Merge sendmail 8.16.1 to HEAD: See contrib/sendmail/RELEASE_NOTES for details

Includes build infrastructure & config updates required for changes in 8.16.1

MFC after:	5 days
This commit is contained in:
gshapiro 2020-07-15 18:28:54 +00:00
commit 64b18ad7a6
236 changed files with 13015 additions and 4861 deletions

View File

@ -1,4 +1,3 @@
# $Id: CACerts,v 8.6 2013-01-18 15:14:17 ca Exp $
# This file contains some CA certificates that are used to sign the
# certificates of mail servers of members of the sendmail consortium
# who may reply to questions etc sent to sendmail.org.
@ -10,189 +9,92 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number:
92:91:67:de:e0:ef:2c:e4
81:9d:41:0f:40:55:ac:4a
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2015/emailAddress=ca+ca-rsa2015@esmtp.org
Issuer: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=CA/emailAddress=ca+ca-rsa2018@esmtp.org
Validity
Not Before: Mar 2 19:15:29 2015 GMT
Not After : Mar 1 19:15:29 2018 GMT
Subject: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2015/emailAddress=ca+ca-rsa2015@esmtp.org
Not Before: Feb 27 02:30:55 2018 GMT
Not After : Feb 26 02:30:55 2021 GMT
Subject: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=CA/emailAddress=ca+ca-rsa2018@esmtp.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b9:1a:a1:56:ce:cb:16:af:4f:96:ba:2a:70:31:
70:d3:86:6c:7a:46:26:47:42:3f:de:49:57:3e:08:
1e:10:25:bf:06:8f:ca:fd:f4:5e:6a:01:7d:31:4d:
50:88:18:43:71:66:65:42:9c:90:97:0d:95:f2:14:
ef:d7:5e:77:ef:7d:b5:49:3f:02:bb:83:20:f7:e6:
fc:9a:cd:13:df:60:41:28:8e:39:07:a6:a4:40:98:
15:1e:46:b6:04:2e:f9:ab:32:d1:8b:fe:52:81:f1:
d2:e1:c3:cf:bf:ab:40:a7:f0:e4:e5:a2:82:37:30:
8c:10:7d:aa:a8:7c:7e:76:cc:5f:1a:24:d0:8c:94:
f6:f2:7f:4a:be:2f:38:67:c0:06:e6:9e:51:ad:55:
d0:cb:26:71:cf:f4:af:7d:5a:41:81:16:fb:26:ec:
f0:35:01:6e:db:f9:e9:00:d7:d0:89:7b:cf:88:16:
8b:1c:8f:77:1f:5d:ef:70:04:28:76:c5:1b:c6:23:
8d:49:6b:f0:b8:21:56:d6:7d:68:6c:be:21:e3:e6:
e3:1d:6f:a5:ea:dc:83:e4:27:b3:6f:5f:1b:3d:33:
a1:d5:d3:f0:73:1a:12:eb:d9:95:00:71:59:16:b4:
e4:60:38:b2:2e:7f:b7:d4:c5:e9:3f:74:e4:48:38:
29:89
00:b8:a3:8d:79:28:c1:1f:9c:11:74:43:26:e1:3b:
cc:14:87:5b:6b:64:4c:ed:79:1b:7f:2a:03:d0:7b:
ef:9e:88:b0:64:36:ee:58:ef:fd:d9:c7:20:b3:71:
e9:6d:1e:a7:bc:c1:7c:3b:fe:2a:e4:16:2f:bc:d6:
2c:f5:98:f9:c4:21:1c:ca:c3:7e:57:89:c8:a9:2f:
da:6b:9b:52:d6:c9:9d:98:97:6d:08:7c:a6:37:4e:
d4:26:bb:db:73:b0:38:ef:7d:1e:dd:8e:dd:8e:17:
2f:a0:3d:a9:0e:4d:f0:2b:b8:14:23:33:ad:c8:a0:
e5:9d:0f:27:ad:83:a2:78:90:05:ec:29:06:91:07:
45:6c:5f:ba:8e:1d:f1:d7:1b:2d:f9:99:ba:2e:27:
e1:03:7d:e9:d2:54:35:cc:39:79:07:83:d8:93:9b:
d6:ef:72:ab:d4:63:8e:6b:f7:00:66:5f:77:e8:b6:
bc:de:5f:8c:d0:ce:1a:c4:db:03:9d:e4:ee:0a:ec:
77:c5:f2:30:69:7e:70:12:e5:c2:4a:28:3f:e7:19:
eb:af:41:fb:e6:a6:1d:b5:fd:2b:99:03:f5:20:90:
38:73:bd:43:70:da:cf:1f:34:5d:ab:17:4b:73:cf:
f9:3d:e1:a2:79:14:de:d8:40:85:82:c4:5a:84:82:
32:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:69:DB:5E:9B:CE:1A:B4:1D:B2:6A:FC:5A:22:97:B6:24:14:6F:32
42:37:75:E7:8F:12:CF:D9:EB:21:22:7D:8A:E8:49:21:FD:E2:3A:3A
X509v3 Authority Key Identifier:
keyid:B1:69:DB:5E:9B:CE:1A:B4:1D:B2:6A:FC:5A:22:97:B6:24:14:6F:32
DirName:/C=US/ST=California/L=Berkeley/O=Endmail Org/OU=MTA/CN=Claus Assmann CA RSA 2015/emailAddress=ca+ca-rsa2015@esmtp.org
serial:92:91:67:DE:E0:EF:2C:E4
keyid:42:37:75:E7:8F:12:CF:D9:EB:21:22:7D:8A:E8:49:21:FD:E2:3A:3A
DirName:/C=US/ST=California/L=Berkeley/O=Endmail Org/OU=MTA/CN=CA/emailAddress=ca+ca-rsa2018@esmtp.org
serial:81:9D:41:0F:40:55:AC:4A
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Alternative Name:
email:ca+ca-rsa2015@esmtp.org
email:ca+ca-rsa2018@esmtp.org
X509v3 Issuer Alternative Name:
email:ca+ca-rsa2015@esmtp.org
email:ca+ca-rsa2018@esmtp.org
Signature Algorithm: sha1WithRSAEncryption
0a:ce:07:39:77:08:c5:3a:00:04:e8:a0:3b:f7:d2:4c:79:02:
23:0b:da:c0:55:39:82:71:0a:0c:83:e2:de:f2:3b:fe:23:bc:
9b:13:34:d1:29:0a:16:3f:01:7d:9f:fb:4b:aa:12:dc:3b:7e:
b9:27:7b:ec:0c:3f:c0:d9:f5:d8:a8:a1:9c:1c:3a:2f:40:df:
27:1a:1a:a0:74:00:19:b7:82:0e:f9:45:86:bf:32:da:0e:72:
0a:4c:2c:39:21:63:c3:1f:61:6e:e2:4d:ba:7a:26:1a:15:ce:
b1:f6:1a:59:04:70:ed:e8:72:05:4c:fc:84:c6:a5:f4:e2:4a:
40:e4:42:70:87:9a:a7:02:26:3a:47:34:09:e0:7b:88:ca:fb:
99:d9:9b:bb:0c:52:8a:93:d5:59:30:0b:55:42:b4:bb:d2:b1:
49:55:81:a4:70:a0:49:19:f2:4f:61:94:af:e9:d7:62:68:65:
97:67:00:26:b8:9b:b2:2c:d0:2c:83:7d:3e:b3:31:73:b9:55:
49:53:fa:a3:ad:1b:02:67:08:9e:ce:9e:eb:9f:47:0d:6c:95:
e9:6c:30:92:c1:94:67:ad:d9:e3:b9:61:ea:a9:72:98:81:3a:
62:80:70:20:9a:3e:c4:1f:6f:bd:b4:00:ec:b1:fe:71:da:91:
15:89:f7:8f
0b:4c:e5:c2:ed:0a:e5:7b:95:29:22:d4:8f:5f:cb:1b:b1:e3:
4c:fc:90:e7:2e:97:87:87:a2:63:0d:6d:4d:f0:1f:0d:84:11:
dc:df:b7:fa:c3:c6:2e:07:e9:a0:e9:a6:9f:54:17:ad:1a:d0:
36:be:31:cc:a5:85:a0:45:4a:87:45:80:7e:de:ea:97:68:e0:
2b:09:5d:9a:31:6f:f5:78:22:c5:66:2a:99:70:9e:6d:c4:ab:
f6:90:01:70:53:07:66:6c:a6:b5:ce:4b:36:05:83:87:0c:a7:
e0:1e:34:d0:5e:76:a4:20:71:cd:9d:c1:ae:82:27:e0:6f:16:
57:74:e7:63:9f:d0:3d:72:91:6d:97:a4:82:23:84:dd:6e:0d:
da:43:00:a7:ce:2f:f8:79:04:67:6a:e5:b0:ab:30:d8:f1:90:
10:43:3b:09:77:27:34:a4:d4:c0:25:4e:21:32:a3:ab:60:1c:
9d:6e:e2:65:39:51:7f:cd:9f:88:3a:7e:f4:38:af:7b:5b:a7:
bb:7b:70:97:21:59:fc:5c:55:a1:db:74:0a:37:1e:33:97:5f:
70:32:98:b3:d9:99:4e:08:3c:de:01:82:17:9b:49:d7:fa:c9:
45:8d:93:cc:42:d6:36:f2:39:3a:47:28:3f:6f:6a:e5:23:f3:
5c:d4:a3:1b
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgIJAJKRZ97g7yzkMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD
MIIE4jCCA8qgAwIBAgIJAIGdQQ9AVaxKMA0GCSqGSIb3DQEBBQUAMIGOMQswCQYD
VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTERMA8GA1UEBwwIQmVya2VsZXkx
FDASBgNVBAoMC0VuZG1haWwgT3JnMQwwCgYDVQQLDANNVEExIjAgBgNVBAMMGUNs
YXVzIEFzc21hbm4gQ0EgUlNBIDIwMTUxJjAkBgkqhkiG9w0BCQEWF2NhK2NhLXJz
YTIwMTVAZXNtdHAub3JnMB4XDTE1MDMwMjE5MTUyOVoXDTE4MDMwMTE5MTUyOVow
gaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQHDAhC
ZXJrZWxleTEUMBIGA1UECgwLRW5kbWFpbCBPcmcxDDAKBgNVBAsMA01UQTEiMCAG
A1UEAwwZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAxNTEmMCQGCSqGSIb3DQEJARYX
Y2ErY2EtcnNhMjAxNUBlc210cC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC5GqFWzssWr0+WuipwMXDThmx6RiZHQj/eSVc+CB4QJb8Gj8r99F5q
AX0xTVCIGENxZmVCnJCXDZXyFO/XXnfvfbVJPwK7gyD35vyazRPfYEEojjkHpqRA
mBUeRrYELvmrMtGL/lKB8dLhw8+/q0Cn8OTlooI3MIwQfaqofH52zF8aJNCMlPby
f0q+LzhnwAbmnlGtVdDLJnHP9K99WkGBFvsm7PA1AW7b+ekA19CJe8+IFoscj3cf
Xe9wBCh2xRvGI41Ja/C4IVbWfWhsviHj5uMdb6Xq3IPkJ7NvXxs9M6HV0/BzGhLr
2ZUAcVkWtORgOLIuf7fUxek/dORIOCmJAgMBAAGjggFWMIIBUjAdBgNVHQ4EFgQU
sWnbXpvOGrQdsmr8WiKXtiQUbzIwgdoGA1UdIwSB0jCBz4AUsWnbXpvOGrQdsmr8
WiKXtiQUbzKhgaukgagwgaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9y
bmlhMREwDwYDVQQHDAhCZXJrZWxleTEUMBIGA1UECgwLRW5kbWFpbCBPcmcxDDAK
BgNVBAsMA01UQTEiMCAGA1UEAwwZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAxNTEm
MCQGCSqGSIb3DQEJARYXY2ErY2EtcnNhMjAxNUBlc210cC5vcmeCCQCSkWfe4O8s
5DAMBgNVHRMEBTADAQH/MCIGA1UdEQQbMBmBF2NhK2NhLXJzYTIwMTVAZXNtdHAu
b3JnMCIGA1UdEgQbMBmBF2NhK2NhLXJzYTIwMTVAZXNtdHAub3JnMA0GCSqGSIb3
DQEBBQUAA4IBAQAKzgc5dwjFOgAE6KA799JMeQIjC9rAVTmCcQoMg+Le8jv+I7yb
EzTRKQoWPwF9n/tLqhLcO365J3vsDD/A2fXYqKGcHDovQN8nGhqgdAAZt4IO+UWG
vzLaDnIKTCw5IWPDH2Fu4k26eiYaFc6x9hpZBHDt6HIFTPyExqX04kpA5EJwh5qn
AiY6RzQJ4HuIyvuZ2Zu7DFKKk9VZMAtVQrS70rFJVYGkcKBJGfJPYZSv6ddiaGWX
ZwAmuJuyLNAsg30+szFzuVVJU/qjrRsCZwiezp7rn0cNbJXpbDCSwZRnrdnjuWHq
qXKYgTpigHAgmj7EH2+9tADssf5x2pEVifeP
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
f1:41:b3:3d:ba:bd:33:49
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2012/emailAddress=ca+ca-rsa2012@esmtp.org
Validity
Not Before: Mar 10 02:47:46 2012 GMT
Not After : Mar 10 02:47:46 2015 GMT
Subject: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2012/emailAddress=ca+ca-rsa2012@esmtp.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a2:80:fc:c6:ce:7f:60:38:65:f4:38:f9:7a:d9:
87:fd:47:eb:3f:2c:4a:c9:38:77:6a:77:94:92:7f:
83:3d:99:57:2c:5f:37:bb:ba:12:10:17:56:fa:eb:
43:a6:4b:4c:1e:30:32:07:94:2f:5a:d8:65:49:29:
fa:24:d1:f0:0b:45:2d:e5:d5:cb:7d:60:dc:a6:ce:
a4:47:35:30:ee:5e:8d:c2:30:e7:a7:63:32:b0:59:
80:cc:8c:99:64:77:8f:50:8e:88:51:47:36:ea:9a:
f3:b4:c0:8c:a6:ab:c6:42:57:88:b9:5f:9f:61:15:
bb:79:65:93:ca:a9:fd:17:eb:87:26:8b:eb:b7:2b:
7e:33:05:2b:ba:c0:46:f7:08:fd:da:c1:50:9b:3d:
26:83:5c:53:97:89:2c:cc:5f:f2:7b:a8:b7:3d:fb:
f2:b4:89:0d:43:ef:18:5c:21:75:71:cc:f0:c2:a3:
84:69:c0:a7:f3:9b:de:c1:c7:5a:5c:7e:68:da:49:
71:af:58:a8:51:9f:bd:f9:3d:bb:a5:92:fa:7b:1d:
52:f5:fe:90:59:95:27:65:a4:af:97:9a:4f:01:39:
59:7d:08:6f:a1:8f:42:47:49:bf:12:52:53:39:74:
8d:62:3b:bd:4c:4f:05:0f:c4:b9:3e:da:a8:0e:96:
05:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:38:E3:88:92:53:6E:F1:56:69:27:44:B5:4C:A0:18:CA:06:97:EB
X509v3 Authority Key Identifier:
keyid:08:38:E3:88:92:53:6E:F1:56:69:27:44:B5:4C:A0:18:CA:06:97:EB
DirName:/C=US/ST=California/L=Berkeley/O=Endmail Org/OU=MTA/CN=Claus Assmann CA RSA 2012/emailAddress=ca+ca-rsa2012@esmtp.org
serial:F1:41:B3:3D:BA:BD:33:49
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Alternative Name:
email:ca+ca-rsa2012@esmtp.org
X509v3 Issuer Alternative Name:
email:ca+ca-rsa2012@esmtp.org
Signature Algorithm: sha1WithRSAEncryption
9a:8f:4d:23:5b:30:80:e1:94:e4:66:9c:3a:17:8b:79:49:5b:
ec:5d:e5:a1:22:2d:71:37:a1:51:e7:1d:b1:0d:a9:9b:aa:a9:
0d:c7:cd:d6:24:f9:e0:f0:57:be:4f:74:0c:4b:7a:42:4c:70:
19:2e:8e:eb:cb:1b:00:26:27:eb:1c:42:33:d5:ec:32:b4:6c:
7d:a3:04:a1:5c:00:49:c9:0d:4c:4d:28:37:06:22:77:ec:40:
15:25:3a:23:84:ae:1f:da:90:dd:c9:dc:27:ee:7c:ec:e5:df:
b8:ba:1e:3f:ee:c2:91:a2:3f:22:92:1e:f3:06:7e:aa:e9:c3:
11:2d:3d:2f:85:f7:fc:d7:e2:f8:6d:70:a6:40:62:69:e7:52:
ed:1b:19:38:72:86:08:a1:3d:47:c8:68:82:41:db:db:2a:52:
25:d7:49:aa:9e:c5:83:22:7d:2f:0b:df:8c:90:2d:b5:aa:33:
c7:9b:e8:39:8f:bb:79:5b:13:2d:4e:a9:69:59:c7:09:26:e2:
b5:53:80:86:72:bb:7c:be:e9:46:5b:d8:b2:78:42:d6:5d:c3:
bb:3a:3b:5f:0f:e8:c3:60:fb:88:9f:3a:2b:9f:d3:7d:9f:c7:
32:aa:4d:34:a7:66:a1:25:16:95:a6:69:e7:86:a3:5c:b9:b9:
df:58:05:e3
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgIJAPFBsz26vTNJMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD
VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIQmVya2VsZXkx
FDASBgNVBAoTC0VuZG1haWwgT3JnMQwwCgYDVQQLEwNNVEExIjAgBgNVBAMTGUNs
YXVzIEFzc21hbm4gQ0EgUlNBIDIwMTIxJjAkBgkqhkiG9w0BCQEWF2NhK2NhLXJz
YTIwMTJAZXNtdHAub3JnMB4XDTEyMDMxMDAyNDc0NloXDTE1MDMxMDAyNDc0Nlow
gaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhC
ZXJrZWxleTEUMBIGA1UEChMLRW5kbWFpbCBPcmcxDDAKBgNVBAsTA01UQTEiMCAG
A1UEAxMZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAxMjEmMCQGCSqGSIb3DQEJARYX
Y2ErY2EtcnNhMjAxMkBlc210cC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCigPzGzn9gOGX0OPl62Yf9R+s/LErJOHdqd5SSf4M9mVcsXze7uhIQ
F1b660OmS0weMDIHlC9a2GVJKfok0fALRS3l1ct9YNymzqRHNTDuXo3CMOenYzKw
WYDMjJlkd49QjohRRzbqmvO0wIymq8ZCV4i5X59hFbt5ZZPKqf0X64cmi+u3K34z
BSu6wEb3CP3awVCbPSaDXFOXiSzMX/J7qLc9+/K0iQ1D7xhcIXVxzPDCo4RpwKfz
m97Bx1pcfmjaSXGvWKhRn735Pbulkvp7HVL1/pBZlSdlpK+Xmk8BOVl9CG+hj0JH
Sb8SUlM5dI1iO71MTwUPxLk+2qgOlgUtAgMBAAGjggFWMIIBUjAdBgNVHQ4EFgQU
CDjjiJJTbvFWaSdEtUygGMoGl+swgdoGA1UdIwSB0jCBz4AUCDjjiJJTbvFWaSdE
tUygGMoGl+uhgaukgagwgaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y
bmlhMREwDwYDVQQHEwhCZXJrZWxleTEUMBIGA1UEChMLRW5kbWFpbCBPcmcxDDAK
BgNVBAsTA01UQTEiMCAGA1UEAxMZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAxMjEm
MCQGCSqGSIb3DQEJARYXY2ErY2EtcnNhMjAxMkBlc210cC5vcmeCCQDxQbM9ur0z
STAMBgNVHRMEBTADAQH/MCIGA1UdEQQbMBmBF2NhK2NhLXJzYTIwMTJAZXNtdHAu
b3JnMCIGA1UdEgQbMBmBF2NhK2NhLXJzYTIwMTJAZXNtdHAub3JnMA0GCSqGSIb3
DQEBBQUAA4IBAQCaj00jWzCA4ZTkZpw6F4t5SVvsXeWhIi1xN6FR5x2xDambqqkN
x83WJPng8Fe+T3QMS3pCTHAZLo7ryxsAJifrHEIz1ewytGx9owShXABJyQ1MTSg3
BiJ37EAVJTojhK4f2pDdydwn7nzs5d+4uh4/7sKRoj8ikh7zBn6q6cMRLT0vhff8
1+L4bXCmQGJp51LtGxk4coYIoT1HyGiCQdvbKlIl10mqnsWDIn0vC9+MkC21qjPH
m+g5j7t5WxMtTqlpWccJJuK1U4CGcrt8vulGW9iyeELWXcO7OjtfD+jDYPuInzor
n9N9n8cyqk00p2ahJRaVpmnnhqNcubnfWAXj
FDASBgNVBAoMC0VuZG1haWwgT3JnMQwwCgYDVQQLDANNVEExCzAJBgNVBAMMAkNB
MSYwJAYJKoZIhvcNAQkBFhdjYStjYS1yc2EyMDE4QGVzbXRwLm9yZzAeFw0xODAy
MjcwMjMwNTVaFw0yMTAyMjYwMjMwNTVaMIGOMQswCQYDVQQGEwJVUzETMBEGA1UE
CAwKQ2FsaWZvcm5pYTERMA8GA1UEBwwIQmVya2VsZXkxFDASBgNVBAoMC0VuZG1h
aWwgT3JnMQwwCgYDVQQLDANNVEExCzAJBgNVBAMMAkNBMSYwJAYJKoZIhvcNAQkB
FhdjYStjYS1yc2EyMDE4QGVzbXRwLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALijjXkowR+cEXRDJuE7zBSHW2tkTO15G38qA9B7756IsGQ27ljv
/dnHILNx6W0ep7zBfDv+KuQWL7zWLPWY+cQhHMrDfleJyKkv2mubUtbJnZiXbQh8
pjdO1Ca723OwOO99Ht2O3Y4XL6A9qQ5N8Cu4FCMzrcig5Z0PJ62DoniQBewpBpEH
RWxfuo4d8dcbLfmZui4n4QN96dJUNcw5eQeD2JOb1u9yq9Rjjmv3AGZfd+i2vN5f
jNDOGsTbA53k7grsd8XyMGl+cBLlwkooP+cZ669B++amHbX9K5kD9SCQOHO9Q3Da
zx80XasXS3PP+T3honkU3thAhYLEWoSCMvECAwEAAaOCAT8wggE7MB0GA1UdDgQW
BBRCN3XnjxLP2eshIn2K6Ekh/eI6OjCBwwYDVR0jBIG7MIG4gBRCN3XnjxLP2esh
In2K6Ekh/eI6OqGBlKSBkTCBjjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlm
b3JuaWExETAPBgNVBAcMCEJlcmtlbGV5MRQwEgYDVQQKDAtFbmRtYWlsIE9yZzEM
MAoGA1UECwwDTVRBMQswCQYDVQQDDAJDQTEmMCQGCSqGSIb3DQEJARYXY2ErY2Et
cnNhMjAxOEBlc210cC5vcmeCCQCBnUEPQFWsSjAMBgNVHRMEBTADAQH/MCIGA1Ud
EQQbMBmBF2NhK2NhLXJzYTIwMThAZXNtdHAub3JnMCIGA1UdEgQbMBmBF2NhK2Nh
LXJzYTIwMThAZXNtdHAub3JnMA0GCSqGSIb3DQEBBQUAA4IBAQALTOXC7Qrle5Up
ItSPX8sbseNM/JDnLpeHh6JjDW1N8B8NhBHc37f6w8YuB+mg6aafVBetGtA2vjHM
pYWgRUqHRYB+3uqXaOArCV2aMW/1eCLFZiqZcJ5txKv2kAFwUwdmbKa1zks2BYOH
DKfgHjTQXnakIHHNncGugifgbxZXdOdjn9A9cpFtl6SCI4Tdbg3aQwCnzi/4eQRn
auWwqzDY8ZAQQzsJdyc0pNTAJU4hMqOrYBydbuJlOVF/zZ+IOn70OK97W6e7e3CX
IVn8XFWh23QKNx4zl19wMpiz2ZlOCDzeAYIXm0nX+slFjZPMQtY28jk6Ryg/b2rl
I/Nc1KMb
-----END CERTIFICATE-----

View File

@ -1,6 +1,6 @@
$FreeBSD$
sendmail 8.15.2
sendmail 8.16.1
originals can be found at: ftp://ftp.sendmail.org/pub/sendmail/
For the import of sendmail, the following directories were renamed:
@ -13,12 +13,16 @@ http://www.freebsd.org/doc/en_US.ISO8859-1/articles/committers-guide/subversion-
Then merged using:
% set FSVN=svn+ssh://svn.freebsd.org/base
% set FSVN=svn+ssh://repo.freebsd.org/base
% svn checkout $FSVN/head/contrib/sendmail head
% cd head
% svn merge --accept=postpone $FSVN/vendor/sendmail/dist .
% svn rm --force */Build [e-v]*/*.0 cf/cf/generic-*.cf cf/cf/Build
% svn rm --force Build devtools doc/op/op.ps src/makesendmail src/sysexits.h
### Replace XXXXXX with import revision number in next command:
% svn merge -c rXXXXXX --accept=postpone '^/vendor/sendmail/dist' .
% svn resolve --accept working cf/cf/Build \
cf/cf/generic-{bsd4.4,hpux{9,10},linux,mpeix,nextstep3.3,osf1,solaris,sunos4.1,ultrix4}.cf \
devtools doc/op/op.ps editmap/editmap.0 mail.local/mail.local.0 mailstats/mailstats.0 \
makemap/makemap.0 praliases/praliases.0 rmail/rmail.0 smrsh/smrsh.0 \
src/{aliases,mailq,newaliases,sendmail}.0 vacation/vacation.0
% svn propset -R svn:keywords FreeBSD=%H .
% svn propdel svn:keywords libmilter/docs/*.jpg
% svn diff --no-diff-deleted --old=$FSVN/vendor/sendmail/dist --new=.
@ -98,4 +102,4 @@ infrastructure in FreeBSD:
usr.sbin/mailwrapper/Makefile
gshapiro@FreeBSD.org
06-July-2015
15-July-2020

View File

@ -271,4 +271,3 @@ Kresolve sequence dnsmx canon
be used if set instead of LOCAL_RELAY ($R). This will be fixed in a
future version.
$Revision: 8.61 $, Last updated $Date: 2011-04-07 17:48:23 $

View File

@ -37,7 +37,7 @@ each of the following conditions is met:
the "Copyright Notice" refers to the following language:
"Copyright (c) 1998-2014 Proofpoint, Inc. All rights reserved."
3. Neither the name of Proofpoint, Inc. nor the University of California nor
4. Neither the name of Proofpoint, Inc. nor the University of California nor
names of their contributors may be used to endorse or promote
products derived from this software without specific prior written
permission. The name "sendmail" is a trademark of Proofpoint, Inc.

File diff suppressed because it is too large Load Diff

View File

@ -431,8 +431,7 @@ makemap A program that creates the keyed maps used by the $( ... $)
expect to preprocess must human-convenient formats
using sed scripts before this program will like them.
But it should be functionally complete.
praliases A program to print the DBM or NEWDB version of the
aliases file.
praliases A program to print the map version of the aliases file.
rmail Source for rmail(8). This is used as a delivery
agent for for UUCP, and could presumably be used by
other non-socket oriented mailers. Older versions of
@ -447,4 +446,3 @@ sendmail Source for the sendmail program itself.
test Some test scripts (currently only for compilation aids).
vacation Source for the vacation program. NOT PART OF SENDMAIL!
$Revision: 8.96 $, Last updated $Date: 2013-11-22 20:51:01 $

View File

@ -5,6 +5,124 @@ This listing shows the version of the sendmail binary, the version
of the sendmail configuration files, the date of release, and a
summary of the changes in that release.
8.16.1/8.16.1 2020/07/05
SECURITY: If sendmail tried to reuse an SMTP session which had
already been closed by the server, then the connection
cache could have invalid information about the session.
One possible consequence was that STARTTLS was not
used even if offered. This problem has been fixed
by clearing out all relevant status information
when a closed session is encountered.
OpenSSL versions before 0.9.8 are no longer supported.
OpenSSL version 1.1.0 and 1.1.1 are supported.
Initial support for DANE (see RFC 7672 et.al.) is available if
the compile time option DANE is set. Only TLSA RR 3-1-x
is currently implemented.
New options SSLEngine and SSLEnginePath to support OpenSSL engines.
Note: this feature has so far only been tested with the
"chil" engine; please report problems with other engines
if you encounter any.
New option CRLPath to specify a directory which contains
hashes pointing to certificate revocations files.
Based on patch from Al Smith.
New rulesets tls_srv_features and tls_clt_features which
can return a (semicolon separated) list of TLS related
options, e.g., CipherList, CertFile, KeyFile,
see doc/op/op.me for details.
To automatically handle TLS interoperability problems for outgoing
mail, sendmail can now immediately try a connection again
without STARTTLS after a TLS handshake failure.
This can be configured globally via the option
TLSFallbacktoClear or per session via the 'C' flag
of tls_clt_features.
This also adds the new value "CLEAR" for the macro
{verify}: STARTTLS has been disabled internally for
a clear text delivery attempt.
Apply Timeout.starttls also to the server waiting for the TLS
handshake to begin. Based on patch from Simon Hradecky.
New compile time option TLS_EC to enable the use of elliptic
curve cryptography in STARTTLS (previously available as
_FFR_TLS_EC).
Handle MIME boundaries specified in headers which contain CRLF.
Fix detection of loopback net (it was broken when compiled
with NETINET6) and only set the macros {if_addr_out}
and {if_family_out} if the interface of the outgoing
connection does not belong to the loopback net.
Fix logic to enable a milter to delete a recipient in
DeliveryMode=interactive even if it might be subject
to alias expansion.
Log name of a milter making changes (this was missing for
some functions).
Log the actual reply of a server when an SMTP delivery problem
occurs in a "reply=" field if possible.
Log user= for failed AUTH attempts if possible. Based on
patch from Packet Hack, Jim Hranicky, Kevin A. McGrail,
and Joe Quinn.
Add CDB as map type. Note: CDB is a "Constant DataBase", i.e.,
no changes can be made after it is created, hence it
does not work with vacation(1) nor editmap(8) (except
for query mode).
Fix some memory leaks (mostly in error cases) and properly handle
copied varargs in sm_io_vfprintf(). The issues were found
using Coverity Scan and reported (including patches) by
Ondřej Lysoněk of Red Hat.
Do not override ServerSSLOptions and ClientSSLOptions when they
are specified on the command line. Based on patch from
Hiroki Sato.
Add RFC7505 Null MX support for domains that declare they do not
accept mail.
New compile time option LDAP_NETWORK_TIMEOUT which is set
automatically when LDAPMAP is used and
LDAP_OPT_NETWORK_TIMEOUT is available to enable the
new -c option for LDAP maps to specify the network timeout.
CONFIG: New FEATURE(`tls_session_features') to enable standard
rules for tls_srv_features and tls_clt_features; for
details see cf/README.
CONFIG: New options confSSL_ENGINE and confSSL_ENGINE_PATH
for SSLEngine and SSLEnginePath, respectively.
CONFIG: New options confDANE to enable DANE support.
CONFIG: New option confTLS_FALLBACK_TO_CLEAR for TLSFallbacktoClear.
CONFIG: New extension CITag: for TLS restrictions, see cf/README
for details.
CONFIG: FEATURE(`blacklist_recipients') renamed to
FEATURE(`blocklist_recipients').
CONTRIB: cidrexpand updated to support IPv6 CIDR ranges and to
canonicalize IPv6 addresses; if cidrexpand is used with IPv6
addresses then UseCompressedIPv6Addresses must be disabled.
DOC: The dns map can return multiple values in a single result
if the -z option is used.
DOC: Note to set MustQuoteChars=. due to DKIM signatures.
LIBMILTER: Fix typo in a macro. Patch from Ignacio Goyret
of Alcatel-Lucent.
LIBMILTER: Fix reference in xxfi_negotiate documentation.
Patch from Sven Neuhaus.
LIBMILTER: Fix function name in smfi_addrcpt_par documentation.
Patch from G.W. Haywood.
LIBMILTER: Fix a potential memory leak in smfi_setsymlist().
Patch from Martin Svec.
MAKEMAP: New map type "implicit" refers to the first available type,
i.e., it depends on the compile time options NEWDB, DBM,
and CDB. This can be used in conjunction with the
"implicit" map type in sendmail.cf.
Note: makemap, libsmdb, and sendmail must be compiled
with the same options (and library versions of course).
Portability:
Add support for Darwin 14-18 (Mac OS X 10.x).
New option HAS_GETHOSTBYNAME2: set if your system
supports gethostbyname2(2).
Set SM_CONF_SEM=2 for FreeBSD 12 and later due to
changes in sys/sem.h
On Linux set MAXHOSTNAMELEN (the maximum length
of a FQHN) to 256 if it is less than that value.
Added Files:
cf/feature/blocklist_recipients.m4
cf/feature/tls_failures.m4
devtools/OS/Darwin.14.x
devtools/OS/Darwin.15.x
devtools/OS/Darwin.16.x
libsmdb/smcdb.c
sendmail/ratectrl.h
8.15.2/8.15.2 2015/07/03
If FEATURE(`nopercenthack') is used then some bogus input triggered
a recursion which was caught and logged as
@ -104,7 +222,7 @@ summary of the changes in that release.
The option CipherList sets the list of ciphers for STARTTLS.
See ciphers(1) for possible values.
Do not log "STARTTLS: internal error: tls_verify_cb: ssl == NULL"
if a CRLFfile is in use (and LogLevel is 14 or higher.)
if a CRLFile is in use (and LogLevel is 14 or higher.)
Store a more specific TLS protocol version in ${tls_version}
instead of a generic one, e.g., TLSv1 instead of
TLSv1/SSLv3.
@ -740,7 +858,7 @@ summary of the changes in that release.
Patches from Nelson Fung.
CONTRIB: cidrexpand uses a hash symbol as comment character and
ignores everything after it unless it is in quotes or
preceeded by a backslash.
preceded by a backslash.
DEVTOOLS: New macro confMKDIR: if set to a program that creates
directories, then it used for "make install" to create
the required installation directories.
@ -2465,7 +2583,7 @@ summary of the changes in that release.
noted by Greg Robinson of the Defence Science and
Technology Organisation of Australia.
CONFIG: dnsbl: If an argument specifies an error message in case
of temporary lookup failures for DNS based blacklists
of temporary lookup failures for DNS based blocklists
then use it.
LIBMILTER: Install mfdef.h, required by mfapi.h. Problem noted by
Richard A. Nelson of Debian.
@ -2539,7 +2657,7 @@ summary of the changes in that release.
is "pw", which means to use getpwnam(). New mailbox database
types can be added by adding custom code to libsm/mbdb.c.
Queue file names are now 15 characters long, rather than 14 characters
long, to accomodate envelope splitting. File systems with
long, to accommodate envelope splitting. File systems with
a 14 character file name length limit are no longer
supported.
Recipient list used for delivery now gets internally ordered by
@ -2580,7 +2698,7 @@ summary of the changes in that release.
New ruleset srv_features to enable/disable certain features in the
server per connection. See doc/op/op.me for details.
New ruleset tls_rcpt to decide whether to send e-mail to a particular
recipient; useful to decide whether a conection is secure
recipient; useful to decide whether a connection is secure
enough on a per recipient basis.
New option TLSSrvOptions to modify some aspects of the server
for STARTTLS.
@ -2591,7 +2709,7 @@ summary of the changes in that release.
Macro expand filenames/directories for certs and keys in the .cf file.
Proposed by Neil Rickert of Northern Illinois University.
Generate an ephemeral RSA key for a STARTTLS connection only if
really required. This change results in a noticable
really required. This change results in a noticeable
performance gains on most machines. Moreover, if shared
memory is in use, reuse the key several times.
Add queue groups which can be used to group queue directories with
@ -3500,7 +3618,7 @@ summary of the changes in that release.
CONFIG: Reject addresses of the form a!b if FEATURE(`nouucp', `r')
is used. Problem noted by Phil Homewood of Asia Online,
patch from Neil Rickert of Northern Illinois University.
CONFIG: Change the default DNS based blacklist server for
CONFIG: Change the default DNS based blocklist server for
FEATURE(`dnsbl') to blackholes.mail-abuse.org.
CONFIG: Deal correctly with the 'C' flag in {daemon_flags}, i.e.,
implicitly assume canonical host names.
@ -4736,7 +4854,7 @@ summary of the changes in that release.
from Per Hedeland of Ericsson.
If a resolver ANY query is larger than the UDP packet size, the
resolver will fall back to TCP. However, some
misconfigured firewalls black 53/TCP so the ANY lookup
misconfigured firewalls block 53/TCP so the ANY lookup
fails whereas an MX or A record might succeed. Therefore,
don't fail on ANY queries.
If an SMTP recipient is rejected due to syntax errors in the
@ -5152,7 +5270,7 @@ summary of the changes in that release.
line up into 2046-character output lines (excluding the
newline). If an input line was 2047 characters long
(excluding CR-LF) and the last character was a '.',
mail.local saw it as the end of input, transfered it to the
mail.local saw it as the end of input, transferred it to the
user mailbox and tried to write an `ok' back to sendmail.
If the message was much longer, both sendmail and
mail.local would deadlock waiting for each other to read
@ -6039,7 +6157,7 @@ summary of the changes in that release.
CONFIG: FEATURE(nodns) now warns the user that the feature is a
no-op. Patch from Kari Hurtta of the Finnish
Meteorological Institute.
CONFIG: OSTYPE(osf1) now sets DefaultUserID (confDEF_USER_ID) to
CONFIG: OSTYPE(osf1) now sets DefaultUser (confDEF_USER_ID) to
daemon since DEC's /bin/mail will drop the envelope
sender if run as mailnull. See the Digital UNIX section
of src/README for more information. Problem noted by
@ -7632,7 +7750,7 @@ summary of the changes in that release.
instead of 0644. Suggested by Ann-Kian Yeo of the
National University of Singapore.
Print errors if setgid/setuid/etc. fail during delivery. This helps
detect cases where DefaultUid is set to something that the
detect cases where DefaultUser is set to something that the
system can't cope with.
PORTABILITY FIXES:
Support for AIX/RS 2.2.1 from Mark Whetzel of Western
@ -9840,7 +9958,7 @@ summary of the changes in that release.
gethostname() (instead of myhostname(), which tries
to fully qualify the name) to be consistent with
SunOS. If your hostname is unqualified, this fixes
transfers to slave servers. Bug noted by Keith
transfers to secondary servers. Bug noted by Keith
McMillan of Ameritech Services, Inc.
Fix Ultrix problem: gethostbyname() can return a very large
(> 500) h_length field, which causes the sockaddr

View File

@ -396,7 +396,7 @@ SMTP_MAILER_MAXMSGS [undefined] If defined, the maximum number of
messages to deliver in a single connection for the
smtp, smtp8, esmtp, or dsmtp mailers.
SMTP_MAILER_MAXRCPTS [undefined] If defined, the maximum number of
recipients to deliver in a single connection for the
recipients to deliver in a single envelope for the
smtp, smtp8, esmtp, or dsmtp mailers.
SMTP_MAILER_ARGS [TCP $h] The arguments passed to the smtp mailer.
About the only reason you would want to change this
@ -1250,7 +1250,7 @@ access_db Turns on the access database feature. The access db gives
important information about this feature. Notice:
"-T<TMPF>" is meant literal, do not replace it by anything.
blacklist_recipients
blocklist_recipients
Turns on the ability to block incoming mail for certain
recipient usernames, hostnames, or addresses. For
example, you can block incoming mail to user nobody,
@ -1579,7 +1579,7 @@ require_rdns Reject mail from connecting SMTP clients without proper
Entries such as
Connect:1.2.3.4 OK
Connect:1.2 RELAY
will whitelist IP address 1.2.3.4, so that the rDNS
will allowlist IP address 1.2.3.4, so that the rDNS
blocking does apply to that IP address
Entries such as
@ -2602,7 +2602,7 @@ requires a tag. For example,
From:another.dom REJECT
This would deny mails from spammer@some.dom but you could still
send mail to that address even if FEATURE(`blacklist_recipients')
send mail to that address even if FEATURE(`blocklist_recipients')
is enabled. Your system will allow relaying to friend.domain, but
not from it (unless enabled by other means). Connections from that
domain will be allowed even if it ends up in one of the DNS based
@ -2723,7 +2723,7 @@ sender address.
If you use:
FEATURE(`blacklist_recipients')
FEATURE(`blocklist_recipients')
then you can add entries to the map for local users, hosts in your
domains, or addresses in your domain which should not receive mail:
@ -2747,14 +2747,14 @@ as value part in the access map. Taking the example from above:
Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com.
That's why tagged entries should be used.
There are several DNS based blacklists which can be found by
There are several DNS based blocklists which can be found by
querying a search engine. These are databases of spammers
maintained in DNS. To use such a database, specify
FEATURE(`dnsbl', `dnsbl.example.com')
This will cause sendmail to reject mail from any site listed in the
DNS based blacklist. You must select a DNS based blacklist domain
DNS based blocklist. You must select a DNS based blocklist domain
to check by specifying an argument to the FEATURE. The default
error message is
@ -2789,14 +2789,14 @@ This FEATURE can be included several times to query different
DNS based rejection lists.
Notice: to avoid checking your own local domains against those
blacklists, use the access_db feature and add:
blocklists, use the access_db feature and add:
Connect:10.1 OK
Connect:127.0.0.1 RELAY
to the access map, where 10.1 is your local network. You may
want to use "RELAY" instead of "OK" to allow also relaying
instead of just disabling the DNS lookups in the blacklists.
instead of just disabling the DNS lookups in the blocklists.
The features described above make use of the check_relay, check_mail,
@ -2849,7 +2849,7 @@ my.domain and you have
in the access map, then any e-mail with a sender address of
<user@my.domain> will not be rejected by check_relay even though
it would match the hostname or IP address. This allows spammers
to get around DNS based blacklist by faking the sender address. To
to get around DNS based blocklist by faking the sender address. To
avoid this problem you have to use tagged entries:
To:my.domain RELAY
@ -2978,7 +2978,7 @@ limits per client IP address or net. These features can limit the
rate of connections (connections per time unit) or the number of
incoming SMTP connections, respectively. If enabled, appropriate
rulesets are called at the end of check_relay, i.e., after DNS
blacklists and generic access_db operations. The features require
blocklists and generic access_db operations. The features require
FEATURE(`access_db') to be listed earlier in the mc file.
Note: FEATURE(`delay_checks') delays those connection control checks
@ -3071,13 +3071,13 @@ rulesets and map lookups, they are modified as follows: each non-printable
character and the characters '<', '>', '(', ')', '"', '+', ' ' are replaced
by their HEX value with a leading '+'. For example:
/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email=
/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/emailAddress=
darth+cert@endmail.org
is encoded as:
/C=US/ST=California/O=endmail.org/OU=private/CN=
Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org
(line breaks have been inserted for readability).
@ -3089,30 +3089,27 @@ Examples:
To allow relaying for everyone who can present a cert signed by
/C=US/ST=California/O=endmail.org/OU=private/CN=
Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org
simply use:
CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org RELAY
Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org RELAY
To allow relaying only for a subset of machines that have a cert signed by
/C=US/ST=California/O=endmail.org/OU=private/CN=
Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org
use:
CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org SUBJECT
Darth+20Mail+20+28Cert+29/emailAddress=darth+2Bcert@endmail.org SUBJECT
CertSubject:/C=US/ST=California/O=endmail.org/OU=private/CN=
DeathStar/Email=deathstar@endmail.org RELAY
DeathStar/emailAddress=deathstar@endmail.org RELAY
Notes:
- line breaks have been inserted after "CN=" for readability,
each tagged entry must be one (long) line in the access map.
- if OpenSSL 0.9.7 or newer is used then the "Email=" part of a DN
is replaced by "emailAddress=".
Note: line breaks have been inserted after "CN=" for readability,
each tagged entry must be one (long) line in the access map.
Of course it is also possible to write a simple ruleset that allows
relaying for everyone who can present a cert that can be verified, e.g.,
@ -3188,16 +3185,23 @@ CN:name name must match ${cn_subject}
CN ${client_name}/${server_name} must match ${cn_subject}
CS:name name must match ${cert_subject}
CI:name name must match ${cert_issuer}
CITag:MYTag look up MYTag:${cert_issuer} in access map; the check
only succeeds if it is found with a RHS of OK.
Example: e-mail sent to secure.example.com should only use an encrypted
connection. E-mail received from hosts within the laptop.example.com domain
should only be accepted if they have been authenticated. The host which
receives e-mail for darth@endmail.org must present a cert that uses the
CN smtp.endmail.org.
CN smtp.endmail.org. E-mail sent to safe.example.com must be verified,
have a matching CN, and must present a cert signed by a CA with one of
the listed DNs.
TLS_Srv:secure.example.com ENCR:112
TLS_Clt:laptop.example.com PERM+VERIFY:112
TLS_Rcpt:darth@endmail.org ENCR:112+CN:smtp.endmail.org
TLS_Srv:safe.example.net VERIFY+CN++CITag:MyCA
MyCA:/C=US/ST=CA/O=safe/CN=example.net/ OK
MyCA:/C=US/ST=CA/O=secure/CN=example.net/ OK
TLS Options per Session
@ -3217,6 +3221,7 @@ options:
- Options: compare {Server,Client}SSLOptions.
- CipherList: same as the global option.
- CertFile, KeyFile: {Server,Client}{Cert,Key}File
- Flags: see doc/op/op.me for details.
If FEATURE(`tls_session_features') is used, then default rulesets
are activated which look up entries in the access map with the tags
@ -3234,15 +3239,12 @@ If FEATURE(`tls_session_features') is not used the user can provide
their own rulesets which must return the appropriate data.
If the rulesets are not defined or do not return a value, the
default TLS options are not modified.
(These rulesets require the sendmail binary to be built with
_FFR_TLS_SE_OPTS enabled.)
About 2): the ruleset try_tls (srv_features) can be used that work
together with the access map. Entries for the access map must be
tagged with Try_TLS (Srv_Features) and refer to the hostname or IP
address of the connecting system. A default case can be specified
by using just the tag. For example, the following entries in the
access map:
About 2): the ruleset try_tls (srv_features) can be used together
with the access map. Entries for the access map must be tagged
with Try_TLS (Srv_Features) and refer to the hostname or IP address
of the connecting system. A default case can be specified by using
just the tag. For example, the following entries in the access map:
Try_TLS:broken.server NO
Srv_Features:my.domain v
@ -3654,7 +3656,7 @@ for. In particular:
if your system allows "file giveaways" (that is, if a non-root
user can chown any file they own to any other user).
* If your system allows file giveaways, DO NOT create a publically
* If your system allows file giveaways, DO NOT create a publicly
writable directory for forward files. This will allow anyone
to steal anyone else's e-mail. Instead, create a script that
copies the .forward file from users' home directories once a
@ -4011,6 +4013,10 @@ confUSERDB_SPEC UserDatabaseSpec
confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host.
confFALLBACK_SMARTHOST FallbackSmartHost
[undefined] Fallback smart host.
confTLS_FALLBACK_TO_CLEAR TLSFallbacktoClear
[undefined] If set, immediately try
a connection again without STARTTLS
after a TLS handshake failure.
confTRY_NULL_MX_LIST TryNullMXList [False] If this host is the best MX
for a host and other arrangements
haven't been made, try connecting
@ -4364,10 +4370,13 @@ confCLIENT_KEY ClientKeyFile [undefined] File containing the
cert.
confCRL CRLFile [undefined] File containing certificate
revocation status, useful for X.509v3
authentication. Note that CRL requires
at least OpenSSL version 0.9.7.
authentication.
confCRL_PATH CRLPath [undefined] Directory containing
hashes pointing to certificate
revocation status files.
confDH_PARAMETERS DHParameters [undefined] File containing the
DH parameters.
confDANE DANE [false] Enable DANE support.
confRAND_FILE RandFile [undefined] File containing random
data (use prefix file:) or the
name of the UNIX socket if EGD is
@ -4379,6 +4388,9 @@ confCERT_FINGERPRINT_ALGORITHM CertFingerprintAlgorithm
[undefined] The fingerprint algorithm
(digest) to use for the presented
cert.
confSSL_ENGINE SSLEngine [undefined] Name of SSLEngine.
confSSL_ENGINE_PATH SSLEnginePath [undefined] Path to dynamic library
for SSLEngine.
confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of
queue runners is set the given value
(nice(3)).
@ -4799,7 +4811,6 @@ M4 DIVERSIONS
5 locally interpreted names (overrides $R)
6 local configuration (at top of file)
7 mailer definitions
8 DNS based blacklists
8 DNS based blocklists
9 special local rulesets (1 and 2)
$Revision: 8.730 $, Last updated $Date: 2014-01-16 15:55:51 $

View File

@ -103,7 +103,7 @@ M4FILES=\
${CFDIR}/feature/bcc.m4 \
${CFDIR}/feature/bestmx_is_local.m4 \
${CFDIR}/feature/bitdomain.m4 \
${CFDIR}/feature/blacklist_recipients.m4 \
${CFDIR}/feature/blocklist_recipients.m4 \
${CFDIR}/feature/conncontrol.m4 \
${CFDIR}/feature/dnsbl.m4 \
${CFDIR}/feature/domaintable.m4 \

View File

@ -46,7 +46,7 @@ define(`CYRUS_MAILER_PATH', `/usr/local/cyrus/bin/deliver')
define(`CYRUS_MAILER_FLAGS', `fAh5@/:|')
FEATURE(`access_db')
FEATURE(`blacklist_recipients')
FEATURE(`blocklist_recipients')
FEATURE(`local_lmtp')
FEATURE(`virtusertable')
FEATURE(`mailertable')
@ -234,7 +234,7 @@ Kstorage macro
LOCAL_RULESETS
######################################################################
### check for the existance of the X-MailScanner Header
### check for the existence of the X-MailScanner Header
HX-MailScanner: $>+CheckXMSc
D{SobigFPat}Found to be clean
D{SobigFMsg}This message may contain the Sobig.F virus.

View File

@ -16,8 +16,8 @@
#####
##### SENDMAIL CONFIGURATION FILE
#####
##### built by ca@sandman.dev-lab.sendmail.com on Thu Jul 2 05:24:31 PDT 2015
##### in /x/ca/smi.git/sendmail/OpenSource/sendmail-8.15.2/cf/cf
##### built by ca@lab.smi.sendmail.com on Thu Jul 2 22:41:57 PDT 2020
##### in /var/tmp/ca/sm8.git/sendmail/OpenSource/sendmail-8.16.1/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
@ -114,7 +114,7 @@ D{MTAHost}[127.0.0.1]
# Configuration version number
DZ8.15.2/Submit
DZ8.16.1/Submit
###############
@ -513,6 +513,12 @@ O PidFile=/var/spool/clientmqueue/sm-client.pid
#O ServerSSLOptions
# client side SSL options
#O ClientSSLOptions
# SSL Engine
#O SSLEngine
# Path to dynamic library for SSLEngine
#O SSLEnginePath
# TLS: fall back to clear text after handshake failure?
#O TLSFallbacktoClear
# Input mail filters
#O InputMailFilters
@ -532,12 +538,16 @@ O PidFile=/var/spool/clientmqueue/sm-client.pid
#O ClientKeyFile
# File containing certificate revocation lists
#O CRLFile
# Directory containing hashes pointing to certificate revocation status files
#O CRLPath
# DHParameters (only required if DSA/DH is used)
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
# fingerprint algorithm (digest) to use for the presented cert
#O CertFingerprintAlgorithm
# enable DANE?
#O DANE=false
# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20
@ -1257,6 +1267,7 @@ R$* $| $* $@ $>"TLS_connection" $1
### ${verify}
######################################################################
Stls_server
R$* $@ $>"TLS_connection" $1
######################################################################
@ -1268,6 +1279,7 @@ R$* $@ $>"TLS_connection" $1
######################################################################
STLS_connection
RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake."
RDANE_FAIL $#error $@ 4.7.0 $: "403 DANE check failed."

View File

@ -76,7 +76,7 @@ R$* $| $* $: ifelse(len(X`'_ARG3_),`1', `$1', `_ARG3_')
ifdef(`_CANONIFY_BCC_', `dnl
R$+ @ $+ $: $1@$2 $| <$(canonicalRcpt $1 @ $2 $: $)>
R$* $| <> $@
R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: _TMPFMSG_(`BCC')
R$* $| <$+> $@ $2 map matched?
')

View File

@ -13,7 +13,6 @@ divert(0)
VERSIONID(`$Id: blacklist_recipients.m4,v 8.14 2013-11-22 20:51:11 ca Exp $')
divert(-1)
ifdef(`_ACCESS_TABLE_',
`define(`_BLACKLIST_RCPT_', 1)',
`errprint(`*** ERROR: FEATURE(blacklist_recipients) requires FEATURE(access_db)
')')
errprint(`WARNING: FEATURE(blacklist_recipients) is deprecated; use FEATURE(blocklist_recipients.m4).
')
FEATURE(`blocklist_recipients')

View File

@ -0,0 +1,19 @@
divert(-1)
#
# Copyright (c) 1998, 1999 Proofpoint, Inc. and its suppliers.
# All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
divert(0)
VERSIONID(`$Id: blocklist_recipients.m4,v 8.14 2013-11-22 20:51:11 ca Exp $')
divert(-1)
ifdef(`_ACCESS_TABLE_',
`define(`_BLOCKLIST_RCPT_', 1)',
`errprint(`*** ERROR: FEATURE(blocklist_recipients) requires FEATURE(access_db)
')')

View File

@ -0,0 +1,17 @@
divert(-1)
#
# Copyright (c) 2019 Proofpoint, Inc. and its suppliers.
# All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
divert(0)dnl
VERSIONID(`$Id: block_bad_helo.m4,v 1.2 2013-11-22 20:51:11 ca Exp $')
divert(-1)
define(`_FFR_TLS_ALTNAMES', `1')
divert(6)dnl
O SetCertAltnames=true

View File

@ -17,7 +17,7 @@ define(`_DNSBL_R_',`')
ifelse(defn(`_ARG_'), `',
`errprint(`*** ERROR: missing argument for FEATURE(`dnsbl')')')
LOCAL_CONFIG
# map for DNS based blacklist lookups
# map for DNS based blocklist lookups
Kdnsbl DNSBL_MAP -T<TMP>ifdef(`DNSBL_MAP_OPT',` DNSBL_MAP_OPT')')
divert(-1)
define(`_DNSBL_SRV_', `_ARG_')dnl

View File

@ -16,7 +16,7 @@ ifdef(`_EDNSBL_R_',`dnl',`dnl
VERSIONID(`$Id: enhdnsbl.m4,v 1.13 2013-11-22 20:51:11 ca Exp $')
LOCAL_CONFIG
define(`_EDNSBL_R_',`')dnl
# map for enhanced DNS based blacklist lookups
# map for enhanced DNS based blocklist lookups
Kednsbl dns -R A -a. -T<TMP> -r`'ifdef(`EDNSBL_TO',`EDNSBL_TO',`5')
')
divert(-1)

View File

@ -0,0 +1,13 @@
divert(-1)
#
# Copyright (c) 2020 Proofpoint, Inc. and its suppliers.
# All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
errprint(`*** ERROR: FEATURE(tls_failures) has been replaced by confTLS_FALLBACK_TO_CLEAR
')
define(`confTLS_FALLBACK_TO_CLEAR', `true')

View File

@ -73,6 +73,15 @@ define(`_ARG9_',`_ACC_ARG_9_(_ARGS_)')
dnl define if not yet defined: if `$1' is not defined it will be `$2'
define(`_DEFIFNOT',`ifdef(`$1',`',`define(`$1',`$2')')')
dnl ----------------------------------------
dnl Use a "token" for this error message to make them unique?
dnl Note: this is not a documented option. To enable it, use:
dnl define(`_USETMPFTOKEN_', `1')dnl
ifdef(`_USETMPFTOKEN_', `
define(_TMPFMSG_, `"451 Temporary system failure $1. Please try again later."')
', `dnl
define(_TMPFMSG_, `"451 Temporary system failure. Please try again later."')
')
dnl ----------------------------------------
dnl add a char $2 to a string $1 if it is not there
define(`_ADDCHAR_',`define(`_I_',`eval(index(`$1',`$2') >= 0)')`'ifelse(_I_,`1',`$1',`$1$2')')
dnl ----

View File

@ -161,7 +161,7 @@ ifdef(`_ACCESS_TABLE_', `dnl
# access_db acceptance class
C{Accept}OK RELAY
ifdef(`_DELAY_COMPAT_8_10_',`dnl
ifdef(`_BLACKLIST_RCPT_',`dnl
ifdef(`_BLOCKLIST_RCPT_',`dnl
# possible access_db RHS for spam friends/haters
C{SpamTag}SPAMFRIEND SPAMHATER')')',
`dnl')
@ -197,7 +197,9 @@ ifdef(`_MACRO_MAP_', `', `# macro storage map
define(`_MACRO_MAP_', `1')dnl
Kmacro macro')
# possible values for TLS_connection in access map
C{Tls}VERIFY ENCR', `dnl')
C{Tls}VERIFY ENCR
C{TlsVerified}OK TRUSTED
dnl', `dnl')
ifdef(`_CERT_REGEX_ISSUER_', `dnl
# extract relevant part from cert issuer
KCERTIssuer regex _CERT_REGEX_ISSUER_', `dnl')
@ -653,6 +655,12 @@ _OPTION(CipherList, `confCIPHER_LIST', `')
_OPTION(ServerSSLOptions, `confSERVER_SSL_OPTIONS', `')
# client side SSL options
_OPTION(ClientSSLOptions, `confCLIENT_SSL_OPTIONS', `')
# SSL Engine
_OPTION(SSLEngine, `confSSL_ENGINE', `')
# Path to dynamic library for SSLEngine
_OPTION(SSLEnginePath, `confSSL_ENGINE_PATH', `')
# TLS: fall back to clear text after handshake failure?
_OPTION(TLSFallbacktoClear, `confTLS_FALLBACK_TO_CLEAR', `')
# Input mail filters
_OPTION(InputMailFilters, `confINPUT_MAIL_FILTERS', `')
@ -682,12 +690,16 @@ _OPTION(ClientCertFile, `confCLIENT_CERT', `')
_OPTION(ClientKeyFile, `confCLIENT_KEY', `')
# File containing certificate revocation lists
_OPTION(CRLFile, `confCRL', `')
# Directory containing hashes pointing to certificate revocation status files
_OPTION(CRLPath, `confCRL_PATH', `')
# DHParameters (only required if DSA/DH is used)
_OPTION(DHParameters, `confDH_PARAMETERS', `')
# Random data source (required for systems without /dev/urandom under OpenSSL)
_OPTION(RandFile, `confRAND_FILE', `')
# fingerprint algorithm (digest) to use for the presented cert
_OPTION(CertFingerprintAlgorithm, `confCERT_FINGERPRINT_ALGORITHM', `')
# enable DANE?
_OPTION(DANE, `confDANE', `false')
# Maximum number of "useless" commands before slowing down
_OPTION(MaxNOOPCommands, `confMAX_NOOP_COMMANDS', `20')
@ -1500,7 +1512,7 @@ R<$* <TMPF>> <$*> <$+> <$+> <$*> $: $&{opMode} $| TMPF <$&{addr_type}> $| $3
R<$*> <$* <TMPF>> <$+> <$+> <$*> $: $&{opMode} $| TMPF <$&{addr_type}> $| $3
ifelse(_LDAP_ROUTE_MAPTEMP_, `_TEMPFAIL_', `dnl
# ... temp fail RCPT SMTP commands
R$={SMTPOpModes} $| TMPF <e r> $| $+ $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."')
R$={SMTPOpModes} $| TMPF <e r> $| $+ $#error $@ 4.3.0 $: _TMPFMSG_(`OPM')')
# ... return original address for MTA to queue up
R$* $| TMPF <$*> $| $+ $@ $3
@ -1733,7 +1745,7 @@ dnl if mark is <NO> then change it to <RELAY> if domain is "authorized"
dnl what if access map returns something else than RELAY?
dnl we are only interested in RELAY entries...
dnl other To: entries: blacklist recipient; generic entries?
dnl other To: entries: blocklist recipient; generic entries?
dnl if it is an error we probably do not want to relay anyway
ifdef(`_RELAY_HOSTS_ONLY_',
`R<NO> $* < @ $=R > $: <RELAY> $1 < @ $2 >
@ -1807,7 +1819,7 @@ R<QUARANTINE:$+> <$*> $#error $@ quarantine $: $1
dnl error tag
R<ERROR:$-.$-.$-:$+> <$*> $#error $@ $1.$2.$3 $: $4
R<ERROR:$+> <$*> $#error $: $1
ifdef(`_ATMPF_', `R<$* _ATMPF_> <$*> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
ifdef(`_ATMPF_', `R<$* _ATMPF_> <$*> $#error $@ 4.3.0 $: _TMPFMSG_(`CR')', `dnl')
dnl generic error from access map
R<$+> <$*> $#error $: $1', `dnl')
@ -1976,7 +1988,7 @@ R<REJECT> $* $#error ifdef(`confREJECT_MSG', `$: confREJECT_MSG', `$@ 5.7.1 $:
dnl error tag
R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
R<ERROR:$+> $* $#error $: $1
ifdef(`_ATMPF_', `R<_ATMPF_> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
ifdef(`_ATMPF_', `R<_ATMPF_> $* $#error $@ 4.3.0 $: _TMPFMSG_(`CM')', `dnl')
dnl generic error from access map
R<$+> $* $#error $: $1 error from access db',
`dnl')
@ -2108,9 +2120,9 @@ R$* $=O $* < @ $* @@ $=w . > $* $@ $>"Rcpt_ok" $1 $2 $3
R$* < @ $* @@ $=w . > $* $: $1 < @ $3 > $4
R$* < @ $* @@ $* > $* $: $1 < @ $2 > $4')
ifdef(`_BLACKLIST_RCPT_',`dnl
ifdef(`_BLOCKLIST_RCPT_',`dnl
ifdef(`_ACCESS_TABLE_', `dnl
# blacklist local users or any host from receiving mail
# blocklist local users or any host from receiving mail
R$* $: <?> $1
dnl user is now tagged with @ to be consistent with check_mail
dnl and to distinguish users from hosts (com would be host, com@ would be user)
@ -2143,7 +2155,7 @@ R<QUARANTINE:$+> $* $#error $@ quarantine $: $1
dnl error tag
R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
R<ERROR:$+> $* $#error $: $1
ifdef(`_ATMPF_', `R<_ATMPF_> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
ifdef(`_ATMPF_', `R<_ATMPF_> $* $#error $@ 4.3.0 $: _TMPFMSG_(`ROK1')', `dnl')
dnl generic error from access map
R<$+> $* $#error $: $1 error from access db
R@ $* $1 remove mark', `dnl')', `dnl')
@ -2198,7 +2210,7 @@ R$+ < @ $+ > $| $* $: <$3> <$1 <@ $2>>',
ifdef(`_ACCESS_TABLE_', `dnl
dnl workspace: <Result-of-lookup | ?> <localpart<@domain>>
R<RELAY> $* $@ RELAY
ifdef(`_ATMPF_', `R<$* _ATMPF_> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
ifdef(`_ATMPF_', `R<$* _ATMPF_> $* $#TEMP $@ 4.3.0 $: _TMPFMSG_(`ROK2')', `dnl')
R<$*> <$*> $: $2',`dnl')
@ -2268,7 +2280,7 @@ dnl Connect:My.Host.Domain RELAY
dnl Connect:My.Net REJECT
dnl since in check_relay client_name is checked before client_addr
R<REJECT> $* $@ REJECT rejected IP address')
ifdef(`_ATMPF_', `R<_ATMPF_> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
ifdef(`_ATMPF_', `R<_ATMPF_> $* $#TEMP $@ 4.3.0 $: _TMPFMSG_(`YOK1')', `dnl')
R<$*> <$*> $: $2', `dnl')
R$* $: [ $1 ] put brackets around it...
R$=w $@ RELAY ... and see if it is local
@ -2287,7 +2299,7 @@ R<?> $+ < @ $=w > $@ RELAY FROM local', `dnl')
ifdef(`_RELAY_DB_FROM_', `dnl
R<?> $+ < @ $+ > $: <@> $>SearchList <! From> $| <F:$1@$2> ifdef(`_RELAY_DB_FROM_DOMAIN_', ifdef(`_RELAY_HOSTS_ONLY_', `<E:$2>', `<D:$2>')) <>
R<@> <RELAY> $@ RELAY RELAY FROM sender ok
ifdef(`_ATMPF_', `R<@> <_ATMPF_> $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
ifdef(`_ATMPF_', `R<@> <_ATMPF_> $#TEMP $@ 4.3.0 $: _TMPFMSG_(`YOK2')', `dnl')
', `dnl
ifdef(`_RELAY_DB_FROM_DOMAIN_',
`errprint(`*** ERROR: _RELAY_DB_FROM_DOMAIN_ requires _RELAY_DB_FROM_
@ -2331,7 +2343,7 @@ ifdef(`_ACCESS_TABLE_', `dnl
R<?> $* $: $>D <$1> <?> <+ Connect> <$1>',`dnl')')
ifdef(`_ACCESS_TABLE_', `dnl
R<RELAY> $* $@ RELAY
ifdef(`_ATMPF_', `R<$* _ATMPF_> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
ifdef(`_ATMPF_', `R<$* _ATMPF_> $* $#TEMP $@ 4.3.0 $: _TMPFMSG_(`YOK3')', `dnl')
R<$*> <$*> $: $2',`dnl')
dnl end of _PROMISCUOUS_RELAY_
divert(0)
@ -2384,7 +2396,7 @@ ifdef(`_ACCESS_TABLE_', `',
`errprint(`*** ERROR: FEATURE(`delay_checks', `argument') requires FEATURE(`access_db')
')')dnl
dnl one of the next two rules is supposed to match
dnl this code has been copied from BLACKLIST... etc
dnl this code has been copied from BLOCKLIST... etc
dnl and simplified by omitting some < >.
R<?> $+ < @ $=w > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 > <U: $1@>
R<?> $+ < @ $* > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 >
@ -2688,7 +2700,7 @@ R<?>$* $: $>A <$&{server_addr}> <?> <! TLS_TRY_TAG> <>
R<?>$* $: <$(access TLS_TRY_TAG`'_TAG_DELIM_ $: ? $)>
R<?>$* $@ OK
ifdef(`_ATMPF_', `dnl tempfail?
R<$* _ATMPF_>$* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
R<$* _ATMPF_>$* $#error $@ 4.3.0 $: _TMPFMSG_(`TT')', `dnl')
R<NO>$* $#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]"')
######################################################################
@ -2721,7 +2733,7 @@ R$* $| $+ $: $1 $| $>SearchList <! TLS_RCPT_TAG> $| $2 <>
dnl found nothing: stop here
R$* $| <?> $@ OK
ifdef(`_ATMPF_', `dnl tempfail?
R$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
R$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: _TMPFMSG_(`TR')', `dnl')
dnl use the generic routine (for now)
R$* $| <$+> $@ $>"TLS_connection" $&{verify} $| <$2>')
@ -2751,7 +2763,7 @@ R$* $| <?>$* $: $1 $| $>A <$&{client_addr}> <?> <! TLS_CLT_TAG> <>
dnl do a default lookup: just TLS_CLT_TAG
R$* $| <?>$* $: $1 $| <$(access TLS_CLT_TAG`'_TAG_DELIM_ $: ? $)>
ifdef(`_ATMPF_', `dnl tempfail?
R$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
R$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: _TMPFMSG_(`TC')', `dnl')
R$* $@ $>"TLS_connection" $1', `dnl
R$* $| $* $@ $>"TLS_connection" $1')
@ -2769,6 +2781,8 @@ ifdef(`_LOCAL_TLS_SERVER_', `dnl
R$* $: $1 $| $>"Local_tls_server" $1
R$* $| $#$* $#$2
R$* $| $* $: $1', `dnl')
ifdef(`_TLS_FAILURES_',`dnl
R$* $: $(macro {saved_verify} $@ $1 $) $1')
ifdef(`_ACCESS_TABLE_', `dnl
dnl store name of other side
R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
@ -2777,7 +2791,7 @@ R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! TLS_SRV_TAG> <>
dnl do a default lookup: just TLS_SRV_TAG
R$* $| <?>$* $: $1 $| <$(access TLS_SRV_TAG`'_TAG_DELIM_ $: ? $)>
ifdef(`_ATMPF_', `dnl tempfail?
R$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
R$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: _TMPFMSG_(`TS')', `dnl')
R$* $@ $>"TLS_connection" $1', `dnl
R$* $@ $>"TLS_connection" $1')
@ -2798,6 +2812,7 @@ STLS_connection
ifdef(`_ACCESS_TABLE_', `dnl', `dnl use default error
dnl deal with TLS handshake failures: abort
RSOFTWARE $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') TLS handshake."
RDANE_FAIL $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') DANE check failed."
divert(-1)')
dnl common ruleset for tls_{client|server}
dnl input: ${verify} $| <ResultOfLookup> [<>]
@ -2813,14 +2828,19 @@ R$* $| <$={Tls} $*> $: $1 $| <ifdef(`TLS_PERM_ERR', `503:5.7.0', `403:4.7.0')>
dnl workspace: ${verify} $| [<SMTP:ESC>] <ResultOfLookup>
# deal with TLS handshake failures: abort
RSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed."
dnl no <reply:dns> i.e. not requirements in the access map
dnl no <reply:dns> i.e. no requirements in the access map
dnl use default error
RSOFTWARE $| $* $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') TLS handshake failed."
# deal with TLS protocol errors: abort
RPROTOCOL $| <$-:$+> $* $#error $@ $2 $: $1 " STARTTLS failed."
dnl no <reply:dns> i.e. not requirements in the access map
dnl no <reply:dns> i.e. no requirements in the access map
dnl use default error
RPROTOCOL $| $* $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') STARTTLS failed."
# deal with DANE errors: abort
RDANE_FAIL $| <$-:$+> $* $#error $@ $2 $: $1 " DANE check failed."
dnl no <reply:dns> i.e. no requirements in the access map
dnl use default error
RDANE_FAIL $| $* $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') DANE check failed."
R$* $| <$*> <VERIFY> $: <$2> <VERIFY> <> $1
dnl separate optional requirements
R$* $| <$*> <VERIFY + $+> $: <$2> <VERIFY> <$3> $1
@ -2834,16 +2854,16 @@ R$* $| $* $@ OK
# other side did authenticate (via STARTTLS)
dnl workspace: <SMTP:ESC> <{VERIFY,ENCR}[:BITS]> <[extensions]> ${verify}
dnl only verification required and it succeeded
R<$*><VERIFY> <> OK $@ OK
R<$*><VERIFY> <> $={TlsVerified} $@ OK
dnl verification required and it succeeded but extensions are given
dnl change it to <SMTP:ESC> <REQ:0> <extensions>
R<$*><VERIFY> <$+> OK $: <$1> <REQ:0> <$2>
R<$*><VERIFY> <$+> $={TlsVerified} $: <$1> <REQ:0> <$2>
dnl verification required + some level of encryption
R<$*><VERIFY:$-> <$*> OK $: <$1> <REQ:$2> <$3>
R<$*><VERIFY:$-> <$*> $={TlsVerified} $: <$1> <REQ:$2> <$3>
dnl just some level of encryption required
R<$*><ENCR:$-> <$*> $* $: <$1> <REQ:$2> <$3>
dnl workspace:
dnl 1. <SMTP:ESC> <VERIFY [:bits]> <[extensions]> {verify} (!= OK)
dnl 1. <SMTP:ESC> <VERIFY [:bits]> <[extensions]> {verify} (!~ $={TlsVerified})
dnl 2. <SMTP:ESC> <REQ:bits> <[extensions]>
dnl verification required but ${verify} is not set (case 1.)
R<$-:$+><VERIFY $*> <$*> $#error $@ $2 $: $1 " authentication required"
@ -2851,6 +2871,7 @@ R<$-:$+><VERIFY $*> <$*> FAIL $#error $@ $2 $: $1 " authentication failed"
R<$-:$+><VERIFY $*> <$*> NO $#error $@ $2 $: $1 " not authenticated"
R<$-:$+><VERIFY $*> <$*> NOT $#error $@ $2 $: $1 " no authentication requested"
R<$-:$+><VERIFY $*> <$*> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS"
R<$-:$+><VERIFY $*> <$*> CLEAR $#error $@ $2 $: $1 " STARTTLS disabled locally"
dnl some other value for ${verify}
R<$-:$+><VERIFY $*> <$*> $+ $#error $@ $2 $: $1 " authentication failure " $4
dnl some level of encryption required: get the maximum level (case 2.)
@ -2884,7 +2905,6 @@ R<$-:$+> $+ $@ $>"TLS_req" $3 $| <$1:$2>
dnl further requirements for this ruleset:
dnl name of "other side" is stored is {TLS_name} (client/server_name)
dnl
dnl currently only CN[:common_name] is implemented
dnl right now this is only a logical AND
dnl i.e. all requirements must be true
dnl how about an OR? CN must be X or CN must be Y or ..
@ -2896,6 +2916,11 @@ dnl no additional requirements: ok
R $| $+ $@ OK
dnl require CN: but no CN specified: use name of other side
R<CN> $* $| <$+> $: <CN:$&{TLS_Name}> $1 $| <$2>
ifdef(`_FFR_TLS_ALTNAMES', `dnl
R<CN:$={cert_altnames}> $* $| <$+> $@ $>"TLS_req" $2 $| <$3>
R<CN:$-.$+> $* $| <$+> $: <CN:*.$2> $3 $| <$4>
R<CN:$={cert_altnames}> $* $| <$+> $@ $>"TLS_req" $3 $| <$3>
R<CN:$*> $* $| <$+> $: <CN:$&{TLS_Name}> $2 $| <$3>', `dnl')
dnl match, check rest
R<CN:$&{cn_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
dnl CN does not match
@ -2911,6 +2936,10 @@ R<CI:$&{cert_issuer}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
dnl CI does not match
dnl 1 2 3 4
R<CI:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Issuer " $&{cert_issuer} " does not match " $1
dnl
R<CITag:$-> $* $| <$+> $: <$(access $1:$&{cert_issuer} $: ? $)> $2 $| <$3>
R<?> $* $| <$-:$+> $#error $@ $3 $: $2 " Cert Issuer " $&{cert_issuer} " not acceptable"
R<OK> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
dnl return from recursive call
ROK $@ OK
@ -2970,7 +2999,7 @@ dnl if it returns SUBJECT we perform a similar check on the
dnl cert subject.
ifdef(`_ACCESS_TABLE_', `dnl
R$* $: <?> $&{verify}
R<?> OK $: OK authenticated: continue
R<?> $={TlsVerified} $: OK authenticated: continue
R<?> $* $@ NO not authenticated
ifdef(`_CERT_REGEX_ISSUER_', `dnl
R$* $: $(CERTIssuer $&{cert_issuer} $)',
@ -3029,7 +3058,7 @@ R$+ $: $>SearchList <! ClientRate> $| $1 <>
dnl found nothing: stop here
R<?> $@ OK
ifdef(`_ATMPF_', `dnl tempfail?
R<$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
R<$* _ATMPF_> $#error $@ 4.3.0 $: _TMPFMSG_(`RC')', `dnl')
dnl use the generic routine (for now)
R<0> $@ OK no limit
R<$+> $: <$1> $| $(arith l $@ $1 $@ $&{client_rate} $)
@ -3051,7 +3080,7 @@ R$+ $: $>SearchList <! ClientConn> $| $1 <>
dnl found nothing: stop here
R<?> $@ OK
ifdef(`_ATMPF_', `dnl tempfail?
R<$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
R<$* _ATMPF_> $#error $@ 4.3.0 $: _TMPFMSG_(`CC')', `dnl')
dnl use the generic routine (for now)
R<0> $@ OK no limit
R<$+> $: <$1> $| $(arith l $@ $1 $@ $&{client_connections} $)

View File

@ -1,6 +1,6 @@
divert(-1)
#
# Copyright (c) 1998-2015 Proofpoint, Inc. and its suppliers.
# Copyright (c) 1998-2016 Proofpoint, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
@ -15,4 +15,4 @@ VERSIONID(`$Id: version.m4,v 8.237 2014-01-27 12:55:17 ca Exp $')
#
divert(0)
# Configuration version number
DZ8.15.2`'ifdef(`confCF_VERSION', `/confCF_VERSION')
DZ8.16.1`'ifdef(`confCF_VERSION', `/confCF_VERSION')

View File

@ -23,5 +23,5 @@ ifdef(`LOCAL_SHELL_PATH',, `define(`LOCAL_SHELL_PATH', /usr/bin/sh)')dnl
ifdef(`UUCP_MAILER_ARGS',, `define(`UUCP_MAILER_ARGS', `uux - -r -a$g -gC $h!rmail ($u)')')dnl
define(`confTIME_ZONE', `USE_TZ')dnl
dnl
dnl For maximum compability with HP-UX, use:
dnl For maximum compatibility with HP-UX, use:
dnl define(`confME_TOO', True)dnl

View File

@ -23,5 +23,5 @@ ifdef(`UUCP_MAILER_ARGS',, `define(`UUCP_MAILER_ARGS', `uux - -r -a$g -gC $h!rma
define(`confTIME_ZONE', `USE_TZ')dnl
define(`confEBINDIR', `/usr/lib')dnl
dnl
dnl For maximum compability with HP-UX, use:
dnl For maximum compatibility with HP-UX, use:
dnl define(`confME_TOO', True)dnl

View File

@ -1,6 +1,7 @@
#!/usr/bin/perl -w
# $Id: cidrexpand,v 8.8 2006-08-07 17:18:37 ca Exp $
#
# usage:
# cidrexpand < /etc/mail/access | makemap -r hash /etc/mail/access
#
# v 0.4
#
@ -28,7 +29,7 @@
# Added clarification in the notes for what to do if you have
# exceptions to a larger CIDR block.
#
# 26 Jul 2006 Richard Rognlie (richard@sendmail.com>
# 26 Jul 2006 Richard Rognlie (richard@sendmail.com)
# Added code to strip "comments" (anything after a non-escaped #)
# # characters after a \ or within quotes (single and double) are
# left intact.
@ -39,37 +40,66 @@
# From:1.2.3.4 550 Die spammer
#
# 3 August 2006
#
# Corrected a bug to have it handle the special case of "0.0.0.0/0"
# since Net::CIDR doesn't handle it properly.
#
# usage:
# cidrexpand < /etc/mail/access | makemap -r hash /etc/mail/access
# 27 April 2016
# Corrected IPv6 handling. Note that UseCompressedIPv6Addresses must
# be turned off for this to work; there are three reasons for this:
# 1) if the MTA uses compressed IPv6 addresses then CIDR 'cuts'
# in the compressed range *cannot* be matched, as the MTA simply
# won't look for them. E.g., there's no way to accurately
# match "IPv6:fe80::/64" when for the address "IPv6:fe80::54ad"
# the MTA doesn't lookup up "IPv6:fe80:0:0:0"
# 2) cidrexpand only generates uncompressed addresses, so CIDR
# 'cuts' to the right of the compressed range won't be matched
# either. Why doesn't it generate compressed address output?
# Oh, because:
# 3) compressed addresses are ambiguous when colon-groups are
# chopped off! You want an access map entry for
# IPv6:fe80::0:5420
# but not for
# IPv6:fe80::5420:1234
# ? Sorry, the former is really
# IPv6:fe80::5420
# which will also match the latter!
#
# 25 July 2016
# Since cidrexpand already requires UseCompressedIPv6Addresses to be
# turned off, it can also canonicalize non-CIDR IPv6 addresses to the
# format that sendmail looks up, expanding compressed addresses and
# trimming superfluous leading zeros.
#
# Report bugs to: <dredd@megacity.org>
#
use strict;
use Net::CIDR;
use Net::CIDR qw(cidr2octets cidrvalidate);
use Getopt::Std;
our ($opt_c,$opt_t);
getopts('ct:');
sub print_expanded_v4network;
sub print_expanded_v6network;
my $spaceregex = '\s+';
if ($opt_t)
{
$spaceregex = $opt_t;
}
our %opts;
getopts('ct:', \%opts);
# Delimiter between the key and value
my $space_re = exists $opts{t} ? $opts{t} : '\s+';
# Regexp that matches IPv4 address literals
my $ipv4_re = qr"(?:\d+\.){3}\d+";
# Regexp that matches IPv6 address literals, plus a lot more.
# Further checks are required for verifying that it's really one
my $ipv6_re = qr"[0-9A-Fa-f:]{2,39}(?:\.\d+\.\d+\.\d+)?";
while (<>)
{
chomp;
my ($prefix,$left,$right,$space);
my ($prefix, $network, $len, $right);
if ( (/\#/) && $opt_c )
if ( (/\#/) && $opts{c} )
{
# print "checking...\n";
my $i;
@ -98,41 +128,54 @@ while (<>)
}
}
if (! /^(|\S\S*:)(\d+\.){3}\d+\/\d\d?$spaceregex.*/ )
if (($prefix, $network, $len, $right) =
m!^(|\S+:)(${ipv4_re})/(\d+)(${space_re}.*)$!)
{
print "$_\n";
print_expanded_v4network($network, $len, $prefix, $right);
}
elsif ((($prefix, $network, $len, $right) =
m!^((?:\S+:)?[Ii][Pp][Vv]6:)(${ipv6_re})(?:/(\d+))?(${space_re}.*)$!) &&
(!defined($len) || $len <= 128) &&
defined(cidrvalidate($network)))
{
print_expanded_v6network($network, $len // 128, $prefix, $right);
}
else
{
($prefix,$left,$space,$right) =
/^(|\S\S*:)((?:\d+\.){3}\d+\/\d\d?)($spaceregex)(.*)$/;
my @new_lefts = expand_network($left);
foreach my $nl (@new_lefts)
{
print "$prefix$nl$space$right\n";
}
print "$_\n";
}
}
sub expand_network
sub print_expanded_v4network
{
my $left_input = shift;
my @rc = ($left_input);
my ($network,$mask) = split /\//, $left_input;
if (defined $mask)
{
return (0..255) if $mask == 0;
my ($network, $len, $prefix, $suffix) = @_;
my @parts = split /\./, $network;
while ($#parts < 3)
# cidr2octets() doesn't handle a prefix-length of zero, so do
# that ourselves
foreach my $nl ($len == 0 ? (0..255) : cidr2octets("$network/$len"))
{
push @parts, "0";
print "$prefix$nl$suffix\n";
}
}
sub print_expanded_v6network
{
my ($network, $len, $prefix, $suffix) = @_;
# cidr2octets() doesn't handle a prefix-length of zero, so do
# that ourselves. Easiest is to just recurse on bottom and top
# halves with a length of 1
if ($len == 0) {
print_expanded_v6network("::", 1, $prefix, $suffix);
print_expanded_v6network("8000::", 1, $prefix, $suffix);
}
else
{
foreach my $nl (cidr2octets("$network/$len"))
{
# trim leading zeros from each group
$nl =~ s/(^|:)0+(?=[^:])/$1/g;
print "$prefix$nl$suffix\n";
}
}
my $clean_input = join '.', @parts;
$clean_input .= "/$mask";
my @octets = Net::CIDR::cidr2octets($clean_input);
@rc = @octets;
}
return @rc;
}

View File

@ -24,7 +24,7 @@ dnl ## email. A tempfail-message value of `t' temporarily rejects
dnl ## with a default message. Otherwise the value should be your
dnl ## own message. The keytag is used to lookup the access map to
dnl ## further refine the result. I recommend a qualified keytag
dnl ## (containing a ".") as less likely to accidently conflict with
dnl ## (containing a ".") as less likely to accidentally conflict with
dnl ## other access tags.
dnl ##
dnl ## This is best illustrated with an example. Please do not use
@ -66,7 +66,7 @@ ifdef(`_ACCESS_TABLE_', `dnl',
ifdef(`_EDNSBL_R_',`dnl',`dnl
define(`_EDNSBL_R_', `1')dnl ## prevent multiple redefines of the map.
LOCAL_CONFIG
# map for enhanced DNS based blacklist lookups
# map for enhanced DNS based blocklist lookups
Kednsbl dns -R A -a. -T<TMP> -r`'ifdef(`EDNSBL_TO',`EDNSBL_TO',`5')
')
divert(-1)

View File

@ -945,7 +945,7 @@ sub mxredirect
return undef;
}
# follow mx records, return a hostname
# also follow temporary redirections comming from &domainify and
# also follow temporary redirections coming from &domainify and
# &mxlookup
sub mx
{

View File

@ -268,7 +268,7 @@ sed 's/^X//' << 'SHAR_EOF' > 'libs/date.pl' &&
;# Fixed a couple of problems with &ls as pointed out by
;# Thomas Richter (richter@ki1.chemie.fu-berlin.de), thanks Thomas!
;# Also added a couple of SunOS 4.1.1 strftime-ish formats, %i and %k
;# for space padded hours (` 1' to `12' and ` 0' to `23' respectivly),
;# for space padded hours (` 1' to `12' and ` 0' to `23' respectively),
;# and %C for locale long date/time format. Changed &ampmH to take a
;# pad char parameter to make to evaled code for %i and %k simpler.
;# Added %E for suffixed day-of-month (ie 1st, 3rd, 4th etc).
@ -398,7 +398,7 @@ X
X # watch out in 2070...
X $year += ($year < 70) ? 2000 : 1900;
X
X # now loop throught the supplied format looking for tags...
X # now loop through the supplied format looking for tags...
X while (($pos = index ($format, '%')) != -1) {
X
X # grab the format tag
@ -471,7 +471,7 @@ sub ls {
X return ((&gettime ($TZ, time))[5] == @_[0]) ? "%R" : " %Y";
}
X
# pad - pad $in with leading $pad until lenght $len
# pad - pad $in with leading $pad until length $len
sub pad {
X local ($in, $len, $pad) = @_;
X local ($out) = "$in";
@ -661,7 +661,7 @@ X
;# otherwise, $Status will be 0 and $Error_Msg will contain an error message.
;#
;# If $Use_Sendmail is 1 then sendmail is used to send the message. Normally
;# a mailer such as Mail is used. By specifiying this you can include
;# a mailer such as Mail is used. By specifying this you can include
;# headers in addition to text in either $Message or $Message_Is_File.
;# If either $Message or $Message_Is_File contain a Subject: header then
;# $Subject is ignored; otherwise, a Subject: header is automatically created.
@ -1026,15 +1026,15 @@ X
;#
;# Does not care about order of switches, options, and arguments like
;# getopts.pl. Thus all non-switches/options will be kept in ARGV even if they
;# are not at the end. If $Pass_Invalid is set all unkown options will be
;# are not at the end. If $Pass_Invalid is set all unknown options will be
;# passed back to the caller by keeping them in @ARGV. This is useful when
;# parsing a command line for your script while ignoring options that you
;# may pass to another script. If this is set New_Getopts tries to maintain
;# the switch clustering on the unkown switches.
;# the switch clustering on the unknown switches.
;#
;# Accepts the special argument -usage to print the Usage string. Also accepts
;# the special option -version which prints the contents of the string
;# $VERSION. $VERSION may or may not have an embeded \n in it. If -usage
;# $VERSION. $VERSION may or may not have an embedded \n in it. If -usage
;# or -version are specified a status of -1 is returned. Note that the usage
;# option is only accepted if the usage string is not null.
;#
@ -1048,8 +1048,8 @@ X
;# $Switch_To_Order {"v"} = 1;
;# $Switch_To_Order {"x"} = 2;
;#
;# Note that in the case of multiple occurances of an option $Switch_To_Order
;# will store each occurance of the argument via a string that emulates
;# Note that in the case of multiple occurrences of an option $Switch_To_Order
;# will store each occurrence of the argument via a string that emulates
;# an array. This is done by using join ($;, ...). You can retrieve the
;# array by using split (/$;/, ...).
;#
@ -1062,7 +1062,7 @@ X
;# Another exciting ;-) feature that newgetopts has. Along with creating the
;# normal $opt_ scalars for the last value of an argument the list @opt_ is
;# created. It is an array which contains all the values of arguments to the
;# basename of the variable. They are stored in the order which they occured
;# basename of the variable. They are stored in the order which they occurred
;# on the command line starting with $[. Note that blank arguments are stored
;# as "". Along with providing support for multiple options on the command
;# line this also provides a method of counting the number of times an option
@ -1293,8 +1293,8 @@ X
;# All other lines will be indented to match the amount of whitespace of
;# $Offset.
;#
;# + If $Bullet_Indent is $TRUE $Offset will only be applied to the begining
;# of lines as they occured in the original $String. Lines that are created
;# + If $Bullet_Indent is $TRUE $Offset will only be applied to the beginning
;# of lines as they occurred in the original $String. Lines that are created
;# by this routine will always be indented by blank spaces.
;#
;# + If $Columns is 0 no word-wrap is done. This might be useful to still
@ -1306,7 +1306,7 @@ X
;# + If $Offset_Blank is $TRUE then empty lines will have $Offset pre-pended
;# to them. Otherwise, they will still empty.
;#
;# This is a realy workhorse routine that I use in many places because of its
;# This is a really workhorse routine that I use in many places because of its
;# veratility.
;#
;# Arguments:
@ -1668,7 +1668,7 @@ sed 's/^X//' << 'SHAR_EOF' > 'man/postclip.1' &&
of the message. This keeps bounced mail private and helps to avoid disk space problems. \*(mp tries its best to keep as much of the header trail as possible.
Hopefully only the original body of the message will be filtered. Only messages
that have a subject that begins with 'Returned mail:' are filtered. This
ensures that other mail is not accidently mucked with. Finally, note that
ensures that other mail is not accidentally mucked with. Finally, note that
\fBsendmail\fR is used to deliver the message after it has been (possibly)
filtered. All of the original headers will remain intact.
.sp 1

View File

@ -90,10 +90,9 @@ Proofpoint, Inc.
.de Ve
Version \\$2
..
.Ve $Revision: 8.759 $
.rm Ve
.sp
For Sendmail Version 8.15
For Sendmail Version 8.16
.)l
.(f
Sendmail is a trademark of Proofpoint, Inc.
@ -149,8 +148,9 @@ RFC 2554 (SMTP Service Extension for Authentication),
RFC 2821 (Simple Mail Transfer Protocol),
RFC 2822 (Internet Message Format),
RFC 2852 (Deliver By SMTP Service Extension),
RFC 2920 (SMTP Service Extension for Command Pipelining),
and
RFC 2920 (SMTP Service Extension for Command Pipelining).
RFC 7505 (A "Null MX" No Service Resource Record for Domains That Accept No Mail).
However, since
.i sendmail
is designed to work in a wider world,
@ -309,9 +309,8 @@ program; for details see
.sh 3 "Creating a Site Configuration File"
.\"XXX
.pp
(This section is not yet complete.
For now, see the file devtools/README for details.)
See sendmail/README for various compilation flags that can be set.
See sendmail/README for various compilation flags that can be set,
and devtools/README for details how to set them.
.sh 3 "Tweaking the Makefile"
.pp
.\" .b "XXX This should all be in the Site Configuration File section."
@ -323,6 +322,8 @@ notably the
database.
At least one of these should be defined if at all possible.
.nr ii 1i
.ip CDB
Constant DataBase (tinycdb).
.ip NDBM
The ``new DBM'' format,
available on nearly all systems around today.
@ -1224,7 +1225,9 @@ A recipient address is mapped to a queue group as follows.
First, if there is a ruleset called ``queuegroup'',
and if this ruleset maps the address to a queue group name,
then that queue group is chosen.
That is, the argument for the ruleset is the recipient address
That is, the argument for the ruleset is
the recipient address
(i.e., the address part of the resolved triple)
and the result should be
.b $#
followed by the name of a queue group.
@ -1282,7 +1285,7 @@ In case one of the queue runners tries delivery to a slow recipient site
at the end of a queue run, the next queue run may be substantially delayed.
In general this should be smoothed out due to the distribution of
those slow jobs, however, for sites with small number of
queue entries this might introduce noticable delays.
queue entries this might introduce noticeable delays.
In general, persistent queue runners are only useful for
sites with big queues.
.sh 3 "Manual Intervention"
@ -2908,7 +2911,7 @@ Therefore it is necessary to run the client mail queue periodically.
.pp
.i Sendmail
has several parameters to control resource usage.
Besides those mentionted in the previous section, there are at least
Besides those mentioned in the previous section, there are at least
.b MaxDaemonChildren ,
.b ConnectionRateThrottle ,
.b MaxQueueChildren ,
@ -3038,8 +3041,9 @@ should not be used by the SMTP server.
.pp
The level of logging can be set for
.i sendmail .
The default using a standard configuration table is level 9.
The levels are as follows:
The default using a standard configuration is level 9.
The levels are approximately as follows
(some log types are using different level depending on various factors):
.nr ii 0.5i
.ip 0
Minimal logging.
@ -3078,7 +3082,7 @@ questionable situations.
.ip 14
Logs refused connections.
.ip 15
Log all incoming and outgoing SMTP commands.
Log all incoming SMTP commands.
.ip 20
Logs attempts to run locked queue files.
These are not errors,
@ -3280,7 +3284,7 @@ Accept group-writable
.i \&.forward
files as safe for program and file delivery.
.ip GroupWritableIncludeFile
Allow group wriable
Allow group writable
.i :include:
files.
.ip GroupWritableIncludeFileSafe
@ -3355,7 +3359,7 @@ Allow world writable
.i \&.forward
files.
.ip WorldWritableIncludefile
Allow world wriable
Allow world writable
.i :include:
files.
.ip WriteMapToHardLink
@ -3932,7 +3936,7 @@ The complete syntax for ruleset 0 is:
.)b
This specifies the
{mailer, host, user}
3-tuple necessary to direct the mailer.
3-tuple (triple) necessary to direct the mailer.
Note: the third element (
.i user
) is often also called
@ -3964,9 +3968,11 @@ If the
is the built-in IPC mailer,
the
.i host
may be a colon-separated list of hosts
that are searched in order for the first working address
(exactly like MX records).
may be a colon (or comma) separated list of hosts.
Each is separately MX expanded and the results are concatenated
to make (essentially) one long MX list.
Hosts separated by a comma have the same MX preference,
and for each colon separated host the MX preference is increased.
The
.i user
is later rewritten by the mailer-specific envelope rewriting set
@ -4148,7 +4154,7 @@ macro
for use in the argv expansion of the specified mailer.
Notice: since the envelope sender address will be used if
a delivery status notification must be send,
i.e., is may specify a recipient,
i.e., it may specify a recipient,
it is also run through ruleset zero.
If ruleset zero returns a temporary error
.b 4xy
@ -4515,7 +4521,7 @@ for details, as well as
and note this warning:
Options already set before are not cleared!
.ip CipherList
Specify cipher list for STARTTLS,
Specify cipher list for STARTTLS (does not apply to TLSv1.3),
see
.i ciphers (1)
for possible values.
@ -4526,6 +4532,28 @@ for the session.
File containing a certificate.
.ip KeyFile
File containing the private key for the certificate.
.ip Flags
Currently the only valid flags are
.br
.i R
to require a CRL for each encountered certificate during verification
(by default a missing CRL is ignored),
.br
.i c
and
.i C
which basically clears/sets the option
.i TLSFallbacktoClear
for just this session, respectively,
.br
.i d
to turn off DANE which is obviously only valid for
.i tls_clt_features
and requires DANE to be compiled in.
This might be needed in case of a misconfiguration,
e.g.,
specifying invalid TLSA RRs.
.br
.lp
.lp
Example:
@ -4550,9 +4578,6 @@ and
.i KeyFile
must be specified together;
specifying only one is an error.
.pp
These rulesets require the sendmail binary to be built with _FFR_TLS_SE_OPTS
enabled (see the "For Future Release" section).
.sh 4 "authinfo"
.pp
The
@ -4589,9 +4614,9 @@ is ignored (even if the ruleset does not return a ``useful'' result).
The
.i queuegroup
ruleset is used to map a recipient address to a queue group name.
The input for the ruleset is a recipient address as specified by the
.sm "SMTP RCPT"
command.
The input for the ruleset is
the recipient address
(i.e., the address part of the resolved triple)
The ruleset should return
.b $#
followed by the name of a queue group.
@ -4615,7 +4640,7 @@ pause.
If the return value starts with anything else or is not a number,
it is silently ignored.
Note: this ruleset is not invoked (and hence the feature is disabled)
when the smtps (SMTP over SSL) is used, i.e.,
when smtps (SMTP over SSL) is used, i.e.,
the
.i s
modifier is set for the daemon via
@ -4651,9 +4676,11 @@ to an IP host address.
.pp
The host name passed in after the
.q $@
may also be a colon-separated list of hosts.
may also be a colon or comma separated list of hosts.
Each is separately MX expanded and the results are concatenated
to make (essentially) one long MX list.
Hosts separated by a comma have the same MX preference,
and for each colon separated host the MX preference is increased.
The intent here is to create
.q fake
MX records that are not published in DNS
@ -5224,7 +5251,7 @@ The output of the
function, i.e., the number of seconds since 0 hours, 0 minutes,
0 seconds, January 1, 1970, Coordinated Universal Time (UTC).
.ip ${tls_version}
The TLS/SSL version used for the connection, e.g., TLSv1, SSLv3, SSLv2;
The TLS/SSL version used for the connection, e.g., TLSv1.2, TLSv1;
defined after STARTTLS has been used.
.ip ${total_rate}
The total number of incoming connections over the time interval specified
@ -5241,6 +5268,7 @@ NOT no cert requested.
FAIL cert presented but could not be verified,
e.g., the signing CA is missing.
NONE STARTTLS has not been performed.
CLEAR STARTTLS has been disabled internally for a clear text delivery attempt.
TEMP temporary error occurred.
PROTOCOL some protocol error occurred
at the ESMTP level (not TLS).
@ -5859,7 +5887,7 @@ Do User Database rewriting on recipients as well as senders.
Normally when
.i sendmail
connects to a host via SMTP,
it checks to make sure that this isn't accidently the same host name
it checks to make sure that this isn't accidentally the same host name
as might happen if
.i sendmail
is misconfigured or if a long-haul network interface is set in loopback mode.
@ -5893,7 +5921,7 @@ macro occurs in the
part of the mailer definition,
that field will be repeated as necessary
for all qualifying users.
Removing this flag can defeat duplicate supression on a remote site
Removing this flag can defeat duplicate suppression on a remote site
as each recipient is sent in a separate transaction.
.ip M\(dg
This mailer wants a
@ -6519,6 +6547,10 @@ is specified),
(if
.sm NDBM
is specified),
.q cdb
(if
.sm CDB
is specified),
.q stab
(internal symbol table \*- not normally used
unless you have no other database lookup),
@ -6647,7 +6679,7 @@ see section about STARTTLS for more information.
Specify the fingerprint algorithm (digest) to use for the presented cert.
If the option is not set,
md5 is used and the macro
.p ${cert_md5}
.b ${cert_md5}
contains the cert fingerprint.
If the option is explicitly set,
the specified algorithm (e.g., sha1) is used
@ -6655,7 +6687,7 @@ and the macro
.b ${cert_fp}
contains the cert fingerprint.
.ip CipherList
Specify cipher list for STARTTLS.
Specify cipher list for STARTTLS (does not apply to TLSv1.3).
See
.i ciphers (1)
for possible values.
@ -6756,7 +6788,7 @@ By default,
.i -SSL_OP_TLSEXT_PADDING
are used
(if those options are available).
Options can be cleared by preceeding them with a minus sign.
Options can be cleared by preceding them with a minus sign.
It is also possible to specify numerical values, e.g.,
.b -0x0010 .
.ip ColonOkInAddr
@ -6851,9 +6883,18 @@ Solaris and pre-4.4BSD kernel users should see the note in sendmail/README .
[no short name]
Name of file that contains certificate
revocation status, useful for X.509v3 authentication.
CRL checking requires at least OpenSSL version 0.9.7.
Note: if a CRLFile is specified but the file is unusable,
STARTTLS is disabled.
.ip CRLPath=\fIname\fP
[no short name]
Name of directory that contains hashes pointing to
certificate revocation status files.
Symbolic links can be generated with the following
two (Bourne) shell commands:
.(b
C=FileName_of_CRL
ln -s $C `openssl crl -noout -hash < $C`.r0
.)b
.ip DHParameters
This option applies to the server side only.
Possible values are:
@ -6948,7 +6989,7 @@ can be a sequence (without any delimiters)
of the following characters:
.(b
.ta 1i
a always require authentication
a always require AUTH
b bind to interface through which mail has been received
c perform hostname canonification (.cf)
f require fully qualified hostname (.cf)
@ -6961,7 +7002,7 @@ O optional; if opening the socket fails ignore it
S don't offer STARTTLS
.)b
That is, one way to specify a message submission agent (MSA) that
always requires authentication is:
always requires AUTH is:
.(b
O DaemonPortOptions=Name=MSA, Port=587, M=Ea
.)b
@ -7000,7 +7041,7 @@ This will also override possible settings via
Note,
.i sendmail
will listen on a new socket
for each occurence of the
for each occurrence of the
.b DaemonPortOptions
option in a configuration file.
The modifier ``O'' causes sendmail to ignore a socket
@ -7296,6 +7337,18 @@ are:
.\"8BITMIME\(->7BIT conversions are done.
In all cases properly declared 8BITMIME data will be converted to 7BIT
as needed.
.p
Note: if an automatic conversion is performed, a header with
the following format will be added:
.(b
X-MIME-Autoconverted: from OLD to NEW by $j id $i
.)b
where
.\" format?
OLD
and
NEW
describe the original format and the converted format, respectively.
.ip ErrorHeader=\fIfile-or-message\fP
[E]
Prepend error messages with the indicated message.
@ -7393,6 +7446,10 @@ and then in
.ip HeloName=\fIname\fP
[no short name]
Set the name to be used for HELO/EHLO (instead of $j).
.ip HelpFile=\fIfile\fP
[H]
Specify the help file for SMTP.
If no file name is specified, "helpfile" is used.
.ip HoldExpensive
[c]
If an outgoing mailer is marked as being expensive,
@ -7520,9 +7577,10 @@ If not set, there is no limit to the number of children --
that is, the system load average controls this.
.ip MaxHeadersLength=\fIN\fP
[no short name]
The maximum length of the sum of all headers.
If set to a value greater than zero it specifies
the maximum length of the sum of all headers.
This can be used to prevent a denial of service attack.
The default is no limit.
The default is 32K.
.ip MaxHopCount=\fIN\fP
[h]
The maximum hop count.
@ -7706,6 +7764,12 @@ Sets the list of characters that must be quoted if used in a full name
that is in the phrase part of a ``phrase <address>'' syntax.
The default is ``\'.''.
The characters ``@,;:\e()[]'' are always added to this list.
Note: To avoid potential breakage of
DKIM signatures it is useful to set
.(b
O MustQuoteChars=.
.)b
Moreover, relaxed header signing should be used for DKIM signatures.
.ip NiceQueueRun
[no short name]
The priority of queue runners (nice(3)).
@ -8189,7 +8253,7 @@ By default,
.i -SSL_OP_TLSEXT_PADDING
are used
(if those options are available).
Options can be cleared by preceeding them with a minus sign.
Options can be cleared by preceding them with a minus sign.
It is also possible to specify numerical values, e.g.,
.b -0x0010 .
.ip ServiceSwitchFile=\fIfilename\fP
@ -8301,6 +8365,31 @@ Defaults to
If set, issue temporary errors (4xy) instead of permanent errors (5xy).
This can be useful during testing of a new configuration to avoid
erroneous bouncing of mails.
.ip SSLEngine
Name of SSL engine to use.
The available values depend on the OpenSSL version against which
.i sendmail
is compiled,
see
.(b
openssl engine -v
.)b
for some information.
.ip SSLEnginePath
Path to dynamic library for SSL engine.
This option is only useful if
.i SSLEngine
is set.
If both are set, the engine will be loaded dynamically at runtime
using the concatenation of the path,
a slash "/",
the string "lib",
the value of
.i SSLEngine ,
and the string ".so".
If only
.i SSLEngine
is set then the static version of the engine is used.
.ip StatusFile=\fIfile\fP
[S]
Log summary statistics in the named
@ -8340,6 +8429,22 @@ PostMilter is useful only when
.i sendmail
is running as an SMTP server; in all other situations it
acts the same as True.
.ip TLSFallbacktoClear
[no short name]
If set,
.i sendmail
immediately tries an outbound connection again without STARTTLS
after a TLS handshake failure.
Note:
this applies to all connections even if TLS specific requirements are set
(see rulesets
.i tls_rcpt
and
.i tls_client
).
Hence such requirements will cause an error on a retry without STARTTLS.
Therefore they should only trigger a temporary failure so the connection
is later on tried again.
.ip TLSSrvOptions
[no short name]
List of options for SMTP STARTTLS for the server
@ -8824,6 +8929,12 @@ $[\fIhostname\fP$]
.)b
.pp
There are many defined classes.
.ip cdb
Database lookups using the cdb(3) library.
.i Sendmail
must be compiled with
.b CDB
defined.
.ip dbm
Database lookups using the ndbm(3) library.
.i Sendmail
@ -8885,7 +8996,7 @@ only the first value will be returned
unless the
.b \-z
(value separator)
map flag is set.
map option is set.
Also, the
.b \-1
map flag will treat a multiple value return
@ -8906,14 +9017,11 @@ The format of the text file is defined by the
and
.b \-z
(field delimiter)
flags.
options.
.ip ph
PH query map.
Contributed and supported by
Mark Roth, roth@uiuc.edu.
For more information,
consult the web site
.q http://www-dev.cites.uiuc.edu/sendmail/ .
.ip nsd
nsd map for IRIX 6.5 and later.
Contributed and supported by Bob Mende of SGI,
@ -8922,11 +9030,15 @@ mende@sgi.com.
Internal symbol table lookups.
Used internally for aliasing.
.ip implicit
Really should be called
.q alias
\(em this is used to get the default lookups
for alias files,
and is the default if no class is specified for alias files.
Sequentially try a list of available map types:
.i hash ,
.i dbm ,
and
.i cdb .
It is the default for alias files if no class is specified.
If is no matching map type is found,
the text version is used for the alias file,
but other maps fail to open.
.ip user
Looks up users using
.i getpwnam (3).
@ -8948,15 +9060,24 @@ This can be used to find out if this machine is the target for an MX record,
and mail can be accepted on that basis.
If the
.b \-z
flag is given, then all MX names are returned,
option is given, then all MX names are returned,
separated by the given delimiter.
Note: the return value is deterministic,
i.e., even if multiple MX records have the same preference,
they will be returned in the same order.
.ip dns
This map requires the option -R to specify the DNS resource record
type to lookup. The following types are supported:
type to lookup.
The following types are supported:
A, AAAA, AFSDB, CNAME, MX, NS, PTR, SRV, and TXT.
A map lookup will return only one record.
A map lookup will return only one record
unless the
.b \-z
(value separator)
option is set.
Hence for some types, e.g., MX records, the return value might be a random
element of the list due to randomizing in the DNS resolver.
element of the results due to randomizing in the DNS resolver,
if only one element is returned.
.ip arpa
Returns the ``reverse'' for the given IP (IPv4 or IPv6) address,
i.e., the string for the PTR lookup,
@ -9069,33 +9190,45 @@ if used, it is substituted by the substring matches, delimited by
.b $|
or the string specified with the the
.b \-d
flag. The flags available for the map are
option.
The options available for the map are
.(b
.ta 4n
-n not
-f case sensitive
-b basic regular expressions (default is extended)
-s substring match
-d set the delimiter used for -s
-d set the delimiter string used for -s
-a append string to key
-m match only, do not replace/discard value
-D perform no lookup in deferred delivery mode.
.)b
The
.b \-s
flag can include an optional parameter which can be used
to select the substrings in the result of the lookup. For example,
option can include an optional parameter which can be used
to select the substrings in the result of the lookup.
For example,
.(b
-s1,3,4
.)b
The delimiter string specified via the
.b \-d
option is the sequence of characters after
.b d
ending at the first space.
Hence it isn't possible to specify a space as delimiter,
so if the option is immediately followed by a space
the delimiter string is empty,
which means the substrings are joined.
Notes: to match a
.b $
in a string,
\\$$
must be used.
If the pattern contains spaces, they must be replaced
with the blank substitution character, unless it is
space itself.
If the pattern contains spaces,
they must be replaced with the blank substitution character,
unless it is space itself.
.ip program
The arguments on the
.b K
@ -9185,9 +9318,9 @@ and is one of the following upper case words:
.ta 9n
OK the key was found, result contains the looked up value
NOTFOUND the key was not found, the result is empty
TEMP a temporary failure occured
TIMEOUT a timeout occured on the server side
PERM a permanent failure occured
TEMP a temporary failure occurred
TIMEOUT a timeout occurred on the server side
PERM a permanent failure occurred
.)b
In case of errors (status TEMP, TIMEOUT or PERM) the result field may
@ -9331,7 +9464,7 @@ or
to indicate newline or tab respectively.
If omitted entirely,
the column separator is any sequence of white space.
For LDAP maps this is the separator character
For LDAP and some other maps this is the separator character
to combine multiple values
into a single return string.
If not set,
@ -9413,6 +9546,11 @@ timeout: specify the timeout (in seconds) for communication
with the socket map server.
.pp
The following additional flags are present in the ldap map only:
.ip "\-c\fItimeout\fP"
Set the LDAP network timeout.
sendmail must be compiled with
.b \-DLDAP_OPT_NETWORK_TIMEOUT
to use this flag.
.ip "\-R"
Do not auto chase referrals. sendmail must be compiled with
.b \-DLDAP_REFERRALS
@ -9480,6 +9618,9 @@ Should be one of
.b LDAP_AUTH_SIMPLE ,
or
.b LDAP_AUTH_KRBV4 .
The leading
.b LDAP_AUTH_
can be omitted and the value is case-insensitive.
.ip "\-P\fIpasswordfile\fP"
The file containing the secret key for the
.b LDAP_AUTH_SIMPLE
@ -9530,8 +9671,9 @@ and the data is located in
.pp
The program
.i makemap (8)
can be used to build any of the three database-oriented maps.
It takes the following flags:
can be used to build database-oriented maps.
It takes at least the following flags
(for a complete list see its man page):
.ip \-f
Do not fold upper to lower case in the map.
.ip \-N
@ -9980,8 +10122,10 @@ configuration file.
If set,
the new version of the DBM library
that allows multiple databases will be used.
If neither NDBM nor NEWDB are set,
If neither CDB, NDBM, nor NEWDB are set,
a much less efficient method of alias lookup is used.
.ip CWDB
If set, use the cdb (tinycdb) package.
.ip NEWDB
If set, use the new database package from Berkeley (from 4.4BSD).
This package is substantially faster than DBM or NDBM.
@ -10418,7 +10562,7 @@ Addresses in this header should receive error messages.
This header is a Content-Transfer-Encoding header.
.ip H_CTYPE
This header is a Content-Type header.
.ip H_STRIPVAL
.ip H_BCC
Strip the value from the header (for Bcc:).
.nr ii 5n
.lp
@ -10440,7 +10584,7 @@ struct hdrinfo HdrInfo[] =
"to", H_RCPT,
"resent-to", H_RCPT,
"cc", H_RCPT,
"bcc", H_RCPT\^|\^H_STRIPVAL,
"bcc", H_RCPT\^|\^H_BCC,
/* message identification and control */
"message", H_EOH,
"text", H_EOH,
@ -10864,7 +11008,7 @@ it is necessary to understand at least some basics about X.509 certificates
and public key cryptography.
This information can be found in books about SSL/TLS
or on WWW sites, e.g.,
.q http://www.OpenSSL.org/ .
.q https://www.OpenSSL.org/ .
.sh 3 "Certificates for STARTTLS"
.pp
When acting as a server,
@ -11003,6 +11147,43 @@ The macros which are subject to this encoding are
{cert_subject}, {cert_issuer}, {cn_subject}, {cn_issuer},
as well as
{auth_authen} and {auth_author}.
.sh 2 "DANE"
.pp
Initial support for DANE (see RFC 7672 et.al.)
is available if
.i sendmail
is compiled with the option
.b DANE .
Only TLSA RR 3-1-x (DANE-EE) is currently implemented.
The option
.(b
O DANE=true
.)b
enables this feature at run time
and it automatically adds
.b use_dnssec
and
.b use_edns0
to
.(b
O ResolverOptions
.)b
This requires a (preferrably local)
validating DNS resolver which supports those options.
If the client finds a usable TLSA RR and the check
succeeds the macro
.b ${verify}
is set to
.b TRUSTED .
All non-DNS maps are considered
.i secure
just like DNS lookups with DNSSEC.
Be aware that the implementation might not handle all
error conditions as required by the RFCs.
Moreover, TLSA RRs are not looked up for some features,
e.g.,
.i FallBackSmartHost .
.sh 1 "ACKNOWLEDGEMENTS"
.pp
I've worked on
@ -11243,7 +11424,6 @@ this is equivalent to using \-p.)
.ip \-q\fItime\fP
Try to process the queued up mail.
If the time is given,
a
.i sendmail
will start one or more processes to run through the queue(s) at the specified
time interval to deliver queued mail; otherwise, it only runs once.
@ -11307,7 +11487,7 @@ together, and items with different key letters
.q and'ed
together.
.ip "\-Q[reason]"
Quarantine a normal queue items with the given reason or
Quarantine normal queue items with the given reason or
unquarantine quarantined queue items if no reason is given.
This should only be used with some sort of item matching using
.b \-q[!]\fIXstring\fP
@ -11512,11 +11692,10 @@ but is actually realiased when the job is processed.
There will be one line for each recipient.
Version 1 qf files
also include a leading colon-terminated list of flags,
which can be
some of which are
`S' to return a message on successful final delivery,
`F' to return a message on failure,
`D' to return a message if the message is delayed,
`B' to indicate that the body should be returned,
`N' to suppress returning the body,
and
`P' to declare this as a ``primary'' (command line or SMTP-session) address.
@ -11727,7 +11906,6 @@ replace it with a blank sheet for double-sided output.
.\".sz 10
.\"Eric Allman
.\".sp
.\"Version $Revision: 8.759 $
.\".ce 0
.bp 3
.ce

View File

@ -8,6 +8,8 @@ all: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
clean: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
check: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
install: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@

View File

@ -23,19 +23,19 @@ SM_UNUSED(static char copyright[]) =
#ifndef lint
SM_UNUSED(static char id[]) = "@(#)$Id: editmap.c,v 1.26 2013-11-22 20:51:26 ca Exp $";
#endif /* ! lint */
#endif
#include <sys/types.h>
#ifndef ISC_UNIX
# include <sys/file.h>
#endif /* ! ISC_UNIX */
#endif
#include <ctype.h>
#include <stdlib.h>
#include <unistd.h>
#ifdef EX_OK
# undef EX_OK /* unistd.h may have another use for this */
#endif /* EX_OK */
#endif
#include <sysexits.h>
#include <assert.h>
#include <sendmail/sendmail.h>
@ -100,7 +100,7 @@ main(argc, argv)
#if HASFCHOWN
FILE *cfp;
char buf[MAXLINE];
#endif /* HASFCHOWN */
#endif
static char rnamebuf[MAXNAME]; /* holds RealUserName */
extern char *optarg;
extern int optind;

View File

@ -43,11 +43,11 @@
/* Only need to export C interface if used by C++ source code */
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
#endif
#ifndef _SOCK_ADDR
# define _SOCK_ADDR struct sockaddr
#endif /* ! _SOCK_ADDR */
#endif
/*
** libmilter functions return one of the following to indicate
@ -58,7 +58,7 @@ extern "C" {
#define MI_FAILURE (-1)
#if _FFR_WORKERS_POOL
# define MI_CONTINUE 1
#endif /* _FFR_WORKERS_POOL */
#endif
/* "forward" declarations */
typedef struct smfi_str SMFICTX;
@ -76,17 +76,17 @@ typedef int sfsistat;
#if defined(__linux__) && defined(__GNUC__) && defined(__cplusplus) && __GNUC_MINOR__ >= 8
# define SM__P(X) __PMT(X)
#else /* __linux__ && __GNUC__ && __cplusplus && _GNUC_MINOR__ >= 8 */
#else
# define SM__P(X) __P(X)
#endif /* __linux__ && __GNUC__ && __cplusplus && _GNUC_MINOR__ >= 8 */
#endif
/* Some platforms don't define __P -- do it for them here: */
#ifndef __P
# ifdef __STDC__
# define __P(X) X
# else /* __STDC__ */
# else
# define __P(X) ()
# endif /* __STDC__ */
# endif
#endif /* __P */
#if SM_CONF_STDBOOL_H
@ -464,7 +464,7 @@ LIBMILTER_API int smfi_chgheader __P((SMFICTX *, char *, int, char *));
**
** SMFICTX *ctx; Opaque context structure
** char *headerf; Header field name
** int index; The Nth occurence of header field name
** int index; The Nth occurrence of header field name
** char *headerv; New header field value (empty for delete header)
*/
@ -594,10 +594,10 @@ LIBMILTER_API int smfi_setsymlist __P((SMFICTX *, int, char *));
#if _FFR_THREAD_MONITOR
LIBMILTER_API int smfi_set_max_exec_time __P((unsigned int));
#endif /* _FFR_THREAD_MONITOR */
#endif
#ifdef __cplusplus
}
#endif /* __cplusplus */
#endif
#endif /* ! _LIBMILTER_MFAPI_H */

View File

@ -19,7 +19,7 @@
#ifndef SMFI_PROT_VERSION
# define SMFI_PROT_VERSION 6 /* MTA - libmilter protocol version */
#endif /* SMFI_PROT_VERSION */
#endif
/* Shared protocol constants */
#define MILTER_LEN_BYTES 4 /* length of 32 bit integer in bytes */
@ -121,6 +121,6 @@
#if _FFR_MILTER_CHECK
# define SMFIP_TEST 0x80000000L
#endif /* _FFR_MILTER_CHECK */
#endif
#endif /* !_LIBMILTER_MFDEF_H */

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999-2002 Proofpoint, Inc. and its suppliers.
* Copyright (c) 1999-2002, 2018 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
@ -18,13 +18,13 @@
# include <sm/gen.h>
# include <sm/errstring.h>
# ifdef NDBM
# if NDBM
# include <ndbm.h>
# endif /* NDBM */
# endif
# ifdef NEWDB
# if NEWDB
# include "sm/bdb.h"
# endif /* NEWDB */
# endif
/*
** Some size constants
@ -119,7 +119,6 @@ typedef int (*db_get_func) __P((SMDB_DATABASE *db,
** flags -- put options:
** SMDBF_NO_OVERWRITE - Return an error if key alread
** exists.
** SMDBF_ALLOW_DUP - Allow duplicates in btree maps.
**
** Returns:
** 0 - Success, otherwise errno.
@ -190,6 +189,7 @@ struct database_struct
db_lockfd_func smdb_lockfd;
void *smdb_impl;
};
/*
** DB_CURSOR_CLOSE -- Close a cursor
**
@ -244,10 +244,10 @@ typedef int (*db_cursor_get_func) __P((SMDB_CURSOR *cursor,
** Flags for DB_CURSOR_GET
*/
#define SMDB_CURSOR_GET_FIRST 0
#define SMDB_CURSOR_GET_LAST 1
#define SMDB_CURSOR_GET_FIRST 0 /* NOT USED by any application */
#define SMDB_CURSOR_GET_LAST 1 /* NOT USED by any application */
#define SMDB_CURSOR_GET_NEXT 2
#define SMDB_CURSOR_GET_RANGE 3
#define SMDB_CURSOR_GET_RANGE 3 /* NOT USED by any application */
/*
** DB_CURSOR_PUT -- Put the key/value at this cursor.
@ -313,12 +313,34 @@ typedef unsigned int SMDB_FLAG;
# define SMDB_TYPE_DEFAULT NULL
# define SMDB_TYPE_DEFAULT_LEN 0
# define SMDB_TYPE_IMPL "implicit"
# define SMDB_TYPE_IMPL_LEN 9
# define SMDB_TYPE_HASH "hash"
# define SMDB_TYPE_HASH_LEN 5
# define SMDB_TYPE_BTREE "btree"
# define SMDB_TYPE_BTREE_LEN 6
# define SMDB_TYPE_NDBM "dbm"
# define SMDB_TYPE_NDBM_LEN 4
# define SMDB_TYPE_CDB "cdb"
# define SMDB_TYPE_CDB_LEN 4
# define SMDB_IS_TYPE_HASH(type) (strncmp(type, SMDB_TYPE_HASH, SMDB_TYPE_HASH_LEN) == 0)
# define SMDB_IS_TYPE_BTREE(type) (strncmp(type, SMDB_TYPE_BTREE, SMDB_TYPE_BTREE_LEN) == 0)
# define SMDB_IS_TYPE_NDBM(type) (strncmp(type, SMDB_TYPE_NDBM, SMDB_TYPE_NDBM_LEN) == 0)
# define SMDB_IS_TYPE_CDB(type) (strncmp(type, SMDB_TYPE_CDB, SMDB_TYPE_CDB_LEN) == 0)
# define SMDB_IS_TYPE_DEFAULT(t) (((t) == SMDB_TYPE_DEFAULT) \
|| (strncmp(type, SMDB_TYPE_IMPL, SMDB_TYPE_IMPL_LEN) == 0) \
)
# if CDB >= 2
# define SMCDB_FILE_EXTENSION "db"
# else
# define SMCDB_FILE_EXTENSION "cdb"
# endif
# define SMDB1_FILE_EXTENSION "db"
# define SMDB2_FILE_EXTENSION "db"
# define SMNDB_DIR_FILE_EXTENSION "dir"
/*
** These are flags
@ -326,26 +348,22 @@ typedef unsigned int SMDB_FLAG;
/* Flags for put */
# define SMDBF_NO_OVERWRITE 0x00000001
# define SMDBF_ALLOW_DUP 0x00000002
typedef int (smdb_open_func) __P((SMDB_DATABASE **, char *, int, int, long, SMDB_DBTYPE, SMDB_USER_INFO *, SMDB_DBPARAMS *));
extern SMDB_DATABASE *smdb_malloc_database __P((void));
extern void smdb_free_database __P((SMDB_DATABASE *));
extern int smdb_open_database __P((SMDB_DATABASE **, char *, int,
int, long, SMDB_DBTYPE,
SMDB_USER_INFO *,
SMDB_DBPARAMS *));
# ifdef NEWDB
extern int smdb_db_open __P((SMDB_DATABASE **, char *, int, int,
long, SMDB_DBTYPE, SMDB_USER_INFO *,
SMDB_DBPARAMS *));
# endif /* NEWDB */
# ifdef NDBM
extern int smdb_ndbm_open __P((SMDB_DATABASE **, char *, int, int,
long, SMDB_DBTYPE,
SMDB_USER_INFO *,
SMDB_DBPARAMS *));
# endif /* NDBM */
extern smdb_open_func smdb_open_database;
# if NEWDB
extern smdb_open_func smdb_db_open;
# else
# define smdb_db_open NULL
# endif
# if NDBM
extern smdb_open_func smdb_ndbm_open;
# else
# define smdb_ndbm_open NULL
# endif
extern int smdb_add_extension __P((char *, int, char *, char *));
extern int smdb_setup_file __P((char *, char *, int, long,
SMDB_USER_INFO *, struct stat *));
@ -353,8 +371,15 @@ extern int smdb_lock_file __P((int *, char *, int, long, char *));
extern int smdb_unlock_file __P((int));
extern int smdb_filechanged __P((char *, char *, int,
struct stat *));
extern void smdb_print_available_types __P((void));
extern void smdb_print_available_types __P((bool));
extern bool smdb_is_db_type __P((const char *));
extern char *smdb_db_definition __P((SMDB_DBTYPE));
extern int smdb_lock_map __P((SMDB_DATABASE *, int));
extern int smdb_unlock_map __P((SMDB_DATABASE *));
# if CDB
extern smdb_open_func smdb_cdb_open;
# else
# define smdb_cdb_open NULL
# endif
#endif /* ! _SMDB_H_ */

View File

@ -19,34 +19,34 @@
# ifndef _PATH_SENDMAILCF
# if defined(USE_VENDOR_CF_PATH) && defined(_PATH_VENDOR_CF)
# define _PATH_SENDMAILCF _PATH_VENDOR_CF
# else /* defined(USE_VENDOR_CF_PATH) && defined(_PATH_VENDOR_CF) */
# else
# define _PATH_SENDMAILCF "/etc/mail/sendmail.cf"
# endif /* defined(USE_VENDOR_CF_PATH) && defined(_PATH_VENDOR_CF) */
# endif
# endif /* ! _PATH_SENDMAILCF */
# ifndef _PATH_SENDMAILPID
# ifdef BSD4_4
# define _PATH_SENDMAILPID "/var/run/sendmail.pid"
# else /* BSD4_4 */
# else
# define _PATH_SENDMAILPID "/etc/mail/sendmail.pid"
# endif /* BSD4_4 */
# endif
# endif /* ! _PATH_SENDMAILPID */
# ifndef _PATH_SENDMAIL
# define _PATH_SENDMAIL "/usr/lib/sendmail"
# endif /* ! _PATH_SENDMAIL */
# endif
# ifndef _PATH_MAILDIR
# define _PATH_MAILDIR "/var/spool/mail"
# endif /* ! _PATH_MAILDIR */
# endif
# ifndef _PATH_LOCTMP
# define _PATH_LOCTMP "/tmp/local.XXXXXX"
# endif /* ! _PATH_LOCTMP */
# endif
# ifndef _PATH_HOSTS
# define _PATH_HOSTS "/etc/hosts"
# endif /* ! _PATH_HOSTS */
# endif

View File

@ -29,7 +29,7 @@
**********************************************************************/
#ifndef MAXMAILERS
# define MAXMAILERS 25 /* maximum mailers known to system */
#endif /* ! MAXMAILERS */
#endif
/*
** Flags passed to safefile/safedirpath.

View File

@ -47,19 +47,19 @@ sm_abort __P((
# ifndef SM_CHECK_ALL
# define SM_CHECK_ALL 1
# endif /* ! SM_CHECK_ALL */
# endif
# ifndef SM_CHECK_REQUIRE
# define SM_CHECK_REQUIRE SM_CHECK_ALL
# endif /* ! SM_CHECK_REQUIRE */
# endif
# ifndef SM_CHECK_ENSURE
# define SM_CHECK_ENSURE SM_CHECK_ALL
# endif /* ! SM_CHECK_ENSURE */
# endif
# ifndef SM_CHECK_ASSERT
# define SM_CHECK_ASSERT SM_CHECK_ALL
# endif /* ! SM_CHECK_ASSERT */
# endif
# if SM_CHECK_REQUIRE
# if defined(__STDC__) || defined(__cplusplus)

View File

@ -17,7 +17,7 @@
# include <db.h>
# ifndef DB_VERSION_MAJOR
# define DB_VERSION_MAJOR 1
# endif /* ! DB_VERSION_MAJOR */
# endif
# if (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1) || DB_VERSION_MAJOR >= 5

View File

@ -6,7 +6,7 @@
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* $Id: cdefs.h,v 1.17 2013-11-22 20:51:31 ca Exp $
* $Id: cdefs.h,v 1.17 2013/11/22 20:51:31 ca Exp $
*/
/*
@ -27,7 +27,7 @@
# if SM_CONF_SYS_CDEFS_H
# include <sys/cdefs.h>
# endif /* SM_CONF_SYS_CDEFS_H */
# endif
/*
** Define the standard C language portability macros
@ -86,9 +86,9 @@
# if __GNUC__ >= 2
# if __GNUC__ == 2 && __GNUC_MINOR__ < 7
# define SM_UNUSED(decl) decl
# else /* __GNUC__ == 2 && __GNUC_MINOR__ < 7 */
# else
# define SM_UNUSED(decl) decl __attribute__((__unused__))
# endif /* __GNUC__ == 2 && __GNUC_MINOR__ < 7 */
# endif
# else /* __GNUC__ >= 2 */
# define SM_UNUSED(decl) decl
# endif /* __GNUC__ >= 2 */
@ -112,9 +112,9 @@
# ifdef SM_OMIT_BOGUS_WARNINGS
# define SM_NONVOLATILE volatile
# else /* SM_OMIT_BOGUS_WARNINGS */
# else
# define SM_NONVOLATILE
# endif /* SM_OMIT_BOGUS_WARNINGS */
# endif
/*
** Turn on format string argument checking.
@ -131,17 +131,17 @@
# ifndef PRINTFLIKE
# if SM_CONF_FORMAT_TEST
# define PRINTFLIKE(x,y) __attribute__ ((__format__ (__printf__, x, y)))
# else /* SM_CONF_FORMAT_TEST */
# else
# define PRINTFLIKE(x,y)
# endif /* SM_CONF_FORMAT_TEST */
# endif
# endif /* ! PRINTFLIKE */
# ifndef SCANFLIKE
# if SM_CONF_FORMAT_TEST
# define SCANFLIKE(x,y) __attribute__ ((__format__ (__scanf__, x, y)))
# else /* SM_CONF_FORMAT_TEST */
# else
# define SCANFLIKE(x,y)
# endif /* SM_CONF_FORMAT_TEST */
# endif
# endif /* ! SCANFLIKE */
#endif /* ! SM_CDEFS_H */

View File

@ -22,7 +22,7 @@
# include <sm/signal.h>
# if SM_CONF_SETITIMER
# include <sys/time.h>
# endif /* SM_CONF_SETITIMER */
# endif
/*
** STRUCT SM_EVENT -- event queue.
@ -37,9 +37,9 @@ struct sm_event
{
# if SM_CONF_SETITIMER
struct timeval ev_time; /* time of the call (microseconds) */
# else /* SM_CONF_SETITIMER */
# else
time_t ev_time; /* time of the call (seconds) */
# endif /* SM_CONF_SETITIMER */
# endif
void (*ev_func)__P((int));
/* function to call */
int ev_arg; /* argument to ev_func */

File diff suppressed because it is too large Load Diff

View File

@ -31,9 +31,9 @@
# ifndef SM_CONF_STDBOOL_H
# if !defined(__clang__) && defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L
# define SM_CONF_STDBOOL_H 1
# else /* !defined(__clang__) && defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L */
# else
# define SM_CONF_STDBOOL_H 0
# endif /* !defined(__clang__) && defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L */
# endif
# endif /* ! SM_CONF_STDBOOL_H */
/*
@ -42,7 +42,7 @@
# ifndef SM_CONF_SYS_CDEFS_H
# define SM_CONF_SYS_CDEFS_H 0
# endif /* ! SM_CONF_SYS_CDEFS_H */
# endif
/*
** SM_CONF_STDDEF_H is 1 if <stddef.h> exists
@ -50,7 +50,7 @@
# ifndef SM_CONF_STDDEF_H
# define SM_CONF_STDDEF_H 1
# endif /* ! SM_CONF_STDDEF_H */
# endif
/*
** Configuration macro that specifies whether strlcpy/strlcat are available.
@ -60,7 +60,7 @@
# ifndef SM_CONF_STRL
# define SM_CONF_STRL 0
# endif /* ! SM_CONF_STRL */
# endif
/*
** Configuration macro indicating that setitimer is available
@ -68,7 +68,7 @@
# ifndef SM_CONF_SETITIMER
# define SM_CONF_SETITIMER 1
# endif /* ! SM_CONF_SETITIMER */
# endif
/*
** Does <sys/types.h> define uid_t and gid_t?
@ -76,14 +76,14 @@
# ifndef SM_CONF_UID_GID
# define SM_CONF_UID_GID 1
# endif /* ! SM_CONF_UID_GID */
# endif
/*
** Does <sys/types.h> define ssize_t?
*/
# ifndef SM_CONF_SSIZE_T
# define SM_CONF_SSIZE_T 1
# endif /* ! SM_CONF_SSIZE_T */
# endif
/*
** Does the C compiler support long long?
@ -95,9 +95,9 @@
# else /* defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L */
# if defined(__GNUC__)
# define SM_CONF_LONGLONG 1
# else /* defined(__GNUC__) */
# else
# define SM_CONF_LONGLONG 0
# endif /* defined(__GNUC__) */
# endif
# endif /* defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L */
# endif /* ! SM_CONF_LONGLONG */
@ -108,7 +108,7 @@
# ifndef SM_CONF_QUAD_T
# define SM_CONF_QUAD_T 0
# endif /* ! SM_CONF_QUAD_T */
# endif
/*
** Configuration macro indicating that shared memory is available
@ -116,7 +116,7 @@
# ifndef SM_CONF_SHM
# define SM_CONF_SHM 0
# endif /* ! SM_CONF_SHM */
# endif
/*
** Does <setjmp.h> define sigsetjmp?
@ -124,7 +124,7 @@
# ifndef SM_CONF_SIGSETJMP
# define SM_CONF_SIGSETJMP 1
# endif /* ! SM_CONF_SIGSETJMP */
# endif
/*
** Does <sysexits.h> exist, and define the EX_* macros with values
@ -133,17 +133,17 @@
# ifndef SM_CONF_SYSEXITS_H
# define SM_CONF_SYSEXITS_H 0
# endif /* ! SM_CONF_SYSEXITS_H */
# endif
/* has memchr() prototype? (if not: needs memory.h) */
# ifndef SM_CONF_MEMCHR
# define SM_CONF_MEMCHR 1
# endif /* ! SM_CONF_MEMCHR */
# endif
/* try LLONG tests in libsm/t-types.c? */
# ifndef SM_CONF_TEST_LLONG
# define SM_CONF_TEST_LLONG 1
# endif /* !SM_CONF_TEST_LLONG */
# endif
/* LDAP Checks */
# if LDAPMAP
@ -161,9 +161,9 @@
# if USING_NETSCAPE_LDAP || LDAP_API_VERSION >= 2004
# define SM_CONF_LDAP_MEMFREE 1
# else /* USING_NETSCAPE_LDAP || LDAP_API_VERSION >= 2004 */
# else
# define SM_CONF_LDAP_MEMFREE 0
# endif /* USING_NETSCAPE_LDAP || LDAP_API_VERSION >= 2004 */
# endif
# endif /* ! SM_CONF_LDAP_MEMFREE */
/* Does the LDAP library have ldap_initialize()? */
@ -177,13 +177,13 @@
/* OpenLDAP does it with LDAP_OPT_URI */
# ifdef LDAP_OPT_URI
# define SM_CONF_LDAP_INITIALIZE 1
# endif /* LDAP_OPT_URI */
# endif
# endif /* !SM_CONF_LDAP_INITIALIZE */
# endif /* LDAPMAP */
/* don't use strcpy() */
# ifndef DO_NOT_USE_STRCPY
# define DO_NOT_USE_STRCPY 1
# endif /* ! DO_NOT_USE_STRCPY */
# endif
#endif /* ! SM_CONFIG_H */

View File

@ -94,7 +94,7 @@ struct sm_debug
# ifndef SM_DEBUG_CHECK
# define SM_DEBUG_CHECK 1
# endif /* ! SM_DEBUG_CHECK */
# endif
# if SM_DEBUG_CHECK
/*

View File

@ -18,12 +18,12 @@
#if defined(__QNX__)
# define E_PSEUDOBASE 512
#endif /* defined(__QNX__) */
#endif
#include <errno.h>
#if NEEDINTERRNO
extern int errno;
#endif /* NEEDINTERRNO */
#endif
/*
** These are used in a few cases where we need some special
@ -33,7 +33,7 @@ extern int errno;
#ifndef E_PSEUDOBASE
# define E_PSEUDOBASE 256
#endif /* ! E_PSEUDOBASE */
#endif
#define E_SM_OPENTIMEOUT (E_PSEUDOBASE + 0) /* Timeout on file open */
#define E_SM_NOSLINK (E_PSEUDOBASE + 1) /* Symbolic links not allowed */
@ -88,7 +88,6 @@ extern int errno;
#define SMDBE_OLD_VERSION (E_SMDBBASE + 23)
#define SMDBE_VERSION_MISMATCH (E_SMDBBASE + 24)
extern const char *sm_errstring __P((int _errno));
extern const char *sm_errstring __P((int _errnum));
#endif /* SM_ERRSTRING_H */

View File

@ -43,7 +43,7 @@
# else /* SM_CONF_STDDEF_H */
# ifndef NULL
# define NULL 0
# endif /* ! NULL */
# endif
# define offsetof(type, member) ((size_t)(&((type *)0)->member))
# endif /* SM_CONF_STDDEF_H */

View File

@ -25,7 +25,7 @@
/* change default to 0 for production? */
# ifndef SM_HEAP_CHECK
# define SM_HEAP_CHECK 1
# endif /* ! SM_HEAP_CHECK */
# endif
# if SM_HEAP_CHECK
# define sm_malloc_x(sz) sm_malloc_tagged_x(sz, __FILE__, __LINE__, SmHeapGroup)

View File

@ -53,7 +53,7 @@
#define SM_IO_WHAT_MODE 1
#define SM_IO_WHAT_VECTORS 2
#define SM_IO_WHAT_FD 3
#define SM_IO_WHAT_TYPE 4
/* was WHAT_TYPE 4 unused */
#define SM_IO_WHAT_ISTYPE 5
#define SM_IO_IS_READABLE 6
#define SM_IO_WHAT_TIMEOUT 7
@ -342,7 +342,7 @@ __END_DECLS
__BEGIN_DECLS
int sm_rget __P((SM_FILE_T *, int));
int sm_vfscanf __P((SM_FILE_T *, int SM_NONVOLATILE, const char *,
va_list SM_NONVOLATILE));
va_list));
int sm_wbuf __P((SM_FILE_T *, int, int));
__END_DECLS
@ -383,7 +383,7 @@ __END_DECLS
# ifndef _POSIX_SOURCE
# define sm_io_getc(fp, t) sm_getc(fp, t)
# define sm_io_putc(fp, t, x) sm_putc(fp, t, x)
# endif /* _POSIX_SOURCE */
# endif
#endif /* lint */
#endif /* SM_IO_H */

View File

@ -22,13 +22,13 @@
# ifndef LDAPMAP_MAX_ATTR
# define LDAPMAP_MAX_ATTR 64
# endif /* ! LDAPMAP_MAX_ATTR */
# endif
# ifndef LDAPMAP_MAX_FILTER
# define LDAPMAP_MAX_FILTER 1024
# endif /* ! LDAPMAP_MAX_FILTER */
# endif
# ifndef LDAPMAP_MAX_PASSWD
# define LDAPMAP_MAX_PASSWD 256
# endif /* ! LDAPMAP_MAX_PASSWD */
# endif
# if LDAPMAP
@ -91,9 +91,12 @@ struct sm_ldap_struct
/* ldapmap_lookup options */
char ldap_attrsep;
# if _FFR_LDAP_NETWORK_TIMEOUT
# if LDAP_NETWORK_TIMEOUT
int ldap_networktmo;
# endif /* _FFR_LDAP_NETWORK_TIMEOUT */
# endif
# if _FFR_SM_LDAP_DBG
int ldap_debug;
# endif
/* Linked list of maps sharing the same LDAP binding */
void *ldap_next;
@ -135,7 +138,7 @@ extern void sm_ldap_close __P((SM_LDAP_STRUCT *));
/* Portability defines */
# if !SM_CONF_LDAP_MEMFREE
# define ldap_memfree(x) ((void) 0)
# endif /* !SM_CONF_LDAP_MEMFREE */
# endif
# endif /* LDAPMAP */
#endif /* ! SM_LDAP_H */

View File

@ -31,13 +31,13 @@
# ifndef LLONG_MIN
# define LLONG_MIN ((LONGLONG_T)(~(ULLONG_MAX >> 1)))
# endif /* ! LLONG_MIN */
# endif
# ifndef LLONG_MAX
# define LLONG_MAX ((LONGLONG_T)(ULLONG_MAX >> 1))
# endif /* ! LLONG_MAX */
# endif
# ifndef ULLONG_MAX
# define ULLONG_MAX ((ULONGLONG_T)(-1))
# endif /* ! ULLONG_MAX */
# endif
/*
** PATH_MAX is defined by the POSIX standard. All modern systems
@ -47,9 +47,9 @@
# ifndef PATH_MAX
# ifdef MAXPATHLEN
# define PATH_MAX MAXPATHLEN
# else /* MAXPATHLEN */
# else
# define PATH_MAX 2048
# endif /* MAXPATHLEN */
# endif
# endif /* ! PATH_MAX */
#endif /* ! SM_LIMITS_H */

View File

@ -0,0 +1,19 @@
/*
* Copyright (c) 2016 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#ifndef SM_NOTIFY_H
#define SM_NOTIFY_H
int sm_notify_init __P((int));
int sm_notify_start __P((bool, int));
int sm_notify_stop __P((bool, int));
int sm_notify_rcv __P((char *, size_t, int));
int sm_notify_snd __P((char *, size_t));
#endif /* ! SM_MSG_H */

View File

@ -1,12 +1,10 @@
/*
* Copyright (c) 2000-2001 Proofpoint, Inc. and its suppliers.
* Copyright (c) 2000-2001, 2018 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
* $Id: sm_os_freebsd.h,v 1.12 2013-11-22 20:51:34 ca Exp $
*/
/*
@ -32,10 +30,14 @@
#ifndef SM_CONF_SHM
# define SM_CONF_SHM 1
#endif /* SM_CONF_SHM */
#endif
#ifndef SM_CONF_SEM
# define SM_CONF_SEM 2
#endif /* SM_CONF_SEM */
# if __FreeBSD__ > 11
# define SM_CONF_SEM 2 /* union semun is now longer available by default */
# else
# define SM_CONF_SEM 1
# endif
#endif
#ifndef SM_CONF_MSG
# define SM_CONF_MSG 1
#endif /* SM_CONF_MSG */
#endif

View File

@ -123,7 +123,7 @@ typedef struct
#if _FFR_PERF_RPOOL
int sm_nbigblocks;
int sm_npools;
#endif /* _FFR_PERF_RPOOL */
#endif
} SM_RPOOL_T;
@ -167,10 +167,10 @@ sm_rpool_malloc __P((
#if DO_NOT_USE_STRCPY
extern char *sm_rpool_strdup_x __P((SM_RPOOL_T *rpool, const char *s));
#else /* DO_NOT_USE_STRCPY */
#else
# define sm_rpool_strdup_x(rpool, str) \
strcpy(sm_rpool_malloc_x(rpool, strlen(str) + 1), str)
#endif /* DO_NOT_USE_STRCPY */
#endif
extern SM_RPOOL_ATTACH_T
sm_rpool_attach_x __P((

View File

@ -35,10 +35,10 @@ union semun
# ifndef SEM_A
# define SEM_A 0200
# endif /* SEM_A */
# endif
# ifndef SEM_R
# define SEM_R 0400
# endif /* SEM_R */
# endif
# define SM_NSEM 1

View File

@ -34,10 +34,10 @@ extern int sm_shmsetowner __P((int, uid_t, gid_t, mode_t));
/* for those braindead systems... (e.g., SunOS 4) */
# ifndef SHM_R
# define SHM_R 0400
# endif /* SHM_R */
# endif
# ifndef SHM_W
# define SHM_W 0200
# endif /* SHM_W */
# endif
# endif /* SM_CONF_SHM */
#endif /* ! SM_SHM_H */

View File

@ -30,7 +30,7 @@ extern bool
sm_match __P((const char *_str, const char *_pattern));
extern char *
sm_strdup __P((char *));
sm_strdup __P((const char *));
extern char *
sm_strndup_x __P((const char *_str, size_t _len));
@ -87,7 +87,7 @@ sm_strlcpyn __P((char *,
# if !HASSTRERROR
extern char *
strerror __P((int _errno));
# endif /* !HASSTRERROR */
# endif
extern int
sm_strrevcmp __P((const char *, const char *));
@ -109,5 +109,7 @@ sm_strtoull __P((const char *, char**, int));
extern void
stripquotes __P((char *));
extern void
unfoldstripquotes __P((char *));
#endif /* SM_STRING_H */

View File

@ -20,9 +20,9 @@
# if defined(__STDC__) || defined(__cplusplus)
# define SM_TEST(cond) sm_test(cond, #cond, __FILE__, __LINE__)
# else /* defined(__STDC__) || defined(__cplusplus) */
# else
# define SM_TEST(cond) sm_test(cond, "cond", __FILE__, __LINE__)
# endif /* defined(__STDC__) || defined(__cplusplus) */
# endif
extern int SmTestIndex;
extern int SmTestNumErrors;

View File

@ -38,11 +38,11 @@
# if !SM_CONF_UID_GID
# define uid_t int
# define gid_t int
# endif /* !SM_CONF_UID_GID */
# endif
# if !SM_CONF_SSIZE_T
# define ssize_t int
# endif /* !SM_CONF_SSIZE_T */
# endif
/*
** Define LONGLONG_T and ULONGLONG_T, which are portable locutions

View File

@ -32,6 +32,11 @@
# define SM_VA_COPY(dst, src) __va_copy((dst), (src))
# else
# define SM_VA_COPY(dst, src) memcpy(&(dst), &(src), sizeof((dst)))
# define SM_VA_END_COPY(ap) do { } while (0)
# endif
# ifndef SM_VA_END_COPY
# define SM_VA_END_COPY(ap) va_end(ap)
# endif
/*

View File

@ -25,9 +25,9 @@ extern SM_DEBUG_T SmXtrapReport;
# if SM_DEBUG_CHECK
# define sm_xtrap_check() (++SmXtrapCount == sm_debug_level(&SmXtrapDebug))
# else /* SM_DEBUG_CHECK */
# else
# define sm_xtrap_check() (0)
# endif /* SM_DEBUG_CHECK */
# endif
# define sm_xtrap_raise_x(exc) \
if (sm_xtrap_check()) \

View File

@ -6,10 +6,10 @@ OPTIONS= $(CONFIG) $(FLAGS)
all: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
check: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
clean: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
check: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@
install: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@

View File

@ -207,28 +207,19 @@ libmilter requires pthread support in the operating system. Moreover, it
requires that the library functions it uses are thread safe; which is true
for the operating systems libmilter has been developed and tested on. On
some operating systems this requires special compile time options (e.g.,
not just -pthread). libmilter is currently known to work on (modulo problems
in the pthread support of some specific versions):
FreeBSD 3.x, 4.x
SunOS 5.x (x >= 5)
AIX 4.3.x
HP UX 11.x
Linux (recent versions/distributions)
libmilter is currently not supported on:
not just -pthread).
So far, libmilter is not supported on:
IRIX 6.x
Ultrix
Feedback about problems (and possible fixes) is welcome.
+--------------------------+
| SOURCE FOR SAMPLE FILTER |
+--------------------------+
Note that the filter example.c may not be thread safe on some operating
systems. You should check your system man pages for the functions used
below to verify the functions are thread safe.
$Revision: 8.42 $, Last updated $Date: 2006-06-29 17:10:16 $
to verify they are thread safe.

View File

@ -139,9 +139,9 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name)
}
#if _FFR_ADD_NULL
buf = malloc(expl + 1);
#else /* _FFR_ADD_NULL */
#else
buf = malloc(expl);
#endif /* _FFR_ADD_NULL */
#endif
if (buf == NULL)
{
*cmd = SMFIC_MALLOC;
@ -194,7 +194,7 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name)
#if _FFR_ADD_NULL
/* makes life simpler for common string routines */
buf[expl] = '\0';
#endif /* _FFR_ADD_NULL */
#endif
return buf;
}
i += len;

View File

@ -26,8 +26,9 @@ Each function will return either MI_SUCCESS or MI_FAILURE to
indicate the status of the operation.
<P>
None of these functions communicate with the MTA. All alter the
library's state, some of which is communicated to the MTA inside
None of these functions communicate with the MTA.
All alter the library's state, some of which
is communicated to the MTA inside
<A HREF="smfi_main.html">smfi_main</A>.
<P>
@ -80,26 +81,31 @@ The following functions change a message's contents and attributes.
<EM>They may only be called in <A HREF="xxfi_eom.html">xxfi_eom</A></EM>.
All of these functions may invoke additional communication with the MTA.
They will return either MI_SUCCESS or MI_FAILURE to indicate the status of
the operation. Message data (senders, recipients, headers, body chunks)
the operation.
Message data (senders, recipients, headers, body chunks)
passed to these functions via parameters is copied and does not need to be
preserved (i.e., allocated memory can be freed).
<P>
A filter must have set the appropriate flag (listed below) in the
description passed to <A HREF="smfi_register.html">smfi_register</A>
to call any message modification function. Failure to do so will
cause the MTA to treat a call to the function as a failure of the
filter, terminating its connection.
A filter which might call a message modification function
must set the appropriate flag
(<A HREF="#SMFIF">listed below</A>),
either
in the description passed to <A HREF="smfi_register.html">smfi_register</A>
or via <A HREF="xxfi_negotiate.html">xxfi_negotiate</A>.
Failure to do so will cause the MTA to treat a call to the function
as a failure of the filter, terminating its connection.
<P>
Note that the status returned indicates only whether or not the
filter's message was successfully sent to the MTA, not whether or not
the MTA performed the requested operation. For example,
the MTA performed the requested operation.
For example,
<A HREF="smfi_addheader.html">smfi_addheader</A>, when called with an
illegal header name, will return MI_SUCCESS even though the MTA may
later refuse to add the illegal header.
<P>
<TABLE BORDER="1" CELLSPACING=0 CELLPADDING=2><TR BGCOLOR="#dddddd"><TH>Function</TH><TH>Description</TH><TH>SMFIF_* flag</TR>
<TABLE BORDER="1" CELLSPACING=0 CELLPADDING=2><TR BGCOLOR="#dddddd"><TH>Function</TH><TH>Description</TH><TH><A NAME="SMFIF">SMFIF_* flag</A></TH></TR>
<TR><TD><A HREF="smfi_addheader.html">smfi_addheader</A></TD><TD>Add a header to
the message.</TD><TD>SMFIF_ADDHDRS</TD></TR>
@ -180,27 +186,30 @@ which are registered via <A HREF="smfi_register.html">smfi_register</A>:
<TR><TD><A HREF="xxfi_close.html">xxfi_close</A></TD><TD>connection cleanup</TD></TR>
<TR><TD><A HREF="xxfi_negotiate.html">xxfi_negotiate</A></TD><TD>option negotiattion</TD></TR>
<TR><TD><A HREF="xxfi_negotiate.html">xxfi_negotiate</A></TD><TD>option negotiation</TD></TR>
</TABLE>
<P>
The above callbacks should all return one of the following return values,
having the indicated meanings. Any return other than one of the below
values constitutes an error, and will cause sendmail to terminate its
connection to the offending filter.
having the indicated meanings.
Any return other than one of the below values constitutes an error,
and will cause sendmail to terminate its connection to the offending filter.
<P><A NAME="conn-spec">Milter</A> distinguishes between recipient-,
message-, and connection-oriented routines. Recipient-oriented
callbacks may affect the processing of a single message recipient;
message-oriented callbacks, a single message; connection-oriented
callbacks, an entire connection (during which multiple messages may be
delivered to multiple sets of recipients).
message-, and connection-oriented routines.
Recipient-oriented callbacks may affect the processing
of a single message recipient;
message-oriented callbacks, a single message;
connection-oriented callbacks, an entire connection
(during which multiple messages may be delivered
to multiple sets of recipients).
<A HREF="xxfi_envrcpt.html">xxfi_envrcpt</A> is recipient-oriented.
<A HREF="xxfi_negotiate.html">xxfi_negotiate</A>,
<A HREF="xxfi_connect.html">xxfi_connect</A>,
<A HREF="xxfi_helo.html">xxfi_helo</A> and
<A HREF="xxfi_close.html">xxfi_close</A> are connection-oriented. All
other callbacks are message-oriented.
<A HREF="xxfi_close.html">xxfi_close</A> are connection-oriented.
All other callbacks are message-oriented.
<P>
<TABLE BORDER="1" CELLSPACING=0 CELLPADDING=2>
@ -233,8 +242,8 @@ other callbacks are message-oriented.
<TR valign="top">
<TD>SMFIS_TEMPFAIL</TD>
<TD>Return a temporary failure, i.e., the corresponding SMTP command will return an appropriate 4xx status code.
For a message-oriented routine (except <A HREF="xxfi_envfrom.html">xxfi_envfrom</A>), fail for this message. <BR>
For a connection-oriented routine, fail for this connection; call <A HREF="xxfi_close.html">xxfi_close</A>. <BR>
For a message-oriented routine (except <A HREF="xxfi_envfrom.html">xxfi_envfrom</A>), fail for this message.<BR>
For a connection-oriented routine, fail for this connection; call <A HREF="xxfi_close.html">xxfi_close</A>.<BR>
For a recipient-oriented routine, only fail for the current recipient; continue message processing.
</TD>
</TR>

View File

@ -31,11 +31,15 @@ administrator to combine multiple independently-developed filters.
<P>
We expect to see both vendor-supplied, configurable mail filtering
applications and a multiplicity of script-like filters designed by and
for MTA administrators. A certain degree of coding sophistication and
domain knowledge on the part of the filter provider is assumed. This
allows filters to exercise fine-grained control at the SMTP level.
for MTA administrators.
A certain degree of coding sophistication and
domain knowledge on the part of the filter provider is assumed.
This allows filters to exercise fine-grained control at the SMTP level.
However, as will be seen in the example, many filtering applications
can be written with relatively little protocol knowledge.
can be written with relatively little protocol knowledge,
but a basic understanding (e.g., as documented in RFC 5321:
<EM>The dialog is purposely lock-step, one-at-a-time</EM>)
is necessary.
<P>
Given these expectations, the API is designed to achieve the following

View File

@ -71,7 +71,7 @@ connection.
The MTA will try to contact the filter again on each new connection.
<P>
There are three fields inside of the <CODE>T=</CODE> equate: S, R, and E.
There are four fields inside of the <CODE>T=</CODE> equate: C, S, R, and E.
Note the separator between each is a ";" (semicolon), as ","
(comma) already separates equates.
The value of each field is a decimal number followed by a single letter

View File

@ -59,6 +59,8 @@ returns to <CODE>MESSAGE</CODE>.
<PRE>
For each of N connections
{
For each filter
egotiate MTA/milter capabilities/requirements (<A HREF="xxfi_negotiate.html">xxfi_negotiate</A>)
For each filter
process connection (<A HREF="xxfi_connect.html">xxfi_connect</A>)
For each filter
@ -203,11 +205,21 @@ communication with the MTA happens.
Filters are not terminated asynchronously
(except by signals that can't be caught).
In the case of <TT>Abort</TT> the
<A HREF="xxfi_abort.html">xxfi_abort</A> callback is invoked.
<A HREF="xxfi_abort.html">xxfi_abort</A> callback is usually invoked
if there is an active transaction.
However, if an invoked callback takes too long to execute
(the maximum time <TT>Abort</TT> waits is currently 5s)
<!-- XREF: MI_CHK_TIME -->
then the filter is simply terminated, i.e.,
neither the
<A HREF="xxfi_abort.html">xxfi_abort</A> callback
nor the
<A HREF="xxfi_close.html">xxfi_close</A> callback
is invoked.
<HR size="1">
<FONT size="-1">
Copyright (c) 2000, 2001, 2003, 2006 Proofpoint, Inc. and its suppliers.
Copyright (c) 2000, 2001, 2003, 2006, 2018 Proofpoint, Inc. and its suppliers.
All rights reserved.
<BR>
By using this file, you agree to the terms and conditions set

View File

@ -187,7 +187,7 @@ sfsistat
++argc;
/* log this recipient */
if (reject != NULL && rcptaddr != NULL &&
if (reject != NULL &amp;&amp; rcptaddr != NULL &amp;&amp;
(strcasecmp(rcptaddr, reject) == 0))
{
if (fprintf(priv-&gt;mlfi_fp, "RCPT %s -- REJECTED\n",
@ -298,7 +298,7 @@ mlfi_cleanup(ctx, ok)
return rstat;
/* close the archive file */
if (priv-&gt;mlfi_fp != NULL && fclose(priv-&gt;mlfi_fp) == EOF)
if (priv-&gt;mlfi_fp != NULL &amp;&amp; fclose(priv-&gt;mlfi_fp) == EOF)
{
/* failed; we have to wait until later */
fprintf(stderr, "Couldn't close archive file %s: %s\n",

View File

@ -32,6 +32,7 @@ Add a header to the current message.
<TD>Adds a header to the current message.</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -59,7 +60,7 @@ Add a header to the current message.
<LI>Adding headers in the current connection state is invalid.
<LI>Memory allocation fails.
<LI>A network error occurs.
<LI>SMFIF_ADDHDRS was not set when <A href="smfi_register.html">smfi_register</A> was called.
<LI><A HREF="smfi_register.html#SMFIF_ADDHDRS">SMFIF_ADDHDRS</A> is not set.
</UL>
Otherwise, it returns MI_SUCCESS.
</TD>
@ -72,9 +73,8 @@ Otherwise, it returns MI_SUCCESS.
<UL><LI>smfi_addheader does not change a message's existing headers.
To change a header's current value, use
<A HREF="smfi_chgheader.html">smfi_chgheader</A>.
<LI>A filter which calls smfi_addheader must have set the SMFIF_ADDHDRS
flag in the smfiDesc_str passed to
<A href="smfi_register.html">smfi_register</A>.
<LI>A filter which calls smfi_addheader must have set the
<A HREF="smfi_register.html#SMFIF_ADDHDRS">SMFIF_ADDHDRS</A> flag.
<LI>For smfi_addheader, filter order is important.
<B>Later filters will see the header changes made by earlier ones.</B>
<LI>Neither the name nor the value of the header is checked for

View File

@ -31,6 +31,7 @@ Add a recipient for the current message.
<TD>Add a recipient to the message envelope.</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -53,7 +54,7 @@ Add a recipient for the current message.
<UL><LI>rcpt is NULL.
<LI>Adding recipients in the current connection state is invalid.
<LI>A network error occurs.
<LI>SMFIF_ADDRCPT was not set when <A href="smfi_register.html">smfi_register</A> was called.
<LI><A HREF="smfi_register.html#SMFIF_ADDRCPT">SMFIF_ADDRCPT</A> is not set.
</UL>
Otherwise, it will return MI_SUCCESS.
</TD>
@ -63,9 +64,8 @@ Otherwise, it will return MI_SUCCESS.
<TR align="left" valign=top>
<TH>NOTES</TH>
<TD>
A filter which calls smfi_addrcpt must have set the SMFIF_ADDRCPT flag
in the smfiDesc_str passed to
<A href="smfi_register.html">smfi_register</A>.
A filter which calls smfi_addrcpt must have set the
<A HREF="smfi_register.html#SMFIF_ADDRCPT">SMFIF_ADDRCPT</A> flag.
</TD>
</TR>

View File

@ -32,6 +32,7 @@ Add a recipient for the current message including ESMTP arguments.
<TD>Add a recipient to the message envelope.</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -53,12 +54,11 @@ Add a recipient for the current message including ESMTP arguments.
<TR>
<TH valign="top" align=left>RETURN VALUES</TH>
<TD>smfi_addrcpt will fail and return MI_FAILURE if:
<TD>smfi_addrcpt_par will fail and return MI_FAILURE if:
<UL><LI>rcpt is NULL.
<LI>Adding recipients in the current connection state is invalid.
<LI>A network error occurs.
<LI>SMFIF_ADDRCPT_PAR was not set when
<A href="smfi_register.html">smfi_register</A> was called.
<LI><A HREF="smfi_register.html#SMFIF_ADDRCPT_PAR">SMFIF_ADDRCPT_PAR</A> is not set._PAR
</UL>
Otherwise, it will return MI_SUCCESS.
</TD>
@ -68,9 +68,8 @@ Otherwise, it will return MI_SUCCESS.
<TR align="left" valign=top>
<TH>NOTES</TH>
<TD>
A filter which calls smfi_addrcpt must have set the SMFIF_ADDRCPT_PAR flag
in the smfiDesc_str passed to
<A href="smfi_register.html">smfi_register</A>.
A filter which calls smfi_addrcpt_par must have set the
<A HREF="smfi_register.html#SMFIF_ADDRCPT_PAR">SMFIF_ADDRCPT_PAR</A> flag.
</TD>
</TR>

View File

@ -32,6 +32,7 @@ Change the envelope sender (MAIL From) of the current message.
<TD>Change the envelope sender (MAIL From) of the current message.</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -57,7 +58,7 @@ Change the envelope sender (MAIL From) of the current message.
<UL><LI>mail is NULL.
<LI>Changing the sender in the current connection state is invalid.
<LI>A network error occurs.
<LI>SMFIF_CHGFROM was not set when <A href="smfi_register.html">smfi_register</A> was called.
<LI><A HREF="smfi_register.html#SMFIF_CHGFROM">SMFIF_CHGFROM</A> is not set.
</UL>
Otherwise, it will return MI_SUCCESS.
</TD>
@ -67,9 +68,8 @@ Otherwise, it will return MI_SUCCESS.
<TR align="left" valign=top>
<TH>NOTES</TH>
<TD>
A filter which calls smfi_chgfrom must have set the SMFIF_CHGFROM flag
in the smfiDesc_str passed to
<A href="smfi_register.html">smfi_register</A>.
A filter which calls smfi_chgfrom must have set the
<A HREF="smfi_register.html#SMFIF_CHGFROM">SMFIF_CHGFROM</A> flag.
<BR>
Even though all ESMTP arguments could be set via this call,
it does not make sense to do so for many of them,

View File

@ -33,6 +33,7 @@ Change or delete a message header.
<TD>Changes a header's value for the current message.</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -63,17 +64,18 @@ smfi_chgheader will return MI_FAILURE if
<LI>Modifying headers in the current connection state is invalid.
<LI>Memory allocation fails.
<LI>A network error occurs.
<LI>SMFIF_CHGHDRS was not set when <A href="smfi_register.html">smfi_register</A> was called.
<LI><A HREF="smfi_register.html#SMFIF_CHGHDRS">SMFIF_CHGHDRS</A> is not set.
</UL>
Otherwise, it returns MI_SUCCESS.
</TR>
</TD></TR>
<!----------- Notes ---------->
<TR align="left" valign=top>
<TH>NOTES</TH>
<TD>
<UL><LI>While smfi_chgheader may be used to add new headers, it is more efficient and far safer to use <A href="smfi_addheader.html">smfi_addheader</A>.
<LI>A filter which calls smfi_chgheader must have set the SMFIF_CHGHDRS flag in the smfiDesc_str passed to <A href="smfi_register.html">smfi_register</A>.
<LI>A filter which calls smfi_chgheader must have set the
<A HREF="smfi_register.html#SMFIF_CHGHDRS">SMFIF_CHGHDRS</A> flag.
<LI>For smfi_chgheader, filter order is important. <B>Later filters will see the header changes made by earlier ones.</B>
<LI>Neither the name nor the value of the header is checked for
standards compliance. However, each line of the header must be under

View File

@ -31,6 +31,7 @@ Remove a recipient from the current message's envelope.
<TD>smfi_delrcpt removes the named recipient from the current message's envelope.</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -54,7 +55,7 @@ Remove a recipient from the current message's envelope.
<LI>rcpt is NULL.
<LI>Deleting recipients in the current connection state is invalid.
<LI>A network error occurs.
<LI>SMFIF_DELRCPT was not set when <A href="smfi_register.html">smfi_register</A> was called.
<LI><A HREF="smfi_register.html#SMFIF_DELRCPT">SMFIF_DELRCPT</A> is not set.
</UL>
Otherwise, it will return MI_SUCCESS
</TD>
@ -64,7 +65,11 @@ Otherwise, it will return MI_SUCCESS
<TR align="left" valign=top>
<TH>NOTES</TH>
<TD>
<LI>
The addresses to be removed must match exactly. For example, an address and its expanded form do not match.
<LI>
A filter which calls smfi_delrcpt must have set the
<A HREF="smfi_register.html#SMFIF_DELRCPT">SMFIF_DELRCPT</A> flag.
</TD>
</TR>

View File

@ -30,6 +30,7 @@ Get the connection-specific data pointer for this connection.
<TD>None.</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

View File

@ -31,6 +31,7 @@ Get the value of a sendmail macro.
<TD>None.</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

View File

@ -33,6 +33,7 @@ Prepend a header to the current message.
<TD>Prepends a header to the current message.</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -63,7 +64,7 @@ Prepend a header to the current message.
<LI>Adding headers in the current connection state is invalid.
<LI>Memory allocation fails.
<LI>A network error occurs.
<LI>SMFIF_ADDHDRS was not set when <A href="smfi_register.html">smfi_register</A> was called.
<LI><A HREF="smfi_register.html#SMFIF_ADDHDRS">SMFIF_ADDHDRS</A> is not set.
</UL>
Otherwise, it returns MI_SUCCESS.
</TD>
@ -77,9 +78,9 @@ Otherwise, it returns MI_SUCCESS.
<LI>smfi_insheader does not change a message's existing headers.
To change a header's current value, use
<A HREF="smfi_chgheader.html">smfi_chgheader</A>.
<LI>A filter which calls smfi_insheader must have set the SMFIF_ADDHDRS
flag in the smfiDesc_str passed to
<A href="smfi_register.html">smfi_register</A>.
<LI>A filter which calls smfi_insheader must have set the
<A HREF="smfi_register.html#SMFIF_ADDHDRS">SMFIF_ADDHDRS</A>
flag.
<LI>For smfi_insheader, filter order is important.
<B>Later filters will see the header changes made by earlier ones.</B>
<LI>A filter will receive <EM>only</EM> headers that have been sent

View File

@ -29,6 +29,7 @@ Hand control to libmilter event loop.
<TD>smfi_main hands control to the Milter event loop.</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Return values ---------->
<TR>

View File

@ -34,13 +34,14 @@ but before calling <TT>smfi_main()</TT>.
<TD>smfi_opensocket attempts to create the socket specified previously by
a call to <TT>smfi_setconn()</TT> which will be the interface between MTAs
and the filter.
This allows the calling application to ensure that the
socket can be created.
This allows the calling application to ensure that the socket can be created.
If this is not called,
<TT>smfi_main()</TT> will do so implicitly.
<TT>smfi_main()</TT> will create the socket implicitly
(without removing a potentially existing UNIX domain socket).
</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

View File

@ -31,6 +31,7 @@ Notify the MTA that an operation is still in progress.
on a message, causing the MTA to re-start its timeouts.</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

View File

@ -31,6 +31,7 @@ Quarantine the message using the given reason.
<TD>smfi_quarantine quarantines the message using the given reason.</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -53,7 +54,7 @@ Quarantine the message using the given reason.
<UL>
<LI>reason is NULL or empty.
<LI>A network error occurs.
<LI>SMFIF_QUARANTINE was not set when <A href="smfi_register.html">smfi_register</A> was called.
<LI><A HREF="smfi_register.html#SMFIF_QUARANTINE">SMFIF_QUARANTINE</A> is not set.
</UL>
Otherwise, it will return MI_SUCCESS
</TD>

View File

@ -37,6 +37,7 @@ is obeyed.
</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -110,7 +111,7 @@ smfi_register may return MI_FAILURE for any of the following reasons:
<!----------- Notes ---------->
<TR align="left" valign=top>
<TH>NOTES</TH>
<TH><A NAME=Notes>NOTES</A></TH>
<TD>
<A NAME="flags">The xxfi_flags</A>
@ -120,7 +121,7 @@ the following values, describing the actions the filter may take:
<TR valign="top" bgcolor="#dddddd"><TH align="left">Flag</TH><TH align="center">Description</TH></TR>
<TR align="left" valign=top>
<TD>
SMFIF_ADDHDRS
<A NAME="SMFIF_ADDHDRS">SMFIF_ADDHDRS</A>
</TD>
<TD>
This filter may <A HREF="smfi_addheader.html">add headers</A>.
@ -128,7 +129,7 @@ the following values, describing the actions the filter may take:
</TR>
<TR align="left" valign=top>
<TD>
SMFIF_CHGHDRS
<A NAME="SMFIF_CHGHDRS">SMFIF_CHGHDRS</A>
</TD>
<TD>
This filter may
@ -137,7 +138,7 @@ the following values, describing the actions the filter may take:
</TR>
<TR align="left" valign=top>
<TD VALIGN="TOP">
SMFIF_CHGBODY
<A NAME="SMFIF_CHGBODY">SMFIF_CHGBODY</A>
</TD>
<TD>
This filter may
@ -148,7 +149,7 @@ the following values, describing the actions the filter may take:
</TR>
<TR>
<TD VALIGN="TOP">
SMFIF_ADDRCPT
<A NAME="SMFIF_ADDRCPT">SMFIF_ADDRCPT</A>
</TD>
<TD>
This filter may
@ -158,7 +159,7 @@ the following values, describing the actions the filter may take:
</TR>
<TR>
<TD VALIGN="TOP">
SMFIF_ADDRCPT_PAR
<A NAME="SMFIF_ADDRCPT_PAR">SMFIF_ADDRCPT_PAR</A>
</TD>
<TD>
This filter may
@ -167,7 +168,7 @@ the following values, describing the actions the filter may take:
</TR>
<TR>
<TD VALIGN="TOP">
SMFIF_DELRCPT
<A NAME="SMFIF_DELRCPT">SMFIF_DELRCPT</A>
</TD>
<TD>
This filter may
@ -176,7 +177,7 @@ the following values, describing the actions the filter may take:
</TR>
<TR>
<TD VALIGN="TOP">
SMFIF_QUARANTINE
<A NAME="SMFIF_QUARANTINE">SMFIF_QUARANTINE</A>
</TD>
<TD>
This filter may
@ -186,7 +187,7 @@ the following values, describing the actions the filter may take:
<TR>
<TD VALIGN="TOP">
SMFIF_CHGFROM
<A NAME="SMFIF_CHGFROM">SMFIF_CHGFROM</A>
</TD>
<TD>
This filter may
@ -196,7 +197,7 @@ the following values, describing the actions the filter may take:
<TR>
<TD VALIGN="TOP">
SMFIF_SETSYMLIST
<A NAME="SMFIF_SETSYMLIST">SMFIF_SETSYMLIST</A>
</TD>
<TD>
This filter can

View File

@ -35,6 +35,7 @@ body.
</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -61,7 +62,7 @@ body.
<LI>bodyp == NULL and bodylen &gt; 0.
<LI>Changing the body in the current connection state is invalid.
<LI>A network error occurs.
<LI>SMFIF_CHGBODY was not set when <A href="smfi_register.html">smfi_register</A> was called.
<LI><A HREF="smfi_register.html#SMFIF_CHGBODY">SMFIF_CHGBODY</A> is not set.
</UL>
Otherwise, it will return MI_SUCCESS.
</TD>
@ -72,9 +73,11 @@ Otherwise, it will return MI_SUCCESS.
<TH>NOTES</TH>
<TD>
<UL>
<LI>Since the message body may be very large, setting SMFIF_CHGBODY may significantly affect filter performance.
<LI>Since the message body may be very large, calling smfi_replacebody may significantly affect filter performance.
<LI>If a filter sets SMFIF_CHGBODY but does not call smfi_replacebody, the original body remains unchanged.
<LI>For smfi_replacebody, filter order is important. <B>Later filters will see the new body contents created by earlier ones.</B>
<LI>A filter which calls smfi_replacebody must have set the
<A HREF="smfi_register.html#SMFIF_CHGBODY">SMFIF_CHGBODY</A> flag.
</UL>
</TD>
</TR>

View File

@ -31,6 +31,7 @@ Set the filter's <CODE>listen(2)</CODE> backlog value.
If smfi_setbacklog is not called, the operating system default is used.</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

View File

@ -30,6 +30,7 @@ Set the socket through which this filter should communicate with sendmail.
<TD>Sets the socket through which the filter communicates with sendmail.</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

View File

@ -34,6 +34,7 @@ A level of zero turns off debugging. The greater
the current, highest, useful value.</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

View File

@ -38,6 +38,7 @@ This code will be used on subsequent error replies resulting from actions
taken by this filter.</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -92,7 +93,7 @@ For example, the code:<BR>
<UL>
<LI>The rcode or xcode argument is invalid.
<LI>A memory-allocation failure occurs.
<LI>If any text line contains a carraige return or line feed.
<LI>If any text line contains a carriage return or line feed.
<LI>The length of any text line is more than MAXREPLYLEN (980).
<LI>More than 32 lines of text replies are given.
</UL>

View File

@ -31,6 +31,7 @@ Set the private data pointer for this connection.
<TD>Sets the private data pointer for the context ctx.</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

View File

@ -36,6 +36,7 @@ will be used on subsequent error replies resulting from actions taken by
this filter.</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -67,6 +68,8 @@ this filter.</TD>
<UL>
<LI>The rcode or xcode argument is invalid.
<LI>A memory-allocation failure occurs.
<LI>The length of any text line is more than MAXREPLYLEN (980).
<LI>The message argument contains a carriage return or line feed.
</UL>
Otherwise, it return MI_SUCCESS.
</TD>

View File

@ -37,6 +37,7 @@ milter wants to receive from the MTA.
</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

View File

@ -33,6 +33,7 @@ If smfi_settimeout is not called, a default timeout of 7210 seconds is used.
</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -61,10 +62,7 @@ and may break the communication with the MTA.
Do <EM>not</EM> decrease this value without making sure that
the MTA also uses lower timeouts for communication
(with the milter and with the SMTP client).
</TR>
</TABLE>
</TD></TR>
</TABLE>
<HR size="1">

View File

@ -36,6 +36,7 @@ which may then exit or warm-restart.
</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

View File

@ -32,6 +32,7 @@ Get the (runtime) version of libmilter.
<TD>None.</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH VALIGN="TOP" ALIGN=LEFT>ARGUMENTS</TH><TD>

View File

@ -30,6 +30,7 @@ Handle the current message's being aborted.
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

View File

@ -32,6 +32,7 @@ Handle a piece of a message's body.
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

View File

@ -30,6 +30,7 @@ The current connection is being closed.
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

View File

@ -29,6 +29,7 @@ sfsistat (*xxfi_connect)(
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR>
</TABLE>
<!--
This callback function is invoked on each connection to the mail
filter program.
@ -37,8 +38,9 @@ The name of the callback can be any valid function name.
The function pointer is to be assigned to the
smfiDesc.xxfi_connect and the pointer to the smfiDesc structure
is passed to smfi_register().
</TD></TR>
-->
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
<TABLE border="1" cellspacing=0>

View File

@ -23,13 +23,14 @@ Handle the DATA command.
<TABLE border="1" cellspacing=1 cellpadding=4>
<TR align="left" valign=top>
<TH width="80">Called When</TH>
<TD>xxfi_data is called when the client uses the DATA command.
<TD>xxfi_data is called when the client uses the DATA command.</TD>
</TR>
<TR align="left" valign=top>
<TH>Default Behavior</TH>
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -67,7 +68,7 @@ Handle the DATA command.
</TD>
</TR>
</TABLE>
</TR>
</TD></TR>
<!----------- Notes ---------->
<TR>

View File

@ -33,6 +33,7 @@ before xxfi_envrcpt.</TD>
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -75,7 +76,7 @@ before xxfi_envrcpt.</TD>
</TD>
</TR>
</TABLE>
</TR>
</TD></TR>
<!----------- Notes ---------->
<TR>

View File

@ -31,6 +31,7 @@ Handle the envelope RCPT command.
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>
@ -76,7 +77,7 @@ Handle the envelope RCPT command.
</TD>
</TR>
</TABLE>
</TR>
</TD></TR>
<!----------- Notes ---------->
<TR>

View File

@ -31,6 +31,7 @@ Handle the end of message headers.
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

View File

@ -30,6 +30,7 @@ End of a message.
<TD>Do nothing; return SMFIS_CONTINUE.</TD>
</TR>
</TABLE>
</TD></TR>
<!----------- Arguments ---------->
<TR><TH valign="top" align=left>ARGUMENTS</TH><TD>

Some files were not shown because too many files have changed in this diff Show More