
|
||||
##### built by ca@lab.smi.sendmail.com on Thu Jul 2 22:41:57 PDT 2020
|
||||
##### in /var/tmp/ca/sm8.git/sendmail/OpenSource/sendmail-8.16.1/cf/cf
|
||||
##### using ../ as configuration include directory
|
||||
#####
|
||||
######################################################################
|
||||
@ -114,7 +114,7 @@ D{MTAHost}[127.0.0.1]
|
||||
|
||||
|
||||
# Configuration version number
|
||||
DZ8.15.2/Submit
|
||||
DZ8.16.1/Submit
|
||||
|
||||
|
||||
###############
|
||||
@ -513,6 +513,12 @@ O PidFile=/var/spool/clientmqueue/sm-client.pid
|
||||
#O ServerSSLOptions
|
||||
# client side SSL options
|
||||
#O ClientSSLOptions
|
||||
# SSL Engine
|
||||
#O SSLEngine
|
||||
# Path to dynamic library for SSLEngine
|
||||
#O SSLEnginePath
|
||||
# TLS: fall back to clear text after handshake failure?
|
||||
#O TLSFallbacktoClear
|
||||
|
||||
# Input mail filters
|
||||
#O InputMailFilters
|
||||
@ -532,12 +538,16 @@ O PidFile=/var/spool/clientmqueue/sm-client.pid
|
||||
#O ClientKeyFile
|
||||
# File containing certificate revocation lists
|
||||
#O CRLFile
|
||||
# Directory containing hashes pointing to certificate revocation status files
|
||||
#O CRLPath
|
||||
# DHParameters (only required if DSA/DH is used)
|
||||
#O DHParameters
|
||||
# Random data source (required for systems without /dev/urandom under OpenSSL)
|
||||
#O RandFile
|
||||
# fingerprint algorithm (digest) to use for the presented cert
|
||||
#O CertFingerprintAlgorithm
|
||||
# enable DANE?
|
||||
#O DANE=false
|
||||
|
||||
# Maximum number of "useless" commands before slowing down
|
||||
#O MaxNOOPCommands=20
|
||||
@ -1257,6 +1267,7 @@ R$* $| $* $@ $>"TLS_connection" $1
|
||||
### ${verify}
|
||||
######################################################################
|
||||
Stls_server
|
||||
|
||||
R$* $@ $>"TLS_connection" $1
|
||||
|
||||
######################################################################
|
||||
@ -1268,6 +1279,7 @@ R$* $@ $>"TLS_connection" $1
|
||||
######################################################################
|
||||
STLS_connection
|
||||
RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake."
|
||||
RDANE_FAIL $#error $@ 4.7.0 $: "403 DANE check failed."
|
||||
|
||||
|
||||
|
||||
|
@ -76,7 +76,7 @@ R$* $| $* $: ifelse(len(X`'_ARG3_),`1', `$1', `_ARG3_')
|
||||
ifdef(`_CANONIFY_BCC_', `dnl
|
||||
R$+ @ $+ $: $1@$2 $| <$(canonicalRcpt $1 @ $2 $: $)>
|
||||
R$* $| <> $@
|
||||
R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
|
||||
R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: _TMPFMSG_(`BCC')
|
||||
R$* $| <$+> $@ $2 map matched?
|
||||
')
|
||||
|
||||
|
@ -13,7 +13,6 @@ divert(0)
|
||||
VERSIONID(`$Id: blacklist_recipients.m4,v 8.14 2013-11-22 20:51:11 ca Exp $')
|
||||
divert(-1)
|
||||
|
||||
ifdef(`_ACCESS_TABLE_',
|
||||
`define(`_BLACKLIST_RCPT_', 1)',
|
||||
`errprint(`*** ERROR: FEATURE(blacklist_recipients) requires FEATURE(access_db)
|
||||
')')
|
||||
errprint(`WARNING: FEATURE(blacklist_recipients) is deprecated; use FEATURE(blocklist_recipients.m4).
|
||||
')
|
||||
FEATURE(`blocklist_recipients')
|
||||
|
19
contrib/sendmail/cf/feature/blocklist_recipients.m4
Normal file
19
contrib/sendmail/cf/feature/blocklist_recipients.m4
Normal file
@ -0,0 +1,19 @@
|
||||
divert(-1)
|
||||
#
|
||||
# Copyright (c) 1998, 1999 Proofpoint, Inc. and its suppliers.
|
||||
# All rights reserved.
|
||||
#
|
||||
# By using this file, you agree to the terms and conditions set
|
||||
# forth in the LICENSE file which can be found at the top level of
|
||||
# the sendmail distribution.
|
||||
#
|
||||
#
|
||||
|
||||
divert(0)
|
||||
VERSIONID(`$Id: blocklist_recipients.m4,v 8.14 2013-11-22 20:51:11 ca Exp $')
|
||||
divert(-1)
|
||||
|
||||
ifdef(`_ACCESS_TABLE_',
|
||||
`define(`_BLOCKLIST_RCPT_', 1)',
|
||||
`errprint(`*** ERROR: FEATURE(blocklist_recipients) requires FEATURE(access_db)
|
||||
')')
|
17
contrib/sendmail/cf/feature/check_cert_altnames.m4
Normal file
17
contrib/sendmail/cf/feature/check_cert_altnames.m4
Normal file
@ -0,0 +1,17 @@
|
||||
divert(-1)
|
||||
#
|
||||
# Copyright (c) 2019 Proofpoint, Inc. and its suppliers.
|
||||
# All rights reserved.
|
||||
#
|
||||
# By using this file, you agree to the terms and conditions set
|
||||
# forth in the LICENSE file which can be found at the top level of
|
||||
# the sendmail distribution.
|
||||
#
|
||||
#
|
||||
|
||||
divert(0)dnl
|
||||
VERSIONID(`$Id: block_bad_helo.m4,v 1.2 2013-11-22 20:51:11 ca Exp $')
|
||||
divert(-1)
|
||||
define(`_FFR_TLS_ALTNAMES', `1')
|
||||
divert(6)dnl
|
||||
O SetCertAltnames=true
|
@ -17,7 +17,7 @@ define(`_DNSBL_R_',`')
|
||||
ifelse(defn(`_ARG_'), `',
|
||||
`errprint(`*** ERROR: missing argument for FEATURE(`dnsbl')')')
|
||||
LOCAL_CONFIG
|
||||
# map for DNS based blacklist lookups
|
||||
# map for DNS based blocklist lookups
|
||||
Kdnsbl DNSBL_MAP -T<TMP>ifdef(`DNSBL_MAP_OPT',` DNSBL_MAP_OPT')')
|
||||
divert(-1)
|
||||
define(`_DNSBL_SRV_', `_ARG_')dnl
|
||||
|
@ -16,7 +16,7 @@ ifdef(`_EDNSBL_R_',`dnl',`dnl
|
||||
VERSIONID(`$Id: enhdnsbl.m4,v 1.13 2013-11-22 20:51:11 ca Exp $')
|
||||
LOCAL_CONFIG
|
||||
define(`_EDNSBL_R_',`')dnl
|
||||
# map for enhanced DNS based blacklist lookups
|
||||
# map for enhanced DNS based blocklist lookups
|
||||
Kednsbl dns -R A -a. -T<TMP> -r`'ifdef(`EDNSBL_TO',`EDNSBL_TO',`5')
|
||||
')
|
||||
divert(-1)
|
||||
|
13
contrib/sendmail/cf/feature/tls_failures.m4
Normal file
13
contrib/sendmail/cf/feature/tls_failures.m4
Normal file
@ -0,0 +1,13 @@
|
||||
divert(-1)
|
||||
#
|
||||
# Copyright (c) 2020 Proofpoint, Inc. and its suppliers.
|
||||
# All rights reserved.
|
||||
#
|
||||
# By using this file, you agree to the terms and conditions set
|
||||
# forth in the LICENSE file which can be found at the top level of
|
||||
# the sendmail distribution.
|
||||
#
|
||||
|
||||
errprint(`*** ERROR: FEATURE(tls_failures) has been replaced by confTLS_FALLBACK_TO_CLEAR
|
||||
')
|
||||
define(`confTLS_FALLBACK_TO_CLEAR', `true')
|
@ -73,6 +73,15 @@ define(`_ARG9_',`_ACC_ARG_9_(_ARGS_)')
|
||||
dnl define if not yet defined: if `$1' is not defined it will be `$2'
|
||||
define(`_DEFIFNOT',`ifdef(`$1',`',`define(`$1',`$2')')')
|
||||
dnl ----------------------------------------
|
||||
dnl Use a "token" for this error message to make them unique?
|
||||
dnl Note: this is not a documented option. To enable it, use:
|
||||
dnl define(`_USETMPFTOKEN_', `1')dnl
|
||||
ifdef(`_USETMPFTOKEN_', `
|
||||
define(_TMPFMSG_, `"451 Temporary system failure $1. Please try again later."')
|
||||
', `dnl
|
||||
define(_TMPFMSG_, `"451 Temporary system failure. Please try again later."')
|
||||
')
|
||||
dnl ----------------------------------------
|
||||
dnl add a char $2 to a string $1 if it is not there
|
||||
define(`_ADDCHAR_',`define(`_I_',`eval(index(`$1',`$2') >= 0)')`'ifelse(_I_,`1',`$1',`$1$2')')
|
||||
dnl ----
|
||||
|
@ -161,7 +161,7 @@ ifdef(`_ACCESS_TABLE_', `dnl
|
||||
# access_db acceptance class
|
||||
C{Accept}OK RELAY
|
||||
ifdef(`_DELAY_COMPAT_8_10_',`dnl
|
||||
ifdef(`_BLACKLIST_RCPT_',`dnl
|
||||
ifdef(`_BLOCKLIST_RCPT_',`dnl
|
||||
# possible access_db RHS for spam friends/haters
|
||||
C{SpamTag}SPAMFRIEND SPAMHATER')')',
|
||||
`dnl')
|
||||
@ -197,7 +197,9 @@ ifdef(`_MACRO_MAP_', `', `# macro storage map
|
||||
define(`_MACRO_MAP_', `1')dnl
|
||||
Kmacro macro')
|
||||
# possible values for TLS_connection in access map
|
||||
C{Tls}VERIFY ENCR', `dnl')
|
||||
C{Tls}VERIFY ENCR
|
||||
C{TlsVerified}OK TRUSTED
|
||||
dnl', `dnl')
|
||||
ifdef(`_CERT_REGEX_ISSUER_', `dnl
|
||||
# extract relevant part from cert issuer
|
||||
KCERTIssuer regex _CERT_REGEX_ISSUER_', `dnl')
|
||||
@ -653,6 +655,12 @@ _OPTION(CipherList, `confCIPHER_LIST', `')
|
||||
_OPTION(ServerSSLOptions, `confSERVER_SSL_OPTIONS', `')
|
||||
# client side SSL options
|
||||
_OPTION(ClientSSLOptions, `confCLIENT_SSL_OPTIONS', `')
|
||||
# SSL Engine
|
||||
_OPTION(SSLEngine, `confSSL_ENGINE', `')
|
||||
# Path to dynamic library for SSLEngine
|
||||
_OPTION(SSLEnginePath, `confSSL_ENGINE_PATH', `')
|
||||
# TLS: fall back to clear text after handshake failure?
|
||||
_OPTION(TLSFallbacktoClear, `confTLS_FALLBACK_TO_CLEAR', `')
|
||||
|
||||
# Input mail filters
|
||||
_OPTION(InputMailFilters, `confINPUT_MAIL_FILTERS', `')
|
||||
@ -682,12 +690,16 @@ _OPTION(ClientCertFile, `confCLIENT_CERT', `')
|
||||
_OPTION(ClientKeyFile, `confCLIENT_KEY', `')
|
||||
# File containing certificate revocation lists
|
||||
_OPTION(CRLFile, `confCRL', `')
|
||||
# Directory containing hashes pointing to certificate revocation status files
|
||||
_OPTION(CRLPath, `confCRL_PATH', `')
|
||||
# DHParameters (only required if DSA/DH is used)
|
||||
_OPTION(DHParameters, `confDH_PARAMETERS', `')
|
||||
# Random data source (required for systems without /dev/urandom under OpenSSL)
|
||||
_OPTION(RandFile, `confRAND_FILE', `')
|
||||
# fingerprint algorithm (digest) to use for the presented cert
|
||||
_OPTION(CertFingerprintAlgorithm, `confCERT_FINGERPRINT_ALGORITHM', `')
|
||||
# enable DANE?
|
||||
_OPTION(DANE, `confDANE', `false')
|
||||
|
||||
# Maximum number of "useless" commands before slowing down
|
||||
_OPTION(MaxNOOPCommands, `confMAX_NOOP_COMMANDS', `20')
|
||||
@ -1500,7 +1512,7 @@ R<$* <TMPF>> <$*> <$+> <$+> <$*> $: $&{opMode} $| TMPF <$&{addr_type}> $| $3
|
||||
R<$*> <$* <TMPF>> <$+> <$+> <$*> $: $&{opMode} $| TMPF <$&{addr_type}> $| $3
|
||||
ifelse(_LDAP_ROUTE_MAPTEMP_, `_TEMPFAIL_', `dnl
|
||||
# ... temp fail RCPT SMTP commands
|
||||
R$={SMTPOpModes} $| TMPF <e r> $| $+ $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."')
|
||||
R$={SMTPOpModes} $| TMPF <e r> $| $+ $#error $@ 4.3.0 $: _TMPFMSG_(`OPM')')
|
||||
# ... return original address for MTA to queue up
|
||||
R$* $| TMPF <$*> $| $+ $@ $3
|
||||
|
||||
@ -1733,7 +1745,7 @@ dnl if mark is <NO> then change it to <RELAY> if domain is "authorized"
|
||||
|
||||
dnl what if access map returns something else than RELAY?
|
||||
dnl we are only interested in RELAY entries...
|
||||
dnl other To: entries: blacklist recipient; generic entries?
|
||||
dnl other To: entries: blocklist recipient; generic entries?
|
||||
dnl if it is an error we probably do not want to relay anyway
|
||||
ifdef(`_RELAY_HOSTS_ONLY_',
|
||||
`R<NO> $* < @ $=R > $: <RELAY> $1 < @ $2 >
|
||||
@ -1807,7 +1819,7 @@ R<QUARANTINE:$+> <$*> $#error $@ quarantine $: $1
|
||||
dnl error tag
|
||||
R<ERROR:$-.$-.$-:$+> <$*> $#error $@ $1.$2.$3 $: $4
|
||||
R<ERROR:$+> <$*> $#error $: $1
|
||||
ifdef(`_ATMPF_', `R<$* _ATMPF_> <$*> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
|
||||
ifdef(`_ATMPF_', `R<$* _ATMPF_> <$*> $#error $@ 4.3.0 $: _TMPFMSG_(`CR')', `dnl')
|
||||
dnl generic error from access map
|
||||
R<$+> <$*> $#error $: $1', `dnl')
|
||||
|
||||
@ -1976,7 +1988,7 @@ R<REJECT> $* $#error ifdef(`confREJECT_MSG', `$: confREJECT_MSG', `$@ 5.7.1 $:
|
||||
dnl error tag
|
||||
R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
|
||||
R<ERROR:$+> $* $#error $: $1
|
||||
ifdef(`_ATMPF_', `R<_ATMPF_> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
|
||||
ifdef(`_ATMPF_', `R<_ATMPF_> $* $#error $@ 4.3.0 $: _TMPFMSG_(`CM')', `dnl')
|
||||
dnl generic error from access map
|
||||
R<$+> $* $#error $: $1 error from access db',
|
||||
`dnl')
|
||||
@ -2108,9 +2120,9 @@ R$* $=O $* < @ $* @@ $=w . > $* $@ $>"Rcpt_ok" $1 $2 $3
|
||||
R$* < @ $* @@ $=w . > $* $: $1 < @ $3 > $4
|
||||
R$* < @ $* @@ $* > $* $: $1 < @ $2 > $4')
|
||||
|
||||
ifdef(`_BLACKLIST_RCPT_',`dnl
|
||||
ifdef(`_BLOCKLIST_RCPT_',`dnl
|
||||
ifdef(`_ACCESS_TABLE_', `dnl
|
||||
# blacklist local users or any host from receiving mail
|
||||
# blocklist local users or any host from receiving mail
|
||||
R$* $: <?> $1
|
||||
dnl user is now tagged with @ to be consistent with check_mail
|
||||
dnl and to distinguish users from hosts (com would be host, com@ would be user)
|
||||
@ -2143,7 +2155,7 @@ R<QUARANTINE:$+> $* $#error $@ quarantine $: $1
|
||||
dnl error tag
|
||||
R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
|
||||
R<ERROR:$+> $* $#error $: $1
|
||||
ifdef(`_ATMPF_', `R<_ATMPF_> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
|
||||
ifdef(`_ATMPF_', `R<_ATMPF_> $* $#error $@ 4.3.0 $: _TMPFMSG_(`ROK1')', `dnl')
|
||||
dnl generic error from access map
|
||||
R<$+> $* $#error $: $1 error from access db
|
||||
R@ $* $1 remove mark', `dnl')', `dnl')
|
||||
@ -2198,7 +2210,7 @@ R$+ < @ $+ > $| $* $: <$3> <$1 <@ $2>>',
|
||||
ifdef(`_ACCESS_TABLE_', `dnl
|
||||
dnl workspace: <Result-of-lookup | ?> <localpart<@domain>>
|
||||
R<RELAY> $* $@ RELAY
|
||||
ifdef(`_ATMPF_', `R<$* _ATMPF_> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
|
||||
ifdef(`_ATMPF_', `R<$* _ATMPF_> $* $#TEMP $@ 4.3.0 $: _TMPFMSG_(`ROK2')', `dnl')
|
||||
R<$*> <$*> $: $2',`dnl')
|
||||
|
||||
|
||||
@ -2268,7 +2280,7 @@ dnl Connect:My.Host.Domain RELAY
|
||||
dnl Connect:My.Net REJECT
|
||||
dnl since in check_relay client_name is checked before client_addr
|
||||
R<REJECT> $* $@ REJECT rejected IP address')
|
||||
ifdef(`_ATMPF_', `R<_ATMPF_> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
|
||||
ifdef(`_ATMPF_', `R<_ATMPF_> $* $#TEMP $@ 4.3.0 $: _TMPFMSG_(`YOK1')', `dnl')
|
||||
R<$*> <$*> $: $2', `dnl')
|
||||
R$* $: [ $1 ] put brackets around it...
|
||||
R$=w $@ RELAY ... and see if it is local
|
||||
@ -2287,7 +2299,7 @@ R<?> $+ < @ $=w > $@ RELAY FROM local', `dnl')
|
||||
ifdef(`_RELAY_DB_FROM_', `dnl
|
||||
R<?> $+ < @ $+ > $: <@> $>SearchList <! From> $| <F:$1@$2> ifdef(`_RELAY_DB_FROM_DOMAIN_', ifdef(`_RELAY_HOSTS_ONLY_', `<E:$2>', `<D:$2>')) <>
|
||||
R<@> <RELAY> $@ RELAY RELAY FROM sender ok
|
||||
ifdef(`_ATMPF_', `R<@> <_ATMPF_> $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
|
||||
ifdef(`_ATMPF_', `R<@> <_ATMPF_> $#TEMP $@ 4.3.0 $: _TMPFMSG_(`YOK2')', `dnl')
|
||||
', `dnl
|
||||
ifdef(`_RELAY_DB_FROM_DOMAIN_',
|
||||
`errprint(`*** ERROR: _RELAY_DB_FROM_DOMAIN_ requires _RELAY_DB_FROM_
|
||||
@ -2331,7 +2343,7 @@ ifdef(`_ACCESS_TABLE_', `dnl
|
||||
R<?> $* $: $>D <$1> <?> <+ Connect> <$1>',`dnl')')
|
||||
ifdef(`_ACCESS_TABLE_', `dnl
|
||||
R<RELAY> $* $@ RELAY
|
||||
ifdef(`_ATMPF_', `R<$* _ATMPF_> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
|
||||
ifdef(`_ATMPF_', `R<$* _ATMPF_> $* $#TEMP $@ 4.3.0 $: _TMPFMSG_(`YOK3')', `dnl')
|
||||
R<$*> <$*> $: $2',`dnl')
|
||||
dnl end of _PROMISCUOUS_RELAY_
|
||||
divert(0)
|
||||
@ -2384,7 +2396,7 @@ ifdef(`_ACCESS_TABLE_', `',
|
||||
`errprint(`*** ERROR: FEATURE(`delay_checks', `argument') requires FEATURE(`access_db')
|
||||
')')dnl
|
||||
dnl one of the next two rules is supposed to match
|
||||
dnl this code has been copied from BLACKLIST... etc
|
||||
dnl this code has been copied from BLOCKLIST... etc
|
||||
dnl and simplified by omitting some < >.
|
||||
R<?> $+ < @ $=w > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 > <U: $1@>
|
||||
R<?> $+ < @ $* > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 >
|
||||
@ -2688,7 +2700,7 @@ R<?>$* $: $>A <$&{server_addr}> <?> <! TLS_TRY_TAG> <>
|
||||
R<?>$* $: <$(access TLS_TRY_TAG`'_TAG_DELIM_ $: ? $)>
|
||||
R<?>$* $@ OK
|
||||
ifdef(`_ATMPF_', `dnl tempfail?
|
||||
R<$* _ATMPF_>$* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
|
||||
R<$* _ATMPF_>$* $#error $@ 4.3.0 $: _TMPFMSG_(`TT')', `dnl')
|
||||
R<NO>$* $#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]"')
|
||||
|
||||
######################################################################
|
||||
@ -2721,7 +2733,7 @@ R$* $| $+ $: $1 $| $>SearchList <! TLS_RCPT_TAG> $| $2 <>
|
||||
dnl found nothing: stop here
|
||||
R$* $| <?> $@ OK
|
||||
ifdef(`_ATMPF_', `dnl tempfail?
|
||||
R$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
|
||||
R$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: _TMPFMSG_(`TR')', `dnl')
|
||||
dnl use the generic routine (for now)
|
||||
R$* $| <$+> $@ $>"TLS_connection" $&{verify} $| <$2>')
|
||||
|
||||
@ -2751,7 +2763,7 @@ R$* $| <?>$* $: $1 $| $>A <$&{client_addr}> <?> <! TLS_CLT_TAG> <>
|
||||
dnl do a default lookup: just TLS_CLT_TAG
|
||||
R$* $| <?>$* $: $1 $| <$(access TLS_CLT_TAG`'_TAG_DELIM_ $: ? $)>
|
||||
ifdef(`_ATMPF_', `dnl tempfail?
|
||||
R$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
|
||||
R$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: _TMPFMSG_(`TC')', `dnl')
|
||||
R$* $@ $>"TLS_connection" $1', `dnl
|
||||
R$* $| $* $@ $>"TLS_connection" $1')
|
||||
|
||||
@ -2769,6 +2781,8 @@ ifdef(`_LOCAL_TLS_SERVER_', `dnl
|
||||
R$* $: $1 $| $>"Local_tls_server" $1
|
||||
R$* $| $#$* $#$2
|
||||
R$* $| $* $: $1', `dnl')
|
||||
ifdef(`_TLS_FAILURES_',`dnl
|
||||
R$* $: $(macro {saved_verify} $@ $1 $) $1')
|
||||
ifdef(`_ACCESS_TABLE_', `dnl
|
||||
dnl store name of other side
|
||||
R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
|
||||
@ -2777,7 +2791,7 @@ R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! TLS_SRV_TAG> <>
|
||||
dnl do a default lookup: just TLS_SRV_TAG
|
||||
R$* $| <?>$* $: $1 $| <$(access TLS_SRV_TAG`'_TAG_DELIM_ $: ? $)>
|
||||
ifdef(`_ATMPF_', `dnl tempfail?
|
||||
R$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
|
||||
R$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: _TMPFMSG_(`TS')', `dnl')
|
||||
R$* $@ $>"TLS_connection" $1', `dnl
|
||||
R$* $@ $>"TLS_connection" $1')
|
||||
|
||||
@ -2798,6 +2812,7 @@ STLS_connection
|
||||
ifdef(`_ACCESS_TABLE_', `dnl', `dnl use default error
|
||||
dnl deal with TLS handshake failures: abort
|
||||
RSOFTWARE $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') TLS handshake."
|
||||
RDANE_FAIL $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') DANE check failed."
|
||||
divert(-1)')
|
||||
dnl common ruleset for tls_{client|server}
|
||||
dnl input: ${verify} $| <ResultOfLookup> [<>]
|
||||
@ -2813,14 +2828,19 @@ R$* $| <$={Tls} $*> $: $1 $| <ifdef(`TLS_PERM_ERR', `503:5.7.0', `403:4.7.0')>
|
||||
dnl workspace: ${verify} $| [<SMTP:ESC>] <ResultOfLookup>
|
||||
# deal with TLS handshake failures: abort
|
||||
RSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed."
|
||||
dnl no <reply:dns> i.e. not requirements in the access map
|
||||
dnl no <reply:dns> i.e. no requirements in the access map
|
||||
dnl use default error
|
||||
RSOFTWARE $| $* $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') TLS handshake failed."
|
||||
# deal with TLS protocol errors: abort
|
||||
RPROTOCOL $| <$-:$+> $* $#error $@ $2 $: $1 " STARTTLS failed."
|
||||
dnl no <reply:dns> i.e. not requirements in the access map
|
||||
dnl no <reply:dns> i.e. no requirements in the access map
|
||||
dnl use default error
|
||||
RPROTOCOL $| $* $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') STARTTLS failed."
|
||||
# deal with DANE errors: abort
|
||||
RDANE_FAIL $| <$-:$+> $* $#error $@ $2 $: $1 " DANE check failed."
|
||||
dnl no <reply:dns> i.e. no requirements in the access map
|
||||
dnl use default error
|
||||
RDANE_FAIL $| $* $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') DANE check failed."
|
||||
R$* $| <$*> <VERIFY> $: <$2> <VERIFY> <> $1
|
||||
dnl separate optional requirements
|
||||
R$* $| <$*> <VERIFY + $+> $: <$2> <VERIFY> <$3> $1
|
||||
@ -2834,16 +2854,16 @@ R$* $| $* $@ OK
|
||||
# other side did authenticate (via STARTTLS)
|
||||
dnl workspace: <SMTP:ESC> <{VERIFY,ENCR}[:BITS]> <[extensions]> ${verify}
|
||||
dnl only verification required and it succeeded
|
||||
R<$*><VERIFY> <> OK $@ OK
|
||||
R<$*><VERIFY> <> $={TlsVerified} $@ OK
|
||||
dnl verification required and it succeeded but extensions are given
|
||||
dnl change it to <SMTP:ESC> <REQ:0> <extensions>
|
||||
R<$*><VERIFY> <$+> OK $: <$1> <REQ:0> <$2>
|
||||
R<$*><VERIFY> <$+> $={TlsVerified} $: <$1> <REQ:0> <$2>
|
||||
dnl verification required + some level of encryption
|
||||
R<$*><VERIFY:$-> <$*> OK $: <$1> <REQ:$2> <$3>
|
||||
R<$*><VERIFY:$-> <$*> $={TlsVerified} $: <$1> <REQ:$2> <$3>
|
||||
dnl just some level of encryption required
|
||||
R<$*><ENCR:$-> <$*> $* $: <$1> <REQ:$2> <$3>
|
||||
dnl workspace:
|
||||
dnl 1. <SMTP:ESC> <VERIFY [:bits]> <[extensions]> {verify} (!= OK)
|
||||
dnl 1. <SMTP:ESC> <VERIFY [:bits]> <[extensions]> {verify} (!~ $={TlsVerified})
|
||||
dnl 2. <SMTP:ESC> <REQ:bits> <[extensions]>
|
||||
dnl verification required but ${verify} is not set (case 1.)
|
||||
R<$-:$+><VERIFY $*> <$*> $#error $@ $2 $: $1 " authentication required"
|
||||
@ -2851,6 +2871,7 @@ R<$-:$+><VERIFY $*> <$*> FAIL $#error $@ $2 $: $1 " authentication failed"
|
||||
R<$-:$+><VERIFY $*> <$*> NO $#error $@ $2 $: $1 " not authenticated"
|
||||
R<$-:$+><VERIFY $*> <$*> NOT $#error $@ $2 $: $1 " no authentication requested"
|
||||
R<$-:$+><VERIFY $*> <$*> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS"
|
||||
R<$-:$+><VERIFY $*> <$*> CLEAR $#error $@ $2 $: $1 " STARTTLS disabled locally"
|
||||
dnl some other value for ${verify}
|
||||
R<$-:$+><VERIFY $*> <$*> $+ $#error $@ $2 $: $1 " authentication failure " $4
|
||||
dnl some level of encryption required: get the maximum level (case 2.)
|
||||
@ -2884,7 +2905,6 @@ R<$-:$+> $+ $@ $>"TLS_req" $3 $| <$1:$2>
|
||||
dnl further requirements for this ruleset:
|
||||
dnl name of "other side" is stored is {TLS_name} (client/server_name)
|
||||
dnl
|
||||
dnl currently only CN[:common_name] is implemented
|
||||
dnl right now this is only a logical AND
|
||||
dnl i.e. all requirements must be true
|
||||
dnl how about an OR? CN must be X or CN must be Y or ..
|
||||
@ -2896,6 +2916,11 @@ dnl no additional requirements: ok
|
||||
R $| $+ $@ OK
|
||||
dnl require CN: but no CN specified: use name of other side
|
||||
R<CN> $* $| <$+> $: <CN:$&{TLS_Name}> $1 $| <$2>
|
||||
ifdef(`_FFR_TLS_ALTNAMES', `dnl
|
||||
R<CN:$={cert_altnames}> $* $| <$+> $@ $>"TLS_req" $2 $| <$3>
|
||||
R<CN:$-.$+> $* $| <$+> $: <CN:*.$2> $3 $| <$4>
|
||||
R<CN:$={cert_altnames}> $* $| <$+> $@ $>"TLS_req" $3 $| <$3>
|
||||
R<CN:$*> $* $| <$+> $: <CN:$&{TLS_Name}> $2 $| <$3>', `dnl')
|
||||
dnl match, check rest
|
||||
R<CN:$&{cn_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
|
||||
dnl CN does not match
|
||||
@ -2911,6 +2936,10 @@ R<CI:$&{cert_issuer}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
|
||||
dnl CI does not match
|
||||
dnl 1 2 3 4
|
||||
R<CI:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Issuer " $&{cert_issuer} " does not match " $1
|
||||
dnl
|
||||
R<CITag:$-> $* $| <$+> $: <$(access $1:$&{cert_issuer} $: ? $)> $2 $| <$3>
|
||||
R<?> $* $| <$-:$+> $#error $@ $3 $: $2 " Cert Issuer " $&{cert_issuer} " not acceptable"
|
||||
R<OK> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
|
||||
dnl return from recursive call
|
||||
ROK $@ OK
|
||||
|
||||
@ -2970,7 +2999,7 @@ dnl if it returns SUBJECT we perform a similar check on the
|
||||
dnl cert subject.
|
||||
ifdef(`_ACCESS_TABLE_', `dnl
|
||||
R$* $: <?> $&{verify}
|
||||
R<?> OK $: OK authenticated: continue
|
||||
R<?> $={TlsVerified} $: OK authenticated: continue
|
||||
R<?> $* $@ NO not authenticated
|
||||
ifdef(`_CERT_REGEX_ISSUER_', `dnl
|
||||
R$* $: $(CERTIssuer $&{cert_issuer} $)',
|
||||
@ -3029,7 +3058,7 @@ R$+ $: $>SearchList <! ClientRate> $| $1 <>
|
||||
dnl found nothing: stop here
|
||||
R<?> $@ OK
|
||||
ifdef(`_ATMPF_', `dnl tempfail?
|
||||
R<$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
|
||||
R<$* _ATMPF_> $#error $@ 4.3.0 $: _TMPFMSG_(`RC')', `dnl')
|
||||
dnl use the generic routine (for now)
|
||||
R<0> $@ OK no limit
|
||||
R<$+> $: <$1> $| $(arith l $@ $1 $@ $&{client_rate} $)
|
||||
@ -3051,7 +3080,7 @@ R$+ $: $>SearchList <! ClientConn> $| $1 <>
|
||||
dnl found nothing: stop here
|
||||
R<?> $@ OK
|
||||
ifdef(`_ATMPF_', `dnl tempfail?
|
||||
R<$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
|
||||
R<$* _ATMPF_> $#error $@ 4.3.0 $: _TMPFMSG_(`CC')', `dnl')
|
||||
dnl use the generic routine (for now)
|
||||
R<0> $@ OK no limit
|
||||
R<$+> $: <$1> $| $(arith l $@ $1 $@ $&{client_connections} $)
|
||||
|
@ -1,6 +1,6 @@
|
||||
divert(-1)
|
||||
#
|
||||
# Copyright (c) 1998-2015 Proofpoint, Inc. and its suppliers.
|
||||
# Copyright (c) 1998-2016 Proofpoint, Inc. and its suppliers.
|
||||
# All rights reserved.
|
||||
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
|
||||
# Copyright (c) 1988, 1993
|
||||
@ -15,4 +15,4 @@ VERSIONID(`$Id: version.m4,v 8.237 2014-01-27 12:55:17 ca Exp $')
|
||||
#
|
||||
divert(0)
|
||||
# Configuration version number
|
||||
DZ8.15.2`'ifdef(`confCF_VERSION', `/confCF_VERSION')
|
||||
DZ8.16.1`'ifdef(`confCF_VERSION', `/confCF_VERSION')
|
||||
|
@ -23,5 +23,5 @@ ifdef(`LOCAL_SHELL_PATH',, `define(`LOCAL_SHELL_PATH', /usr/bin/sh)')dnl
|
||||
ifdef(`UUCP_MAILER_ARGS',, `define(`UUCP_MAILER_ARGS', `uux - -r -a$g -gC $h!rmail ($u)')')dnl
|
||||
define(`confTIME_ZONE', `USE_TZ')dnl
|
||||
dnl
|
||||
dnl For maximum compability with HP-UX, use:
|
||||
dnl For maximum compatibility with HP-UX, use:
|
||||
dnl define(`confME_TOO', True)dnl
|
||||
|
@ -23,5 +23,5 @@ ifdef(`UUCP_MAILER_ARGS',, `define(`UUCP_MAILER_ARGS', `uux - -r -a$g -gC $h!rma
|
||||
define(`confTIME_ZONE', `USE_TZ')dnl
|
||||
define(`confEBINDIR', `/usr/lib')dnl
|
||||
dnl
|
||||
dnl For maximum compability with HP-UX, use:
|
||||
dnl For maximum compatibility with HP-UX, use:
|
||||
dnl define(`confME_TOO', True)dnl
|
||||
|
@ -1,6 +1,7 @@
|
||||
#!/usr/bin/perl -w
|
||||
|
||||
# $Id: cidrexpand,v 8.8 2006-08-07 17:18:37 ca Exp $
|
||||
#
|
||||
# usage:
|
||||
# cidrexpand < /etc/mail/access | makemap -r hash /etc/mail/access
|
||||
#
|
||||
# v 0.4
|
||||
#
|
||||
@ -28,7 +29,7 @@
|
||||
# Added clarification in the notes for what to do if you have
|
||||
# exceptions to a larger CIDR block.
|
||||
#
|
||||
# 26 Jul 2006 Richard Rognlie (richard@sendmail.com>
|
||||
# 26 Jul 2006 Richard Rognlie (richard@sendmail.com)
|
||||
# Added code to strip "comments" (anything after a non-escaped #)
|
||||
# # characters after a \ or within quotes (single and double) are
|
||||
# left intact.
|
||||
@ -39,37 +40,66 @@
|
||||
# From:1.2.3.4 550 Die spammer
|
||||
#
|
||||
# 3 August 2006
|
||||
#
|
||||
# Corrected a bug to have it handle the special case of "0.0.0.0/0"
|
||||
# since Net::CIDR doesn't handle it properly.
|
||||
#
|
||||
# usage:
|
||||
# cidrexpand < /etc/mail/access | makemap -r hash /etc/mail/access
|
||||
# 27 April 2016
|
||||
# Corrected IPv6 handling. Note that UseCompressedIPv6Addresses must
|
||||
# be turned off for this to work; there are three reasons for this:
|
||||
# 1) if the MTA uses compressed IPv6 addresses then CIDR 'cuts'
|
||||
# in the compressed range *cannot* be matched, as the MTA simply
|
||||
# won't look for them. E.g., there's no way to accurately
|
||||
# match "IPv6:fe80::/64" when for the address "IPv6:fe80::54ad"
|
||||
# the MTA doesn't lookup up "IPv6:fe80:0:0:0"
|
||||
# 2) cidrexpand only generates uncompressed addresses, so CIDR
|
||||
# 'cuts' to the right of the compressed range won't be matched
|
||||
# either. Why doesn't it generate compressed address output?
|
||||
# Oh, because:
|
||||
# 3) compressed addresses are ambiguous when colon-groups are
|
||||
# chopped off! You want an access map entry for
|
||||
# IPv6:fe80::0:5420
|
||||
# but not for
|
||||
# IPv6:fe80::5420:1234
|
||||
# ? Sorry, the former is really
|
||||
# IPv6:fe80::5420
|
||||
# which will also match the latter!
|
||||
#
|
||||
# 25 July 2016
|
||||
# Since cidrexpand already requires UseCompressedIPv6Addresses to be
|
||||
# turned off, it can also canonicalize non-CIDR IPv6 addresses to the
|
||||
# format that sendmail looks up, expanding compressed addresses and
|
||||
# trimming superfluous leading zeros.
|
||||
#
|
||||
# Report bugs to: <dredd@megacity.org>
|
||||
#
|
||||
|
||||
|
||||
use strict;
|
||||
use Net::CIDR;
|
||||
use Net::CIDR qw(cidr2octets cidrvalidate);
|
||||
use Getopt::Std;
|
||||
|
||||
our ($opt_c,$opt_t);
|
||||
getopts('ct:');
|
||||
sub print_expanded_v4network;
|
||||
sub print_expanded_v6network;
|
||||
|
||||
my $spaceregex = '\s+';
|
||||
if ($opt_t)
|
||||
{
|
||||
$spaceregex = $opt_t;
|
||||
}
|
||||
our %opts;
|
||||
getopts('ct:', \%opts);
|
||||
|
||||
# Delimiter between the key and value
|
||||
my $space_re = exists $opts{t} ? $opts{t} : '\s+';
|
||||
|
||||
# Regexp that matches IPv4 address literals
|
||||
my $ipv4_re = qr"(?:\d+\.){3}\d+";
|
||||
|
||||
# Regexp that matches IPv6 address literals, plus a lot more.
|
||||
# Further checks are required for verifying that it's really one
|
||||
my $ipv6_re = qr"[0-9A-Fa-f:]{2,39}(?:\.\d+\.\d+\.\d+)?";
|
||||
|
||||
while (<>)
|
||||
{
|
||||
chomp;
|
||||
my ($prefix,$left,$right,$space);
|
||||
my ($prefix, $network, $len, $right);
|
||||
|
||||
if ( (/\#/) && $opt_c )
|
||||
if ( (/\#/) && $opts{c} )
|
||||
{
|
||||
# print "checking...\n";
|
||||
my $i;
|
||||
@ -98,41 +128,54 @@ while (<>)
|
||||
}
|
||||
}
|
||||
|
||||
if (! /^(|\S\S*:)(\d+\.){3}\d+\/\d\d?$spaceregex.*/ )
|
||||
if (($prefix, $network, $len, $right) =
|
||||
m!^(|\S+:)(${ipv4_re})/(\d+)(${space_re}.*)$!)
|
||||
{
|
||||
print "$_\n";
|
||||
print_expanded_v4network($network, $len, $prefix, $right);
|
||||
}
|
||||
elsif ((($prefix, $network, $len, $right) =
|
||||
m!^((?:\S+:)?[Ii][Pp][Vv]6:)(${ipv6_re})(?:/(\d+))?(${space_re}.*)$!) &&
|
||||
(!defined($len) || $len <= 128) &&
|
||||
defined(cidrvalidate($network)))
|
||||
{
|
||||
print_expanded_v6network($network, $len // 128, $prefix, $right);
|
||||
}
|
||||
else
|
||||
{
|
||||
($prefix,$left,$space,$right) =
|
||||
/^(|\S\S*:)((?:\d+\.){3}\d+\/\d\d?)($spaceregex)(.*)$/;
|
||||
|
||||
my @new_lefts = expand_network($left);
|
||||
foreach my $nl (@new_lefts)
|
||||
{
|
||||
print "$prefix$nl$space$right\n";
|
||||
}
|
||||
print "$_\n";
|
||||
}
|
||||
}
|
||||
|
||||
sub expand_network
|
||||
sub print_expanded_v4network
|
||||
{
|
||||
my $left_input = shift;
|
||||
my @rc = ($left_input);
|
||||
my ($network,$mask) = split /\//, $left_input;
|
||||
if (defined $mask)
|
||||
{
|
||||
return (0..255) if $mask == 0;
|
||||
my ($network, $len, $prefix, $suffix) = @_;
|
||||
|
||||
my @parts = split /\./, $network;
|
||||
while ($#parts < 3)
|
||||
# cidr2octets() doesn't handle a prefix-length of zero, so do
|
||||
# that ourselves
|
||||
foreach my $nl ($len == 0 ? (0..255) : cidr2octets("$network/$len"))
|
||||
{
|
||||
push @parts, "0";
|
||||
print "$prefix$nl$suffix\n";
|
||||
}
|
||||
}
|
||||
|
||||
sub print_expanded_v6network
|
||||
{
|
||||
my ($network, $len, $prefix, $suffix) = @_;
|
||||
|
||||
# cidr2octets() doesn't handle a prefix-length of zero, so do
|
||||
# that ourselves. Easiest is to just recurse on bottom and top
|
||||
# halves with a length of 1
|
||||
if ($len == 0) {
|
||||
print_expanded_v6network("::", 1, $prefix, $suffix);
|
||||
print_expanded_v6network("8000::", 1, $prefix, $suffix);
|
||||
}
|
||||
else
|
||||
{
|
||||
foreach my $nl (cidr2octets("$network/$len"))
|
||||
{
|
||||
# trim leading zeros from each group
|
||||
$nl =~ s/(^|:)0+(?=[^:])/$1/g;
|
||||
print "$prefix$nl$suffix\n";
|
||||
}
|
||||
}
|
||||
my $clean_input = join '.', @parts;
|
||||
$clean_input .= "/$mask";
|
||||
my @octets = Net::CIDR::cidr2octets($clean_input);
|
||||
@rc = @octets;
|
||||
}
|
||||
return @rc;
|
||||
}
|
||||
|
@ -24,7 +24,7 @@ dnl ## email. A tempfail-message value of `t' temporarily rejects
|
||||
dnl ## with a default message. Otherwise the value should be your
|
||||
dnl ## own message. The keytag is used to lookup the access map to
|
||||
dnl ## further refine the result. I recommend a qualified keytag
|
||||
dnl ## (containing a ".") as less likely to accidently conflict with
|
||||
dnl ## (containing a ".") as less likely to accidentally conflict with
|
||||
dnl ## other access tags.
|
||||
dnl ##
|
||||
dnl ## This is best illustrated with an example. Please do not use
|
||||
@ -66,7 +66,7 @@ ifdef(`_ACCESS_TABLE_', `dnl',
|
||||
ifdef(`_EDNSBL_R_',`dnl',`dnl
|
||||
define(`_EDNSBL_R_', `1')dnl ## prevent multiple redefines of the map.
|
||||
LOCAL_CONFIG
|
||||
# map for enhanced DNS based blacklist lookups
|
||||
# map for enhanced DNS based blocklist lookups
|
||||
Kednsbl dns -R A -a. -T<TMP> -r`'ifdef(`EDNSBL_TO',`EDNSBL_TO',`5')
|
||||
')
|
||||
divert(-1)
|
||||
|
@ -945,7 +945,7 @@ sub mxredirect
|
||||
return undef;
|
||||
}
|
||||
# follow mx records, return a hostname
|
||||
# also follow temporary redirections comming from &domainify and
|
||||
# also follow temporary redirections coming from &domainify and
|
||||
# &mxlookup
|
||||
sub mx
|
||||
{
|
||||
|
@ -268,7 +268,7 @@ sed 's/^X//' << 'SHAR_EOF' > 'libs/date.pl' &&
|
||||
;# Fixed a couple of problems with &ls as pointed out by
|
||||
;# Thomas Richter (richter@ki1.chemie.fu-berlin.de), thanks Thomas!
|
||||
;# Also added a couple of SunOS 4.1.1 strftime-ish formats, %i and %k
|
||||
;# for space padded hours (` 1' to `12' and ` 0' to `23' respectivly),
|
||||
;# for space padded hours (` 1' to `12' and ` 0' to `23' respectively),
|
||||
;# and %C for locale long date/time format. Changed &mH to take a
|
||||
;# pad char parameter to make to evaled code for %i and %k simpler.
|
||||
;# Added %E for suffixed day-of-month (ie 1st, 3rd, 4th etc).
|
||||
@ -398,7 +398,7 @@ X
|
||||
X # watch out in 2070...
|
||||
X $year += ($year < 70) ? 2000 : 1900;
|
||||
X
|
||||
X # now loop throught the supplied format looking for tags...
|
||||
X # now loop through the supplied format looking for tags...
|
||||
X while (($pos = index ($format, '%')) != -1) {
|
||||
X
|
||||
X # grab the format tag
|
||||
@ -471,7 +471,7 @@ sub ls {
|
||||
X return ((&gettime ($TZ, time))[5] == @_[0]) ? "%R" : " %Y";
|
||||
}
|
||||
X
|
||||
# pad - pad $in with leading $pad until lenght $len
|
||||
# pad - pad $in with leading $pad until length $len
|
||||
sub pad {
|
||||
X local ($in, $len, $pad) = @_;
|
||||
X local ($out) = "$in";
|
||||
@ -661,7 +661,7 @@ X
|
||||
;# otherwise, $Status will be 0 and $Error_Msg will contain an error message.
|
||||
;#
|
||||
;# If $Use_Sendmail is 1 then sendmail is used to send the message. Normally
|
||||
;# a mailer such as Mail is used. By specifiying this you can include
|
||||
;# a mailer such as Mail is used. By specifying this you can include
|
||||
;# headers in addition to text in either $Message or $Message_Is_File.
|
||||
;# If either $Message or $Message_Is_File contain a Subject: header then
|
||||
;# $Subject is ignored; otherwise, a Subject: header is automatically created.
|
||||
@ -1026,15 +1026,15 @@ X
|
||||
;#
|
||||
;# Does not care about order of switches, options, and arguments like
|
||||
;# getopts.pl. Thus all non-switches/options will be kept in ARGV even if they
|
||||
;# are not at the end. If $Pass_Invalid is set all unkown options will be
|
||||
;# are not at the end. If $Pass_Invalid is set all unknown options will be
|
||||
;# passed back to the caller by keeping them in @ARGV. This is useful when
|
||||
;# parsing a command line for your script while ignoring options that you
|
||||
;# may pass to another script. If this is set New_Getopts tries to maintain
|
||||
;# the switch clustering on the unkown switches.
|
||||
;# the switch clustering on the unknown switches.
|
||||
;#
|
||||
;# Accepts the special argument -usage to print the Usage string. Also accepts
|
||||
;# the special option -version which prints the contents of the string
|
||||
;# $VERSION. $VERSION may or may not have an embeded \n in it. If -usage
|
||||
;# $VERSION. $VERSION may or may not have an embedded \n in it. If -usage
|
||||
;# or -version are specified a status of -1 is returned. Note that the usage
|
||||
;# option is only accepted if the usage string is not null.
|
||||
;#
|
||||
@ -1048,8 +1048,8 @@ X
|
||||
;# $Switch_To_Order {"v"} = 1;
|
||||
;# $Switch_To_Order {"x"} = 2;
|
||||
;#
|
||||
;# Note that in the case of multiple occurances of an option $Switch_To_Order
|
||||
;# will store each occurance of the argument via a string that emulates
|
||||
;# Note that in the case of multiple occurrences of an option $Switch_To_Order
|
||||
;# will store each occurrence of the argument via a string that emulates
|
||||
;# an array. This is done by using join ($;, ...). You can retrieve the
|
||||
;# array by using split (/$;/, ...).
|
||||
;#
|
||||
@ -1062,7 +1062,7 @@ X
|
||||
;# Another exciting ;-) feature that newgetopts has. Along with creating the
|
||||
;# normal $opt_ scalars for the last value of an argument the list @opt_ is
|
||||
;# created. It is an array which contains all the values of arguments to the
|
||||
;# basename of the variable. They are stored in the order which they occured
|
||||
;# basename of the variable. They are stored in the order which they occurred
|
||||
;# on the command line starting with $[. Note that blank arguments are stored
|
||||
;# as "". Along with providing support for multiple options on the command
|
||||
;# line this also provides a method of counting the number of times an option
|
||||
@ -1293,8 +1293,8 @@ X
|
||||
;# All other lines will be indented to match the amount of whitespace of
|
||||
;# $Offset.
|
||||
;#
|
||||
;# + If $Bullet_Indent is $TRUE $Offset will only be applied to the begining
|
||||
;# of lines as they occured in the original $String. Lines that are created
|
||||
;# + If $Bullet_Indent is $TRUE $Offset will only be applied to the beginning
|
||||
;# of lines as they occurred in the original $String. Lines that are created
|
||||
;# by this routine will always be indented by blank spaces.
|
||||
;#
|
||||
;# + If $Columns is 0 no word-wrap is done. This might be useful to still
|
||||
@ -1306,7 +1306,7 @@ X
|
||||
;# + If $Offset_Blank is $TRUE then empty lines will have $Offset pre-pended
|
||||
;# to them. Otherwise, they will still empty.
|
||||
;#
|
||||
;# This is a realy workhorse routine that I use in many places because of its
|
||||
;# This is a really workhorse routine that I use in many places because of its
|
||||
;# veratility.
|
||||
;#
|
||||
;# Arguments:
|
||||
@ -1668,7 +1668,7 @@ sed 's/^X//' << 'SHAR_EOF' > 'man/postclip.1' &&
|
||||
of the message. This keeps bounced mail private and helps to avoid disk space problems. \*(mp tries its best to keep as much of the header trail as possible.
|
||||
Hopefully only the original body of the message will be filtered. Only messages
|
||||
that have a subject that begins with 'Returned mail:' are filtered. This
|
||||
ensures that other mail is not accidently mucked with. Finally, note that
|
||||
ensures that other mail is not accidentally mucked with. Finally, note that
|
||||
\fBsendmail\fR is used to deliver the message after it has been (possibly)
|
||||
filtered. All of the original headers will remain intact.
|
||||
.sp 1
|
||||
|
@ -90,10 +90,9 @@ Proofpoint, Inc.
|
||||
.de Ve
|
||||
Version \\$2
|
||||
..
|
||||
.Ve $Revision: 8.759 $
|
||||
.rm Ve
|
||||
.sp
|
||||
For Sendmail Version 8.15
|
||||
For Sendmail Version 8.16
|
||||
.)l
|
||||
.(f
|
||||
Sendmail is a trademark of Proofpoint, Inc.
|
||||
@ -149,8 +148,9 @@ RFC 2554 (SMTP Service Extension for Authentication),
|
||||
RFC 2821 (Simple Mail Transfer Protocol),
|
||||
RFC 2822 (Internet Message Format),
|
||||
RFC 2852 (Deliver By SMTP Service Extension),
|
||||
RFC 2920 (SMTP Service Extension for Command Pipelining),
|
||||
and
|
||||
RFC 2920 (SMTP Service Extension for Command Pipelining).
|
||||
RFC 7505 (A "Null MX" No Service Resource Record for Domains That Accept No Mail).
|
||||
However, since
|
||||
.i sendmail
|
||||
is designed to work in a wider world,
|
||||
@ -309,9 +309,8 @@ program; for details see
|
||||
.sh 3 "Creating a Site Configuration File"
|
||||
.\"XXX
|
||||
.pp
|
||||
(This section is not yet complete.
|
||||
For now, see the file devtools/README for details.)
|
||||
See sendmail/README for various compilation flags that can be set.
|
||||
See sendmail/README for various compilation flags that can be set,
|
||||
and devtools/README for details how to set them.
|
||||
.sh 3 "Tweaking the Makefile"
|
||||
.pp
|
||||
.\" .b "XXX This should all be in the Site Configuration File section."
|
||||
@ -323,6 +322,8 @@ notably the
|
||||
database.
|
||||
At least one of these should be defined if at all possible.
|
||||
.nr ii 1i
|
||||
.ip CDB
|
||||
Constant DataBase (tinycdb).
|
||||
.ip NDBM
|
||||
The ``new DBM'' format,
|
||||
available on nearly all systems around today.
|
||||
@ -1224,7 +1225,9 @@ A recipient address is mapped to a queue group as follows.
|
||||
First, if there is a ruleset called ``queuegroup'',
|
||||
and if this ruleset maps the address to a queue group name,
|
||||
then that queue group is chosen.
|
||||
That is, the argument for the ruleset is the recipient address
|
||||
That is, the argument for the ruleset is
|
||||
the recipient address
|
||||
(i.e., the address part of the resolved triple)
|
||||
and the result should be
|
||||
.b $#
|
||||
followed by the name of a queue group.
|
||||
@ -1282,7 +1285,7 @@ In case one of the queue runners tries delivery to a slow recipient site
|
||||
at the end of a queue run, the next queue run may be substantially delayed.
|
||||
In general this should be smoothed out due to the distribution of
|
||||
those slow jobs, however, for sites with small number of
|
||||
queue entries this might introduce noticable delays.
|
||||
queue entries this might introduce noticeable delays.
|
||||
In general, persistent queue runners are only useful for
|
||||
sites with big queues.
|
||||
.sh 3 "Manual Intervention"
|
||||
@ -2908,7 +2911,7 @@ Therefore it is necessary to run the client mail queue periodically.
|
||||
.pp
|
||||
.i Sendmail
|
||||
has several parameters to control resource usage.
|
||||
Besides those mentionted in the previous section, there are at least
|
||||
Besides those mentioned in the previous section, there are at least
|
||||
.b MaxDaemonChildren ,
|
||||
.b ConnectionRateThrottle ,
|
||||
.b MaxQueueChildren ,
|
||||
@ -3038,8 +3041,9 @@ should not be used by the SMTP server.
|
||||
.pp
|
||||
The level of logging can be set for
|
||||
.i sendmail .
|
||||
The default using a standard configuration table is level 9.
|
||||
The levels are as follows:
|
||||
The default using a standard configuration is level 9.
|
||||
The levels are approximately as follows
|
||||
(some log types are using different level depending on various factors):
|
||||
.nr ii 0.5i
|
||||
.ip 0
|
||||
Minimal logging.
|
||||
@ -3078,7 +3082,7 @@ questionable situations.
|
||||
.ip 14
|
||||
Logs refused connections.
|
||||
.ip 15
|
||||
Log all incoming and outgoing SMTP commands.
|
||||
Log all incoming SMTP commands.
|
||||
.ip 20
|
||||
Logs attempts to run locked queue files.
|
||||
These are not errors,
|
||||
@ -3280,7 +3284,7 @@ Accept group-writable
|
||||
.i \&.forward
|
||||
files as safe for program and file delivery.
|
||||
.ip GroupWritableIncludeFile
|
||||
Allow group wriable
|
||||
Allow group writable
|
||||
.i :include:
|
||||
files.
|
||||
.ip GroupWritableIncludeFileSafe
|
||||
@ -3355,7 +3359,7 @@ Allow world writable
|
||||
.i \&.forward
|
||||
files.
|
||||
.ip WorldWritableIncludefile
|
||||
Allow world wriable
|
||||
Allow world writable
|
||||
.i :include:
|
||||
files.
|
||||
.ip WriteMapToHardLink
|
||||
@ -3932,7 +3936,7 @@ The complete syntax for ruleset 0 is:
|
||||
.)b
|
||||
This specifies the
|
||||
{mailer, host, user}
|
||||
3-tuple necessary to direct the mailer.
|
||||
3-tuple (triple) necessary to direct the mailer.
|
||||
Note: the third element (
|
||||
.i user
|
||||
) is often also called
|
||||
@ -3964,9 +3968,11 @@ If the
|
||||
is the built-in IPC mailer,
|
||||
the
|
||||
.i host
|
||||
may be a colon-separated list of hosts
|
||||
that are searched in order for the first working address
|
||||
(exactly like MX records).
|
||||
may be a colon (or comma) separated list of hosts.
|
||||
Each is separately MX expanded and the results are concatenated
|
||||
to make (essentially) one long MX list.
|
||||
Hosts separated by a comma have the same MX preference,
|
||||
and for each colon separated host the MX preference is increased.
|
||||
The
|
||||
.i user
|
||||
is later rewritten by the mailer-specific envelope rewriting set
|
||||
@ -4148,7 +4154,7 @@ macro
|
||||
for use in the argv expansion of the specified mailer.
|
||||
Notice: since the envelope sender address will be used if
|
||||
a delivery status notification must be send,
|
||||
i.e., is may specify a recipient,
|
||||
i.e., it may specify a recipient,
|
||||
it is also run through ruleset zero.
|
||||
If ruleset zero returns a temporary error
|
||||
.b 4xy
|
||||
@ -4515,7 +4521,7 @@ for details, as well as
|
||||
and note this warning:
|
||||
Options already set before are not cleared!
|
||||
.ip CipherList
|
||||
Specify cipher list for STARTTLS,
|
||||
Specify cipher list for STARTTLS (does not apply to TLSv1.3),
|
||||
see
|
||||
.i ciphers (1)
|
||||
for possible values.
|
||||
@ -4526,6 +4532,28 @@ for the session.
|
||||
File containing a certificate.
|
||||
.ip KeyFile
|
||||
File containing the private key for the certificate.
|
||||
.ip Flags
|
||||
Currently the only valid flags are
|
||||
.br
|
||||
.i R
|
||||
to require a CRL for each encountered certificate during verification
|
||||
(by default a missing CRL is ignored),
|
||||
.br
|
||||
.i c
|
||||
and
|
||||
.i C
|
||||
which basically clears/sets the option
|
||||
.i TLSFallbacktoClear
|
||||
for just this session, respectively,
|
||||
.br
|
||||
.i d
|
||||
to turn off DANE which is obviously only valid for
|
||||
.i tls_clt_features
|
||||
and requires DANE to be compiled in.
|
||||
This might be needed in case of a misconfiguration,
|
||||
e.g.,
|
||||
specifying invalid TLSA RRs.
|
||||
.br
|
||||
.lp
|
||||
.lp
|
||||
Example:
|
||||
@ -4550,9 +4578,6 @@ and
|
||||
.i KeyFile
|
||||
must be specified together;
|
||||
specifying only one is an error.
|
||||
.pp
|
||||
These rulesets require the sendmail binary to be built with _FFR_TLS_SE_OPTS
|
||||
enabled (see the "For Future Release" section).
|
||||
.sh 4 "authinfo"
|
||||
.pp
|
||||
The
|
||||
@ -4589,9 +4614,9 @@ is ignored (even if the ruleset does not return a ``useful'' result).
|
||||
The
|
||||
.i queuegroup
|
||||
ruleset is used to map a recipient address to a queue group name.
|
||||
The input for the ruleset is a recipient address as specified by the
|
||||
.sm "SMTP RCPT"
|
||||
command.
|
||||
The input for the ruleset is
|
||||
the recipient address
|
||||
(i.e., the address part of the resolved triple)
|
||||
The ruleset should return
|
||||
.b $#
|
||||
followed by the name of a queue group.
|
||||
@ -4615,7 +4640,7 @@ pause.
|
||||
If the return value starts with anything else or is not a number,
|
||||
it is silently ignored.
|
||||
Note: this ruleset is not invoked (and hence the feature is disabled)
|
||||
when the smtps (SMTP over SSL) is used, i.e.,
|
||||
when smtps (SMTP over SSL) is used, i.e.,
|
||||
the
|
||||
.i s
|
||||
modifier is set for the daemon via
|
||||
@ -4651,9 +4676,11 @@ to an IP host address.
|
||||
.pp
|
||||
The host name passed in after the
|
||||
.q $@
|
||||
may also be a colon-separated list of hosts.
|
||||
may also be a colon or comma separated list of hosts.
|
||||
Each is separately MX expanded and the results are concatenated
|
||||
to make (essentially) one long MX list.
|
||||
Hosts separated by a comma have the same MX preference,
|
||||
and for each colon separated host the MX preference is increased.
|
||||
The intent here is to create
|
||||
.q fake
|
||||
MX records that are not published in DNS
|
||||
@ -5224,7 +5251,7 @@ The output of the
|
||||
function, i.e., the number of seconds since 0 hours, 0 minutes,
|
||||
0 seconds, January 1, 1970, Coordinated Universal Time (UTC).
|
||||
.ip ${tls_version}
|
||||
The TLS/SSL version used for the connection, e.g., TLSv1, SSLv3, SSLv2;
|
||||
The TLS/SSL version used for the connection, e.g., TLSv1.2, TLSv1;
|
||||
defined after STARTTLS has been used.
|
||||
.ip ${total_rate}
|
||||
The total number of incoming connections over the time interval specified
|
||||
@ -5241,6 +5268,7 @@ NOT no cert requested.
|
||||
FAIL cert presented but could not be verified,
|
||||
e.g., the signing CA is missing.
|
||||
NONE STARTTLS has not been performed.
|
||||
CLEAR STARTTLS has been disabled internally for a clear text delivery attempt.
|
||||
TEMP temporary error occurred.
|
||||
PROTOCOL some protocol error occurred
|
||||
at the ESMTP level (not TLS).
|
||||
@ -5859,7 +5887,7 @@ Do User Database rewriting on recipients as well as senders.
|
||||
Normally when
|
||||
.i sendmail
|
||||
connects to a host via SMTP,
|
||||
it checks to make sure that this isn't accidently the same host name
|
||||
it checks to make sure that this isn't accidentally the same host name
|
||||
as might happen if
|
||||
.i sendmail
|
||||
is misconfigured or if a long-haul network interface is set in loopback mode.
|
||||
@ -5893,7 +5921,7 @@ macro occurs in the
|
||||
part of the mailer definition,
|
||||
that field will be repeated as necessary
|
||||
for all qualifying users.
|
||||
Removing this flag can defeat duplicate supression on a remote site
|
||||
Removing this flag can defeat duplicate suppression on a remote site
|
||||
as each recipient is sent in a separate transaction.
|
||||
.ip M\(dg
|
||||
This mailer wants a
|
||||
@ -6519,6 +6547,10 @@ is specified),
|
||||
(if
|
||||
.sm NDBM
|
||||
is specified),
|
||||
.q cdb
|
||||
(if
|
||||
.sm CDB
|
||||
is specified),
|
||||
.q stab
|
||||
(internal symbol table \*- not normally used
|
||||
unless you have no other database lookup),
|
||||
@ -6647,7 +6679,7 @@ see section about STARTTLS for more information.
|
||||
Specify the fingerprint algorithm (digest) to use for the presented cert.
|
||||
If the option is not set,
|
||||
md5 is used and the macro
|
||||
.p ${cert_md5}
|
||||
.b ${cert_md5}
|
||||
contains the cert fingerprint.
|
||||
If the option is explicitly set,
|
||||
the specified algorithm (e.g., sha1) is used
|
||||
@ -6655,7 +6687,7 @@ and the macro
|
||||
.b ${cert_fp}
|
||||
contains the cert fingerprint.
|
||||
.ip CipherList
|
||||
Specify cipher list for STARTTLS.
|
||||
Specify cipher list for STARTTLS (does not apply to TLSv1.3).
|
||||
See
|
||||
.i ciphers (1)
|
||||
for possible values.
|
||||
@ -6756,7 +6788,7 @@ By default,
|
||||
.i -SSL_OP_TLSEXT_PADDING
|
||||
are used
|
||||
(if those options are available).
|
||||
Options can be cleared by preceeding them with a minus sign.
|
||||
Options can be cleared by preceding them with a minus sign.
|
||||
It is also possible to specify numerical values, e.g.,
|
||||
.b -0x0010 .
|
||||
.ip ColonOkInAddr
|
||||
@ -6851,9 +6883,18 @@ Solaris and pre-4.4BSD kernel users should see the note in sendmail/README .
|
||||
[no short name]
|
||||
Name of file that contains certificate
|
||||
revocation status, useful for X.509v3 authentication.
|
||||
CRL checking requires at least OpenSSL version 0.9.7.
|
||||
Note: if a CRLFile is specified but the file is unusable,
|
||||
STARTTLS is disabled.
|
||||
.ip CRLPath=\fIname\fP
|
||||
[no short name]
|
||||
Name of directory that contains hashes pointing to
|
||||
certificate revocation status files.
|
||||
Symbolic links can be generated with the following
|
||||
two (Bourne) shell commands:
|
||||
.(b
|
||||
C=FileName_of_CRL
|
||||
ln -s $C `openssl crl -noout -hash < $C`.r0
|
||||
.)b
|
||||
.ip DHParameters
|
||||
This option applies to the server side only.
|
||||
Possible values are:
|
||||
@ -6948,7 +6989,7 @@ can be a sequence (without any delimiters)
|
||||
of the following characters:
|
||||
.(b
|
||||
.ta 1i
|
||||
a always require authentication
|
||||
a always require AUTH
|
||||
b bind to interface through which mail has been received
|
||||
c perform hostname canonification (.cf)
|
||||
f require fully qualified hostname (.cf)
|
||||
@ -6961,7 +7002,7 @@ O optional; if opening the socket fails ignore it
|
||||
S don't offer STARTTLS
|
||||
.)b
|
||||
That is, one way to specify a message submission agent (MSA) that
|
||||
always requires authentication is:
|
||||
always requires AUTH is:
|
||||
.(b
|
||||
O DaemonPortOptions=Name=MSA, Port=587, M=Ea
|
||||
.)b
|
||||
@ -7000,7 +7041,7 @@ This will also override possible settings via
|
||||
Note,
|
||||
.i sendmail
|
||||
will listen on a new socket
|
||||
for each occurence of the
|
||||
for each occurrence of the
|
||||
.b DaemonPortOptions
|
||||
option in a configuration file.
|
||||
The modifier ``O'' causes sendmail to ignore a socket
|
||||
@ -7296,6 +7337,18 @@ are:
|
||||
.\"8BITMIME\(->7BIT conversions are done.
|
||||
In all cases properly declared 8BITMIME data will be converted to 7BIT
|
||||
as needed.
|
||||
.p
|
||||
Note: if an automatic conversion is performed, a header with
|
||||
the following format will be added:
|
||||
.(b
|
||||
X-MIME-Autoconverted: from OLD to NEW by $j id $i
|
||||
.)b
|
||||
where
|
||||
.\" format?
|
||||
OLD
|
||||
and
|
||||
NEW
|
||||
describe the original format and the converted format, respectively.
|
||||
.ip ErrorHeader=\fIfile-or-message\fP
|
||||
[E]
|
||||
Prepend error messages with the indicated message.
|
||||
@ -7393,6 +7446,10 @@ and then in
|
||||
.ip HeloName=\fIname\fP
|
||||
[no short name]
|
||||
Set the name to be used for HELO/EHLO (instead of $j).
|
||||
.ip HelpFile=\fIfile\fP
|
||||
[H]
|
||||
Specify the help file for SMTP.
|
||||
If no file name is specified, "helpfile" is used.
|
||||
.ip HoldExpensive
|
||||
[c]
|
||||
If an outgoing mailer is marked as being expensive,
|
||||
@ -7520,9 +7577,10 @@ If not set, there is no limit to the number of children --
|
||||
that is, the system load average controls this.
|
||||
.ip MaxHeadersLength=\fIN\fP
|
||||
[no short name]
|
||||
The maximum length of the sum of all headers.
|
||||
If set to a value greater than zero it specifies
|
||||
the maximum length of the sum of all headers.
|
||||
This can be used to prevent a denial of service attack.
|
||||
The default is no limit.
|
||||
The default is 32K.
|
||||
.ip MaxHopCount=\fIN\fP
|
||||
[h]
|
||||
The maximum hop count.
|
||||
@ -7706,6 +7764,12 @@ Sets the list of characters that must be quoted if used in a full name
|
||||
that is in the phrase part of a ``phrase <address>'' syntax.
|
||||
The default is ``\'.''.
|
||||
The characters ``@,;:\e()[]'' are always added to this list.
|
||||
Note: To avoid potential breakage of
|
||||
DKIM signatures it is useful to set
|
||||
.(b
|
||||
O MustQuoteChars=.
|
||||
.)b
|
||||
Moreover, relaxed header signing should be used for DKIM signatures.
|
||||
.ip NiceQueueRun
|
||||
[no short name]
|
||||
The priority of queue runners (nice(3)).
|
||||
@ -8189,7 +8253,7 @@ By default,
|
||||
.i -SSL_OP_TLSEXT_PADDING
|
||||
are used
|
||||
(if those options are available).
|
||||
Options can be cleared by preceeding them with a minus sign.
|
||||
Options can be cleared by preceding them with a minus sign.
|
||||
It is also possible to specify numerical values, e.g.,
|
||||
.b -0x0010 .
|
||||
.ip ServiceSwitchFile=\fIfilename\fP
|
||||
@ -8301,6 +8365,31 @@ Defaults to
|
||||
If set, issue temporary errors (4xy) instead of permanent errors (5xy).
|
||||
This can be useful during testing of a new configuration to avoid
|
||||
erroneous bouncing of mails.
|
||||
.ip SSLEngine
|
||||
Name of SSL engine to use.
|
||||
The available values depend on the OpenSSL version against which
|
||||
.i sendmail
|
||||
is compiled,
|
||||
see
|
||||
.(b
|
||||
openssl engine -v
|
||||
.)b
|
||||
for some information.
|
||||
.ip SSLEnginePath
|
||||
Path to dynamic library for SSL engine.
|
||||
This option is only useful if
|
||||
.i SSLEngine
|
||||
is set.
|
||||
If both are set, the engine will be loaded dynamically at runtime
|
||||
using the concatenation of the path,
|
||||
a slash "/",
|
||||
the string "lib",
|
||||
the value of
|
||||
.i SSLEngine ,
|
||||
and the string ".so".
|
||||
If only
|
||||
.i SSLEngine
|
||||
is set then the static version of the engine is used.
|
||||
.ip StatusFile=\fIfile\fP
|
||||
[S]
|
||||
Log summary statistics in the named
|
||||
@ -8340,6 +8429,22 @@ PostMilter is useful only when
|
||||
.i sendmail
|
||||
is running as an SMTP server; in all other situations it
|
||||
acts the same as True.
|
||||
.ip TLSFallbacktoClear
|
||||
[no short name]
|
||||
If set,
|
||||
.i sendmail
|
||||
immediately tries an outbound connection again without STARTTLS
|
||||
after a TLS handshake failure.
|
||||
Note:
|
||||
this applies to all connections even if TLS specific requirements are set
|
||||
(see rulesets
|
||||
.i tls_rcpt
|
||||
and
|
||||
.i tls_client
|
||||
).
|
||||
Hence such requirements will cause an error on a retry without STARTTLS.
|
||||
Therefore they should only trigger a temporary failure so the connection
|
||||
is later on tried again.
|
||||
.ip TLSSrvOptions
|
||||
[no short name]
|
||||
List of options for SMTP STARTTLS for the server
|
||||
@ -8824,6 +8929,12 @@ $[\fIhostname\fP$]
|
||||
.)b
|
||||
.pp
|
||||
There are many defined classes.
|
||||
.ip cdb
|
||||
Database lookups using the cdb(3) library.
|
||||
.i Sendmail
|
||||
must be compiled with
|
||||
.b CDB
|
||||
defined.
|
||||
.ip dbm
|
||||
Database lookups using the ndbm(3) library.
|
||||
.i Sendmail
|
||||
@ -8885,7 +8996,7 @@ only the first value will be returned
|
||||
unless the
|
||||
.b \-z
|
||||
(value separator)
|
||||
map flag is set.
|
||||
map option is set.
|
||||
Also, the
|
||||
.b \-1
|
||||
map flag will treat a multiple value return
|
||||
@ -8906,14 +9017,11 @@ The format of the text file is defined by the
|
||||
and
|
||||
.b \-z
|
||||
(field delimiter)
|
||||
flags.
|
||||
options.
|
||||
.ip ph
|
||||
PH query map.
|
||||
Contributed and supported by
|
||||
Mark Roth, roth@uiuc.edu.
|
||||
For more information,
|
||||
consult the web site
|
||||
.q http://www-dev.cites.uiuc.edu/sendmail/ .
|
||||
.ip nsd
|
||||
nsd map for IRIX 6.5 and later.
|
||||
Contributed and supported by Bob Mende of SGI,
|
||||
@ -8922,11 +9030,15 @@ mende@sgi.com.
|
||||
Internal symbol table lookups.
|
||||
Used internally for aliasing.
|
||||
.ip implicit
|
||||
Really should be called
|
||||
.q alias
|
||||
\(em this is used to get the default lookups
|
||||
for alias files,
|
||||
and is the default if no class is specified for alias files.
|
||||
Sequentially try a list of available map types:
|
||||
.i hash ,
|
||||
.i dbm ,
|
||||
and
|
||||
.i cdb .
|
||||
It is the default for alias files if no class is specified.
|
||||
If is no matching map type is found,
|
||||
the text version is used for the alias file,
|
||||
but other maps fail to open.
|
||||
.ip user
|
||||
Looks up users using
|
||||
.i getpwnam (3).
|
||||
@ -8948,15 +9060,24 @@ This can be used to find out if this machine is the target for an MX record,
|
||||
and mail can be accepted on that basis.
|
||||
If the
|
||||
.b \-z
|
||||
flag is given, then all MX names are returned,
|
||||
option is given, then all MX names are returned,
|
||||
separated by the given delimiter.
|
||||
Note: the return value is deterministic,
|
||||
i.e., even if multiple MX records have the same preference,
|
||||
they will be returned in the same order.
|
||||
.ip dns
|
||||
This map requires the option -R to specify the DNS resource record
|
||||
type to lookup. The following types are supported:
|
||||
type to lookup.
|
||||
The following types are supported:
|
||||
A, AAAA, AFSDB, CNAME, MX, NS, PTR, SRV, and TXT.
|
||||
A map lookup will return only one record.
|
||||
A map lookup will return only one record
|
||||
unless the
|
||||
.b \-z
|
||||
(value separator)
|
||||
option is set.
|
||||
Hence for some types, e.g., MX records, the return value might be a random
|
||||
element of the list due to randomizing in the DNS resolver.
|
||||
element of the results due to randomizing in the DNS resolver,
|
||||
if only one element is returned.
|
||||
.ip arpa
|
||||
Returns the ``reverse'' for the given IP (IPv4 or IPv6) address,
|
||||
i.e., the string for the PTR lookup,
|
||||
@ -9069,33 +9190,45 @@ if used, it is substituted by the substring matches, delimited by
|
||||
.b $|
|
||||
or the string specified with the the
|
||||
.b \-d
|
||||
flag. The flags available for the map are
|
||||
option.
|
||||
The options available for the map are
|
||||
.(b
|
||||
.ta 4n
|
||||
-n not
|
||||
-f case sensitive
|
||||
-b basic regular expressions (default is extended)
|
||||
-s substring match
|
||||
-d set the delimiter used for -s
|
||||
-d set the delimiter string used for -s
|
||||
-a append string to key
|
||||
-m match only, do not replace/discard value
|
||||
-D perform no lookup in deferred delivery mode.
|
||||
.)b
|
||||
The
|
||||
.b \-s
|
||||
flag can include an optional parameter which can be used
|
||||
to select the substrings in the result of the lookup. For example,
|
||||
option can include an optional parameter which can be used
|
||||
to select the substrings in the result of the lookup.
|
||||
For example,
|
||||
.(b
|
||||
-s1,3,4
|
||||
.)b
|
||||
The delimiter string specified via the
|
||||
.b \-d
|
||||
option is the sequence of characters after
|
||||
.b d
|
||||
ending at the first space.
|
||||
Hence it isn't possible to specify a space as delimiter,
|
||||
so if the option is immediately followed by a space
|
||||
the delimiter string is empty,
|
||||
which means the substrings are joined.
|
||||
|
||||
Notes: to match a
|
||||
.b $
|
||||
in a string,
|
||||
\\$$
|
||||
must be used.
|
||||
If the pattern contains spaces, they must be replaced
|
||||
with the blank substitution character, unless it is
|
||||
space itself.
|
||||
If the pattern contains spaces,
|
||||
they must be replaced with the blank substitution character,
|
||||
unless it is space itself.
|
||||
.ip program
|
||||
The arguments on the
|
||||
.b K
|
||||
@ -9185,9 +9318,9 @@ and is one of the following upper case words:
|
||||
.ta 9n
|
||||
OK the key was found, result contains the looked up value
|
||||
NOTFOUND the key was not found, the result is empty
|
||||
TEMP a temporary failure occured
|
||||
TIMEOUT a timeout occured on the server side
|
||||
PERM a permanent failure occured
|
||||
TEMP a temporary failure occurred
|
||||
TIMEOUT a timeout occurred on the server side
|
||||
PERM a permanent failure occurred
|
||||
.)b
|
||||
|
||||
In case of errors (status TEMP, TIMEOUT or PERM) the result field may
|
||||
@ -9331,7 +9464,7 @@ or
|
||||
to indicate newline or tab respectively.
|
||||
If omitted entirely,
|
||||
the column separator is any sequence of white space.
|
||||
For LDAP maps this is the separator character
|
||||
For LDAP and some other maps this is the separator character
|
||||
to combine multiple values
|
||||
into a single return string.
|
||||
If not set,
|
||||
@ -9413,6 +9546,11 @@ timeout: specify the timeout (in seconds) for communication
|
||||
with the socket map server.
|
||||
.pp
|
||||
The following additional flags are present in the ldap map only:
|
||||
.ip "\-c\fItimeout\fP"
|
||||
Set the LDAP network timeout.
|
||||
sendmail must be compiled with
|
||||
.b \-DLDAP_OPT_NETWORK_TIMEOUT
|
||||
to use this flag.
|
||||
.ip "\-R"
|
||||
Do not auto chase referrals. sendmail must be compiled with
|
||||
.b \-DLDAP_REFERRALS
|
||||
@ -9480,6 +9618,9 @@ Should be one of
|
||||
.b LDAP_AUTH_SIMPLE ,
|
||||
or
|
||||
.b LDAP_AUTH_KRBV4 .
|
||||
The leading
|
||||
.b LDAP_AUTH_
|
||||
can be omitted and the value is case-insensitive.
|
||||
.ip "\-P\fIpasswordfile\fP"
|
||||
The file containing the secret key for the
|
||||
.b LDAP_AUTH_SIMPLE
|
||||
@ -9530,8 +9671,9 @@ and the data is located in
|
||||
.pp
|
||||
The program
|
||||
.i makemap (8)
|
||||
can be used to build any of the three database-oriented maps.
|
||||
It takes the following flags:
|
||||
can be used to build database-oriented maps.
|
||||
It takes at least the following flags
|
||||
(for a complete list see its man page):
|
||||
.ip \-f
|
||||
Do not fold upper to lower case in the map.
|
||||
.ip \-N
|
||||
@ -9980,8 +10122,10 @@ configuration file.
|
||||
If set,
|
||||
the new version of the DBM library
|
||||
that allows multiple databases will be used.
|
||||
If neither NDBM nor NEWDB are set,
|
||||
If neither CDB, NDBM, nor NEWDB are set,
|
||||
a much less efficient method of alias lookup is used.
|
||||
.ip CWDB
|
||||
If set, use the cdb (tinycdb) package.
|
||||
.ip NEWDB
|
||||
If set, use the new database package from Berkeley (from 4.4BSD).
|
||||
This package is substantially faster than DBM or NDBM.
|
||||
@ -10418,7 +10562,7 @@ Addresses in this header should receive error messages.
|
||||
This header is a Content-Transfer-Encoding header.
|
||||
.ip H_CTYPE
|
||||
This header is a Content-Type header.
|
||||
.ip H_STRIPVAL
|
||||
.ip H_BCC
|
||||
Strip the value from the header (for Bcc:).
|
||||
.nr ii 5n
|
||||
.lp
|
||||
@ -10440,7 +10584,7 @@ struct hdrinfo HdrInfo[] =
|
||||
"to", H_RCPT,
|
||||
"resent-to", H_RCPT,
|
||||
"cc", H_RCPT,
|
||||
"bcc", H_RCPT\^|\^H_STRIPVAL,
|
||||
"bcc", H_RCPT\^|\^H_BCC,
|
||||
/* message identification and control */
|
||||
"message", H_EOH,
|
||||
"text", H_EOH,
|
||||
@ -10864,7 +11008,7 @@ it is necessary to understand at least some basics about X.509 certificates
|
||||
and public key cryptography.
|
||||
This information can be found in books about SSL/TLS
|
||||
or on WWW sites, e.g.,
|
||||
.q http://www.OpenSSL.org/ .
|
||||
.q https://www.OpenSSL.org/ .
|
||||
.sh 3 "Certificates for STARTTLS"
|
||||
.pp
|
||||
When acting as a server,
|
||||
@ -11003,6 +11147,43 @@ The macros which are subject to this encoding are
|
||||
{cert_subject}, {cert_issuer}, {cn_subject}, {cn_issuer},
|
||||
as well as
|
||||
{auth_authen} and {auth_author}.
|
||||
.sh 2 "DANE"
|
||||
.pp
|
||||
Initial support for DANE (see RFC 7672 et.al.)
|
||||
is available if
|
||||
.i sendmail
|
||||
is compiled with the option
|
||||
.b DANE .
|
||||
Only TLSA RR 3-1-x (DANE-EE) is currently implemented.
|
||||
The option
|
||||
.(b
|
||||
O DANE=true
|
||||
.)b
|
||||
enables this feature at run time
|
||||
and it automatically adds
|
||||
.b use_dnssec
|
||||
and
|
||||
.b use_edns0
|
||||
to
|
||||
.(b
|
||||
O ResolverOptions
|
||||
.)b
|
||||
This requires a (preferrably local)
|
||||
validating DNS resolver which supports those options.
|
||||
|
||||
If the client finds a usable TLSA RR and the check
|
||||
succeeds the macro
|
||||
.b ${verify}
|
||||
is set to
|
||||
.b TRUSTED .
|
||||
All non-DNS maps are considered
|
||||
.i secure
|
||||
just like DNS lookups with DNSSEC.
|
||||
Be aware that the implementation might not handle all
|
||||
error conditions as required by the RFCs.
|
||||
Moreover, TLSA RRs are not looked up for some features,
|
||||
e.g.,
|
||||
.i FallBackSmartHost .
|
||||
.sh 1 "ACKNOWLEDGEMENTS"
|
||||
.pp
|
||||
I've worked on
|
||||
@ -11243,7 +11424,6 @@ this is equivalent to using \-p.)
|
||||
.ip \-q\fItime\fP
|
||||
Try to process the queued up mail.
|
||||
If the time is given,
|
||||
a
|
||||
.i sendmail
|
||||
will start one or more processes to run through the queue(s) at the specified
|
||||
time interval to deliver queued mail; otherwise, it only runs once.
|
||||
@ -11307,7 +11487,7 @@ together, and items with different key letters
|
||||
.q and'ed
|
||||
together.
|
||||
.ip "\-Q[reason]"
|
||||
Quarantine a normal queue items with the given reason or
|
||||
Quarantine normal queue items with the given reason or
|
||||
unquarantine quarantined queue items if no reason is given.
|
||||
This should only be used with some sort of item matching using
|
||||
.b \-q[!]\fIXstring\fP
|
||||
@ -11512,11 +11692,10 @@ but is actually realiased when the job is processed.
|
||||
There will be one line for each recipient.
|
||||
Version 1 qf files
|
||||
also include a leading colon-terminated list of flags,
|
||||
which can be
|
||||
some of which are
|
||||
`S' to return a message on successful final delivery,
|
||||
`F' to return a message on failure,
|
||||
`D' to return a message if the message is delayed,
|
||||
`B' to indicate that the body should be returned,
|
||||
`N' to suppress returning the body,
|
||||
and
|
||||
`P' to declare this as a ``primary'' (command line or SMTP-session) address.
|
||||
@ -11727,7 +11906,6 @@ replace it with a blank sheet for double-sided output.
|
||||
.\".sz 10
|
||||
.\"Eric Allman
|
||||
.\".sp
|
||||
.\"Version $Revision: 8.759 $
|
||||
.\".ce 0
|
||||
.bp 3
|
||||
.ce
|
||||
|
@ -8,6 +8,8 @@ all: FRC
|
||||
$(SHELL) $(BUILD) $(OPTIONS) $@
|
||||
clean: FRC
|
||||
$(SHELL) $(BUILD) $(OPTIONS) $@
|
||||
check: FRC
|
||||
$(SHELL) $(BUILD) $(OPTIONS) $@
|
||||
install: FRC
|
||||
$(SHELL) $(BUILD) $(OPTIONS) $@
|
||||
|
||||
|
@ -23,19 +23,19 @@ SM_UNUSED(static char copyright[]) =
|
||||
|
||||
#ifndef lint
|
||||
SM_UNUSED(static char id[]) = "@(#)$Id: editmap.c,v 1.26 2013-11-22 20:51:26 ca Exp $";
|
||||
#endif /* ! lint */
|
||||
#endif
|
||||
|
||||
|
||||
#include <sys/types.h>
|
||||
#ifndef ISC_UNIX
|
||||
# include <sys/file.h>
|
||||
#endif /* ! ISC_UNIX */
|
||||
#endif
|
||||
#include <ctype.h>
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
#ifdef EX_OK
|
||||
# undef EX_OK /* unistd.h may have another use for this */
|
||||
#endif /* EX_OK */
|
||||
#endif
|
||||
#include <sysexits.h>
|
||||
#include <assert.h>
|
||||
#include <sendmail/sendmail.h>
|
||||
@ -100,7 +100,7 @@ main(argc, argv)
|
||||
#if HASFCHOWN
|
||||
FILE *cfp;
|
||||
char buf[MAXLINE];
|
||||
#endif /* HASFCHOWN */
|
||||
#endif
|
||||
static char rnamebuf[MAXNAME]; /* holds RealUserName */
|
||||
extern char *optarg;
|
||||
extern int optind;
|
||||
|
@ -43,11 +43,11 @@
|
||||
/* Only need to export C interface if used by C++ source code */
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif /* __cplusplus */
|
||||
#endif
|
||||
|
||||
#ifndef _SOCK_ADDR
|
||||
# define _SOCK_ADDR struct sockaddr
|
||||
#endif /* ! _SOCK_ADDR */
|
||||
#endif
|
||||
|
||||
/*
|
||||
** libmilter functions return one of the following to indicate
|
||||
@ -58,7 +58,7 @@ extern "C" {
|
||||
#define MI_FAILURE (-1)
|
||||
#if _FFR_WORKERS_POOL
|
||||
# define MI_CONTINUE 1
|
||||
#endif /* _FFR_WORKERS_POOL */
|
||||
#endif
|
||||
|
||||
/* "forward" declarations */
|
||||
typedef struct smfi_str SMFICTX;
|
||||
@ -76,17 +76,17 @@ typedef int sfsistat;
|
||||
|
||||
#if defined(__linux__) && defined(__GNUC__) && defined(__cplusplus) && __GNUC_MINOR__ >= 8
|
||||
# define SM__P(X) __PMT(X)
|
||||
#else /* __linux__ && __GNUC__ && __cplusplus && _GNUC_MINOR__ >= 8 */
|
||||
#else
|
||||
# define SM__P(X) __P(X)
|
||||
#endif /* __linux__ && __GNUC__ && __cplusplus && _GNUC_MINOR__ >= 8 */
|
||||
#endif
|
||||
|
||||
/* Some platforms don't define __P -- do it for them here: */
|
||||
#ifndef __P
|
||||
# ifdef __STDC__
|
||||
# define __P(X) X
|
||||
# else /* __STDC__ */
|
||||
# else
|
||||
# define __P(X) ()
|
||||
# endif /* __STDC__ */
|
||||
# endif
|
||||
#endif /* __P */
|
||||
|
||||
#if SM_CONF_STDBOOL_H
|
||||
@ -464,7 +464,7 @@ LIBMILTER_API int smfi_chgheader __P((SMFICTX *, char *, int, char *));
|
||||
**
|
||||
** SMFICTX *ctx; Opaque context structure
|
||||
** char *headerf; Header field name
|
||||
** int index; The Nth occurence of header field name
|
||||
** int index; The Nth occurrence of header field name
|
||||
** char *headerv; New header field value (empty for delete header)
|
||||
*/
|
||||
|
||||
@ -594,10 +594,10 @@ LIBMILTER_API int smfi_setsymlist __P((SMFICTX *, int, char *));
|
||||
|
||||
#if _FFR_THREAD_MONITOR
|
||||
LIBMILTER_API int smfi_set_max_exec_time __P((unsigned int));
|
||||
#endif /* _FFR_THREAD_MONITOR */
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif /* __cplusplus */
|
||||
#endif
|
||||
|
||||
#endif /* ! _LIBMILTER_MFAPI_H */
|
||||
|
@ -19,7 +19,7 @@
|
||||
|
||||
#ifndef SMFI_PROT_VERSION
|
||||
# define SMFI_PROT_VERSION 6 /* MTA - libmilter protocol version */
|
||||
#endif /* SMFI_PROT_VERSION */
|
||||
#endif
|
||||
|
||||
/* Shared protocol constants */
|
||||
#define MILTER_LEN_BYTES 4 /* length of 32 bit integer in bytes */
|
||||
@ -121,6 +121,6 @@
|
||||
|
||||
#if _FFR_MILTER_CHECK
|
||||
# define SMFIP_TEST 0x80000000L
|
||||
#endif /* _FFR_MILTER_CHECK */
|
||||
#endif
|
||||
|
||||
#endif /* !_LIBMILTER_MFDEF_H */
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1999-2002 Proofpoint, Inc. and its suppliers.
|
||||
* Copyright (c) 1999-2002, 2018 Proofpoint, Inc. and its suppliers.
|
||||
* All rights reserved.
|
||||
*
|
||||
* By using this file, you agree to the terms and conditions set
|
||||
@ -18,13 +18,13 @@
|
||||
# include <sm/gen.h>
|
||||
# include <sm/errstring.h>
|
||||
|
||||
# ifdef NDBM
|
||||
# if NDBM
|
||||
# include <ndbm.h>
|
||||
# endif /* NDBM */
|
||||
# endif
|
||||
|
||||
# ifdef NEWDB
|
||||
# if NEWDB
|
||||
# include "sm/bdb.h"
|
||||
# endif /* NEWDB */
|
||||
# endif
|
||||
|
||||
/*
|
||||
** Some size constants
|
||||
@ -119,7 +119,6 @@ typedef int (*db_get_func) __P((SMDB_DATABASE *db,
|
||||
** flags -- put options:
|
||||
** SMDBF_NO_OVERWRITE - Return an error if key alread
|
||||
** exists.
|
||||
** SMDBF_ALLOW_DUP - Allow duplicates in btree maps.
|
||||
**
|
||||
** Returns:
|
||||
** 0 - Success, otherwise errno.
|
||||
@ -190,6 +189,7 @@ struct database_struct
|
||||
db_lockfd_func smdb_lockfd;
|
||||
void *smdb_impl;
|
||||
};
|
||||
|
||||
/*
|
||||
** DB_CURSOR_CLOSE -- Close a cursor
|
||||
**
|
||||
@ -244,10 +244,10 @@ typedef int (*db_cursor_get_func) __P((SMDB_CURSOR *cursor,
|
||||
** Flags for DB_CURSOR_GET
|
||||
*/
|
||||
|
||||
#define SMDB_CURSOR_GET_FIRST 0
|
||||
#define SMDB_CURSOR_GET_LAST 1
|
||||
#define SMDB_CURSOR_GET_FIRST 0 /* NOT USED by any application */
|
||||
#define SMDB_CURSOR_GET_LAST 1 /* NOT USED by any application */
|
||||
#define SMDB_CURSOR_GET_NEXT 2
|
||||
#define SMDB_CURSOR_GET_RANGE 3
|
||||
#define SMDB_CURSOR_GET_RANGE 3 /* NOT USED by any application */
|
||||
|
||||
/*
|
||||
** DB_CURSOR_PUT -- Put the key/value at this cursor.
|
||||
@ -313,12 +313,34 @@ typedef unsigned int SMDB_FLAG;
|
||||
|
||||
# define SMDB_TYPE_DEFAULT NULL
|
||||
# define SMDB_TYPE_DEFAULT_LEN 0
|
||||
# define SMDB_TYPE_IMPL "implicit"
|
||||
# define SMDB_TYPE_IMPL_LEN 9
|
||||
# define SMDB_TYPE_HASH "hash"
|
||||
# define SMDB_TYPE_HASH_LEN 5
|
||||
# define SMDB_TYPE_BTREE "btree"
|
||||
# define SMDB_TYPE_BTREE_LEN 6
|
||||
# define SMDB_TYPE_NDBM "dbm"
|
||||
# define SMDB_TYPE_NDBM_LEN 4
|
||||
# define SMDB_TYPE_CDB "cdb"
|
||||
# define SMDB_TYPE_CDB_LEN 4
|
||||
|
||||
# define SMDB_IS_TYPE_HASH(type) (strncmp(type, SMDB_TYPE_HASH, SMDB_TYPE_HASH_LEN) == 0)
|
||||
# define SMDB_IS_TYPE_BTREE(type) (strncmp(type, SMDB_TYPE_BTREE, SMDB_TYPE_BTREE_LEN) == 0)
|
||||
# define SMDB_IS_TYPE_NDBM(type) (strncmp(type, SMDB_TYPE_NDBM, SMDB_TYPE_NDBM_LEN) == 0)
|
||||
# define SMDB_IS_TYPE_CDB(type) (strncmp(type, SMDB_TYPE_CDB, SMDB_TYPE_CDB_LEN) == 0)
|
||||
|
||||
# define SMDB_IS_TYPE_DEFAULT(t) (((t) == SMDB_TYPE_DEFAULT) \
|
||||
|| (strncmp(type, SMDB_TYPE_IMPL, SMDB_TYPE_IMPL_LEN) == 0) \
|
||||
)
|
||||
|
||||
# if CDB >= 2
|
||||
# define SMCDB_FILE_EXTENSION "db"
|
||||
# else
|
||||
# define SMCDB_FILE_EXTENSION "cdb"
|
||||
# endif
|
||||
# define SMDB1_FILE_EXTENSION "db"
|
||||
# define SMDB2_FILE_EXTENSION "db"
|
||||
# define SMNDB_DIR_FILE_EXTENSION "dir"
|
||||
|
||||
/*
|
||||
** These are flags
|
||||
@ -326,26 +348,22 @@ typedef unsigned int SMDB_FLAG;
|
||||
|
||||
/* Flags for put */
|
||||
# define SMDBF_NO_OVERWRITE 0x00000001
|
||||
# define SMDBF_ALLOW_DUP 0x00000002
|
||||
|
||||
typedef int (smdb_open_func) __P((SMDB_DATABASE **, char *, int, int, long, SMDB_DBTYPE, SMDB_USER_INFO *, SMDB_DBPARAMS *));
|
||||
|
||||
extern SMDB_DATABASE *smdb_malloc_database __P((void));
|
||||
extern void smdb_free_database __P((SMDB_DATABASE *));
|
||||
extern int smdb_open_database __P((SMDB_DATABASE **, char *, int,
|
||||
int, long, SMDB_DBTYPE,
|
||||
SMDB_USER_INFO *,
|
||||
SMDB_DBPARAMS *));
|
||||
# ifdef NEWDB
|
||||
extern int smdb_db_open __P((SMDB_DATABASE **, char *, int, int,
|
||||
long, SMDB_DBTYPE, SMDB_USER_INFO *,
|
||||
SMDB_DBPARAMS *));
|
||||
# endif /* NEWDB */
|
||||
# ifdef NDBM
|
||||
extern int smdb_ndbm_open __P((SMDB_DATABASE **, char *, int, int,
|
||||
long, SMDB_DBTYPE,
|
||||
SMDB_USER_INFO *,
|
||||
SMDB_DBPARAMS *));
|
||||
# endif /* NDBM */
|
||||
extern smdb_open_func smdb_open_database;
|
||||
# if NEWDB
|
||||
extern smdb_open_func smdb_db_open;
|
||||
# else
|
||||
# define smdb_db_open NULL
|
||||
# endif
|
||||
# if NDBM
|
||||
extern smdb_open_func smdb_ndbm_open;
|
||||
# else
|
||||
# define smdb_ndbm_open NULL
|
||||
# endif
|
||||
extern int smdb_add_extension __P((char *, int, char *, char *));
|
||||
extern int smdb_setup_file __P((char *, char *, int, long,
|
||||
SMDB_USER_INFO *, struct stat *));
|
||||
@ -353,8 +371,15 @@ extern int smdb_lock_file __P((int *, char *, int, long, char *));
|
||||
extern int smdb_unlock_file __P((int));
|
||||
extern int smdb_filechanged __P((char *, char *, int,
|
||||
struct stat *));
|
||||
extern void smdb_print_available_types __P((void));
|
||||
extern void smdb_print_available_types __P((bool));
|
||||
extern bool smdb_is_db_type __P((const char *));
|
||||
extern char *smdb_db_definition __P((SMDB_DBTYPE));
|
||||
extern int smdb_lock_map __P((SMDB_DATABASE *, int));
|
||||
extern int smdb_unlock_map __P((SMDB_DATABASE *));
|
||||
|
||||
# if CDB
|
||||
extern smdb_open_func smdb_cdb_open;
|
||||
# else
|
||||
# define smdb_cdb_open NULL
|
||||
# endif
|
||||
#endif /* ! _SMDB_H_ */
|
||||
|
@ -19,34 +19,34 @@
|
||||
# ifndef _PATH_SENDMAILCF
|
||||
# if defined(USE_VENDOR_CF_PATH) && defined(_PATH_VENDOR_CF)
|
||||
# define _PATH_SENDMAILCF _PATH_VENDOR_CF
|
||||
# else /* defined(USE_VENDOR_CF_PATH) && defined(_PATH_VENDOR_CF) */
|
||||
# else
|
||||
# define _PATH_SENDMAILCF "/etc/mail/sendmail.cf"
|
||||
# endif /* defined(USE_VENDOR_CF_PATH) && defined(_PATH_VENDOR_CF) */
|
||||
# endif
|
||||
# endif /* ! _PATH_SENDMAILCF */
|
||||
|
||||
# ifndef _PATH_SENDMAILPID
|
||||
# ifdef BSD4_4
|
||||
# define _PATH_SENDMAILPID "/var/run/sendmail.pid"
|
||||
# else /* BSD4_4 */
|
||||
# else
|
||||
# define _PATH_SENDMAILPID "/etc/mail/sendmail.pid"
|
||||
# endif /* BSD4_4 */
|
||||
# endif
|
||||
# endif /* ! _PATH_SENDMAILPID */
|
||||
|
||||
# ifndef _PATH_SENDMAIL
|
||||
# define _PATH_SENDMAIL "/usr/lib/sendmail"
|
||||
# endif /* ! _PATH_SENDMAIL */
|
||||
# endif
|
||||
|
||||
# ifndef _PATH_MAILDIR
|
||||
# define _PATH_MAILDIR "/var/spool/mail"
|
||||
# endif /* ! _PATH_MAILDIR */
|
||||
# endif
|
||||
|
||||
# ifndef _PATH_LOCTMP
|
||||
# define _PATH_LOCTMP "/tmp/local.XXXXXX"
|
||||
# endif /* ! _PATH_LOCTMP */
|
||||
# endif
|
||||
|
||||
# ifndef _PATH_HOSTS
|
||||
# define _PATH_HOSTS "/etc/hosts"
|
||||
# endif /* ! _PATH_HOSTS */
|
||||
# endif
|
||||
|
||||
|
||||
|
||||
|
@ -29,7 +29,7 @@
|
||||
**********************************************************************/
|
||||
#ifndef MAXMAILERS
|
||||
# define MAXMAILERS 25 /* maximum mailers known to system */
|
||||
#endif /* ! MAXMAILERS */
|
||||
#endif
|
||||
|
||||
/*
|
||||
** Flags passed to safefile/safedirpath.
|
||||
|
@ -47,19 +47,19 @@ sm_abort __P((
|
||||
|
||||
# ifndef SM_CHECK_ALL
|
||||
# define SM_CHECK_ALL 1
|
||||
# endif /* ! SM_CHECK_ALL */
|
||||
# endif
|
||||
|
||||
# ifndef SM_CHECK_REQUIRE
|
||||
# define SM_CHECK_REQUIRE SM_CHECK_ALL
|
||||
# endif /* ! SM_CHECK_REQUIRE */
|
||||
# endif
|
||||
|
||||
# ifndef SM_CHECK_ENSURE
|
||||
# define SM_CHECK_ENSURE SM_CHECK_ALL
|
||||
# endif /* ! SM_CHECK_ENSURE */
|
||||
# endif
|
||||
|
||||
# ifndef SM_CHECK_ASSERT
|
||||
# define SM_CHECK_ASSERT SM_CHECK_ALL
|
||||
# endif /* ! SM_CHECK_ASSERT */
|
||||
# endif
|
||||
|
||||
# if SM_CHECK_REQUIRE
|
||||
# if defined(__STDC__) || defined(__cplusplus)
|
||||
|
@ -17,7 +17,7 @@
|
||||
# include <db.h>
|
||||
# ifndef DB_VERSION_MAJOR
|
||||
# define DB_VERSION_MAJOR 1
|
||||
# endif /* ! DB_VERSION_MAJOR */
|
||||
# endif
|
||||
|
||||
# if (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1) || DB_VERSION_MAJOR >= 5
|
||||
|
||||
|
@ -6,7 +6,7 @@
|
||||
* forth in the LICENSE file which can be found at the top level of
|
||||
* the sendmail distribution.
|
||||
*
|
||||
* $Id: cdefs.h,v 1.17 2013-11-22 20:51:31 ca Exp $
|
||||
* $Id: cdefs.h,v 1.17 2013/11/22 20:51:31 ca Exp $
|
||||
*/
|
||||
|
||||
/*
|
||||
@ -27,7 +27,7 @@
|
||||
|
||||
# if SM_CONF_SYS_CDEFS_H
|
||||
# include <sys/cdefs.h>
|
||||
# endif /* SM_CONF_SYS_CDEFS_H */
|
||||
# endif
|
||||
|
||||
/*
|
||||
** Define the standard C language portability macros
|
||||
@ -86,9 +86,9 @@
|
||||
# if __GNUC__ >= 2
|
||||
# if __GNUC__ == 2 && __GNUC_MINOR__ < 7
|
||||
# define SM_UNUSED(decl) decl
|
||||
# else /* __GNUC__ == 2 && __GNUC_MINOR__ < 7 */
|
||||
# else
|
||||
# define SM_UNUSED(decl) decl __attribute__((__unused__))
|
||||
# endif /* __GNUC__ == 2 && __GNUC_MINOR__ < 7 */
|
||||
# endif
|
||||
# else /* __GNUC__ >= 2 */
|
||||
# define SM_UNUSED(decl) decl
|
||||
# endif /* __GNUC__ >= 2 */
|
||||
@ -112,9 +112,9 @@
|
||||
|
||||
# ifdef SM_OMIT_BOGUS_WARNINGS
|
||||
# define SM_NONVOLATILE volatile
|
||||
# else /* SM_OMIT_BOGUS_WARNINGS */
|
||||
# else
|
||||
# define SM_NONVOLATILE
|
||||
# endif /* SM_OMIT_BOGUS_WARNINGS */
|
||||
# endif
|
||||
|
||||
/*
|
||||
** Turn on format string argument checking.
|
||||
@ -131,17 +131,17 @@
|
||||
# ifndef PRINTFLIKE
|
||||
# if SM_CONF_FORMAT_TEST
|
||||
# define PRINTFLIKE(x,y) __attribute__ ((__format__ (__printf__, x, y)))
|
||||
# else /* SM_CONF_FORMAT_TEST */
|
||||
# else
|
||||
# define PRINTFLIKE(x,y)
|
||||
# endif /* SM_CONF_FORMAT_TEST */
|
||||
# endif
|
||||
# endif /* ! PRINTFLIKE */
|
||||
|
||||
# ifndef SCANFLIKE
|
||||
# if SM_CONF_FORMAT_TEST
|
||||
# define SCANFLIKE(x,y) __attribute__ ((__format__ (__scanf__, x, y)))
|
||||
# else /* SM_CONF_FORMAT_TEST */
|
||||
# else
|
||||
# define SCANFLIKE(x,y)
|
||||
# endif /* SM_CONF_FORMAT_TEST */
|
||||
# endif
|
||||
# endif /* ! SCANFLIKE */
|
||||
|
||||
#endif /* ! SM_CDEFS_H */
|
||||
|
@ -22,7 +22,7 @@
|
||||
# include <sm/signal.h>
|
||||
# if SM_CONF_SETITIMER
|
||||
# include <sys/time.h>
|
||||
# endif /* SM_CONF_SETITIMER */
|
||||
# endif
|
||||
|
||||
/*
|
||||
** STRUCT SM_EVENT -- event queue.
|
||||
@ -37,9 +37,9 @@ struct sm_event
|
||||
{
|
||||
# if SM_CONF_SETITIMER
|
||||
struct timeval ev_time; /* time of the call (microseconds) */
|
||||
# else /* SM_CONF_SETITIMER */
|
||||
# else
|
||||
time_t ev_time; /* time of the call (seconds) */
|
||||
# endif /* SM_CONF_SETITIMER */
|
||||
# endif
|
||||
void (*ev_func)__P((int));
|
||||
/* function to call */
|
||||
int ev_arg; /* argument to ev_func */
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -31,9 +31,9 @@
|
||||
# ifndef SM_CONF_STDBOOL_H
|
||||
# if !defined(__clang__) && defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L
|
||||
# define SM_CONF_STDBOOL_H 1
|
||||
# else /* !defined(__clang__) && defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L */
|
||||
# else
|
||||
# define SM_CONF_STDBOOL_H 0
|
||||
# endif /* !defined(__clang__) && defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L */
|
||||
# endif
|
||||
# endif /* ! SM_CONF_STDBOOL_H */
|
||||
|
||||
/*
|
||||
@ -42,7 +42,7 @@
|
||||
|
||||
# ifndef SM_CONF_SYS_CDEFS_H
|
||||
# define SM_CONF_SYS_CDEFS_H 0
|
||||
# endif /* ! SM_CONF_SYS_CDEFS_H */
|
||||
# endif
|
||||
|
||||
/*
|
||||
** SM_CONF_STDDEF_H is 1 if <stddef.h> exists
|
||||
@ -50,7 +50,7 @@
|
||||
|
||||
# ifndef SM_CONF_STDDEF_H
|
||||
# define SM_CONF_STDDEF_H 1
|
||||
# endif /* ! SM_CONF_STDDEF_H */
|
||||
# endif
|
||||
|
||||
/*
|
||||
** Configuration macro that specifies whether strlcpy/strlcat are available.
|
||||
@ -60,7 +60,7 @@
|
||||
|
||||
# ifndef SM_CONF_STRL
|
||||
# define SM_CONF_STRL 0
|
||||
# endif /* ! SM_CONF_STRL */
|
||||
# endif
|
||||
|
||||
/*
|
||||
** Configuration macro indicating that setitimer is available
|
||||
@ -68,7 +68,7 @@
|
||||
|
||||
# ifndef SM_CONF_SETITIMER
|
||||
# define SM_CONF_SETITIMER 1
|
||||
# endif /* ! SM_CONF_SETITIMER */
|
||||
# endif
|
||||
|
||||
/*
|
||||
** Does <sys/types.h> define uid_t and gid_t?
|
||||
@ -76,14 +76,14 @@
|
||||
|
||||
# ifndef SM_CONF_UID_GID
|
||||
# define SM_CONF_UID_GID 1
|
||||
# endif /* ! SM_CONF_UID_GID */
|
||||
# endif
|
||||
|
||||
/*
|
||||
** Does <sys/types.h> define ssize_t?
|
||||
*/
|
||||
# ifndef SM_CONF_SSIZE_T
|
||||
# define SM_CONF_SSIZE_T 1
|
||||
# endif /* ! SM_CONF_SSIZE_T */
|
||||
# endif
|
||||
|
||||
/*
|
||||
** Does the C compiler support long long?
|
||||
@ -95,9 +95,9 @@
|
||||
# else /* defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L */
|
||||
# if defined(__GNUC__)
|
||||
# define SM_CONF_LONGLONG 1
|
||||
# else /* defined(__GNUC__) */
|
||||
# else
|
||||
# define SM_CONF_LONGLONG 0
|
||||
# endif /* defined(__GNUC__) */
|
||||
# endif
|
||||
# endif /* defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L */
|
||||
# endif /* ! SM_CONF_LONGLONG */
|
||||
|
||||
@ -108,7 +108,7 @@
|
||||
|
||||
# ifndef SM_CONF_QUAD_T
|
||||
# define SM_CONF_QUAD_T 0
|
||||
# endif /* ! SM_CONF_QUAD_T */
|
||||
# endif
|
||||
|
||||
/*
|
||||
** Configuration macro indicating that shared memory is available
|
||||
@ -116,7 +116,7 @@
|
||||
|
||||
# ifndef SM_CONF_SHM
|
||||
# define SM_CONF_SHM 0
|
||||
# endif /* ! SM_CONF_SHM */
|
||||
# endif
|
||||
|
||||
/*
|
||||
** Does <setjmp.h> define sigsetjmp?
|
||||
@ -124,7 +124,7 @@
|
||||
|
||||
# ifndef SM_CONF_SIGSETJMP
|
||||
# define SM_CONF_SIGSETJMP 1
|
||||
# endif /* ! SM_CONF_SIGSETJMP */
|
||||
# endif
|
||||
|
||||
/*
|
||||
** Does <sysexits.h> exist, and define the EX_* macros with values
|
||||
@ -133,17 +133,17 @@
|
||||
|
||||
# ifndef SM_CONF_SYSEXITS_H
|
||||
# define SM_CONF_SYSEXITS_H 0
|
||||
# endif /* ! SM_CONF_SYSEXITS_H */
|
||||
# endif
|
||||
|
||||
/* has memchr() prototype? (if not: needs memory.h) */
|
||||
# ifndef SM_CONF_MEMCHR
|
||||
# define SM_CONF_MEMCHR 1
|
||||
# endif /* ! SM_CONF_MEMCHR */
|
||||
# endif
|
||||
|
||||
/* try LLONG tests in libsm/t-types.c? */
|
||||
# ifndef SM_CONF_TEST_LLONG
|
||||
# define SM_CONF_TEST_LLONG 1
|
||||
# endif /* !SM_CONF_TEST_LLONG */
|
||||
# endif
|
||||
|
||||
/* LDAP Checks */
|
||||
# if LDAPMAP
|
||||
@ -161,9 +161,9 @@
|
||||
|
||||
# if USING_NETSCAPE_LDAP || LDAP_API_VERSION >= 2004
|
||||
# define SM_CONF_LDAP_MEMFREE 1
|
||||
# else /* USING_NETSCAPE_LDAP || LDAP_API_VERSION >= 2004 */
|
||||
# else
|
||||
# define SM_CONF_LDAP_MEMFREE 0
|
||||
# endif /* USING_NETSCAPE_LDAP || LDAP_API_VERSION >= 2004 */
|
||||
# endif
|
||||
# endif /* ! SM_CONF_LDAP_MEMFREE */
|
||||
|
||||
/* Does the LDAP library have ldap_initialize()? */
|
||||
@ -177,13 +177,13 @@
|
||||
/* OpenLDAP does it with LDAP_OPT_URI */
|
||||
# ifdef LDAP_OPT_URI
|
||||
# define SM_CONF_LDAP_INITIALIZE 1
|
||||
# endif /* LDAP_OPT_URI */
|
||||
# endif
|
||||
# endif /* !SM_CONF_LDAP_INITIALIZE */
|
||||
# endif /* LDAPMAP */
|
||||
|
||||
/* don't use strcpy() */
|
||||
# ifndef DO_NOT_USE_STRCPY
|
||||
# define DO_NOT_USE_STRCPY 1
|
||||
# endif /* ! DO_NOT_USE_STRCPY */
|
||||
# endif
|
||||
|
||||
#endif /* ! SM_CONFIG_H */
|
||||
|
@ -94,7 +94,7 @@ struct sm_debug
|
||||
|
||||
# ifndef SM_DEBUG_CHECK
|
||||
# define SM_DEBUG_CHECK 1
|
||||
# endif /* ! SM_DEBUG_CHECK */
|
||||
# endif
|
||||
|
||||
# if SM_DEBUG_CHECK
|
||||
/*
|
||||
|
@ -18,12 +18,12 @@
|
||||
|
||||
#if defined(__QNX__)
|
||||
# define E_PSEUDOBASE 512
|
||||
#endif /* defined(__QNX__) */
|
||||
#endif
|
||||
|
||||
#include <errno.h>
|
||||
#if NEEDINTERRNO
|
||||
extern int errno;
|
||||
#endif /* NEEDINTERRNO */
|
||||
#endif
|
||||
|
||||
/*
|
||||
** These are used in a few cases where we need some special
|
||||
@ -33,7 +33,7 @@ extern int errno;
|
||||
|
||||
#ifndef E_PSEUDOBASE
|
||||
# define E_PSEUDOBASE 256
|
||||
#endif /* ! E_PSEUDOBASE */
|
||||
#endif
|
||||
|
||||
#define E_SM_OPENTIMEOUT (E_PSEUDOBASE + 0) /* Timeout on file open */
|
||||
#define E_SM_NOSLINK (E_PSEUDOBASE + 1) /* Symbolic links not allowed */
|
||||
@ -88,7 +88,6 @@ extern int errno;
|
||||
#define SMDBE_OLD_VERSION (E_SMDBBASE + 23)
|
||||
#define SMDBE_VERSION_MISMATCH (E_SMDBBASE + 24)
|
||||
|
||||
extern const char *sm_errstring __P((int _errno));
|
||||
|
||||
extern const char *sm_errstring __P((int _errnum));
|
||||
|
||||
#endif /* SM_ERRSTRING_H */
|
||||
|
@ -43,7 +43,7 @@
|
||||
# else /* SM_CONF_STDDEF_H */
|
||||
# ifndef NULL
|
||||
# define NULL 0
|
||||
# endif /* ! NULL */
|
||||
# endif
|
||||
# define offsetof(type, member) ((size_t)(&((type *)0)->member))
|
||||
# endif /* SM_CONF_STDDEF_H */
|
||||
|
||||
|
@ -25,7 +25,7 @@
|
||||
/* change default to 0 for production? */
|
||||
# ifndef SM_HEAP_CHECK
|
||||
# define SM_HEAP_CHECK 1
|
||||
# endif /* ! SM_HEAP_CHECK */
|
||||
# endif
|
||||
|
||||
# if SM_HEAP_CHECK
|
||||
# define sm_malloc_x(sz) sm_malloc_tagged_x(sz, __FILE__, __LINE__, SmHeapGroup)
|
||||
|
@ -53,7 +53,7 @@
|
||||
#define SM_IO_WHAT_MODE 1
|
||||
#define SM_IO_WHAT_VECTORS 2
|
||||
#define SM_IO_WHAT_FD 3
|
||||
#define SM_IO_WHAT_TYPE 4
|
||||
/* was WHAT_TYPE 4 unused */
|
||||
#define SM_IO_WHAT_ISTYPE 5
|
||||
#define SM_IO_IS_READABLE 6
|
||||
#define SM_IO_WHAT_TIMEOUT 7
|
||||
@ -342,7 +342,7 @@ __END_DECLS
|
||||
__BEGIN_DECLS
|
||||
int sm_rget __P((SM_FILE_T *, int));
|
||||
int sm_vfscanf __P((SM_FILE_T *, int SM_NONVOLATILE, const char *,
|
||||
va_list SM_NONVOLATILE));
|
||||
va_list));
|
||||
int sm_wbuf __P((SM_FILE_T *, int, int));
|
||||
__END_DECLS
|
||||
|
||||
@ -383,7 +383,7 @@ __END_DECLS
|
||||
# ifndef _POSIX_SOURCE
|
||||
# define sm_io_getc(fp, t) sm_getc(fp, t)
|
||||
# define sm_io_putc(fp, t, x) sm_putc(fp, t, x)
|
||||
# endif /* _POSIX_SOURCE */
|
||||
# endif
|
||||
#endif /* lint */
|
||||
|
||||
#endif /* SM_IO_H */
|
||||
|
@ -22,13 +22,13 @@
|
||||
|
||||
# ifndef LDAPMAP_MAX_ATTR
|
||||
# define LDAPMAP_MAX_ATTR 64
|
||||
# endif /* ! LDAPMAP_MAX_ATTR */
|
||||
# endif
|
||||
# ifndef LDAPMAP_MAX_FILTER
|
||||
# define LDAPMAP_MAX_FILTER 1024
|
||||
# endif /* ! LDAPMAP_MAX_FILTER */
|
||||
# endif
|
||||
# ifndef LDAPMAP_MAX_PASSWD
|
||||
# define LDAPMAP_MAX_PASSWD 256
|
||||
# endif /* ! LDAPMAP_MAX_PASSWD */
|
||||
# endif
|
||||
|
||||
# if LDAPMAP
|
||||
|
||||
@ -91,9 +91,12 @@ struct sm_ldap_struct
|
||||
/* ldapmap_lookup options */
|
||||
char ldap_attrsep;
|
||||
|
||||
# if _FFR_LDAP_NETWORK_TIMEOUT
|
||||
# if LDAP_NETWORK_TIMEOUT
|
||||
int ldap_networktmo;
|
||||
# endif /* _FFR_LDAP_NETWORK_TIMEOUT */
|
||||
# endif
|
||||
# if _FFR_SM_LDAP_DBG
|
||||
int ldap_debug;
|
||||
# endif
|
||||
|
||||
/* Linked list of maps sharing the same LDAP binding */
|
||||
void *ldap_next;
|
||||
@ -135,7 +138,7 @@ extern void sm_ldap_close __P((SM_LDAP_STRUCT *));
|
||||
/* Portability defines */
|
||||
# if !SM_CONF_LDAP_MEMFREE
|
||||
# define ldap_memfree(x) ((void) 0)
|
||||
# endif /* !SM_CONF_LDAP_MEMFREE */
|
||||
# endif
|
||||
|
||||
# endif /* LDAPMAP */
|
||||
#endif /* ! SM_LDAP_H */
|
||||
|
@ -31,13 +31,13 @@
|
||||
|
||||
# ifndef LLONG_MIN
|
||||
# define LLONG_MIN ((LONGLONG_T)(~(ULLONG_MAX >> 1)))
|
||||
# endif /* ! LLONG_MIN */
|
||||
# endif
|
||||
# ifndef LLONG_MAX
|
||||
# define LLONG_MAX ((LONGLONG_T)(ULLONG_MAX >> 1))
|
||||
# endif /* ! LLONG_MAX */
|
||||
# endif
|
||||
# ifndef ULLONG_MAX
|
||||
# define ULLONG_MAX ((ULONGLONG_T)(-1))
|
||||
# endif /* ! ULLONG_MAX */
|
||||
# endif
|
||||
|
||||
/*
|
||||
** PATH_MAX is defined by the POSIX standard. All modern systems
|
||||
@ -47,9 +47,9 @@
|
||||
# ifndef PATH_MAX
|
||||
# ifdef MAXPATHLEN
|
||||
# define PATH_MAX MAXPATHLEN
|
||||
# else /* MAXPATHLEN */
|
||||
# else
|
||||
# define PATH_MAX 2048
|
||||
# endif /* MAXPATHLEN */
|
||||
# endif
|
||||
# endif /* ! PATH_MAX */
|
||||
|
||||
#endif /* ! SM_LIMITS_H */
|
||||
|
19
contrib/sendmail/include/sm/notify.h
Normal file
19
contrib/sendmail/include/sm/notify.h
Normal file
@ -0,0 +1,19 @@
|
||||
/*
|
||||
* Copyright (c) 2016 Proofpoint, Inc. and its suppliers.
|
||||
* All rights reserved.
|
||||
*
|
||||
* By using this file, you agree to the terms and conditions set
|
||||
* forth in the LICENSE file which can be found at the top level of
|
||||
* the sendmail distribution.
|
||||
*/
|
||||
|
||||
#ifndef SM_NOTIFY_H
|
||||
#define SM_NOTIFY_H
|
||||
|
||||
int sm_notify_init __P((int));
|
||||
int sm_notify_start __P((bool, int));
|
||||
int sm_notify_stop __P((bool, int));
|
||||
int sm_notify_rcv __P((char *, size_t, int));
|
||||
int sm_notify_snd __P((char *, size_t));
|
||||
|
||||
#endif /* ! SM_MSG_H */
|
@ -1,12 +1,10 @@
|
||||
/*
|
||||
* Copyright (c) 2000-2001 Proofpoint, Inc. and its suppliers.
|
||||
* Copyright (c) 2000-2001, 2018 Proofpoint, Inc. and its suppliers.
|
||||
* All rights reserved.
|
||||
*
|
||||
* By using this file, you agree to the terms and conditions set
|
||||
* forth in the LICENSE file which can be found at the top level of
|
||||
* the sendmail distribution.
|
||||
*
|
||||
* $Id: sm_os_freebsd.h,v 1.12 2013-11-22 20:51:34 ca Exp $
|
||||
*/
|
||||
|
||||
/*
|
||||
@ -32,10 +30,14 @@
|
||||
|
||||
#ifndef SM_CONF_SHM
|
||||
# define SM_CONF_SHM 1
|
||||
#endif /* SM_CONF_SHM */
|
||||
#endif
|
||||
#ifndef SM_CONF_SEM
|
||||
# define SM_CONF_SEM 2
|
||||
#endif /* SM_CONF_SEM */
|
||||
# if __FreeBSD__ > 11
|
||||
# define SM_CONF_SEM 2 /* union semun is now longer available by default */
|
||||
# else
|
||||
# define SM_CONF_SEM 1
|
||||
# endif
|
||||
#endif
|
||||
#ifndef SM_CONF_MSG
|
||||
# define SM_CONF_MSG 1
|
||||
#endif /* SM_CONF_MSG */
|
||||
#endif
|
||||
|
@ -123,7 +123,7 @@ typedef struct
|
||||
#if _FFR_PERF_RPOOL
|
||||
int sm_nbigblocks;
|
||||
int sm_npools;
|
||||
#endif /* _FFR_PERF_RPOOL */
|
||||
#endif
|
||||
|
||||
} SM_RPOOL_T;
|
||||
|
||||
@ -167,10 +167,10 @@ sm_rpool_malloc __P((
|
||||
|
||||
#if DO_NOT_USE_STRCPY
|
||||
extern char *sm_rpool_strdup_x __P((SM_RPOOL_T *rpool, const char *s));
|
||||
#else /* DO_NOT_USE_STRCPY */
|
||||
#else
|
||||
# define sm_rpool_strdup_x(rpool, str) \
|
||||
strcpy(sm_rpool_malloc_x(rpool, strlen(str) + 1), str)
|
||||
#endif /* DO_NOT_USE_STRCPY */
|
||||
#endif
|
||||
|
||||
extern SM_RPOOL_ATTACH_T
|
||||
sm_rpool_attach_x __P((
|
||||
|
@ -35,10 +35,10 @@ union semun
|
||||
|
||||
# ifndef SEM_A
|
||||
# define SEM_A 0200
|
||||
# endif /* SEM_A */
|
||||
# endif
|
||||
# ifndef SEM_R
|
||||
# define SEM_R 0400
|
||||
# endif /* SEM_R */
|
||||
# endif
|
||||
|
||||
# define SM_NSEM 1
|
||||
|
||||
|
@ -34,10 +34,10 @@ extern int sm_shmsetowner __P((int, uid_t, gid_t, mode_t));
|
||||
/* for those braindead systems... (e.g., SunOS 4) */
|
||||
# ifndef SHM_R
|
||||
# define SHM_R 0400
|
||||
# endif /* SHM_R */
|
||||
# endif
|
||||
# ifndef SHM_W
|
||||
# define SHM_W 0200
|
||||
# endif /* SHM_W */
|
||||
# endif
|
||||
|
||||
# endif /* SM_CONF_SHM */
|
||||
#endif /* ! SM_SHM_H */
|
||||
|
@ -30,7 +30,7 @@ extern bool
|
||||
sm_match __P((const char *_str, const char *_pattern));
|
||||
|
||||
extern char *
|
||||
sm_strdup __P((char *));
|
||||
sm_strdup __P((const char *));
|
||||
|
||||
extern char *
|
||||
sm_strndup_x __P((const char *_str, size_t _len));
|
||||
@ -87,7 +87,7 @@ sm_strlcpyn __P((char *,
|
||||
# if !HASSTRERROR
|
||||
extern char *
|
||||
strerror __P((int _errno));
|
||||
# endif /* !HASSTRERROR */
|
||||
# endif
|
||||
|
||||
extern int
|
||||
sm_strrevcmp __P((const char *, const char *));
|
||||
@ -109,5 +109,7 @@ sm_strtoull __P((const char *, char**, int));
|
||||
|
||||
extern void
|
||||
stripquotes __P((char *));
|
||||
extern void
|
||||
unfoldstripquotes __P((char *));
|
||||
|
||||
#endif /* SM_STRING_H */
|
||||
|
@ -20,9 +20,9 @@
|
||||
|
||||
# if defined(__STDC__) || defined(__cplusplus)
|
||||
# define SM_TEST(cond) sm_test(cond, #cond, __FILE__, __LINE__)
|
||||
# else /* defined(__STDC__) || defined(__cplusplus) */
|
||||
# else
|
||||
# define SM_TEST(cond) sm_test(cond, "cond", __FILE__, __LINE__)
|
||||
# endif /* defined(__STDC__) || defined(__cplusplus) */
|
||||
# endif
|
||||
|
||||
extern int SmTestIndex;
|
||||
extern int SmTestNumErrors;
|
||||
|
@ -38,11 +38,11 @@
|
||||
# if !SM_CONF_UID_GID
|
||||
# define uid_t int
|
||||
# define gid_t int
|
||||
# endif /* !SM_CONF_UID_GID */
|
||||
# endif
|
||||
|
||||
# if !SM_CONF_SSIZE_T
|
||||
# define ssize_t int
|
||||
# endif /* !SM_CONF_SSIZE_T */
|
||||
# endif
|
||||
|
||||
/*
|
||||
** Define LONGLONG_T and ULONGLONG_T, which are portable locutions
|
||||
|
@ -32,6 +32,11 @@
|
||||
# define SM_VA_COPY(dst, src) __va_copy((dst), (src))
|
||||
# else
|
||||
# define SM_VA_COPY(dst, src) memcpy(&(dst), &(src), sizeof((dst)))
|
||||
# define SM_VA_END_COPY(ap) do { } while (0)
|
||||
# endif
|
||||
|
||||
# ifndef SM_VA_END_COPY
|
||||
# define SM_VA_END_COPY(ap) va_end(ap)
|
||||
# endif
|
||||
|
||||
/*
|
||||
|
@ -25,9 +25,9 @@ extern SM_DEBUG_T SmXtrapReport;
|
||||
|
||||
# if SM_DEBUG_CHECK
|
||||
# define sm_xtrap_check() (++SmXtrapCount == sm_debug_level(&SmXtrapDebug))
|
||||
# else /* SM_DEBUG_CHECK */
|
||||
# else
|
||||
# define sm_xtrap_check() (0)
|
||||
# endif /* SM_DEBUG_CHECK */
|
||||
# endif
|
||||
|
||||
# define sm_xtrap_raise_x(exc) \
|
||||
if (sm_xtrap_check()) \
|
||||
|
@ -6,10 +6,10 @@ OPTIONS= $(CONFIG) $(FLAGS)
|
||||
|
||||
all: FRC
|
||||
$(SHELL) $(BUILD) $(OPTIONS) $@
|
||||
check: FRC
|
||||
$(SHELL) $(BUILD) $(OPTIONS) $@
|
||||
clean: FRC
|
||||
$(SHELL) $(BUILD) $(OPTIONS) $@
|
||||
check: FRC
|
||||
$(SHELL) $(BUILD) $(OPTIONS) $@
|
||||
install: FRC
|
||||
$(SHELL) $(BUILD) $(OPTIONS) $@
|
||||
|
||||
|
@ -207,28 +207,19 @@ libmilter requires pthread support in the operating system. Moreover, it
|
||||
requires that the library functions it uses are thread safe; which is true
|
||||
for the operating systems libmilter has been developed and tested on. On
|
||||
some operating systems this requires special compile time options (e.g.,
|
||||
not just -pthread). libmilter is currently known to work on (modulo problems
|
||||
in the pthread support of some specific versions):
|
||||
|
||||
FreeBSD 3.x, 4.x
|
||||
SunOS 5.x (x >= 5)
|
||||
AIX 4.3.x
|
||||
HP UX 11.x
|
||||
Linux (recent versions/distributions)
|
||||
|
||||
libmilter is currently not supported on:
|
||||
not just -pthread).
|
||||
|
||||
So far, libmilter is not supported on:
|
||||
IRIX 6.x
|
||||
Ultrix
|
||||
|
||||
Feedback about problems (and possible fixes) is welcome.
|
||||
|
||||
|
||||
+--------------------------+
|
||||
| SOURCE FOR SAMPLE FILTER |
|
||||
+--------------------------+
|
||||
|
||||
Note that the filter example.c may not be thread safe on some operating
|
||||
systems. You should check your system man pages for the functions used
|
||||
below to verify the functions are thread safe.
|
||||
|
||||
$Revision: 8.42 $, Last updated $Date: 2006-06-29 17:10:16 $
|
||||
to verify they are thread safe.
|
||||
|
@ -139,9 +139,9 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name)
|
||||
}
|
||||
#if _FFR_ADD_NULL
|
||||
buf = malloc(expl + 1);
|
||||
#else /* _FFR_ADD_NULL */
|
||||
#else
|
||||
buf = malloc(expl);
|
||||
#endif /* _FFR_ADD_NULL */
|
||||
#endif
|
||||
if (buf == NULL)
|
||||
{
|
||||
*cmd = SMFIC_MALLOC;
|
||||
@ -194,7 +194,7 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name)
|
||||
#if _FFR_ADD_NULL
|
||||
/* makes life simpler for common string routines */
|
||||
buf[expl] = '\0';
|
||||
#endif /* _FFR_ADD_NULL */
|
||||
#endif
|
||||
return buf;
|
||||
}
|
||||
i += len;
|
||||
|
@ -26,8 +26,9 @@ Each function will return either MI_SUCCESS or MI_FAILURE to
|
||||
indicate the status of the operation.
|
||||
|
||||
<P>
|
||||
None of these functions communicate with the MTA. All alter the
|
||||
library's state, some of which is communicated to the MTA inside
|
||||
None of these functions communicate with the MTA.
|
||||
All alter the library's state, some of which
|
||||
is communicated to the MTA inside
|
||||
<A HREF="smfi_main.html">smfi_main</A>.
|
||||
|
||||
<P>
|
||||
@ -80,26 +81,31 @@ The following functions change a message's contents and attributes.
|
||||
<EM>They may only be called in <A HREF="xxfi_eom.html">xxfi_eom</A></EM>.
|
||||
All of these functions may invoke additional communication with the MTA.
|
||||
They will return either MI_SUCCESS or MI_FAILURE to indicate the status of
|
||||
the operation. Message data (senders, recipients, headers, body chunks)
|
||||
the operation.
|
||||
Message data (senders, recipients, headers, body chunks)
|
||||
passed to these functions via parameters is copied and does not need to be
|
||||
preserved (i.e., allocated memory can be freed).
|
||||
|
||||
<P>
|
||||
A filter must have set the appropriate flag (listed below) in the
|
||||
description passed to <A HREF="smfi_register.html">smfi_register</A>
|
||||
to call any message modification function. Failure to do so will
|
||||
cause the MTA to treat a call to the function as a failure of the
|
||||
filter, terminating its connection.
|
||||
A filter which might call a message modification function
|
||||
must set the appropriate flag
|
||||
(<A HREF="#SMFIF">listed below</A>),
|
||||
either
|
||||
in the description passed to <A HREF="smfi_register.html">smfi_register</A>
|
||||
or via <A HREF="xxfi_negotiate.html">xxfi_negotiate</A>.
|
||||
Failure to do so will cause the MTA to treat a call to the function
|
||||
as a failure of the filter, terminating its connection.
|
||||
|
||||
<P>
|
||||
Note that the status returned indicates only whether or not the
|
||||
filter's message was successfully sent to the MTA, not whether or not
|
||||
the MTA performed the requested operation. For example,
|
||||
the MTA performed the requested operation.
|
||||
For example,
|
||||
<A HREF="smfi_addheader.html">smfi_addheader</A>, when called with an
|
||||
illegal header name, will return MI_SUCCESS even though the MTA may
|
||||
later refuse to add the illegal header.
|
||||
<P>
|
||||
<TABLE BORDER="1" CELLSPACING=0 CELLPADDING=2><TR BGCOLOR="#dddddd"><TH>Function</TH><TH>Description</TH><TH>SMFIF_* flag</TR>
|
||||
<TABLE BORDER="1" CELLSPACING=0 CELLPADDING=2><TR BGCOLOR="#dddddd"><TH>Function</TH><TH>Description</TH><TH><A NAME="SMFIF">SMFIF_* flag</A></TH></TR>
|
||||
<TR><TD><A HREF="smfi_addheader.html">smfi_addheader</A></TD><TD>Add a header to
|
||||
the message.</TD><TD>SMFIF_ADDHDRS</TD></TR>
|
||||
|
||||
@ -180,27 +186,30 @@ which are registered via <A HREF="smfi_register.html">smfi_register</A>:
|
||||
|
||||
<TR><TD><A HREF="xxfi_close.html">xxfi_close</A></TD><TD>connection cleanup</TD></TR>
|
||||
|
||||
<TR><TD><A HREF="xxfi_negotiate.html">xxfi_negotiate</A></TD><TD>option negotiattion</TD></TR>
|
||||
<TR><TD><A HREF="xxfi_negotiate.html">xxfi_negotiate</A></TD><TD>option negotiation</TD></TR>
|
||||
|
||||
</TABLE>
|
||||
|
||||
<P>
|
||||
The above callbacks should all return one of the following return values,
|
||||
having the indicated meanings. Any return other than one of the below
|
||||
values constitutes an error, and will cause sendmail to terminate its
|
||||
connection to the offending filter.
|
||||
having the indicated meanings.
|
||||
Any return other than one of the below values constitutes an error,
|
||||
and will cause sendmail to terminate its connection to the offending filter.
|
||||
|
||||
<P><A NAME="conn-spec">Milter</A> distinguishes between recipient-,
|
||||
message-, and connection-oriented routines. Recipient-oriented
|
||||
callbacks may affect the processing of a single message recipient;
|
||||
message-oriented callbacks, a single message; connection-oriented
|
||||
callbacks, an entire connection (during which multiple messages may be
|
||||
delivered to multiple sets of recipients).
|
||||
message-, and connection-oriented routines.
|
||||
Recipient-oriented callbacks may affect the processing
|
||||
of a single message recipient;
|
||||
message-oriented callbacks, a single message;
|
||||
connection-oriented callbacks, an entire connection
|
||||
(during which multiple messages may be delivered
|
||||
to multiple sets of recipients).
|
||||
<A HREF="xxfi_envrcpt.html">xxfi_envrcpt</A> is recipient-oriented.
|
||||
<A HREF="xxfi_negotiate.html">xxfi_negotiate</A>,
|
||||
<A HREF="xxfi_connect.html">xxfi_connect</A>,
|
||||
<A HREF="xxfi_helo.html">xxfi_helo</A> and
|
||||
<A HREF="xxfi_close.html">xxfi_close</A> are connection-oriented. All
|
||||
other callbacks are message-oriented.
|
||||
<A HREF="xxfi_close.html">xxfi_close</A> are connection-oriented.
|
||||
All other callbacks are message-oriented.
|
||||
|
||||
<P>
|
||||
<TABLE BORDER="1" CELLSPACING=0 CELLPADDING=2>
|
||||
@ -233,8 +242,8 @@ other callbacks are message-oriented.
|
||||
<TR valign="top">
|
||||
<TD>SMFIS_TEMPFAIL</TD>
|
||||
<TD>Return a temporary failure, i.e., the corresponding SMTP command will return an appropriate 4xx status code.
|
||||
For a message-oriented routine (except <A HREF="xxfi_envfrom.html">xxfi_envfrom</A>), fail for this message. <BR>
|
||||
For a connection-oriented routine, fail for this connection; call <A HREF="xxfi_close.html">xxfi_close</A>. <BR>
|
||||
For a message-oriented routine (except <A HREF="xxfi_envfrom.html">xxfi_envfrom</A>), fail for this message.<BR>
|
||||
For a connection-oriented routine, fail for this connection; call <A HREF="xxfi_close.html">xxfi_close</A>.<BR>
|
||||
For a recipient-oriented routine, only fail for the current recipient; continue message processing.
|
||||
</TD>
|
||||
</TR>
|
||||
|
@ -31,11 +31,15 @@ administrator to combine multiple independently-developed filters.
|
||||
<P>
|
||||
We expect to see both vendor-supplied, configurable mail filtering
|
||||
applications and a multiplicity of script-like filters designed by and
|
||||
for MTA administrators. A certain degree of coding sophistication and
|
||||
domain knowledge on the part of the filter provider is assumed. This
|
||||
allows filters to exercise fine-grained control at the SMTP level.
|
||||
for MTA administrators.
|
||||
A certain degree of coding sophistication and
|
||||
domain knowledge on the part of the filter provider is assumed.
|
||||
This allows filters to exercise fine-grained control at the SMTP level.
|
||||
However, as will be seen in the example, many filtering applications
|
||||
can be written with relatively little protocol knowledge.
|
||||
can be written with relatively little protocol knowledge,
|
||||
but a basic understanding (e.g., as documented in RFC 5321:
|
||||
<EM>The dialog is purposely lock-step, one-at-a-time</EM>)
|
||||
is necessary.
|
||||
|
||||
<P>
|
||||
Given these expectations, the API is designed to achieve the following
|
||||
|
@ -71,7 +71,7 @@ connection.
|
||||
The MTA will try to contact the filter again on each new connection.
|
||||
|
||||
<P>
|
||||
There are three fields inside of the <CODE>T=</CODE> equate: S, R, and E.
|
||||
There are four fields inside of the <CODE>T=</CODE> equate: C, S, R, and E.
|
||||
Note the separator between each is a ";" (semicolon), as ","
|
||||
(comma) already separates equates.
|
||||
The value of each field is a decimal number followed by a single letter
|
||||
|
@ -59,6 +59,8 @@ returns to <CODE>MESSAGE</CODE>.
|
||||
<PRE>
|
||||
For each of N connections
|
||||
{
|
||||
For each filter
|
||||
egotiate MTA/milter capabilities/requirements (<A HREF="xxfi_negotiate.html">xxfi_negotiate</A>)
|
||||
For each filter
|
||||
process connection (<A HREF="xxfi_connect.html">xxfi_connect</A>)
|
||||
For each filter
|
||||
@ -203,11 +205,21 @@ communication with the MTA happens.
|
||||
Filters are not terminated asynchronously
|
||||
(except by signals that can't be caught).
|
||||
In the case of <TT>Abort</TT> the
|
||||
<A HREF="xxfi_abort.html">xxfi_abort</A> callback is invoked.
|
||||
<A HREF="xxfi_abort.html">xxfi_abort</A> callback is usually invoked
|
||||
if there is an active transaction.
|
||||
However, if an invoked callback takes too long to execute
|
||||
(the maximum time <TT>Abort</TT> waits is currently 5s)
|
||||
<!-- XREF: MI_CHK_TIME -->
|
||||
then the filter is simply terminated, i.e.,
|
||||
neither the
|
||||
<A HREF="xxfi_abort.html">xxfi_abort</A> callback
|
||||
nor the
|
||||
<A HREF="xxfi_close.html">xxfi_close</A> callback
|
||||
is invoked.
|
||||
|
||||
<HR size="1">
|
||||
<FONT size="-1">
|
||||
Copyright (c) 2000, 2001, 2003, 2006 Proofpoint, Inc. and its suppliers.
|
||||
Copyright (c) 2000, 2001, 2003, 2006, 2018 Proofpoint, Inc. and its suppliers.
|
||||
All rights reserved.
|
||||
<BR>
|
||||
By using this file, you agree to the terms and conditions set
|
||||
|
@ -187,7 +187,7 @@ sfsistat
|
||||
++argc;
|
||||
|
||||
/* log this recipient */
|
||||
if (reject != NULL && rcptaddr != NULL &&
|
||||
if (reject != NULL && rcptaddr != NULL &&
|
||||
(strcasecmp(rcptaddr, reject) == 0))
|
||||
{
|
||||
if (fprintf(priv->mlfi_fp, "RCPT %s -- REJECTED\n",
|
||||
@ -298,7 +298,7 @@ mlfi_cleanup(ctx, ok)
|
||||
return rstat;
|
||||
|
||||
/* close the archive file */
|
||||
if (priv->mlfi_fp != NULL && fclose(priv->mlfi_fp) == EOF)
|
||||
if (priv->mlfi_fp != NULL && fclose(priv->mlfi_fp) == EOF)
|
||||
{
|
||||
/* failed; we have to wait until later */
|
||||
fprintf(stderr, "Couldn't close archive file %s: %s\n",
|
||||
|
@ -32,6 +32,7 @@ Add a header to the current message.
|
||||
<TD>Adds a header to the current message.</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
@ -59,7 +60,7 @@ Add a header to the current message.
|
||||
<LI>Adding headers in the current connection state is invalid.
|
||||
<LI>Memory allocation fails.
|
||||
<LI>A network error occurs.
|
||||
<LI>SMFIF_ADDHDRS was not set when <A href="smfi_register.html">smfi_register</A> was called.
|
||||
<LI><A HREF="smfi_register.html#SMFIF_ADDHDRS">SMFIF_ADDHDRS</A> is not set.
|
||||
</UL>
|
||||
Otherwise, it returns MI_SUCCESS.
|
||||
</TD>
|
||||
@ -72,9 +73,8 @@ Otherwise, it returns MI_SUCCESS.
|
||||
<UL><LI>smfi_addheader does not change a message's existing headers.
|
||||
To change a header's current value, use
|
||||
<A HREF="smfi_chgheader.html">smfi_chgheader</A>.
|
||||
<LI>A filter which calls smfi_addheader must have set the SMFIF_ADDHDRS
|
||||
flag in the smfiDesc_str passed to
|
||||
<A href="smfi_register.html">smfi_register</A>.
|
||||
<LI>A filter which calls smfi_addheader must have set the
|
||||
<A HREF="smfi_register.html#SMFIF_ADDHDRS">SMFIF_ADDHDRS</A> flag.
|
||||
<LI>For smfi_addheader, filter order is important.
|
||||
<B>Later filters will see the header changes made by earlier ones.</B>
|
||||
<LI>Neither the name nor the value of the header is checked for
|
||||
|
@ -31,6 +31,7 @@ Add a recipient for the current message.
|
||||
<TD>Add a recipient to the message envelope.</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
@ -53,7 +54,7 @@ Add a recipient for the current message.
|
||||
<UL><LI>rcpt is NULL.
|
||||
<LI>Adding recipients in the current connection state is invalid.
|
||||
<LI>A network error occurs.
|
||||
<LI>SMFIF_ADDRCPT was not set when <A href="smfi_register.html">smfi_register</A> was called.
|
||||
<LI><A HREF="smfi_register.html#SMFIF_ADDRCPT">SMFIF_ADDRCPT</A> is not set.
|
||||
</UL>
|
||||
Otherwise, it will return MI_SUCCESS.
|
||||
</TD>
|
||||
@ -63,9 +64,8 @@ Otherwise, it will return MI_SUCCESS.
|
||||
<TR align="left" valign=top>
|
||||
<TH>NOTES</TH>
|
||||
<TD>
|
||||
A filter which calls smfi_addrcpt must have set the SMFIF_ADDRCPT flag
|
||||
in the smfiDesc_str passed to
|
||||
<A href="smfi_register.html">smfi_register</A>.
|
||||
A filter which calls smfi_addrcpt must have set the
|
||||
<A HREF="smfi_register.html#SMFIF_ADDRCPT">SMFIF_ADDRCPT</A> flag.
|
||||
</TD>
|
||||
</TR>
|
||||
|
||||
|
@ -32,6 +32,7 @@ Add a recipient for the current message including ESMTP arguments.
|
||||
<TD>Add a recipient to the message envelope.</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
@ -53,12 +54,11 @@ Add a recipient for the current message including ESMTP arguments.
|
||||
<TR>
|
||||
<TH valign="top" align=left>RETURN VALUES</TH>
|
||||
|
||||
<TD>smfi_addrcpt will fail and return MI_FAILURE if:
|
||||
<TD>smfi_addrcpt_par will fail and return MI_FAILURE if:
|
||||
<UL><LI>rcpt is NULL.
|
||||
<LI>Adding recipients in the current connection state is invalid.
|
||||
<LI>A network error occurs.
|
||||
<LI>SMFIF_ADDRCPT_PAR was not set when
|
||||
<A href="smfi_register.html">smfi_register</A> was called.
|
||||
<LI><A HREF="smfi_register.html#SMFIF_ADDRCPT_PAR">SMFIF_ADDRCPT_PAR</A> is not set._PAR
|
||||
</UL>
|
||||
Otherwise, it will return MI_SUCCESS.
|
||||
</TD>
|
||||
@ -68,9 +68,8 @@ Otherwise, it will return MI_SUCCESS.
|
||||
<TR align="left" valign=top>
|
||||
<TH>NOTES</TH>
|
||||
<TD>
|
||||
A filter which calls smfi_addrcpt must have set the SMFIF_ADDRCPT_PAR flag
|
||||
in the smfiDesc_str passed to
|
||||
<A href="smfi_register.html">smfi_register</A>.
|
||||
A filter which calls smfi_addrcpt_par must have set the
|
||||
<A HREF="smfi_register.html#SMFIF_ADDRCPT_PAR">SMFIF_ADDRCPT_PAR</A> flag.
|
||||
</TD>
|
||||
</TR>
|
||||
|
||||
|
@ -32,6 +32,7 @@ Change the envelope sender (MAIL From) of the current message.
|
||||
<TD>Change the envelope sender (MAIL From) of the current message.</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
@ -57,7 +58,7 @@ Change the envelope sender (MAIL From) of the current message.
|
||||
<UL><LI>mail is NULL.
|
||||
<LI>Changing the sender in the current connection state is invalid.
|
||||
<LI>A network error occurs.
|
||||
<LI>SMFIF_CHGFROM was not set when <A href="smfi_register.html">smfi_register</A> was called.
|
||||
<LI><A HREF="smfi_register.html#SMFIF_CHGFROM">SMFIF_CHGFROM</A> is not set.
|
||||
</UL>
|
||||
Otherwise, it will return MI_SUCCESS.
|
||||
</TD>
|
||||
@ -67,9 +68,8 @@ Otherwise, it will return MI_SUCCESS.
|
||||
<TR align="left" valign=top>
|
||||
<TH>NOTES</TH>
|
||||
<TD>
|
||||
A filter which calls smfi_chgfrom must have set the SMFIF_CHGFROM flag
|
||||
in the smfiDesc_str passed to
|
||||
<A href="smfi_register.html">smfi_register</A>.
|
||||
A filter which calls smfi_chgfrom must have set the
|
||||
<A HREF="smfi_register.html#SMFIF_CHGFROM">SMFIF_CHGFROM</A> flag.
|
||||
<BR>
|
||||
Even though all ESMTP arguments could be set via this call,
|
||||
it does not make sense to do so for many of them,
|
||||
|
@ -33,6 +33,7 @@ Change or delete a message header.
|
||||
<TD>Changes a header's value for the current message.</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
@ -63,17 +64,18 @@ smfi_chgheader will return MI_FAILURE if
|
||||
<LI>Modifying headers in the current connection state is invalid.
|
||||
<LI>Memory allocation fails.
|
||||
<LI>A network error occurs.
|
||||
<LI>SMFIF_CHGHDRS was not set when <A href="smfi_register.html">smfi_register</A> was called.
|
||||
<LI><A HREF="smfi_register.html#SMFIF_CHGHDRS">SMFIF_CHGHDRS</A> is not set.
|
||||
</UL>
|
||||
Otherwise, it returns MI_SUCCESS.
|
||||
</TR>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Notes ---------->
|
||||
<TR align="left" valign=top>
|
||||
<TH>NOTES</TH>
|
||||
<TD>
|
||||
<UL><LI>While smfi_chgheader may be used to add new headers, it is more efficient and far safer to use <A href="smfi_addheader.html">smfi_addheader</A>.
|
||||
<LI>A filter which calls smfi_chgheader must have set the SMFIF_CHGHDRS flag in the smfiDesc_str passed to <A href="smfi_register.html">smfi_register</A>.
|
||||
<LI>A filter which calls smfi_chgheader must have set the
|
||||
<A HREF="smfi_register.html#SMFIF_CHGHDRS">SMFIF_CHGHDRS</A> flag.
|
||||
<LI>For smfi_chgheader, filter order is important. <B>Later filters will see the header changes made by earlier ones.</B>
|
||||
<LI>Neither the name nor the value of the header is checked for
|
||||
standards compliance. However, each line of the header must be under
|
||||
|
@ -31,6 +31,7 @@ Remove a recipient from the current message's envelope.
|
||||
<TD>smfi_delrcpt removes the named recipient from the current message's envelope.</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
@ -54,7 +55,7 @@ Remove a recipient from the current message's envelope.
|
||||
<LI>rcpt is NULL.
|
||||
<LI>Deleting recipients in the current connection state is invalid.
|
||||
<LI>A network error occurs.
|
||||
<LI>SMFIF_DELRCPT was not set when <A href="smfi_register.html">smfi_register</A> was called.
|
||||
<LI><A HREF="smfi_register.html#SMFIF_DELRCPT">SMFIF_DELRCPT</A> is not set.
|
||||
</UL>
|
||||
Otherwise, it will return MI_SUCCESS
|
||||
</TD>
|
||||
@ -64,7 +65,11 @@ Otherwise, it will return MI_SUCCESS
|
||||
<TR align="left" valign=top>
|
||||
<TH>NOTES</TH>
|
||||
<TD>
|
||||
<LI>
|
||||
The addresses to be removed must match exactly. For example, an address and its expanded form do not match.
|
||||
<LI>
|
||||
A filter which calls smfi_delrcpt must have set the
|
||||
<A HREF="smfi_register.html#SMFIF_DELRCPT">SMFIF_DELRCPT</A> flag.
|
||||
</TD>
|
||||
</TR>
|
||||
|
||||
|
@ -30,6 +30,7 @@ Get the connection-specific data pointer for this connection.
|
||||
<TD>None.</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
|
@ -31,6 +31,7 @@ Get the value of a sendmail macro.
|
||||
<TD>None.</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
|
@ -33,6 +33,7 @@ Prepend a header to the current message.
|
||||
<TD>Prepends a header to the current message.</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
@ -63,7 +64,7 @@ Prepend a header to the current message.
|
||||
<LI>Adding headers in the current connection state is invalid.
|
||||
<LI>Memory allocation fails.
|
||||
<LI>A network error occurs.
|
||||
<LI>SMFIF_ADDHDRS was not set when <A href="smfi_register.html">smfi_register</A> was called.
|
||||
<LI><A HREF="smfi_register.html#SMFIF_ADDHDRS">SMFIF_ADDHDRS</A> is not set.
|
||||
</UL>
|
||||
Otherwise, it returns MI_SUCCESS.
|
||||
</TD>
|
||||
@ -77,9 +78,9 @@ Otherwise, it returns MI_SUCCESS.
|
||||
<LI>smfi_insheader does not change a message's existing headers.
|
||||
To change a header's current value, use
|
||||
<A HREF="smfi_chgheader.html">smfi_chgheader</A>.
|
||||
<LI>A filter which calls smfi_insheader must have set the SMFIF_ADDHDRS
|
||||
flag in the smfiDesc_str passed to
|
||||
<A href="smfi_register.html">smfi_register</A>.
|
||||
<LI>A filter which calls smfi_insheader must have set the
|
||||
<A HREF="smfi_register.html#SMFIF_ADDHDRS">SMFIF_ADDHDRS</A>
|
||||
flag.
|
||||
<LI>For smfi_insheader, filter order is important.
|
||||
<B>Later filters will see the header changes made by earlier ones.</B>
|
||||
<LI>A filter will receive <EM>only</EM> headers that have been sent
|
||||
|
@ -29,6 +29,7 @@ Hand control to libmilter event loop.
|
||||
<TD>smfi_main hands control to the Milter event loop.</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Return values ---------->
|
||||
<TR>
|
||||
|
@ -34,13 +34,14 @@ but before calling <TT>smfi_main()</TT>.
|
||||
<TD>smfi_opensocket attempts to create the socket specified previously by
|
||||
a call to <TT>smfi_setconn()</TT> which will be the interface between MTAs
|
||||
and the filter.
|
||||
This allows the calling application to ensure that the
|
||||
socket can be created.
|
||||
This allows the calling application to ensure that the socket can be created.
|
||||
If this is not called,
|
||||
<TT>smfi_main()</TT> will do so implicitly.
|
||||
<TT>smfi_main()</TT> will create the socket implicitly
|
||||
(without removing a potentially existing UNIX domain socket).
|
||||
</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
|
@ -31,6 +31,7 @@ Notify the MTA that an operation is still in progress.
|
||||
on a message, causing the MTA to re-start its timeouts.</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
|
@ -31,6 +31,7 @@ Quarantine the message using the given reason.
|
||||
<TD>smfi_quarantine quarantines the message using the given reason.</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
@ -53,7 +54,7 @@ Quarantine the message using the given reason.
|
||||
<UL>
|
||||
<LI>reason is NULL or empty.
|
||||
<LI>A network error occurs.
|
||||
<LI>SMFIF_QUARANTINE was not set when <A href="smfi_register.html">smfi_register</A> was called.
|
||||
<LI><A HREF="smfi_register.html#SMFIF_QUARANTINE">SMFIF_QUARANTINE</A> is not set.
|
||||
</UL>
|
||||
Otherwise, it will return MI_SUCCESS
|
||||
</TD>
|
||||
|
@ -37,6 +37,7 @@ is obeyed.
|
||||
</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
@ -110,7 +111,7 @@ smfi_register may return MI_FAILURE for any of the following reasons:
|
||||
|
||||
<!----------- Notes ---------->
|
||||
<TR align="left" valign=top>
|
||||
<TH>NOTES</TH>
|
||||
<TH><A NAME=Notes>NOTES</A></TH>
|
||||
<TD>
|
||||
|
||||
<A NAME="flags">The xxfi_flags</A>
|
||||
@ -120,7 +121,7 @@ the following values, describing the actions the filter may take:
|
||||
<TR valign="top" bgcolor="#dddddd"><TH align="left">Flag</TH><TH align="center">Description</TH></TR>
|
||||
<TR align="left" valign=top>
|
||||
<TD>
|
||||
SMFIF_ADDHDRS
|
||||
<A NAME="SMFIF_ADDHDRS">SMFIF_ADDHDRS</A>
|
||||
</TD>
|
||||
<TD>
|
||||
This filter may <A HREF="smfi_addheader.html">add headers</A>.
|
||||
@ -128,7 +129,7 @@ the following values, describing the actions the filter may take:
|
||||
</TR>
|
||||
<TR align="left" valign=top>
|
||||
<TD>
|
||||
SMFIF_CHGHDRS
|
||||
<A NAME="SMFIF_CHGHDRS">SMFIF_CHGHDRS</A>
|
||||
</TD>
|
||||
<TD>
|
||||
This filter may
|
||||
@ -137,7 +138,7 @@ the following values, describing the actions the filter may take:
|
||||
</TR>
|
||||
<TR align="left" valign=top>
|
||||
<TD VALIGN="TOP">
|
||||
SMFIF_CHGBODY
|
||||
<A NAME="SMFIF_CHGBODY">SMFIF_CHGBODY</A>
|
||||
</TD>
|
||||
<TD>
|
||||
This filter may
|
||||
@ -148,7 +149,7 @@ the following values, describing the actions the filter may take:
|
||||
</TR>
|
||||
<TR>
|
||||
<TD VALIGN="TOP">
|
||||
SMFIF_ADDRCPT
|
||||
<A NAME="SMFIF_ADDRCPT">SMFIF_ADDRCPT</A>
|
||||
</TD>
|
||||
<TD>
|
||||
This filter may
|
||||
@ -158,7 +159,7 @@ the following values, describing the actions the filter may take:
|
||||
</TR>
|
||||
<TR>
|
||||
<TD VALIGN="TOP">
|
||||
SMFIF_ADDRCPT_PAR
|
||||
<A NAME="SMFIF_ADDRCPT_PAR">SMFIF_ADDRCPT_PAR</A>
|
||||
</TD>
|
||||
<TD>
|
||||
This filter may
|
||||
@ -167,7 +168,7 @@ the following values, describing the actions the filter may take:
|
||||
</TR>
|
||||
<TR>
|
||||
<TD VALIGN="TOP">
|
||||
SMFIF_DELRCPT
|
||||
<A NAME="SMFIF_DELRCPT">SMFIF_DELRCPT</A>
|
||||
</TD>
|
||||
<TD>
|
||||
This filter may
|
||||
@ -176,7 +177,7 @@ the following values, describing the actions the filter may take:
|
||||
</TR>
|
||||
<TR>
|
||||
<TD VALIGN="TOP">
|
||||
SMFIF_QUARANTINE
|
||||
<A NAME="SMFIF_QUARANTINE">SMFIF_QUARANTINE</A>
|
||||
</TD>
|
||||
<TD>
|
||||
This filter may
|
||||
@ -186,7 +187,7 @@ the following values, describing the actions the filter may take:
|
||||
|
||||
<TR>
|
||||
<TD VALIGN="TOP">
|
||||
SMFIF_CHGFROM
|
||||
<A NAME="SMFIF_CHGFROM">SMFIF_CHGFROM</A>
|
||||
</TD>
|
||||
<TD>
|
||||
This filter may
|
||||
@ -196,7 +197,7 @@ the following values, describing the actions the filter may take:
|
||||
|
||||
<TR>
|
||||
<TD VALIGN="TOP">
|
||||
SMFIF_SETSYMLIST
|
||||
<A NAME="SMFIF_SETSYMLIST">SMFIF_SETSYMLIST</A>
|
||||
</TD>
|
||||
<TD>
|
||||
This filter can
|
||||
|
@ -35,6 +35,7 @@ body.
|
||||
</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
@ -61,7 +62,7 @@ body.
|
||||
<LI>bodyp == NULL and bodylen > 0.
|
||||
<LI>Changing the body in the current connection state is invalid.
|
||||
<LI>A network error occurs.
|
||||
<LI>SMFIF_CHGBODY was not set when <A href="smfi_register.html">smfi_register</A> was called.
|
||||
<LI><A HREF="smfi_register.html#SMFIF_CHGBODY">SMFIF_CHGBODY</A> is not set.
|
||||
</UL>
|
||||
Otherwise, it will return MI_SUCCESS.
|
||||
</TD>
|
||||
@ -72,9 +73,11 @@ Otherwise, it will return MI_SUCCESS.
|
||||
<TH>NOTES</TH>
|
||||
<TD>
|
||||
<UL>
|
||||
<LI>Since the message body may be very large, setting SMFIF_CHGBODY may significantly affect filter performance.
|
||||
<LI>Since the message body may be very large, calling smfi_replacebody may significantly affect filter performance.
|
||||
<LI>If a filter sets SMFIF_CHGBODY but does not call smfi_replacebody, the original body remains unchanged.
|
||||
<LI>For smfi_replacebody, filter order is important. <B>Later filters will see the new body contents created by earlier ones.</B>
|
||||
<LI>A filter which calls smfi_replacebody must have set the
|
||||
<A HREF="smfi_register.html#SMFIF_CHGBODY">SMFIF_CHGBODY</A> flag.
|
||||
</UL>
|
||||
</TD>
|
||||
</TR>
|
||||
|
@ -31,6 +31,7 @@ Set the filter's <CODE>listen(2)</CODE> backlog value.
|
||||
If smfi_setbacklog is not called, the operating system default is used.</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
|
@ -30,6 +30,7 @@ Set the socket through which this filter should communicate with sendmail.
|
||||
<TD>Sets the socket through which the filter communicates with sendmail.</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
|
@ -34,6 +34,7 @@ A level of zero turns off debugging. The greater
|
||||
the current, highest, useful value.</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
|
@ -38,6 +38,7 @@ This code will be used on subsequent error replies resulting from actions
|
||||
taken by this filter.</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
@ -92,7 +93,7 @@ For example, the code:<BR>
|
||||
<UL>
|
||||
<LI>The rcode or xcode argument is invalid.
|
||||
<LI>A memory-allocation failure occurs.
|
||||
<LI>If any text line contains a carraige return or line feed.
|
||||
<LI>If any text line contains a carriage return or line feed.
|
||||
<LI>The length of any text line is more than MAXREPLYLEN (980).
|
||||
<LI>More than 32 lines of text replies are given.
|
||||
</UL>
|
||||
|
@ -31,6 +31,7 @@ Set the private data pointer for this connection.
|
||||
<TD>Sets the private data pointer for the context ctx.</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
|
@ -36,6 +36,7 @@ will be used on subsequent error replies resulting from actions taken by
|
||||
this filter.</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
@ -67,6 +68,8 @@ this filter.</TD>
|
||||
<UL>
|
||||
<LI>The rcode or xcode argument is invalid.
|
||||
<LI>A memory-allocation failure occurs.
|
||||
<LI>The length of any text line is more than MAXREPLYLEN (980).
|
||||
<LI>The message argument contains a carriage return or line feed.
|
||||
</UL>
|
||||
Otherwise, it return MI_SUCCESS.
|
||||
</TD>
|
||||
|
@ -37,6 +37,7 @@ milter wants to receive from the MTA.
|
||||
</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
|
@ -33,6 +33,7 @@ If smfi_settimeout is not called, a default timeout of 7210 seconds is used.
|
||||
</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
@ -61,10 +62,7 @@ and may break the communication with the MTA.
|
||||
Do <EM>not</EM> decrease this value without making sure that
|
||||
the MTA also uses lower timeouts for communication
|
||||
(with the milter and with the SMTP client).
|
||||
</TR>
|
||||
</TABLE>
|
||||
|
||||
|
||||
</TD></TR>
|
||||
</TABLE>
|
||||
|
||||
<HR size="1">
|
||||
|
@ -36,6 +36,7 @@ which may then exit or warm-restart.
|
||||
</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
|
@ -32,6 +32,7 @@ Get the (runtime) version of libmilter.
|
||||
<TD>None.</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH VALIGN="TOP" ALIGN=LEFT>ARGUMENTS</TH><TD>
|
||||
|
@ -30,6 +30,7 @@ Handle the current message's being aborted.
|
||||
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
|
@ -32,6 +32,7 @@ Handle a piece of a message's body.
|
||||
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
|
@ -30,6 +30,7 @@ The current connection is being closed.
|
||||
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
|
@ -29,6 +29,7 @@ sfsistat (*xxfi_connect)(
|
||||
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
|
||||
<!--
|
||||
This callback function is invoked on each connection to the mail
|
||||
filter program.
|
||||
@ -37,8 +38,9 @@ The name of the callback can be any valid function name.
|
||||
The function pointer is to be assigned to the
|
||||
smfiDesc.xxfi_connect and the pointer to the smfiDesc structure
|
||||
is passed to smfi_register().
|
||||
</TD></TR>
|
||||
-->
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
<TABLE border="1" cellspacing=0>
|
||||
|
@ -23,13 +23,14 @@ Handle the DATA command.
|
||||
<TABLE border="1" cellspacing=1 cellpadding=4>
|
||||
<TR align="left" valign=top>
|
||||
<TH width="80">Called When</TH>
|
||||
<TD>xxfi_data is called when the client uses the DATA command.
|
||||
<TD>xxfi_data is called when the client uses the DATA command.</TD>
|
||||
</TR>
|
||||
<TR align="left" valign=top>
|
||||
<TH>Default Behavior</TH>
|
||||
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
@ -67,7 +68,7 @@ Handle the DATA command.
|
||||
</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TR>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Notes ---------->
|
||||
<TR>
|
||||
|
@ -33,6 +33,7 @@ before xxfi_envrcpt.</TD>
|
||||
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
@ -75,7 +76,7 @@ before xxfi_envrcpt.</TD>
|
||||
</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TR>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Notes ---------->
|
||||
<TR>
|
||||
|
@ -31,6 +31,7 @@ Handle the envelope RCPT command.
|
||||
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
@ -76,7 +77,7 @@ Handle the envelope RCPT command.
|
||||
</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TR>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Notes ---------->
|
||||
<TR>
|
||||
|
@ -31,6 +31,7 @@ Handle the end of message headers.
|
||||
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
|
@ -30,6 +30,7 @@ End of a message.
|
||||
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
|
||||
</TR>
|
||||
</TABLE>
|
||||
</TD></TR>
|
||||
|
||||
<!----------- Arguments ---------->
|
||||
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user