This commit was generated by cvs2svn to compensate for changes in r110560,
which included commits to RCS files with non-trunk default branches.
This commit is contained in:
commit
7bd0c4fe89
@ -235,4 +235,10 @@ Kresolve sequence dnsmx canon
|
||||
the file. This is unavoidable as sendmail must verify the file is safe
|
||||
to open before opening it. A file can not be locked until it is open.
|
||||
|
||||
$Revision: 8.55 $, Last updated $Date: 2002/03/05 00:45:54 $
|
||||
* MAIL_HUB always takes precedence over LOCAL_RELAY
|
||||
|
||||
Despite the information in the documentation, MAIL_HUB ($H) will always
|
||||
be used if set instead of LOCAL_RELAY ($R). This will be fixed in a
|
||||
future version.
|
||||
|
||||
$Revision: 8.55.2.1 $, Last updated $Date: 2002/12/18 22:38:48 $
|
||||
|
@ -177,10 +177,17 @@ There are other files you should read. Rooted in this directory are:
|
||||
cf/README
|
||||
Details on configuring sendmail.
|
||||
doc/op/op.me
|
||||
The sendmail Installation & Operations Guide. Be warned: if
|
||||
you are running this off on SunOS or some other system with an
|
||||
old version of -me, you need to add the following macro to the
|
||||
macros:
|
||||
The sendmail Installation & Operations Guide. In addition
|
||||
to the shipped PostScript version, plain text and PDF versions
|
||||
can be generating using (assuming the required conversion software
|
||||
is installed on your system, see doc/op/Makefile):
|
||||
|
||||
cd doc/op && make op.txt op.pdf
|
||||
|
||||
Be warned: on some systems calling make in doc/op/ will cause
|
||||
errors due to nroff/groff problems. Known problems are:
|
||||
- running this off on systems with an old version of -me, you
|
||||
need to add the following macro to the macros:
|
||||
|
||||
.de sm
|
||||
\s-1\\$1\\s0\\$2
|
||||
@ -188,6 +195,14 @@ There are other files you should read. Rooted in this directory are:
|
||||
|
||||
This sets a word in a smaller pointsize.
|
||||
|
||||
- with new groff versions (1.18 seems affected)
|
||||
|
||||
GROFF_NO_SGR=1
|
||||
|
||||
needs to be set, e.g., in doc/op/Makefile:
|
||||
|
||||
ROFF_CMD= GROFF_NO_SGR=1 groff
|
||||
|
||||
|
||||
+--------------+
|
||||
| RELATED RFCS |
|
||||
@ -448,4 +463,4 @@ sendmail Source for the sendmail program itself.
|
||||
test Some test scripts (currently only for compilation aids).
|
||||
vacation Source for the vacation program. NOT PART OF SENDMAIL!
|
||||
|
||||
$Revision: 8.90 $, Last updated $Date: 2002/05/25 02:55:59 $
|
||||
$Revision: 8.90.2.1 $, Last updated $Date: 2002/11/09 23:32:28 $
|
||||
|
@ -1,11 +1,123 @@
|
||||
SENDMAIL RELEASE NOTES
|
||||
$Id: RELEASE_NOTES,v 8.1340.2.43 2002/08/26 21:53:31 gshapiro Exp $
|
||||
$Id: RELEASE_NOTES,v 8.1340.2.100 2002/12/28 19:47:00 ca Exp $
|
||||
|
||||
|
||||
This listing shows the version of the sendmail binary, the version
|
||||
of the sendmail configuration files, the date of release, and a
|
||||
summary of the changes in that release.
|
||||
|
||||
8.12.7/8.12.7 2002/12/29
|
||||
Properly clean up macros to avoid persistence of session data
|
||||
across various connections. This could cause session
|
||||
oriented restrictions, e.g., STARTTLS requirements,
|
||||
to erroneously allow a connection. Problem noted
|
||||
by Tim Maletic of Priority Health.
|
||||
Do not lookup MX records when sorting the MSP queue. The MSP
|
||||
only needs to relay all mail to the MTA. Problem found
|
||||
by Gary Mills of the University of Manitoba.
|
||||
Do not restrict the length of connection information to 100
|
||||
characters in some logging statements. Problem noted by
|
||||
Erik Parker.
|
||||
When converting an enhanced status code to an exit status, use
|
||||
EX_CONFIG if the first digit is not 2, 4, or 5 or if *.1.5
|
||||
is used.
|
||||
Reset macro $x when receiving another MAIL command. Problem
|
||||
noted by Vlado Potisk of Wigro s.r.o.
|
||||
Don't bother setting the permissions on the build area statistics
|
||||
file, the proper permissions will be put on the file at
|
||||
install time. This fixes installation over NFS for some
|
||||
users. Problem noted by Martin J. Dellwo of 3-Dimensional
|
||||
Pharmaceuticals, Inc.
|
||||
Fix problem of decoding SASLv2 encrypted data. Problem noted by
|
||||
Alex Deiter of Mobile TeleSystems, Komi Republic.
|
||||
Log milter socket open errors at MilterLogLevel 1 or higher instead
|
||||
of 11 or higher.
|
||||
Print early system errors to the console instead of silently
|
||||
exiting. Problem noted by James Jong of IBM.
|
||||
Do not process a queue group if Runners is set to 0, regardless
|
||||
of whether F=f or sendmail is run in verbose mode (-v).
|
||||
The use of -qGname will still force queue group "name"
|
||||
to be run even if Runners=0.
|
||||
Change the level for logging the fact that a daemon is refusing
|
||||
connections due to high load from LOG_INFO to LOG_NOTICE.
|
||||
Patch from John Beck of Sun Microsystems.
|
||||
Use location information for submit.cf from NetInfo
|
||||
(/locations/sendmail/submit.cf) if available.
|
||||
Re-enable ForkEachJob which was lost in 8.12.0. Problem noted by
|
||||
Neil Rickert of Northern Illinois University.
|
||||
Make behavior of /canon in debug mode consistent with usage in
|
||||
rulesets. Patch from Shigeno Kazutaka of IIJ.
|
||||
Fix a potential memory leak in envelope splitting. Problem noted
|
||||
by John Majikes of IBM.
|
||||
Do not try to share an mailbox database LDAP connection across
|
||||
different processes. Problem noted by Randy Kunkee.
|
||||
Fix logging for undelivered recipients when the SMTP connection
|
||||
times out during message collection. Problem noted by Neil
|
||||
Rickert of Northern Illinois University.
|
||||
Avoid problems with QueueSortOrder=random due to problems with
|
||||
qsort() on Solaris (and maybe some other operating systems).
|
||||
Problem noted by Stephan Schulz of Gruner+Jahr..
|
||||
If -f "" is specified, set the sender address to "<>". Problem
|
||||
noted by Matthias Andree.
|
||||
Fix formatting problem of footnotes for plain text output on some
|
||||
versions of tmac. Patch from Per Hedeland of Ericsson.
|
||||
Portability:
|
||||
Berkeley DB 4.1 support (requires at least 4.1.25).
|
||||
Some getopt(3) implementations in GNU/Linux are broken
|
||||
and pass a NULL pointer to an option which requires
|
||||
an argument, hence the builtin version of
|
||||
sendmail is used instead. This can be overridden
|
||||
by using -DSM_CONF_GETOPT=0. Problem noted by
|
||||
Vlado Potisk of Wigro s.r.o.
|
||||
Support for nph-1.2.0 from Mark D. Roth of the University
|
||||
of Illinois at Urbana-Champaign.
|
||||
Support for FreeBSD 5.0's MAC labeling from Robert Watson
|
||||
of the TrustedBSD Project.
|
||||
Support for reading the number of processors on an IRIX
|
||||
system from Michel Bourget of SGI.
|
||||
Support for UnixWare 7.1 based on input from Larry Rosenman.
|
||||
Interix support from Nedelcho Stanev of Atlantic Sky
|
||||
Corporation.
|
||||
Update Mac OS X/Darwin portability from Wilfredo Sanchez.
|
||||
CONFIG: Enforce tls_client restrictions even if delay_checks
|
||||
is used. Problem noted by Malte Starostik.
|
||||
CONFIG: Deal with an empty hostname created via bogus
|
||||
DNS entries to get around access restrictions.
|
||||
Problem noted by Kai Schlichting.
|
||||
CONFIG: Use FEATURE(`msp', `[127.0.0.1]') in submit.mc by default
|
||||
to avoid problems with hostname resolution for localhost
|
||||
which on many systems does not resolve to 127.0.0.1 (or
|
||||
::1 for IPv6). If you do not use IPv4 but only IPv6 then
|
||||
you need to change submit.mc accordingly, see the comment
|
||||
in the file itself.
|
||||
CONFIG: Set confDONT_INIT_GROUPS to True in submit.mc to avoid
|
||||
error messages from initgroups(3) on AIX 4.3 when sending
|
||||
mail to non-existing users. Problem noted by Mark Roth of
|
||||
the University of Illinois at Urbana-Champaign.
|
||||
CONFIG: Allow local_procmail to override local_lmtp settings.
|
||||
CONFIG: Always allow connections from 127.0.0.1 or IPv6:::1 to
|
||||
relay.
|
||||
CONTRIB: cidrexpand: Deal with the prefix tags that may be included
|
||||
in access_db.
|
||||
CONTRIB: New version of doublebounce.pl contributed by Leo Bicknell.
|
||||
LIBMILTER: On Solaris libmilter may get into an endless loop if
|
||||
an error in the communication from/to the MTA occurs.
|
||||
Patch from Gurusamy Sarathy of Active State.
|
||||
LIBMILTER: Ignore EINTR from sigwait(3) which may happen on Tru64.
|
||||
Patch from from Jose Marcio Martins da Cruz of Ecole
|
||||
Nationale Superieure des Mines de Paris.
|
||||
MAIL.LOCAL: Fix a truncation race condition if the close() on
|
||||
the mailbox fails. Problem noted by Tomoko Fukuzawa of
|
||||
Sun Microsystems.
|
||||
MAIL.LOCAL: Fix a potential file descriptor leak if mkstemp(3)
|
||||
fails. Patch from John Beck of Sun Microsystems.
|
||||
SMRSH: SECURITY: Only allow regular files or symbolic links to be
|
||||
used for a command. Problem noted by David Endler of
|
||||
iDEFENSE, Inc.
|
||||
New Files:
|
||||
devtools/OS/Interix
|
||||
include/sm/bdb.h
|
||||
|
||||
8.12.6/8.12.6 2002/08/26
|
||||
Do not add the FallbackMXhost (or its MX records) to the list
|
||||
returned by the bestmx map when -z is used as option.
|
||||
|
@ -189,6 +189,13 @@ expanded. This also applies to
|
||||
because ``define'' is an M4 keyword. If you want to use them, surround
|
||||
them with directed quotes, `like this'.
|
||||
|
||||
Since m4 uses single quotes (opening "`" and closing "'") to quote
|
||||
arguments, those quotes can't be used in arguments. For example,
|
||||
it is not possible to define a rejection message containing a single
|
||||
quote. Usually there are simple workarounds by changing those
|
||||
messages; in the worst case it might be ok to change the value
|
||||
directly in the generated .cf file, which however is not advised.
|
||||
|
||||
|
||||
Notice:
|
||||
-------
|
||||
@ -466,6 +473,10 @@ CYRUSV2_MAILER_ARGS [FILE /var/imap/socket/lmtp] The arguments passed
|
||||
change the name of the Unix domain socket, or
|
||||
to switch to delivery via TCP (e.g., `TCP $h lmtp')
|
||||
CYRUSV2_MAILER_QGRP [undefined] The queue group for the cyrusv2 mailer.
|
||||
CYRUSV2_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
|
||||
that ARRIVE from an address that resolves to one the
|
||||
Cyrus mailer and which are converted to MIME will
|
||||
be labeled with this character set.
|
||||
confEBINDIR [/usr/libexec] The directory for executables.
|
||||
Currently used for FEATURE(`local_lmtp') and
|
||||
FEATURE(`smrsh').
|
||||
@ -895,6 +906,12 @@ local_no_masquerade
|
||||
if MASQUERADE_AS is used. MASQUERADE_AS will only have effect
|
||||
on addresses of mail going outside the local domain.
|
||||
|
||||
masquerade_envelope
|
||||
If masquerading is enabled (using MASQUERADE_AS) or the
|
||||
genericstable is in use, this feature will cause envelope
|
||||
addresses to also masquerade as being from the masquerade
|
||||
host. Normally only the header addresses are masqueraded.
|
||||
|
||||
genericstable This feature will cause unqualified addresses (i.e., without
|
||||
a domain) and addresses with a domain listed in class {G}
|
||||
to be looked up in a map and turned into another ("generic")
|
||||
@ -1058,6 +1075,9 @@ local_procmail Use procmail or another delivery agent as the local mailer.
|
||||
3. Flags for the mailer [default: SPfhn9]
|
||||
|
||||
Empty arguments cause the defaults to be taken.
|
||||
Note that if you are on a system with a broken
|
||||
setreuid() call, you may need to add -f $f to the procmail
|
||||
argument vector to pass the proper sender to procmail.
|
||||
|
||||
For example, this allows it to use the maildrop
|
||||
(http://www.flounder.net/~mrsam/maildrop/) mailer instead
|
||||
@ -1136,7 +1156,8 @@ relay_based_on_MX
|
||||
|
||||
relay_mail_from
|
||||
Allows relaying if the mail sender is listed as RELAY in
|
||||
the access map. If an optional argument `domain' is given,
|
||||
the access map. If an optional argument `domain' (this
|
||||
is the literal word `domain', not a placeholder) is given,
|
||||
relaying can be allowed just based on the domain portion
|
||||
of the sender address. This feature should only be used if
|
||||
absolutely necessary as the sender address can be easily
|
||||
@ -1223,6 +1244,10 @@ dnsbl Turns on rejection of hosts found in an DNS based rejection
|
||||
to query different DNS based rejection lists. See also
|
||||
enhdnsbl for an enhanced version.
|
||||
|
||||
Set the DNSBL_MAP mc option to change the default map
|
||||
definition from `host'. Set the DNSBL_MAP_OPT mc option
|
||||
to add additional options to the map specification used.
|
||||
|
||||
Some DNS based rejection lists cause failures if asked
|
||||
for AAAA records. If your sendmail version is compiled
|
||||
with IPv6 support (NETINET6) and you experience this
|
||||
@ -1259,6 +1284,9 @@ enhdnsbl Enhanced version of dnsbl (see above). Further arguments
|
||||
i.e., `', is specified. This feature requires that sendmail
|
||||
has been compiled with the flag DNSMAP (see sendmail/README).
|
||||
|
||||
Set the EDNSBL_TO mc option to change the DNS retry count
|
||||
from the default value of 5.
|
||||
|
||||
lookupdotdomain Look up also .domain in the access map. This allows to
|
||||
match only subdomains. It does not work well with
|
||||
FEATURE(`relay_hosts_only'), because most lookups for
|
||||
@ -1323,15 +1351,20 @@ msp Defines config file for Message Submission Program.
|
||||
Some more hints about possible changes can be found below
|
||||
in the section MESSAGE SUBMISSION PROGRAM.
|
||||
|
||||
Note: if localhost doesn't resolve to the IP address
|
||||
of your local system (127.0.0.1 or ::1 for IPv6),
|
||||
then you either need to fix your hostname resolution
|
||||
(localhost and localhost.YOUR.DOMAIN should resolve
|
||||
to that address by convention) or you need to specify
|
||||
the IP address as argument, e.g.,
|
||||
Note: Due to many problems, submit.mc uses
|
||||
|
||||
FEATURE(`msp', `[127.0.0.1]')
|
||||
|
||||
by default. If you have a machine with IPv6 only,
|
||||
change it to
|
||||
|
||||
FEATURE(`msp', `[IPv6:::1]')
|
||||
|
||||
If you want to continue using '[localhost]', (the behavior
|
||||
up to 8.12.6), use
|
||||
|
||||
FEATURE(`msp')
|
||||
|
||||
queuegroup A simple example how to select a queue group based
|
||||
on the full e-mail address or the domain of the
|
||||
recipient. Selection is done via entries in the
|
||||
@ -2188,15 +2221,16 @@ A slightly better solution is
|
||||
FEATURE(`relay_mail_from')
|
||||
|
||||
which allows relaying if the mail sender is listed as RELAY in the
|
||||
access map. If an optional argument `domain' is given, the domain
|
||||
portion of the mail sender is also checked to allowing relaying.
|
||||
This option only works together with the tag From: for the LHS of
|
||||
the access map entries (see below: Finer control...). This feature
|
||||
allows spammers to abuse your mail server by specifying a return
|
||||
address that you enabled in your access file. This may be harder
|
||||
to figure out for spammers, but it should not be used unless
|
||||
necessary. Instead use SMTP AUTH or STARTTLS to allow relaying
|
||||
for roaming users.
|
||||
access map. If an optional argument `domain' (this is the literal
|
||||
word `domain', not a placeholder) is given, the domain portion of
|
||||
the mail sender is also checked to allowing relaying. This option
|
||||
only works together with the tag From: for the LHS of the access
|
||||
map entries (see below: Finer control...). This feature allows
|
||||
spammers to abuse your mail server by specifying a return address
|
||||
that you enabled in your access file. This may be harder to figure
|
||||
out for spammers, but it should not be used unless necessary.
|
||||
Instead use SMTP AUTH or STARTTLS to allow relaying for roaming
|
||||
users.
|
||||
|
||||
|
||||
If source routing is used in the recipient address (e.g.,
|
||||
@ -2341,7 +2375,7 @@ The value part of the map can contain:
|
||||
|
||||
For example:
|
||||
|
||||
cyberspammer.com ERROR:550 "We don't accept mail from spammers"
|
||||
cyberspammer.com ERROR:"550 We don't accept mail from spammers"
|
||||
okay.cyberspammer.com OK
|
||||
sendmail.org RELAY
|
||||
128.32 RELAY
|
||||
@ -2465,11 +2499,15 @@ instead of just disabling the DNS lookups in the backlists.
|
||||
|
||||
|
||||
The features described above make use of the check_relay, check_mail,
|
||||
and check_rcpt rulesets. If you wish to include your own checks,
|
||||
you can put your checks in the rulesets Local_check_relay,
|
||||
Local_check_mail, and Local_check_rcpt. For example if you wanted to
|
||||
block senders with all numeric usernames (i.e. 2312343@bigisp.com),
|
||||
you would use Local_check_mail and the regex map:
|
||||
and check_rcpt rulesets. Note that check_relay checks the SMTP
|
||||
client hostname and IP address when the connection is made to your
|
||||
server. It does not check if a mail message is being relayed to
|
||||
another server. That check is done in check_rcpt. If you wish to
|
||||
include your own checks, you can put your checks in the rulesets
|
||||
Local_check_relay, Local_check_mail, and Local_check_rcpt. For
|
||||
example if you wanted to block senders with all numeric usernames
|
||||
(i.e. 2312343@bigisp.com), you would use Local_check_mail and the
|
||||
regex map:
|
||||
|
||||
LOCAL_CONFIG
|
||||
Kallnumbers regex -a@MATCH ^[0-9]+$
|
||||
@ -2574,8 +2612,9 @@ the friend option and having
|
||||
|
||||
Spam:abuse@ FRIEND
|
||||
|
||||
in the access map, mail to abuse@localdomain will get through. It is
|
||||
also possible to specify a full address or an address with +detail:
|
||||
in the access map, mail to abuse@localdomain will get through (where
|
||||
"localdomain" is any domain in class {w}). It is also possible to
|
||||
specify a full address or an address with +detail:
|
||||
|
||||
Spam:abuse@my.domain FRIEND
|
||||
Spam:me+abuse@ FRIEND
|
||||
@ -2597,9 +2636,10 @@ This is done by adding a ruleset call to the 'H' header definition command
|
||||
in sendmail.cf. For example, this can be used to check the validity of
|
||||
a Message-ID: header:
|
||||
|
||||
LOCAL_RULESETS
|
||||
LOCAL_CONFIG
|
||||
HMessage-Id: $>CheckMessageId
|
||||
|
||||
LOCAL_RULESETS
|
||||
SCheckMessageId
|
||||
R< $+ @ $+ > $@ OK
|
||||
R$* $#error $: 553 Header Error
|
||||
@ -2636,10 +2676,9 @@ probably not be used in production.
|
||||
|
||||
LOCAL_CONFIG
|
||||
Kstorage macro
|
||||
|
||||
LOCAL_RULESETS
|
||||
HMessage-Id: $>CheckMessageId
|
||||
|
||||
LOCAL_RULESETS
|
||||
SCheckMessageId
|
||||
# Record the presence of the header
|
||||
R$* $: $(storage {MessageIdCheck} $@ OK $) $1
|
||||
@ -2714,22 +2753,22 @@ ${server_addr} the address of the server of the current outgoing SMTP
|
||||
Relaying
|
||||
--------
|
||||
|
||||
SMTP STARTTLS can allow relaying for senders who have successfully
|
||||
authenticated themselves. This is done in the ruleset RelayAuth. If the
|
||||
verification of the cert failed (${verify} != OK), relaying is subject to
|
||||
the usual rules. Otherwise the DN of the issuer is looked up in the access
|
||||
map using the tag CERTISSUER. If the resulting value is RELAY, relaying is
|
||||
allowed. If it is SUBJECT, the DN of the cert subject is looked up next in
|
||||
the access map using the tag CERTSUBJECT. If the value is RELAY, relaying
|
||||
is allowed.
|
||||
|
||||
To make things a bit more flexible (or complicated), the values for
|
||||
SMTP STARTTLS can allow relaying for remote SMTP clients which have
|
||||
successfully authenticated themselves. This is done in the ruleset
|
||||
RelayAuth. If the verification of the cert failed (${verify} != OK),
|
||||
relaying is subject to the usual rules. Otherwise the DN of the issuer is
|
||||
looked up in the access map using the tag CERTISSUER. If the resulting
|
||||
value is RELAY, relaying is allowed. If it is SUBJECT, the DN of the cert
|
||||
subject is looked up next in the access map using the tag CERTSUBJECT. If
|
||||
the value is RELAY, relaying is allowed.
|
||||
|
||||
${cert_issuer} and ${cert_subject} can be optionally modified by regular
|
||||
expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and
|
||||
_CERT_REGEX_SUBJECT_, respectively. To avoid problems with those macros in
|
||||
rulesets and map lookups, they are modified as follows: each non-printable
|
||||
character and the characters '<', '>', '(', ')', '"', '+' are replaced by
|
||||
their HEX value with a leading '+'. For example:
|
||||
character and the characters '<', '>', '(', ')', '"', '+', ' ' are replaced
|
||||
by their HEX value with a leading '+'. For example:
|
||||
|
||||
/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email=
|
||||
darth+cert@endmail.org
|
||||
@ -2741,6 +2780,9 @@ Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
|
||||
|
||||
(line breaks have been inserted for readability).
|
||||
|
||||
The macros which are subject to this encoding are ${cert_subject},
|
||||
${cert_issuer}, ${cn_subject}, and ${cn_issuer}.
|
||||
|
||||
Examples:
|
||||
|
||||
To allow relaying for everyone who can present a cert signed by
|
||||
@ -2750,7 +2792,7 @@ Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
|
||||
|
||||
simply use:
|
||||
|
||||
CERTIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
|
||||
CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
|
||||
Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org RELAY
|
||||
|
||||
To allow relaying only for a subset of machines that have a cert signed by
|
||||
@ -2760,9 +2802,9 @@ Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
|
||||
|
||||
use:
|
||||
|
||||
CERTIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
|
||||
CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
|
||||
Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org SUBJECT
|
||||
CERTSubject:/C=US/ST=California/O=endmail.org/OU=private/CN=
|
||||
CertSubject:/C=US/ST=California/O=endmail.org/OU=private/CN=
|
||||
DeathStar/Email=deathstar@endmail.org RELAY
|
||||
|
||||
Note: line breaks have been inserted after "CN=" for readability,
|
||||
@ -3898,9 +3940,9 @@ confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map
|
||||
maps unless they are specified in
|
||||
the individual map specification
|
||||
('K' command).
|
||||
confCACERT_PATH CACERTPath [undefined] Path to directory
|
||||
confCACERT_PATH CACertPath [undefined] Path to directory
|
||||
with certs of CAs.
|
||||
confCACERT CACERTFile [undefined] File containing one CA
|
||||
confCACERT CACertFile [undefined] File containing one CA
|
||||
cert.
|
||||
confSERVER_CERT ServerCertFile [undefined] File containing the
|
||||
cert of the server, i.e., this cert
|
||||
@ -3959,17 +4001,25 @@ confINPUT_MAIL_FILTERS InputMailFilters
|
||||
confMILTER_LOG_LEVEL Milter.LogLevel [9] Log level for input mail filter
|
||||
actions, defaults to LogLevel.
|
||||
confMILTER_MACROS_CONNECT Milter.macros.connect
|
||||
[empty] Macros to transmit to milters
|
||||
when a session connection starts.
|
||||
[j, _, {daemon_name}, {if_name},
|
||||
{if_addr}] Macros to transmit to
|
||||
milters when a session connection
|
||||
starts.
|
||||
confMILTER_MACROS_HELO Milter.macros.helo
|
||||
[empty] Macros to transmit to milters
|
||||
after HELO command.
|
||||
[{tls_version}, {cipher},
|
||||
{cipher_bits}, {cert_subject},
|
||||
{cert_issuer}] Macros to transmit to
|
||||
milters after HELO/EHLO command.
|
||||
confMILTER_MACROS_ENVFROM Milter.macros.envfrom
|
||||
[empty] Macros to transmit to milters
|
||||
after MAIL FROM command.
|
||||
[i, {auth_type}, {auth_authen},
|
||||
{auth_ssf}, {auth_author},
|
||||
{mail_mailer}, {mail_host},
|
||||
{mail_addr}] Macros to transmit to
|
||||
milters after MAIL FROM command.
|
||||
confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt
|
||||
[empty] Macros to transmit to milters
|
||||
after RCPT TO command.
|
||||
[{rcpt_mailer}, {rcpt_host},
|
||||
{rcpt_addr}] Macros to transmit to
|
||||
milters after RCPT TO command.
|
||||
|
||||
|
||||
See also the description of OSTYPE for some parameters that can be
|
||||
@ -4020,13 +4070,12 @@ Example 3: To listen on both IPv4 and IPv6 interfaces, use
|
||||
A "Message Submission Agent" still uses all of the same rulesets for
|
||||
processing the message (and therefore still allows message rejection via
|
||||
the check_* rulesets). In accordance with the RFC, the MSA will ensure
|
||||
that all domains in the envelope are fully qualified if the message is
|
||||
relayed to another MTA. It will also enforce the normal address syntax
|
||||
rules and log error messages. Additionally, by using the M=a modifier
|
||||
you can require authentication before messages are accepted by the MSA.
|
||||
Notice: Do NOT use the 'a' modifier on a public accessible MTA!
|
||||
Finally, the M=E modifier shown above disables ETRN as required by RFC
|
||||
2476.
|
||||
that all domains in envelope addresses are fully qualified if the message
|
||||
is relayed to another MTA. It will also enforce the normal address syntax
|
||||
rules and log error messages. Additionally, by using the M=a modifier you
|
||||
can require authentication before messages are accepted by the MSA.
|
||||
Notice: Do NOT use the 'a' modifier on a public accessible MTA! Finally,
|
||||
the M=E modifier shown above disables ETRN as required by RFC 2476.
|
||||
|
||||
Mail filters can be defined using the INPUT_MAIL_FILTER() and MAIL_FILTER()
|
||||
commands:
|
||||
@ -4311,4 +4360,4 @@ M4 DIVERSIONS
|
||||
8 DNS based blacklists
|
||||
9 special local rulesets (1 and 2)
|
||||
|
||||
$Revision: 8.623.2.1 $, Last updated $Date: 2002/08/07 23:14:56 $
|
||||
$Revision: 8.623.2.18 $, Last updated $Date: 2002/12/29 04:16:51 $
|
||||
|
@ -24,15 +24,15 @@
|
||||
######################################################################
|
||||
######################################################################
|
||||
|
||||
##### $Id: cfhead.m4,v 8.108 2002/06/13 18:53:24 ca Exp $ #####
|
||||
##### $Id: cfhead.m4,v 8.108.2.1 2002/08/27 20:19:08 gshapiro Exp $ #####
|
||||
##### $Id: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $ #####
|
||||
##### $Id: submit.mc,v 8.6 2002/03/26 03:30:58 ca Exp $ #####
|
||||
##### $Id: submit.mc,v 8.6.2.4 2002/12/29 03:54:34 ca Exp $ #####
|
||||
##### $Id: msp.m4,v 1.32 2002/03/26 22:02:03 ca Exp $ #####
|
||||
|
||||
##### $Id: no_default_msa.m4,v 8.2 2001/02/14 05:03:22 gshapiro Exp $ #####
|
||||
|
||||
|
||||
##### $Id: proto.m4,v 8.649.2.5 2002/08/15 02:39:01 ca Exp $ #####
|
||||
##### $Id: proto.m4,v 8.649.2.13 2002/12/04 00:12:18 ca Exp $ #####
|
||||
|
||||
# level 10 config file format
|
||||
V10/Berkeley
|
||||
@ -106,11 +106,11 @@ Kdequote dequote
|
||||
DnMAILER-DAEMON
|
||||
|
||||
|
||||
D{MTAHost}[localhost]
|
||||
D{MTAHost}[127.0.0.1]
|
||||
|
||||
|
||||
# Configuration version number
|
||||
DZ8.12.6/Submit
|
||||
DZ8.12.7/Submit
|
||||
|
||||
|
||||
###############
|
||||
@ -398,7 +398,7 @@ O UnixFromLine=From $g $d
|
||||
O OperatorChars=.:%@!^/[]+
|
||||
|
||||
# shall I avoid calling initgroups(3) because of high NIS costs?
|
||||
#O DontInitGroups=False
|
||||
O DontInitGroups=True
|
||||
|
||||
# are group-writable :include: and .forward files (un)trustworthy?
|
||||
# True (the default) means they are not trustworthy.
|
||||
@ -480,9 +480,9 @@ O PidFile=/var/spool/clientmqueue/sm-client.pid
|
||||
|
||||
|
||||
# CA directory
|
||||
#O CACERTPath
|
||||
#O CACertPath
|
||||
# CA file
|
||||
#O CACERTFile
|
||||
#O CACertFile
|
||||
# Server Cert
|
||||
#O ServerCertFile
|
||||
# Server private key
|
||||
@ -1010,7 +1010,7 @@ R<? $* <$->> $* < @ $+ >
|
||||
R<?> $* $: $&{daemon_flags} $| <?> $1
|
||||
R$* u $* $| <?> $* $: <OKR> $3
|
||||
R$* $| $* $: $2
|
||||
R<?> $* $: < ? $&{client_name} > $1
|
||||
R<?> $* $: < ? $&{client_addr} > $1
|
||||
R<?> $* $@ <OKR> ...local unqualed ok
|
||||
R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
|
||||
...remote is not
|
||||
@ -1098,6 +1098,8 @@ SRelay_ok
|
||||
R$* $: $&{client_addr}
|
||||
R$@ $@ RELAY originated locally
|
||||
R0 $@ RELAY originated locally
|
||||
R127.0.0.1 $@ RELAY originated locally
|
||||
RIPv6:::1 $@ RELAY originated locally
|
||||
R$=R $* $@ RELAY relayable IP address
|
||||
R$* $: [ $1 ] put brackets around it...
|
||||
R$=w $@ RELAY ... and see if it is local
|
||||
@ -1109,7 +1111,6 @@ R<TEMP> $#TEMP $@ 4.7.1 $: "450 Relaying temporarily denied. Cannot resolve PT
|
||||
R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
|
||||
R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
|
||||
R$* $: <@> $&{client_name}
|
||||
R<@> $@ RELAY
|
||||
# pass to name server to make hostname canonical
|
||||
R<@> $* $=P $:<?> $1 $2
|
||||
R<@> $+ $:<?> $[ $1 $]
|
||||
|
@ -15,9 +15,12 @@ divert(-1)
|
||||
#
|
||||
|
||||
divert(0)dnl
|
||||
VERSIONID(`$Id: submit.mc,v 8.6 2002/03/26 03:30:58 ca Exp $')
|
||||
VERSIONID(`$Id: submit.mc,v 8.6.2.4 2002/12/29 03:54:34 ca Exp $')
|
||||
define(`confCF_VERSION', `Submit')dnl
|
||||
define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
|
||||
define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
|
||||
define(`confTIME_ZONE', `USE_TZ')dnl
|
||||
FEATURE(`msp')dnl
|
||||
define(`confDONT_INIT_GROUPS', `True')dnl
|
||||
dnl
|
||||
dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1]
|
||||
FEATURE(`msp', `[127.0.0.1]')dnl
|
||||
|
@ -1,6 +1,6 @@
|
||||
divert(-1)
|
||||
#
|
||||
# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
|
||||
# Copyright (c) 1998, 1999, 2002 Sendmail, Inc. and its suppliers.
|
||||
# All rights reserved.
|
||||
# Copyright (c) 1994 Eric P. Allman. All rights reserved.
|
||||
# Copyright (c) 1988, 1993
|
||||
@ -13,7 +13,7 @@ divert(-1)
|
||||
#
|
||||
|
||||
divert(0)
|
||||
VERSIONID(`$Id: local_procmail.m4,v 8.21 1999/11/18 05:06:23 ca Exp $')
|
||||
VERSIONID(`$Id: local_procmail.m4,v 8.21.42.1 2002/11/17 04:25:07 ca Exp $')
|
||||
divert(-1)
|
||||
|
||||
ifdef(`_MAILER_local_',
|
||||
@ -30,3 +30,7 @@ define(`LOCAL_MAILER_ARGS',
|
||||
ifelse(len(X`'_ARG2_), `1', `procmail -Y -a $h -d $u', _ARG2_))
|
||||
define(`LOCAL_MAILER_FLAGS',
|
||||
ifelse(len(X`'_ARG3_), `1', `SPfhn9', _ARG3_))
|
||||
dnl local_procmail conflicts with local_lmtp but the latter might be
|
||||
dnl defined in an OS/ file (solaris8). Let's just undefine it.
|
||||
undefine(`_LOCAL_LMTP_')
|
||||
undefine(`LOCAL_MAILER_DSN_DIAGNOSTIC_CODE')
|
||||
|
@ -13,7 +13,7 @@ divert(-1)
|
||||
#
|
||||
divert(0)
|
||||
|
||||
VERSIONID(`$Id: proto.m4,v 8.649.2.5 2002/08/15 02:39:01 ca Exp $')
|
||||
VERSIONID(`$Id: proto.m4,v 8.649.2.13 2002/12/04 00:12:18 ca Exp $')
|
||||
|
||||
# level CF_LEVEL config file format
|
||||
V`'CF_LEVEL/ifdef(`VENDOR_NAME', `VENDOR_NAME', `Berkeley')
|
||||
@ -205,11 +205,13 @@ ifdef(`_CERT_REGEX_SUBJECT_', `dnl
|
||||
KCERTSubject regex _CERT_REGEX_SUBJECT_', `dnl')
|
||||
|
||||
ifdef(`LOCAL_RELAY', `dnl
|
||||
# who I send unqualified names to (null means deliver locally)
|
||||
# who I send unqualified names to if FEATURE(stickyhost) is used
|
||||
# (null means deliver locally)
|
||||
DR`'LOCAL_RELAY')
|
||||
|
||||
ifdef(`MAIL_HUB', `dnl
|
||||
# who gets all local email traffic ($R has precedence for unqualified names)
|
||||
# who gets all local email traffic
|
||||
# ($R has precedence for unqualified names if FEATURE(stickyhost) is used)
|
||||
DH`'MAIL_HUB')
|
||||
|
||||
# dequoting map
|
||||
@ -630,9 +632,9 @@ _OPTION(Milter.macros.envfrom, `confMILTER_MACROS_ENVFROM', `')
|
||||
_OPTION(Milter.macros.envrcpt, `confMILTER_MACROS_ENVRCPT', `')')
|
||||
|
||||
# CA directory
|
||||
_OPTION(CACERTPath, `confCACERT_PATH', `')
|
||||
_OPTION(CACertPath, `confCACERT_PATH', `')
|
||||
# CA file
|
||||
_OPTION(CACERTFile, `confCACERT', `')
|
||||
_OPTION(CACertFile, `confCACERT', `')
|
||||
# Server Cert
|
||||
_OPTION(ServerCertFile, `confSERVER_CERT', `')
|
||||
# Server private key
|
||||
@ -1697,6 +1699,9 @@ ifdef(`_ACCESS_TABLE_', `dnl
|
||||
dnl workspace: {client_name} $| {client_addr}
|
||||
R$+ $| $+ $: $>D < $1 > <?> <+ Connect> < $2 >
|
||||
dnl workspace: <result-of-lookup> <{client_addr}>
|
||||
dnl OR $| $+ if client_name is empty
|
||||
R $| $+ $: $>A < $1 > <?> <+ Connect> <> empty client_name
|
||||
dnl workspace: <result-of-lookup> <{client_addr}>
|
||||
R<?> <$+> $: $>A < $1 > <?> <+ Connect> <> no: another lookup
|
||||
dnl workspace: <result-of-lookup> (<>|<{client_addr}>)
|
||||
R<?> <$*> $: OK found nothing
|
||||
@ -1841,7 +1846,7 @@ dnl accept unqualified sender: change mark to avoid test
|
||||
R$* u $* $| <?> $* $: <_RES_OK_> $3
|
||||
dnl remove daemon_flags
|
||||
R$* $| $* $: $2
|
||||
R<?> $* $: < ? $&{client_name} > $1
|
||||
R<?> $* $: < ? $&{client_addr} > $1
|
||||
R<?> $* $@ <_RES_OK_> ...local unqualed ok
|
||||
R<? $+> $* $#error $@ 5.5.4 $: "_CODE553 Domain name required for sender address " $&f
|
||||
...remote is not')
|
||||
@ -1896,7 +1901,7 @@ R$+ $: <?> $1
|
||||
R<?> <$+> $: <@> <$1>
|
||||
R<?> $+ $: <@> <$1>
|
||||
R<@> < postmaster > $: postmaster
|
||||
R<@> < $* @ $+ . $+ > $: < $3 @ $4 . $5 >
|
||||
R<@> < $* @ $+ . $+ > $: < $1 @ $2 . $3 >
|
||||
dnl prepend daemon_flags
|
||||
R<@> $* $: $&{daemon_flags} $| <@> $1
|
||||
dnl workspace: ${daemon_flags} $| <@> <address>
|
||||
@ -2098,6 +2103,8 @@ SRelay_ok
|
||||
R$* $: $&{client_addr}
|
||||
R$@ $@ RELAY originated locally
|
||||
R0 $@ RELAY originated locally
|
||||
R127.0.0.1 $@ RELAY originated locally
|
||||
RIPv6:::1 $@ RELAY originated locally
|
||||
R$=R $* $@ RELAY relayable IP address
|
||||
ifdef(`_ACCESS_TABLE_', `dnl
|
||||
R$* $: $>A <$1> <?> <+ Connect> <$1>
|
||||
@ -2147,7 +2154,11 @@ R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{c
|
||||
dnl ${client_resolve} should be OK, so go ahead
|
||||
R$* $: <@> $&{client_name}
|
||||
dnl should not be necessary since it has been done for client_addr already
|
||||
R<@> $@ RELAY
|
||||
dnl this rule actually may cause a problem if {client_name} resolves to ""
|
||||
dnl however, this should not happen since the forward lookup should fail
|
||||
dnl and {client_resolve} should be TEMP or FAIL.
|
||||
dnl nevertheless, removing the rule doesn't hurt.
|
||||
dnl R<@> $@ RELAY
|
||||
dnl workspace: <@> ${client_name} (not empty)
|
||||
# pass to name server to make hostname canonical
|
||||
R<@> $* $=P $:<?> $1 $2
|
||||
@ -2180,14 +2191,37 @@ R$* <@ $+ . > $1 <@ $2 >
|
||||
R$* <@ $* > $@ $1 <@ $2 >
|
||||
R$+ $@ $1 <@ $j >
|
||||
|
||||
SDelay_TLS_Client
|
||||
# authenticated?
|
||||
dnl code repeated here from Basic_check_mail
|
||||
dnl only called from check_rcpt in delay mode if checkrcpt returns $#
|
||||
R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
|
||||
R$* $| $#$+ $#$2
|
||||
dnl return result from checkrcpt
|
||||
R$* $# $1
|
||||
|
||||
SDelay_TLS_Client2
|
||||
# authenticated?
|
||||
dnl code repeated here from Basic_check_mail
|
||||
dnl only called from check_rcpt in delay mode if stopping due to Friend/Hater
|
||||
R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
|
||||
R$* $| $#$+ $#$2
|
||||
dnl return result from friend/hater check
|
||||
R$* $@ $1
|
||||
|
||||
# call all necessary rulesets
|
||||
Scheck_rcpt
|
||||
dnl this test should be in the Basic_check_rcpt ruleset
|
||||
dnl which is the correct DSN code?
|
||||
# R$@ $#error $@ 5.1.3 $: "553 Recipient address required"
|
||||
|
||||
R$+ $: $1 $| $>checkrcpt $1
|
||||
dnl now we can simply stop checks by returning "$# xyz" instead of just "ok"
|
||||
R$+ $| $#$* $#$2
|
||||
dnl on error (or discard) stop now
|
||||
R$+ $| $#error $* $#error $2
|
||||
R$+ $| $#discard $* $#discard $2
|
||||
dnl otherwise call tls_client; see above
|
||||
R$+ $| $#$* $@ $>"Delay_TLS_Client" $2
|
||||
R$+ $| $* $: <?> $>FullAddr $>CanonAddr $1
|
||||
ifdef(`_SPAM_FH_',
|
||||
`dnl lookup user@ and user@address
|
||||
@ -2207,15 +2241,15 @@ dnl', `dnl')
|
||||
ifdef(`_SPAM_FRIEND_',
|
||||
`# is the recipient a spam friend?
|
||||
ifdef(`_SPAM_HATER_',
|
||||
`errprint(`*** ERROR: define either SpamHater or SpamFriend
|
||||
`errprint(`*** ERROR: define either Hater or Friend -- not both.
|
||||
')', `dnl')
|
||||
R<FRIEND> $+ $@ SPAMFRIEND
|
||||
R<FRIEND> $+ $@ $>"Delay_TLS_Client2" SPAMFRIEND
|
||||
R<$*> $+ $: $2',
|
||||
`dnl')
|
||||
ifdef(`_SPAM_HATER_',
|
||||
`# is the recipient no spam hater?
|
||||
R<HATER> $+ $: $1 spam hater: continue checks
|
||||
R<$*> $+ $@ NOSPAMHATER everyone else: stop
|
||||
R<$*> $+ $@ $>"Delay_TLS_Client2" NOSPAMHATER everyone else: stop
|
||||
dnl',`dnl')
|
||||
dnl run further checks: check_mail
|
||||
dnl should we "clean up" $&f?
|
||||
@ -2685,12 +2719,12 @@ dnl cert subject
|
||||
R<CS:$&{cert_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
|
||||
dnl CS does not match
|
||||
dnl 1 2 3 4
|
||||
R<CS:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " CERT Subject " $&{cert_subject} " does not match " $1
|
||||
R<CS:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Subject " $&{cert_subject} " does not match " $1
|
||||
dnl match, check rest
|
||||
R<CI:$&{cert_issuer}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
|
||||
dnl CI does not match
|
||||
dnl 1 2 3 4
|
||||
R<CI:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " CERT Issuer " $&{cert_issuer} " does not match " $1
|
||||
R<CI:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Issuer " $&{cert_issuer} " does not match " $1
|
||||
dnl return from recursive call
|
||||
ROK $@ OK
|
||||
|
||||
@ -2719,7 +2753,7 @@ SRelayTLS
|
||||
# authenticated?
|
||||
dnl we do not allow relaying for anyone who can present a cert
|
||||
dnl signed by a "trusted" CA. For example, even if we put verisigns
|
||||
dnl CA in CERTPath so we can authenticate users, we do not allow
|
||||
dnl CA in CertPath so we can authenticate users, we do not allow
|
||||
dnl them to abuse our server (they might be easier to get hold of,
|
||||
dnl but anyway).
|
||||
dnl so here is the trick: if the verification succeeded
|
||||
|
@ -11,8 +11,8 @@ divert(-1)
|
||||
# the sendmail distribution.
|
||||
#
|
||||
#
|
||||
VERSIONID(`$Id: version.m4,v 8.92.2.5 2002/08/24 16:27:23 ca Exp $')
|
||||
VERSIONID(`$Id: version.m4,v 8.92.2.11 2002/12/28 19:45:55 ca Exp $')
|
||||
#
|
||||
divert(0)
|
||||
# Configuration version number
|
||||
DZ8.12.6`'ifdef(`confCF_VERSION', `/confCF_VERSION')
|
||||
DZ8.12.7`'ifdef(`confCF_VERSION', `/confCF_VERSION')
|
||||
|
@ -5,7 +5,7 @@
|
||||
# forth in the LICENSE file which can be found at the top level of
|
||||
# the sendmail distribution.
|
||||
#
|
||||
# $Id: sendmail.schema,v 8.19 2002/06/04 17:31:43 gshapiro Exp $
|
||||
# $Id: sendmail.schema,v 8.19.2.1 2002/11/20 23:13:27 gshapiro Exp $
|
||||
|
||||
# Note that this schema is experimental at this point as it has had little
|
||||
# public review. Therefore, it may change in future versions. Feedback
|
||||
@ -134,8 +134,8 @@ objectclass ( 1.3.6.1.4.1.6152.10.3.2.12
|
||||
attributetype ( 1.3.6.1.4.1.6152.10.3.1.18
|
||||
NAME 'sendmailMTAAliasGrouping'
|
||||
DESC 'name that identifies a particular aliases grouping'
|
||||
EQUALITY caseIgnoreMatch
|
||||
SUBSTR caseIgnoreSubstringsMatch
|
||||
EQUALITY caseIgnoreIA5Match
|
||||
SUBSTR caseIgnoreIA5SubstringsMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
|
||||
|
||||
# attribute sendmailMTAAliasValue cis
|
||||
|
@ -1,6 +1,6 @@
|
||||
#!/usr/local/bin/perl -w
|
||||
|
||||
# v 0.2-very-very-beta
|
||||
# v 0.2-very-beta
|
||||
#
|
||||
# 17 July 2000 Derek J. Balling (dredd@megacity.org)
|
||||
#
|
||||
@ -13,10 +13,24 @@
|
||||
# notation. Caveat: the address portion MUST be the start address or your
|
||||
# results will NOT be what what you want.
|
||||
#
|
||||
# If you have two overlapping CIDR blocks with conflicting actions
|
||||
# e.g. 10.2.3.128/25 REJECT and 10.2.3.143 ACCEPT
|
||||
# make sure that the exceptions to the more general block are specified
|
||||
# later in the access_db.
|
||||
#
|
||||
# the -r flag to makemap will make it "do the right thing"
|
||||
#
|
||||
# Modifications
|
||||
# -------------
|
||||
# 5 Nov 2002 Richard Rognlie (richard@sendmail.com)
|
||||
# Added code to deal with the prefix tags that may now be included in
|
||||
# the access_db
|
||||
#
|
||||
# Added clarification in the notes for what to do if you have
|
||||
# exceptions to a larger CIDR block.
|
||||
#
|
||||
# usage:
|
||||
# cidrexpand < /etc/mail/access | makemap hash /etc/mail/access
|
||||
#
|
||||
# cidrexpand < /etc/mail/access | makemap -r hash /etc/mail/access
|
||||
#
|
||||
# Report bugs to: dredd@megacity.org
|
||||
#
|
||||
@ -37,20 +51,20 @@ my $SENDMAIL = 1;
|
||||
|
||||
while (<>)
|
||||
{
|
||||
my ($left,$right,$space);
|
||||
my ($prefix,$left,$right,$space);
|
||||
|
||||
if (! /^(\d+\.){3}\d+\/\d\d?$spaceregex.*/ )
|
||||
if (! /^(|\S\S*:)(\d+\.){3}\d+\/\d\d?$spaceregex.*/ )
|
||||
{
|
||||
print;
|
||||
}
|
||||
else
|
||||
{
|
||||
($left,$space,$right) = /^((?:\d+\.){3}\d+\/\d\d?)($spaceregex)(.*)$/;
|
||||
($prefix,$left,$space,$right) = /^(|\S\S*:)((?:\d+\.){3}\d+\/\d\d?)($spaceregex)(.*)$/;
|
||||
|
||||
my @new_lefts = expand_network($left);
|
||||
foreach my $nl (@new_lefts)
|
||||
{
|
||||
print "$nl$space$right\n";
|
||||
print "$prefix$nl$space$right\n";
|
||||
}
|
||||
|
||||
}
|
||||
@ -133,5 +147,13 @@ sub calc_changes
|
||||
$second = 255;
|
||||
$first = 2**($power-24) - 1;
|
||||
}
|
||||
elsif ($mask == 0)
|
||||
{
|
||||
$fourth = 255;
|
||||
$third = 255;
|
||||
$second = 255;
|
||||
$first = 255;
|
||||
}
|
||||
|
||||
return ($first,$second,$third,$fourth);
|
||||
}
|
||||
|
@ -1,232 +1,225 @@
|
||||
#!/usr/bin/perl
|
||||
# doublebounce.pl
|
||||
# attempt to return a doubly-bounced email to a postmaster
|
||||
# jr@terra.net, 12/4/97
|
||||
#
|
||||
# invoke by creating an mail alias such as:
|
||||
# doublebounce: "|/usr/local/sbin/doublebounce"
|
||||
# then adding this line to your sendmail.cf:
|
||||
# O DoubleBounceAddress=doublebounce
|
||||
# Return a doubly-bounced e-mail to postmaster. Specific to sendmail,
|
||||
# updated to work on sendmail 8.12.6.
|
||||
#
|
||||
# optionally, add a "-d" flag in the aliases file, to send a
|
||||
# debug trace to your own postmaster showing what is going on
|
||||
# Based on the original doublebounce.pl code by jr@terra.net, 12/4/97.
|
||||
# Updated by bicknell@ufp.org, 12/4/2002 to understand new sendmail DSN
|
||||
# bounces. Code cleanup also performed, mainly making things more
|
||||
# robust.
|
||||
#
|
||||
# this allows the "postmaster" address to still go to a human being,
|
||||
# while bounce messages can go to this script, which will bounce them
|
||||
# back to the postmaster at the sending site.
|
||||
#
|
||||
# the algorithm is to scan the double-bounce error report generated
|
||||
# by sendmail on stdin, for the original message (it starts after the
|
||||
# second "Orignal message follows" marker), look for From, Sender, and
|
||||
# Received headers from the point closest to the sender back to the point
|
||||
# closest to us, and try to deliver a double-bounce report back to a
|
||||
# postmaster at one of these sites in the hope that they can
|
||||
# return the message to the original sender, or do something about
|
||||
# the fact that that sender's return address is not valid.
|
||||
|
||||
# Original intro included below, lines with ##
|
||||
## attempt to return a doubly-bounced email to a postmaster
|
||||
## jr@terra.net, 12/4/97
|
||||
##
|
||||
## invoke by creating an mail alias such as:
|
||||
## doublebounce: "|/usr/local/sbin/doublebounce"
|
||||
## then adding this line to your sendmail.cf:
|
||||
## O DoubleBounceAddress=doublebounce
|
||||
##
|
||||
## optionally, add a "-d" flag in the aliases file, to send a
|
||||
## debug trace to your own postmaster showing what is going on
|
||||
##
|
||||
## this allows the "postmaster" address to still go to a human being,
|
||||
## while bounce messages can go to this script, which will bounce them
|
||||
## back to the postmaster at the sending site.
|
||||
##
|
||||
## the algorithm is to scan the double-bounce error report generated
|
||||
## by sendmail on stdin, for the original message (it starts after the
|
||||
## second "Orignal message follows" marker), look for From, Sender, and
|
||||
## Received headers from the point closest to the sender back to the point
|
||||
## closest to us, and try to deliver a double-bounce report back to a
|
||||
## postmaster at one of these sites in the hope that they can
|
||||
## return the message to the original sender, or do something about
|
||||
## the fact that that sender's return address is not valid.
|
||||
|
||||
use Socket;
|
||||
|
||||
# look for debug flag
|
||||
#
|
||||
$dflag = 0;
|
||||
$dflag = 1 if ($ARGV[0] eq "-d");
|
||||
|
||||
# get local host name
|
||||
# you may need to edit these two lines for however your system does this
|
||||
#
|
||||
$host = `hostname`; chop($host);
|
||||
$domain = `dnsdomainname`; chop($domain);
|
||||
|
||||
# get temp file name
|
||||
$tmp = "/tmp/doubb$$";
|
||||
|
||||
# save message from STDIN to a file
|
||||
# I thought about reading it into a buffer here, but some messages
|
||||
# are 10+Mb so a buffer may not be a good idea
|
||||
#
|
||||
if (! open(MSG, "+> $tmp")) {
|
||||
# can't open temp file -- send message to local postmaster
|
||||
# open(MAIL, "| /usr/sbin/sendmail -oeq postmaster");
|
||||
print MAIL <STDIN>;
|
||||
close(MAIL);
|
||||
exit(1);
|
||||
}
|
||||
print MSG <STDIN>;
|
||||
|
||||
# scan message for list of possible sender sites
|
||||
# note that original message appears after the second
|
||||
# "Original message follows" marker
|
||||
# look for From, Sender, and Reply-To and try them, too
|
||||
#
|
||||
$inhdr = 0;
|
||||
$hdrs = 0;
|
||||
$skip = 0;
|
||||
seek(MSG, 0, 0);
|
||||
while (<MSG>) {
|
||||
chop;
|
||||
if (/^ ----- Original message follows -----$/
|
||||
|| /^ ----Unsent message follows----$/) {
|
||||
$i = 0;
|
||||
$inhdr = 1;
|
||||
$hdrs++;
|
||||
$skip = 1;
|
||||
next;
|
||||
}
|
||||
if ($skip) {
|
||||
$skip--;
|
||||
next;
|
||||
}
|
||||
if (/^$/) {
|
||||
last if ($hdrs >= 2);
|
||||
$inhdr = 0;
|
||||
next;
|
||||
}
|
||||
if (! $inhdr) {
|
||||
next;
|
||||
}
|
||||
if (! /^[ \t]/) { $hdr[$i++] = $_ }
|
||||
else {
|
||||
$i--;
|
||||
$hdr[$i++] .= $_;
|
||||
}
|
||||
}
|
||||
$rcvd = 0;
|
||||
for ($j = 0; $j < $i; $j++) {
|
||||
print STDERR "DEBUG hdr[$j] = $hdr[$j]\n";
|
||||
if ($hdr[$j] =~ /^received:/i) {
|
||||
($addr[$rcvd++]) = $hdr[$j] =~ m/.*\sby\s([^\s]+)\s.*/;
|
||||
}
|
||||
if ($hdr[$j] =~ /^reply-to:/i) {
|
||||
($addr1{"reply-to"} = $hdr[$j]) =~ s/^reply-to: *//i;
|
||||
}
|
||||
if ($hdr[$j] =~ /^sender:/i) {
|
||||
($addr1{"sender"} = $hdr[$j]) =~ s/^sender: *//i;
|
||||
}
|
||||
if ($hdr[$j] =~ /^from:/i) {
|
||||
($addr1{"from"} = $hdr[$j]) =~ s/^from: *//i;
|
||||
}
|
||||
}
|
||||
|
||||
# %addr and %addr1 arrays now contain lists of possible sites (or From headers).
|
||||
# Go through them parsing for the site name, and attempting to send
|
||||
# to the named person or postmaster@ each site in turn until successful
|
||||
#
|
||||
if ($dflag) {
|
||||
open(DEBUG, "|/usr/sbin/sendmail postmaster");
|
||||
print DEBUG "Subject: double bounce dialog\n";
|
||||
}
|
||||
$sent = 0;
|
||||
# foreach $x ("from", "sender", "reply-to") {
|
||||
foreach $x ("from", "sender") {
|
||||
$y = &parseaddr($addr1{$x});
|
||||
if ($y) {
|
||||
print DEBUG "Trying $y\n" if ($dflag);
|
||||
if (&sendbounce("$y")) {
|
||||
$sent++;
|
||||
last;
|
||||
}
|
||||
$y =~ s/.*@//;
|
||||
print DEBUG "Trying postmaster\@$y\n" if ($dflag);
|
||||
if (&sendbounce("postmaster\@$y")) {
|
||||
$sent++;
|
||||
last;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (! $sent) {
|
||||
$rcvd--;
|
||||
for ($i = $rcvd; $i >= 0; $i--) {
|
||||
$y = &parseaddr($addr[$i]);
|
||||
$y =~ s/.*@//;
|
||||
if ($y) {
|
||||
print DEBUG "Trying postmaster\@$y\n" if ($dflag);
|
||||
if (&sendbounce("postmaster\@$y")) {
|
||||
$sent++;
|
||||
last;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if (! $sent) {
|
||||
# queer things are happening to me
|
||||
# $addr[0] should be own domain, so we should have just
|
||||
# tried postmaster@our.domain. theoretically, we should
|
||||
# not get here...
|
||||
if ($dflag) {
|
||||
print DEBUG "queer things are happening to me\n";
|
||||
print DEBUG "Trying postmaster\n";
|
||||
}
|
||||
&sendbounce("postmaster");
|
||||
}
|
||||
|
||||
# clean up and get out
|
||||
#
|
||||
if ($dflag) {
|
||||
seek(MSG, 0, 0);
|
||||
print DEBUG "\n---\n"; print DEBUG <MSG>;
|
||||
close(DEBUG);
|
||||
}
|
||||
close(MSG);
|
||||
unlink("$tmp");
|
||||
exit(0);
|
||||
|
||||
|
||||
|
||||
|
||||
use Getopt::Std;
|
||||
use POSIX;
|
||||
use Sys::Syslog qw(:DEFAULT setlogsock);
|
||||
use strict;
|
||||
use vars qw( $opt_d $tmpfile);
|
||||
|
||||
# parseaddr()
|
||||
# parse hostname from From: header
|
||||
#
|
||||
sub parseaddr {
|
||||
local($hdr) = @_;
|
||||
local($addr);
|
||||
my($hdr) = @_;
|
||||
my($addr);
|
||||
|
||||
if ($hdr =~ /<.*>/) {
|
||||
($addr) = $hdr =~ m/<(.*)>/;
|
||||
return $addr;
|
||||
}
|
||||
if ($addr =~ /\s*\(/) {
|
||||
($addr) = $hdr =~ m/\s*(.*)\s*\(/;
|
||||
return $addr;
|
||||
}
|
||||
($addr) = $hdr =~ m/\s*(.*)\s*/;
|
||||
return $addr;
|
||||
if ($hdr =~ /<.*>/) {
|
||||
($addr) = $hdr =~ m/<(.*)>/;
|
||||
$addr =~ s/.*\@//;
|
||||
return $addr;
|
||||
}
|
||||
if ($addr =~ /\s*\(/) {
|
||||
($addr) = $hdr =~ m/\s*(.*)\s*\(/;
|
||||
$addr =~ s/.*\@//;
|
||||
return $addr;
|
||||
}
|
||||
($addr) = $hdr =~ m/\s*(.*)\s*/;
|
||||
$addr =~ s/.*\@//;
|
||||
return $addr;
|
||||
}
|
||||
|
||||
|
||||
# sendbounce()
|
||||
# send bounce to postmaster
|
||||
#
|
||||
# this re-invokes sendmail in immediate and quiet mode to try
|
||||
# to deliver to a postmaster. sendmail's exit status tells us
|
||||
# wether the delivery attempt really was successful.
|
||||
# whether the delivery attempt really was successful.
|
||||
#
|
||||
sub sendbounce {
|
||||
local($dest) = @_;
|
||||
local($st);
|
||||
sub send_bounce {
|
||||
my($addr, $from) = @_;
|
||||
my($st);
|
||||
my($result);
|
||||
|
||||
open(MAIL, "| /usr/sbin/sendmail -ocn -odi -oeq $dest");
|
||||
print MAIL <<EOT;
|
||||
From: Mail Delivery Subsystem <mail-router\@$domain>
|
||||
my($dest) = "postmaster\@" . parseaddr($addr);
|
||||
|
||||
if ($opt_d) {
|
||||
syslog ('info', "Attempting to send to user $dest");
|
||||
}
|
||||
open(MAIL, "| /usr/sbin/sendmail -oeq $dest");
|
||||
print MAIL <<EOT;
|
||||
From: Mail Delivery Subsystem <mail-router>
|
||||
Subject: Postmaster notify: double bounce
|
||||
Reply-To: nobody\@$domain
|
||||
Errors-To: nobody\@$domain
|
||||
Reply-To: nobody
|
||||
Errors-To: nobody
|
||||
Precedence: junk
|
||||
Auto-Submitted: auto-generated (postmaster notification)
|
||||
|
||||
The following message was received at $host.$domain for an invalid
|
||||
recipient. The sender's address was also invalid. Since the message
|
||||
originated at or transited through your mailer, this notification is being
|
||||
sent to you in the hope that you will determine the real originator and
|
||||
have them correct their From or Sender address.
|
||||
The following message was received for an invalid recipient. The
|
||||
sender's address was also invalid. Since the message originated
|
||||
at or transited through your mailer, this notification is being
|
||||
sent to you in the hope that you will determine the real originator
|
||||
and have them correct their From or Sender address.
|
||||
|
||||
The invalid sender address was: $addr1{"from"}.
|
||||
The from header on the original e-mail was: $from.
|
||||
|
||||
----- The following is a double bounce at $host.$domain -----
|
||||
----- The following is a double bounce -----
|
||||
|
||||
EOT
|
||||
seek(MSG, 0, 0);
|
||||
print MAIL <MSG>;
|
||||
return close(MAIL);
|
||||
|
||||
open(MSG, "<$tmpfile");
|
||||
print MAIL <MSG>;
|
||||
close(MSG);
|
||||
$result = close(MAIL);
|
||||
if ($result) {
|
||||
syslog('info', 'doublebounce successfully sent to %s', $dest);
|
||||
}
|
||||
return $result;
|
||||
}
|
||||
|
||||
sub main {
|
||||
# Get our command line options
|
||||
getopts('d');
|
||||
|
||||
# Set up syslog
|
||||
setlogsock('unix');
|
||||
openlog('doublebounce', 'pid', 'mail');
|
||||
|
||||
if ($opt_d) {
|
||||
syslog('info', 'Processing a doublebounce.');
|
||||
}
|
||||
|
||||
# The bounced e-mail may be large, so we'd better not try to buffer
|
||||
# it in memory, get a temporary file.
|
||||
$tmpfile = POSIX::tmpnam();
|
||||
|
||||
if (!open(MSG, ">$tmpfile")) {
|
||||
syslog('err', "Unable to open temporary file $tmpfile");
|
||||
exit(75); # 75 is a temporary failure, sendmail should retry
|
||||
}
|
||||
print(MSG <STDIN>);
|
||||
close(MSG);
|
||||
if (!open(MSG, "<$tmpfile")) {
|
||||
syslog('err', "Unable to reopen temporary file $tmpfile");
|
||||
exit(74); # 74 is an IO error
|
||||
}
|
||||
|
||||
# Ok, now we can get down to business, find the original message
|
||||
my($skip_lines, $in_header, $headers_found, @addresses);
|
||||
$skip_lines = 0;
|
||||
$in_header = 0;
|
||||
$headers_found = 0;
|
||||
while (<MSG>) {
|
||||
if ($skip_lines > 0) {
|
||||
$skip_lines--;
|
||||
next;
|
||||
}
|
||||
chomp;
|
||||
# Starting message depends on your version of sendmail
|
||||
if (/^ ----- Original message follows -----$/ ||
|
||||
/^ ----Unsent message follows----$/ ||
|
||||
/^Content-Type: message\/rfc822$/) {
|
||||
# Found the original message
|
||||
$skip_lines++;
|
||||
$in_header = 1;
|
||||
$headers_found++;
|
||||
next;
|
||||
}
|
||||
if (/^$/) {
|
||||
if ($headers_found >= 2) {
|
||||
# We only process two deep, even if there are more
|
||||
last;
|
||||
}
|
||||
if ($in_header) {
|
||||
# We've found the end of a header, scan for the next one
|
||||
$in_header = 0;
|
||||
}
|
||||
next;
|
||||
}
|
||||
if ($in_header) {
|
||||
if (! /^[ \t]/) {
|
||||
# New Header
|
||||
if (/^(received): (.*)/i ||
|
||||
/^(reply-to): (.*)/i ||
|
||||
/^(sender): (.*)/i ||
|
||||
/^(from): (.*)/i ) {
|
||||
$addresses[$headers_found]{$1} = $2;
|
||||
}
|
||||
next;
|
||||
} else {
|
||||
# continuation header
|
||||
# we should really process these, but we don't yet
|
||||
next;
|
||||
}
|
||||
} else {
|
||||
# Nothing to do if we're not in a header
|
||||
next;
|
||||
}
|
||||
}
|
||||
close(MSG);
|
||||
|
||||
# Start with the original (inner) sender
|
||||
my($addr, $sent);
|
||||
foreach $addr (keys %{$addresses[2]}) {
|
||||
if ($opt_d) {
|
||||
syslog('info', "Trying to send to $addresses[2]{$addr} - $addresses[2]{\"From\"}");
|
||||
}
|
||||
$sent = send_bounce($addresses[2]{$addr}, $addresses[2]{"From"});
|
||||
last if $sent;
|
||||
}
|
||||
if (!$sent && $opt_d) {
|
||||
if ($opt_d) {
|
||||
syslog('info', 'Unable to find original sender, falling back.');
|
||||
}
|
||||
foreach $addr (keys %{$addresses[1]}) {
|
||||
if ($opt_d) {
|
||||
syslog('info', "Trying to send to $addresses[2]{$addr} - $addresses[2]{\"From\"}");
|
||||
}
|
||||
$sent = send_bounce($addresses[1]{$addr}, $addresses[2]{"From"});
|
||||
last if $sent;
|
||||
}
|
||||
if (!$sent) {
|
||||
syslog('info', 'Unable to find anyone to send a doublebounce notification');
|
||||
}
|
||||
}
|
||||
|
||||
unlink($tmpfile);
|
||||
}
|
||||
|
||||
main();
|
||||
exit(0);
|
||||
|
||||
|
@ -9,7 +9,7 @@
|
||||
.\" the sendmail distribution.
|
||||
.\"
|
||||
.\"
|
||||
.\" $Id: op.me,v 8.609.2.5 2002/08/04 19:12:07 ca Exp $
|
||||
.\" $Id: op.me,v 8.609.2.17 2002/12/18 22:50:15 ca Exp $
|
||||
.\"
|
||||
.\" eqn op.me | pic | troff -me
|
||||
.\"
|
||||
@ -20,6 +20,8 @@
|
||||
.\" Define \(dg as "*" for text output and create a new .DG macro
|
||||
.\" which describes the symbol.
|
||||
.\"
|
||||
.if n .ds { [
|
||||
.if n .ds } ]
|
||||
.ie !c \(dg \{\
|
||||
.char \(dg *
|
||||
.de DG
|
||||
@ -88,7 +90,7 @@ Sendmail, Inc.
|
||||
.de Ve
|
||||
Version \\$2
|
||||
..
|
||||
.Ve $Revision: 8.609.2.5 $
|
||||
.Ve $Revision: 8.609.2.17 $
|
||||
.rm Ve
|
||||
.sp
|
||||
For Sendmail Version 8.12
|
||||
@ -817,7 +819,7 @@ file.
|
||||
The permissions of the alias file and the database versions
|
||||
should be 0640 to prevent local denial of service attacks
|
||||
as explained in the top level
|
||||
.b README
|
||||
.b README
|
||||
in the sendmail distribution.
|
||||
If the permissions 0640 are used, be sure that only trusted users belong
|
||||
to the group assigned to those files. Otherwise, files should not even
|
||||
@ -986,7 +988,7 @@ uses
|
||||
the permissions of that file
|
||||
to prevent local denial of service attacks
|
||||
as explained in the top level
|
||||
.b README
|
||||
.b README
|
||||
in the sendmail distribution.
|
||||
If the file already exists, then it might be necessary to
|
||||
change the permissions accordingly, e.g.,
|
||||
@ -997,7 +999,7 @@ chmod 0600 /var/run/sendmail.pid
|
||||
.pp
|
||||
To prevent local denial of service attacks
|
||||
as explained in the top level
|
||||
.b README
|
||||
.b README
|
||||
in the sendmail distribution,
|
||||
the permissions of map files created by
|
||||
.i makemap
|
||||
@ -1008,7 +1010,7 @@ If those files already exist, then it might be necessary to
|
||||
change the permissions accordingly, e.g.,
|
||||
.(b
|
||||
cd /etc/mail
|
||||
chmod 0640 *.db *.pag *.dir
|
||||
chmod 0640 *.db *.pag *.dir
|
||||
.)b
|
||||
.sh 1 "NORMAL OPERATIONS"
|
||||
.sh 2 "The System Log"
|
||||
@ -1065,10 +1067,10 @@ The number of envelope recipients for this message
|
||||
The message id of the message (from the header).
|
||||
.ip proto
|
||||
The protocol used to receive this message (e.g., ESMTP or UUCP)
|
||||
.ip daemon
|
||||
The daemon name from the
|
||||
.b DaemonPortOptions
|
||||
setting.
|
||||
.ip daemon
|
||||
The daemon name from the
|
||||
.b DaemonPortOptions
|
||||
setting.
|
||||
.ip relay
|
||||
The machine from which it was received.
|
||||
.lp
|
||||
@ -1165,6 +1167,10 @@ option divided by the difference in the current load average and the
|
||||
option plus one
|
||||
is less than the priority of the message,
|
||||
messages are queued rather than immediately delivered.
|
||||
.bu
|
||||
One or more addresses are marked as expensive and delivery is postponed
|
||||
until the next queue run or one or more address are marked as held via
|
||||
mailer which uses the hold mailer flag.
|
||||
.sh 3 "Queue Groups and Queue Directories"
|
||||
.pp
|
||||
There are one or more mail queues.
|
||||
@ -1363,7 +1369,7 @@ You can also specify the moved queue directory on the command line
|
||||
.(b
|
||||
/usr/\*(SD/sendmail \-oQ/var/spool/omqueue \-q
|
||||
.)b
|
||||
but this requires that you do not have
|
||||
but this requires that you do not have
|
||||
queue groups in the configuration file,
|
||||
because those are not subdirectories of the moved directory.
|
||||
See the section about "Queue Group Declaration" for details;
|
||||
@ -2021,6 +2027,7 @@ limits the run to particular senders,
|
||||
limits it to particular queue identifiers, and
|
||||
.q \-qGstring
|
||||
limits it to a particular queue group.
|
||||
The named queue group will be run even if it is set to have 0 runners.
|
||||
You may also place an
|
||||
.b !
|
||||
before the
|
||||
@ -2052,6 +2059,16 @@ i.e.,
|
||||
they print out so much information that you wouldn't normally
|
||||
want to see them except for debugging that particular piece of code.
|
||||
.pp
|
||||
You should
|
||||
.b never
|
||||
run a production sendmail server in debug mode.
|
||||
Many of the debug flags will result in debug output being sent over the
|
||||
SMTP channel.
|
||||
This will confuse many mail programs.
|
||||
However, for testing purposes, it can be useful
|
||||
when sending mail manually via
|
||||
telnet to the port you are using while debugging.
|
||||
.pp
|
||||
A debug category is either an integer, like 42,
|
||||
or a name, like ANSI.
|
||||
You can specify a range of numeric debug categories
|
||||
@ -3009,7 +3026,7 @@ alias files,
|
||||
and external databases)
|
||||
must be readable by that user.
|
||||
Also, since sendmail will not be able to change it's uid,
|
||||
delivery to programs or files will be marked as unsafe,
|
||||
delivery to programs or files will be marked as unsafe,
|
||||
e.g., undeliverable,
|
||||
in
|
||||
.i \&.forward ,
|
||||
@ -3022,6 +3039,12 @@ option to the setting
|
||||
.b RunAsUser
|
||||
is probably best suited for firewall configurations
|
||||
that don't have regular user logins.
|
||||
If the option is used on a system which performs local delivery,
|
||||
then the local delivery agent must have the proper permissions
|
||||
(i.e., usually set-user-ID root)
|
||||
since it will be invoked by the
|
||||
.b RunAsUser ,
|
||||
not by root.
|
||||
.sh 3 "Turning off security checks"
|
||||
.pp
|
||||
.i Sendmail
|
||||
@ -3334,7 +3357,7 @@ this turns off MX matching when canonifying names,
|
||||
which can lead to inappropriate canonifications.
|
||||
Use
|
||||
.q WorkAroundBrokenAAAA
|
||||
when faced with a a broken nameservers that returns SERVFAIL
|
||||
when faced with a broken nameserver that returns SERVFAIL
|
||||
(a temporary failure)
|
||||
on T_AAAA (IPv6) lookups
|
||||
during hostname canonification.
|
||||
@ -4033,6 +4056,11 @@ where
|
||||
.b $|
|
||||
is a metacharacter separating the two parts.
|
||||
This ruleset can reject connections from various locations.
|
||||
Note that it only checks the connecting SMTP client IP address and hostname.
|
||||
It does not check for third party message relaying.
|
||||
The
|
||||
.i check_rcpt
|
||||
ruleset discussed below usually does third party message relay checking.
|
||||
.sh 4 "check_mail"
|
||||
.pp
|
||||
The
|
||||
@ -4215,7 +4243,8 @@ how this ruleset can be used.
|
||||
.pp
|
||||
The
|
||||
.i srv_features
|
||||
ruleset is called when a client connects to sendmail.
|
||||
ruleset is called with the connecting client's host name
|
||||
when a client connects to sendmail.
|
||||
This ruleset should return
|
||||
.b $#
|
||||
followed by a list of options (single characters
|
||||
@ -4650,7 +4679,7 @@ FORGED forward lookup doesn't match reverse lookup
|
||||
TEMP temporary lookup failure
|
||||
.)b
|
||||
Defined in the SMTP server only.
|
||||
.i sendmail
|
||||
.i sendmail
|
||||
performs a hostname lookup on the IP address of the connecting client.
|
||||
Next the IP addresses of that hostname are looked up.
|
||||
If the client IP address does not appear in that list,
|
||||
@ -4755,6 +4784,8 @@ O SmtpGreetingMessage=$?{if_name}${if_name}$|$j$. MTA
|
||||
.)b
|
||||
.ip ${if_name_out}
|
||||
The name of the interface of an outgoing connection.
|
||||
.ip ${load_avg}
|
||||
The current load average.
|
||||
.ip ${mail_addr}
|
||||
The address part of the resolved triple of the address given for the
|
||||
.sm "SMTP MAIL"
|
||||
@ -4775,7 +4806,7 @@ The value of the SIZE= parameter,
|
||||
i.e., usually the size of the message (in an ESMTP dialogue),
|
||||
before the message has been collected, thereafter
|
||||
the message size as computed by
|
||||
.i sendmail
|
||||
.i sendmail
|
||||
(and can be used in check_compat).
|
||||
.ip ${nrcpts}
|
||||
The number of validated recipients for a single message.
|
||||
@ -6055,9 +6086,9 @@ where
|
||||
.i class \c
|
||||
.b :
|
||||
is optional and defaults to ``implicit''.
|
||||
Note that
|
||||
Note that
|
||||
.i info
|
||||
is required for all
|
||||
is required for all
|
||||
.i class es
|
||||
except
|
||||
.q ldap .
|
||||
@ -6176,7 +6207,8 @@ d don't permit mechanisms susceptible to passive
|
||||
f require forward secrecy between sessions
|
||||
(breaking one won't help break next).
|
||||
p don't permit mechanisms susceptible to simple
|
||||
passive attack (e.g., PLAIN, LOGIN).
|
||||
passive attack (e.g., PLAIN, LOGIN), unless a
|
||||
security layer is active.
|
||||
y don't permit mechanisms that allow anonymous login.
|
||||
.)b
|
||||
The first option applies to sendmail as a client, the others to a server.
|
||||
@ -6185,7 +6217,7 @@ Example:
|
||||
O AuthOptions=p,y
|
||||
.)b
|
||||
would disallow ANONYMOUS as AUTH mechanism and would
|
||||
allow PLAIN only if a security layer (e.g.,
|
||||
allow PLAIN and LOGIN only if a security layer (e.g.,
|
||||
provided by STARTTLS) is already active.
|
||||
The options 'a', 'c', 'd', 'f', 'p', and 'y' refer to properties of the
|
||||
selected SASL mechanisms.
|
||||
@ -6200,12 +6232,12 @@ Set the blank substitution character to
|
||||
.i c .
|
||||
Unquoted spaces in addresses are replaced by this character.
|
||||
Defaults to space (i.e., no change is made).
|
||||
.ip CACERTPath
|
||||
.ip CACertPath
|
||||
[no short name]
|
||||
Path to directory with certificates of CAs.
|
||||
This directory directory must contain the hashes of each CA certificate
|
||||
as filenames (or as links to them).
|
||||
.ip CACERTFile
|
||||
.ip CACertFile
|
||||
[no short name]
|
||||
File containing one or more CA certificates;
|
||||
see section about STARTTLS for more information.
|
||||
@ -6376,7 +6408,9 @@ can ignore this option.
|
||||
.ip DaemonPortOptions=\fIoptions\fP
|
||||
[O]
|
||||
Set server SMTP options.
|
||||
Each instance of DaemonPortOptions leads to an additional incoming socket.
|
||||
Each instance of
|
||||
.b DaemonPortOptions
|
||||
leads to an additional incoming socket.
|
||||
The options are
|
||||
.i key=value
|
||||
pairs.
|
||||
@ -6394,16 +6428,18 @@ RcvBufSize Size of TCP receive buffer
|
||||
.)b
|
||||
The
|
||||
.i Name
|
||||
field is used for error messages and logging.
|
||||
key is used for error messages and logging.
|
||||
The
|
||||
.i Addr ess
|
||||
mask may be a numeric address in dot notation
|
||||
or a network name.
|
||||
The
|
||||
The
|
||||
.i Family
|
||||
key defaults to INET (IPv4).
|
||||
IPv6 users who wish to also accept IPv6 connections
|
||||
should add additional Family=inet6 DaemonPortOptions lines.
|
||||
should add additional Family=inet6
|
||||
.b DaemonPortOptions
|
||||
lines.
|
||||
.i Modifier
|
||||
can be a sequence (without any delimiters)
|
||||
of the following characters:
|
||||
@ -6460,8 +6496,9 @@ This will also override possible settings via
|
||||
Note,
|
||||
.i sendmail
|
||||
will listen on a new socket
|
||||
for each occurence of the DaemonPortOptions option
|
||||
in a configuration file.
|
||||
for each occurence of the
|
||||
.b DaemonPortOptions
|
||||
option in a configuration file.
|
||||
The modifier ``O'' causes sendmail to ignore a socket
|
||||
if it can't be opened.
|
||||
This applies to failures from the socket(2) and bind(2) calls.
|
||||
@ -6473,7 +6510,7 @@ the password (plain text), the realm and the list of mechanisms to use
|
||||
on separate lines and must be readable by
|
||||
root (or the trusted user) only.
|
||||
If no realm is specified,
|
||||
.b $j
|
||||
.b $j
|
||||
is used.
|
||||
If no mechanisms are specified, the list given by
|
||||
.b AuthMechanisms
|
||||
@ -6599,7 +6636,7 @@ Z flag set.
|
||||
.ip DirectSubmissionModifiers=\fImodifiers\fP
|
||||
Defines
|
||||
.b ${daemon_flags}
|
||||
for direct (command line) submissions.
|
||||
for direct (command line) submissions.
|
||||
If not set,
|
||||
.b ${daemon_flags}
|
||||
is either "CC f" if the option
|
||||
@ -7458,7 +7495,7 @@ However, this means that all
|
||||
and
|
||||
.q :include:
|
||||
files must be readable by the indicated
|
||||
.i user
|
||||
.i user
|
||||
and all files to be written must be writable by
|
||||
.i user
|
||||
Also, all file and program deliveries will be marked unsafe
|
||||
@ -7822,7 +7859,7 @@ but most will cause
|
||||
to relinquish its set-user-ID permissions.
|
||||
The options that will not cause this are
|
||||
SevenBitInput [7],
|
||||
EightBitMode [8],
|
||||
EightBitMode [8],
|
||||
MinFreeBlocks [b],
|
||||
CheckpointInterval [C],
|
||||
DeliveryMode [d],
|
||||
@ -8196,7 +8233,7 @@ Note that,
|
||||
by default,
|
||||
if a single query matches multiple values,
|
||||
only the first value will be returned
|
||||
unless the
|
||||
unless the
|
||||
.b \-z
|
||||
(value separator)
|
||||
map flag is set.
|
||||
@ -8378,7 +8415,7 @@ to select the substrings in the result of the lookup. For example,
|
||||
-s1,3,4
|
||||
.)b
|
||||
Notes: to match a
|
||||
.b $
|
||||
.b $
|
||||
in a string,
|
||||
\\$$
|
||||
must be used.
|
||||
@ -8413,9 +8450,9 @@ Kstorage macro
|
||||
# set macro ${MyMacro} to the ruleset match
|
||||
R$+ $: $(storage {MyMacro} $@ $1 $) $1
|
||||
# set macro ${MyMacro} to an empty string
|
||||
R$* $: $(storage {MyMacro} $@ $) $1
|
||||
R$* $: $(storage {MyMacro} $@ $) $1
|
||||
# clear macro ${MyMacro}
|
||||
R$\- $: $(storage {MyMacro} $) $1
|
||||
R$\- $: $(storage {MyMacro} $) $1
|
||||
.)b
|
||||
.ip arith
|
||||
Perform simple arithmetic operations.
|
||||
@ -8744,6 +8781,9 @@ The time between two queue runs.
|
||||
The queue directory of the group (required).
|
||||
.ip Runners
|
||||
The number of parallel runners processing the queue.
|
||||
Note that
|
||||
.b F=f
|
||||
must be set if this value is greater than one.
|
||||
.ip Jobs
|
||||
The maximum number of jobs (messages delivered) per queue run.
|
||||
.ip recipients
|
||||
@ -8757,7 +8797,7 @@ Only the first character of the field name is checked.
|
||||
By default, a queue group named
|
||||
.i mqueue
|
||||
is defined that uses the value of the
|
||||
.i QueueDirectory
|
||||
.i QueueDirectory
|
||||
option as path.
|
||||
Notice: all paths that are used for queue groups must
|
||||
be subdirectories of
|
||||
@ -8934,9 +8974,9 @@ Note the separator between each timeout field is a
|
||||
.b ';' .
|
||||
The default values (if not set) are:
|
||||
.b T=C:5m;S:10s;R:10s;E:5m
|
||||
where
|
||||
where
|
||||
.b s
|
||||
is seconds and
|
||||
is seconds and
|
||||
.b m
|
||||
is minutes.
|
||||
.pp
|
||||
@ -9306,7 +9346,9 @@ if your system doesn't support the Internet protocols.
|
||||
.ip NETINET6\(dg
|
||||
If set,
|
||||
support for IPv6 networking is compiled in.
|
||||
It must be separately enabled by adding DaemonPortOptions settings.
|
||||
It must be separately enabled by adding
|
||||
.b DaemonPortOptions
|
||||
settings.
|
||||
.ip NETISO\(dg
|
||||
If set,
|
||||
support for ISO protocol networking is compiled in
|
||||
@ -9897,11 +9939,11 @@ When acting as a server,
|
||||
requires X.509 certificates to support STARTTLS:
|
||||
one as certificate for the server (ServerCertFile and corresponding
|
||||
private ServerKeyFile)
|
||||
at least one root CA (CACERTFile),
|
||||
at least one root CA (CACertFile),
|
||||
i.e., a certificate that is used to sign other certificates,
|
||||
and a path to a directory which contains other CAs (CACERTPath).
|
||||
and a path to a directory which contains other CAs (CACertPath).
|
||||
The file specified via
|
||||
CACERTFile
|
||||
CACertFile
|
||||
can contain several certificates of CAs.
|
||||
The DNs of these certificates are sent
|
||||
to the client during the TLS handshake (as part of the
|
||||
@ -9914,7 +9956,7 @@ sslv3 alert illegal parameter:s3_pkt.c:964:SSL alert number 47
|
||||
.)b
|
||||
You should probably put only the CA cert into that file
|
||||
that signed your own cert(s), or at least only those you trust.
|
||||
The CACERTPath directory must contain the hashes of each CA certificate
|
||||
The CACertPath directory must contain the hashes of each CA certificate
|
||||
as filenames (or as links to them).
|
||||
Symbolic links can be generated with the following
|
||||
two (Bourne) shell commands:
|
||||
@ -9935,6 +9977,27 @@ To allow for automatic startup of sendmail, private keys
|
||||
must be stored unencrypted.
|
||||
The keys are only protected by the permissions of the file system.
|
||||
Never make a private key available to a third party.
|
||||
.sh 3 "Encoding of STARTTLS related Macros"
|
||||
.pp
|
||||
Macros that contain STARTTLS related data which comes from outside
|
||||
sources, e.g., all macros containing information from certificates,
|
||||
are encoded to avoid problems with non-printable or special characters.
|
||||
The latter are '<', '>', '(', ')', '"', '+', and ' '.
|
||||
All of these characters are replaced by their value in hexadecimal
|
||||
with a leading '+'.
|
||||
For example:
|
||||
.(b
|
||||
/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/
|
||||
Email=darth+cert@endmail.org
|
||||
.)b
|
||||
is encoded as:
|
||||
.(b
|
||||
/C=US/ST=California/O=endmail.org/OU=private/
|
||||
CN=Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
|
||||
.)b
|
||||
(line breaks have been inserted for readability).
|
||||
The macros which are subject to this encoding are
|
||||
{cert_subject}, {cert_issuer}, {cn_subject}, and {cn_issuer}.
|
||||
.sh 3 "PRNG for STARTTLS"
|
||||
.pp
|
||||
STARTTLS requires a strong pseudo random number generator (PRNG)
|
||||
@ -9952,7 +10015,7 @@ It is
|
||||
advised to use the "Entropy Gathering Daemon" EGD
|
||||
from Brian Warner on those systems to provide useful random data.
|
||||
In this case,
|
||||
.i sendmail
|
||||
.i sendmail
|
||||
must be compiled with the flag EGD, and the
|
||||
RandFile option must point to the EGD socket.
|
||||
If neither
|
||||
@ -9961,7 +10024,7 @@ nor EGD are available, you have to make sure
|
||||
that useful random data is available all the time in RandFile.
|
||||
If the file hasn't been modified in the last 10 minutes before
|
||||
it is supposed to be used by
|
||||
.i sendmail
|
||||
.i sendmail
|
||||
the content is considered obsolete.
|
||||
One method for generating this file is:
|
||||
.(b
|
||||
@ -10156,7 +10219,7 @@ throws away the message with an error.
|
||||
Sets the identifier used for syslog.
|
||||
Note that this identifier is set
|
||||
as early as possible.
|
||||
However,
|
||||
However,
|
||||
.i sendmail
|
||||
may be used
|
||||
if problems arise
|
||||
@ -10337,7 +10400,7 @@ running as daemon.
|
||||
This appendix describes the format of the queue files.
|
||||
These files live in a queue directory.
|
||||
The individual qf, df, and xf files
|
||||
may be stored in separate
|
||||
may be stored in separate
|
||||
.i qf/ ,
|
||||
.i df/ ,
|
||||
and
|
||||
@ -10691,7 +10754,7 @@ replace it with a blank sheet for double-sided output.
|
||||
.\".sz 10
|
||||
.\"Eric Allman
|
||||
.\".sp
|
||||
.\"Version $Revision: 8.609.2.5 $
|
||||
.\"Version $Revision: 8.609.2.17 $
|
||||
.\".ce 0
|
||||
.bp 3
|
||||
.ce
|
||||
|
@ -7,7 +7,7 @@
|
||||
* the sendmail distribution.
|
||||
*
|
||||
*
|
||||
* $Id: mfapi.h,v 8.44 2002/06/04 05:06:40 gshapiro Exp $
|
||||
* $Id: mfapi.h,v 8.44.2.3 2002/12/19 02:10:09 ca Exp $
|
||||
*/
|
||||
|
||||
/*
|
||||
@ -18,6 +18,7 @@
|
||||
# define _LIBMILTER_MFAPI_H 1
|
||||
|
||||
# include <sys/types.h>
|
||||
|
||||
# include <sys/socket.h>
|
||||
# include "libmilter/mfdef.h"
|
||||
|
||||
@ -441,4 +442,4 @@ LIBMILTER_API int smfi_setpriv __P((SMFICTX *, void *));
|
||||
LIBMILTER_API void *smfi_getpriv __P((SMFICTX *));
|
||||
|
||||
|
||||
#endif /* !_LIBMILTER_MFAPI_H */
|
||||
#endif /* ! _LIBMILTER_MFAPI_H */
|
||||
|
@ -7,7 +7,7 @@
|
||||
* the sendmail distribution.
|
||||
*
|
||||
*
|
||||
* $Id: mfdef.h,v 8.11 2001/09/12 18:02:19 gshapiro Exp $
|
||||
* $Id: mfdef.h,v 8.11.2.1 2002/11/11 23:22:28 ca Exp $
|
||||
*/
|
||||
|
||||
/*
|
||||
@ -62,6 +62,9 @@
|
||||
# define SMFIR_PROGRESS 'p' /* progress */
|
||||
# define SMFIR_REJECT 'r' /* reject */
|
||||
# define SMFIR_TEMPFAIL 't' /* tempfail */
|
||||
# if _FFR_MILTER_421
|
||||
# define SMFIR_SHUTDOWN '4' /* 421: shutdown (internal to MTA) */
|
||||
# endif /* _FFR_MILTER_421 */
|
||||
# define SMFIR_ADDHEADER 'h' /* add header */
|
||||
# define SMFIR_REPLYCODE 'y' /* reply code etc */
|
||||
# if _FFR_QUARANTINE
|
||||
|
@ -7,7 +7,7 @@
|
||||
* the sendmail distribution.
|
||||
*
|
||||
*
|
||||
* $Id: milter.h,v 8.37 2002/03/22 19:32:48 ca Exp $
|
||||
* $Id: milter.h,v 8.37.2.1 2002/12/19 02:10:09 ca Exp $
|
||||
*/
|
||||
|
||||
/*
|
||||
@ -52,4 +52,4 @@ struct smfi_str
|
||||
void *ctx_privdata; /* private data */
|
||||
};
|
||||
|
||||
#endif /* !_LIBMILTER_MILTER_H */
|
||||
#endif /* ! _LIBMILTER_MILTER_H */
|
||||
|
@ -6,7 +6,7 @@
|
||||
* forth in the LICENSE file which can be found at the top level of
|
||||
* the sendmail distribution.
|
||||
*
|
||||
* $Id: smdb.h,v 8.40 2002/05/24 23:20:14 gshapiro Exp $
|
||||
* $Id: smdb.h,v 8.40.2.1 2002/10/05 17:04:51 ca Exp $
|
||||
*
|
||||
*/
|
||||
|
||||
@ -23,10 +23,7 @@
|
||||
# endif /* NDBM */
|
||||
|
||||
# ifdef NEWDB
|
||||
# include <db.h>
|
||||
# ifndef DB_VERSION_MAJOR
|
||||
# define DB_VERSION_MAJOR 1
|
||||
# endif /* ! DB_VERSION_MAJOR */
|
||||
# include "sm/bdb.h"
|
||||
# endif /* NEWDB */
|
||||
|
||||
/*
|
||||
|
47
contrib/sendmail/include/sm/bdb.h
Normal file
47
contrib/sendmail/include/sm/bdb.h
Normal file
@ -0,0 +1,47 @@
|
||||
/*
|
||||
* Copyright (c) 2002 Sendmail, Inc. and its suppliers.
|
||||
* All rights reserved.
|
||||
*
|
||||
* By using this file, you agree to the terms and conditions set
|
||||
* forth in the LICENSE file which can be found at the top level of
|
||||
* the sendmail distribution.
|
||||
*
|
||||
*
|
||||
* $Id: bdb.h,v 1.1.2.3 2002/12/05 05:07:44 ca Exp $
|
||||
*/
|
||||
|
||||
#ifndef SM_BDB_H
|
||||
#define SM_BDB_H
|
||||
|
||||
#if NEWDB
|
||||
# include <db.h>
|
||||
# ifndef DB_VERSION_MAJOR
|
||||
# define DB_VERSION_MAJOR 1
|
||||
# endif /* ! DB_VERSION_MAJOR */
|
||||
|
||||
# if DB_VERSION_MAJOR >= 4 && DB_VERSION_MINOR >= 1
|
||||
|
||||
# define DBTXN NULL ,
|
||||
|
||||
/*
|
||||
** Always turn on DB_FCNTL_LOCKING for DB 4.1.x since its
|
||||
** "workaround" for accepting an empty (locked) file depends on
|
||||
** this flag. Notice: this requires 4.1.24 + patch (which should be
|
||||
** part of 4.1.25).
|
||||
*/
|
||||
|
||||
# define SM_DB_FLAG_ADD(flag) (flag) |= DB_FCNTL_LOCKING
|
||||
|
||||
# else /* DB_VERSION_MAJOR >= 4 && DB_VERSION_MINOR >= 1 */
|
||||
|
||||
# define DBTXN
|
||||
# if !HASFLOCK
|
||||
# define SM_DB_FLAG_ADD(flag) (flag) |= DB_FCNTL_LOCKING
|
||||
# else /* !HASFLOCK */
|
||||
# define SM_DB_FLAG_ADD(flag) ((void) 0)
|
||||
# endif /* !HASFLOCK */
|
||||
|
||||
# endif /* DB_VERSION_MAJOR >= 4 && DB_VERSION_MINOR >= 1 */
|
||||
#endif /* NEWDB */
|
||||
|
||||
#endif /* ! SM_BDB_H */
|
@ -10,7 +10,7 @@
|
||||
* the sendmail distribution.
|
||||
*
|
||||
*
|
||||
* $Id: conf.h,v 1.90.2.4 2002/08/26 22:58:37 gshapiro Exp $
|
||||
* $Id: conf.h,v 1.90.2.13 2002/12/10 03:08:56 ca Exp $
|
||||
*/
|
||||
|
||||
/*
|
||||
@ -288,6 +288,10 @@ typedef int pid_t;
|
||||
# define SFS_TYPE SFS_4ARGS /* four argument statfs() call */
|
||||
# define SFS_BAVAIL f_bfree /* alternate field name */
|
||||
# define SYSLOG_BUFSIZE 512
|
||||
# if defined(_SC_NPROC_ONLN) && !defined(_SC_NPROCESSORS_ONLN)
|
||||
/* _SC_NPROC_ONLN is 'mpadmin -u', total # of unrestricted processors */
|
||||
# define _SC_NPROCESSORS_ONLN _SC_NPROC_ONLN
|
||||
# endif /* if defined(_SC_NPROC_ONLN) && !defined(_SC_NPROCESSORS_ONLN) */
|
||||
# ifdef IRIX6
|
||||
# define STAT64 1
|
||||
# define QUAD_T unsigned long long
|
||||
@ -698,42 +702,45 @@ typedef int pid_t;
|
||||
# endif /* NeXT */
|
||||
|
||||
/*
|
||||
** Apple Rhapsody
|
||||
** Contributed by Wilfredo Sanchez <wsanchez@apple.com>
|
||||
** Apple Darwin (aka Rhapsody)
|
||||
**
|
||||
** Also used for Apple Darwin support.
|
||||
** Contributed by Wilfredo Sanchez <wsanchez@mit.edu>
|
||||
*/
|
||||
|
||||
# if defined(DARWIN)
|
||||
# define HASFCHMOD 1 /* has fchmod(2) syscall */
|
||||
# define HASFLOCK 1 /* has flock(2) syscall */
|
||||
# define HASUNAME 1 /* has uname(2) syscall */
|
||||
# define HASUNSETENV 1
|
||||
# define HASSETSID 1 /* has the setsid(2) POSIX syscall */
|
||||
# define HASINITGROUPS 1
|
||||
# define HASSETVBUF 1
|
||||
# define HASSETREUID 0
|
||||
# define HASSETEUID 1
|
||||
# define USESETEUID 1 /* has usable seteuid(2) call */
|
||||
# define HASLSTAT 1
|
||||
# define HASSETRLIMIT 1
|
||||
# define HASWAITPID 1
|
||||
# define HASSTRERROR 1 /* has strerror(3) */
|
||||
# define HASGETDTABLESIZE 1
|
||||
# define HASGETUSERSHELL 1
|
||||
# define HAS_IN_H 1
|
||||
# define SM_CONF_GETOPT 0 /* need a replacement for getopt(3) */
|
||||
# define BSD4_4_SOCKADDR /* has sa_len */
|
||||
# define NETLINK 1 /* supports AF_LINK */
|
||||
# define HAS_ST_GEN 1 /* has st_gen field in stat struct */
|
||||
# define GIDSET_T gid_t
|
||||
# define LA_TYPE LA_SUBR /* use getloadavg(3) */
|
||||
# define SFS_TYPE SFS_MOUNT /* use <sys/mount.h> statfs() impl */
|
||||
# define SPT_TYPE SPT_PSSTRINGS
|
||||
# define SPT_PADCHAR '\0' /* pad process title with nulls */
|
||||
# define ERRLIST_PREDEFINED /* don't declare sys_errlist */
|
||||
# define HASFCHMOD 1 /* has fchmod(2) */
|
||||
# define HASFCHOWN 1 /* has fchown(2) */
|
||||
# define HASFLOCK 1 /* has flock(2) */
|
||||
# define HASUNAME 1 /* has uname(2) */
|
||||
# define HASUNSETENV 1 /* has unsetenv(3) */
|
||||
# define HASSETSID 1 /* has the setsid(2) */
|
||||
# define HASINITGROUPS 1 /* has initgroups(3) */
|
||||
# define HASSETVBUF 1 /* has setvbuf (3) */
|
||||
# define HASSETREUID 0 /* setreuid(2) unusable */
|
||||
# define HASSETEUID 1 /* has seteuid(2) */
|
||||
# define USESETEUID 1 /* has seteuid(2) */
|
||||
# define HASSETEGID 1 /* has setegid(2) */
|
||||
# define HASSETREGID 1 /* has setregid(2) */
|
||||
# define HASSETRESGID 0 /* no setresgid(2) */
|
||||
# define HASLSTAT 1 /* has lstat(2) */
|
||||
# define HASSETRLIMIT 1 /* has setrlimit(2) */
|
||||
# define HASWAITPID 1 /* has waitpid(2) */
|
||||
# define HASGETDTABLESIZE 1 /* has getdtablesize(2) */
|
||||
# define HAS_ST_GEN 1 /* has st_gen field in struct stat */
|
||||
# define HASURANDOMDEV 1 /* has urandom(4) */
|
||||
# define HASSTRERROR 1 /* has strerror(3) */
|
||||
# define HASGETUSERSHELL 1 /* had getusershell(3) */
|
||||
# define GIDSET_T gid_t /* getgroups(2) takes gid_t */
|
||||
# define LA_TYPE LA_SUBR /* use getloadavg(3) */
|
||||
# define SFS_TYPE SFS_MOUNT /* use <sys/mount.h> statfs() impl */
|
||||
# define SPT_TYPE SPT_PSSTRINGS /* use magic PS_STRINGS pointer for setproctitle */
|
||||
# define ERRLIST_PREDEFINED /* don't declare sys_errlist */
|
||||
# define BSD4_4_SOCKADDR /* struct sockaddr has sa_len */
|
||||
# define SAFENFSPATHCONF 0 /* unverified: pathconf(2) doesn't work on NFS */
|
||||
# define HAS_IN_H 1
|
||||
# define NETLINK 1 /* supports AF_LINK */
|
||||
# ifndef NOT_SENDMAIL
|
||||
# define sleep sleepX
|
||||
# define sleep sleepX
|
||||
extern unsigned int sleepX __P((unsigned int seconds));
|
||||
# endif /* ! NOT_SENDMAIL */
|
||||
# endif /* defined(DARWIN) */
|
||||
@ -1300,10 +1307,6 @@ extern void *malloc();
|
||||
** Florian La Roche <rzsfl@rz.uni-sb.de>
|
||||
** Karl London <karl@borg.demon.co.uk>
|
||||
**
|
||||
** Last compiled against: [07/21/98 @ 11:47:34 AM (Tuesday)]
|
||||
** sendmail 8.9.1 bind-8.1.2 db-2.4.14
|
||||
** gcc-2.8.1 glibc-2.0.94 linux-2.1.109
|
||||
**
|
||||
** NOTE: Override HASFLOCK as you will but, as of 1.99.6, mixed-style
|
||||
** file locking is no longer allowed. In particular, make sure
|
||||
** your DBM library and sendmail are both using either flock(2)
|
||||
@ -1323,7 +1326,6 @@ extern void *malloc();
|
||||
# ifndef USESETEUID
|
||||
# define USESETEUID 0 /* has it due to POSIX, but doesn't work */
|
||||
# endif /* USESETEUID */
|
||||
# define SM_CONF_GETOPT 0 /* need a replacement for getopt(3) */
|
||||
# define HASUNAME 1 /* use System V uname(2) system call */
|
||||
# define HASUNSETENV 1 /* has unsetenv(3) call */
|
||||
# define ERRLIST_PREDEFINED /* don't declare sys_errlist */
|
||||
@ -2216,6 +2218,26 @@ typedef struct msgb mblk_t;
|
||||
# define _PATH_SENDMAILPID "/var/run/sendmail.pid"
|
||||
# endif /* MOTO */
|
||||
|
||||
/*
|
||||
** Interix
|
||||
** Contributed by Nedelcho Stanev <nedelcho.stanev@atlanticsky.com>
|
||||
**
|
||||
** Used for Interix support.
|
||||
*/
|
||||
|
||||
# if defined(__INTERIX)
|
||||
# define HASURANDOMDEV 1
|
||||
# define HASGETUSERSHELL 0
|
||||
# define HASSTRERROR 1
|
||||
# define HASUNSETENV 1
|
||||
# define HASFCHOWN 1
|
||||
# undef HAVE_SYS_ERRLIST
|
||||
# define sys_errlist __sys_errlist
|
||||
# define sys_nerr __sys_nerr
|
||||
# define major(dev) ((int)(((dev) >> 8) & 0xff)
|
||||
# define minor(dev) ((int)((dev) & 0xff)
|
||||
# endif /* defined(__INTERIX) */
|
||||
|
||||
|
||||
/**********************************************************************
|
||||
** End of Per-Operating System defines
|
||||
@ -2696,6 +2718,11 @@ typedef void (*sigfunc_t) __P((int));
|
||||
# define SYSLOG_BUFSIZE 1024
|
||||
# endif /* ! SYSLOG_BUFSIZE */
|
||||
|
||||
/* for FD_SET() */
|
||||
#ifndef FD_SETSIZE
|
||||
# define FD_SETSIZE 256
|
||||
#endif /* ! FD_SETSIZE */
|
||||
|
||||
/*
|
||||
** Size of prescan buffer.
|
||||
** Despite comments in the _sendmail_ book, this probably should
|
||||
|
@ -1,19 +1,25 @@
|
||||
/*
|
||||
* Copyright (c) 2001 Sendmail, Inc. and its suppliers.
|
||||
* Copyright (c) 2001, 2002 Sendmail, Inc. and its suppliers.
|
||||
* All rights reserved.
|
||||
*
|
||||
* By using this file, you agree to the terms and conditions set
|
||||
* forth in the LICENSE file which can be found at the top level of
|
||||
* the sendmail distribution.
|
||||
*
|
||||
* $Id: fdset.h,v 1.3 2001/03/30 23:45:31 geir Exp $
|
||||
* $Id: fdset.h,v 1.3.10.2 2002/12/10 04:02:25 ca Exp $
|
||||
*/
|
||||
|
||||
#ifndef SM_FDSET_H
|
||||
# define SM_FDSET_H
|
||||
|
||||
/*
|
||||
** Note: SM_FD_OK_SELECT(fd) requires that ValidSocket(fd) has been checked
|
||||
** before.
|
||||
*/
|
||||
|
||||
# define SM_FD_SET(fd, pfdset) FD_SET(fd, pfdset)
|
||||
# define SM_FD_ISSET(fd, pfdset) FD_ISSET(fd, pfdset)
|
||||
# define SM_FD_SETSIZE FD_SETSIZE
|
||||
# define SM_FD_SETSIZE FD_SETSIZE
|
||||
# define SM_FD_OK_SELECT(fd) (FD_SETSIZE <= 0 || (fd) < FD_SETSIZE)
|
||||
|
||||
#endif /* SM_FDSET_H */
|
||||
|
@ -1,16 +1,24 @@
|
||||
/*
|
||||
* Copyright (c) 2001 Sendmail, Inc. and its suppliers.
|
||||
* Copyright (c) 2001, 2002 Sendmail, Inc. and its suppliers.
|
||||
* All rights reserved.
|
||||
*
|
||||
* By using this file, you agree to the terms and conditions set
|
||||
* forth in the LICENSE file which can be found at the top level of
|
||||
* the sendmail distribution.
|
||||
*
|
||||
* $Id: sm_os_unixware.h,v 1.7 2001/11/11 16:32:00 ca Exp $
|
||||
* $Id: sm_os_unixware.h,v 1.7.2.1 2002/10/24 18:02:14 ca Exp $
|
||||
*/
|
||||
|
||||
#define SM_OS_NAME "unixware"
|
||||
|
||||
#ifndef SM_CONF_LONGLONG
|
||||
# if defined(__SCO_VERSION__) && __SCO_VERSION__ > 400000000L
|
||||
# define SM_CONF_LONGLONG 1
|
||||
# define SM_CONF_TEST_LLONG 1
|
||||
# define SM_CONF_BROKEN_SIZE_T 0
|
||||
# endif /* defined(__SCO_VERSION__) && __SCO_VERSION__ > 400000000L */
|
||||
#endif /* !SM_CONF_LONGLONG */
|
||||
|
||||
/* try LLONG tests in libsm/t-types.c? */
|
||||
#ifndef SM_CONF_TEST_LLONG
|
||||
# define SM_CONF_TEST_LLONG 0
|
||||
@ -24,7 +32,9 @@
|
||||
#endif /* SM_CONF_SHM */
|
||||
|
||||
/* size_t seems to be signed */
|
||||
#define SM_CONF_BROKEN_SIZE_T 1
|
||||
#ifndef SM_CONF_BROKEN_SIZE_T
|
||||
# define SM_CONF_BROKEN_SIZE_T 1
|
||||
#endif /* SM_CONF_BROKEN_SIZE_T */
|
||||
|
||||
/* don't use flock() in mail.local.c */
|
||||
#ifndef LDA_USE_LOCKF
|
||||
|
@ -39,7 +39,7 @@ The following command presumes that the sample code from the end of this
|
||||
README is saved to a file named 'sample.c' and built in the local platform-
|
||||
specific build subdirectory (SRCDIR/obj.*/libmilter).
|
||||
|
||||
cc -I../../sendmail -I../../include -o sample sample.c libmilter.a ../libsm/libsm.a -pthread
|
||||
cc -I../../include -o sample sample.c libmilter.a ../libsm/libsm.a -pthread
|
||||
|
||||
It is recommended that you build your filters in a location outside of
|
||||
the sendmail source tree. Modify the compiler include references (-I)
|
||||
@ -457,4 +457,4 @@ main(argc, argv)
|
||||
|
||||
/* eof */
|
||||
|
||||
$Revision: 8.35 $, Last updated $Date: 2002/01/07 21:29:20 $
|
||||
$Revision: 8.35.2.1 $, Last updated $Date: 2002/10/21 14:31:57 $
|
||||
|
@ -9,7 +9,7 @@
|
||||
*/
|
||||
|
||||
#include <sm/gen.h>
|
||||
SM_RCSID("@(#)$Id: comm.c,v 8.54.2.2 2002/08/16 17:09:13 ca Exp $")
|
||||
SM_RCSID("@(#)$Id: comm.c,v 8.54.2.4 2002/12/03 17:32:45 ca Exp $")
|
||||
|
||||
#include "libmilter.h"
|
||||
#include <sm/errstring.h>
|
||||
@ -55,14 +55,6 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name)
|
||||
*cmd = '\0';
|
||||
*rlen = 0;
|
||||
|
||||
if (sd >= FD_SETSIZE)
|
||||
{
|
||||
smi_log(SMI_LOG_ERR, "%s: fd %d is larger than FD_SETSIZE %d",
|
||||
name, sd, FD_SETSIZE);
|
||||
*cmd = SMFIC_SELECT;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
i = 0;
|
||||
for (;;)
|
||||
{
|
||||
@ -87,7 +79,7 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name)
|
||||
{
|
||||
smi_log(SMI_LOG_ERR,
|
||||
"%s, mi_rd_cmd: read returned %d: %s",
|
||||
name, len, sm_errstring(errno));
|
||||
name, (int) len, sm_errstring(errno));
|
||||
*cmd = SMFIC_RECVERR;
|
||||
return NULL;
|
||||
}
|
||||
@ -160,7 +152,7 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name)
|
||||
{
|
||||
smi_log(SMI_LOG_ERR,
|
||||
"%s: mi_rd_cmd: read returned %d: %s",
|
||||
name, len, sm_errstring(errno));
|
||||
name, (int) len, sm_errstring(errno));
|
||||
ret = -1;
|
||||
break;
|
||||
}
|
||||
@ -224,7 +216,7 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name)
|
||||
|
||||
/*
|
||||
** we don't care much about the timeout here, it's very long anyway
|
||||
** FD_SETSIZE is only checked in mi_rd_cmd.
|
||||
** FD_SETSIZE is checked when socket is created.
|
||||
** XXX l == 0 ?
|
||||
*/
|
||||
|
||||
|
@ -24,7 +24,10 @@ Set the filter's connection timeout value.
|
||||
</tr>
|
||||
<tr align="left" valign=top>
|
||||
<th width="80">Effects</th>
|
||||
<td>Sets the number of seconds libmilter will wait for an MTA connection before timing out a socket. If smfi_settimeout is not called, a default timeout of 1800 seconds is used.</td>
|
||||
<td>Sets the number of seconds libmilter will wait for an MTA connection before
|
||||
timing out a socket.
|
||||
If smfi_settimeout is not called, a default timeout of 7210 seconds is used.
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
@ -50,7 +53,7 @@ no wait, <b>not</b> "wait forever".
|
||||
|
||||
<hr size="1">
|
||||
<font size="-1">
|
||||
Copyright (c) 2000 Sendmail, Inc. and its suppliers.
|
||||
Copyright (c) 2000, 2002 Sendmail, Inc. and its suppliers.
|
||||
All rights reserved.
|
||||
<br>
|
||||
By using this file, you agree to the terms and conditions set
|
||||
|
@ -9,7 +9,7 @@
|
||||
*/
|
||||
|
||||
#include <sm/gen.h>
|
||||
SM_RCSID("@(#)$Id: engine.c,v 8.109.2.1 2002/07/29 16:40:47 ca Exp $")
|
||||
SM_RCSID("@(#)$Id: engine.c,v 8.109.2.4 2002/12/03 17:27:32 ca Exp $")
|
||||
|
||||
#include "libmilter.h"
|
||||
|
||||
@ -116,22 +116,22 @@ static int dec_arg2 __P((char *, size_t, char **, char **));
|
||||
** this function is coded in trans_ok(), see below.
|
||||
*/
|
||||
|
||||
#define MASK(x) (0x0001 << (x)) /* generate a bit "mask" for a state */
|
||||
#define NX_INIT (MASK(ST_OPTS))
|
||||
#define NX_OPTS (MASK(ST_CONN))
|
||||
#define NX_CONN (MASK(ST_HELO) | MASK(ST_MAIL))
|
||||
#define NX_HELO (MASK(ST_HELO) | MASK(ST_MAIL))
|
||||
#define NX_MAIL (MASK(ST_RCPT) | MASK(ST_ABRT))
|
||||
#define NX_RCPT (MASK(ST_HDRS) | MASK(ST_EOHS) | \
|
||||
MASK(ST_BODY) | MASK(ST_ENDM) | \
|
||||
MASK(ST_RCPT) | MASK(ST_ABRT))
|
||||
#define NX_HDRS (MASK(ST_EOHS) | MASK(ST_HDRS) | MASK(ST_ABRT))
|
||||
#define NX_EOHS (MASK(ST_BODY) | MASK(ST_ENDM) | MASK(ST_ABRT))
|
||||
#define NX_BODY (MASK(ST_ENDM) | MASK(ST_BODY) | MASK(ST_ABRT))
|
||||
#define NX_ENDM (MASK(ST_QUIT) | MASK(ST_MAIL))
|
||||
#define MI_MASK(x) (0x0001 << (x)) /* generate a bit "mask" for a state */
|
||||
#define NX_INIT (MI_MASK(ST_OPTS))
|
||||
#define NX_OPTS (MI_MASK(ST_CONN))
|
||||
#define NX_CONN (MI_MASK(ST_HELO) | MI_MASK(ST_MAIL))
|
||||
#define NX_HELO (MI_MASK(ST_HELO) | MI_MASK(ST_MAIL))
|
||||
#define NX_MAIL (MI_MASK(ST_RCPT) | MI_MASK(ST_ABRT))
|
||||
#define NX_RCPT (MI_MASK(ST_HDRS) | MI_MASK(ST_EOHS) | \
|
||||
MI_MASK(ST_BODY) | MI_MASK(ST_ENDM) | \
|
||||
MI_MASK(ST_RCPT) | MI_MASK(ST_ABRT))
|
||||
#define NX_HDRS (MI_MASK(ST_EOHS) | MI_MASK(ST_HDRS) | MI_MASK(ST_ABRT))
|
||||
#define NX_EOHS (MI_MASK(ST_BODY) | MI_MASK(ST_ENDM) | MI_MASK(ST_ABRT))
|
||||
#define NX_BODY (MI_MASK(ST_ENDM) | MI_MASK(ST_BODY) | MI_MASK(ST_ABRT))
|
||||
#define NX_ENDM (MI_MASK(ST_QUIT) | MI_MASK(ST_MAIL))
|
||||
#define NX_QUIT 0
|
||||
#define NX_ABRT 0
|
||||
#define NX_SKIP MASK(ST_SKIP)
|
||||
#define NX_SKIP MI_MASK(ST_SKIP)
|
||||
|
||||
static int next_states[] =
|
||||
{
|
||||
@ -255,7 +255,7 @@ mi_engine(ctx)
|
||||
}
|
||||
if (ctx->ctx_dbg > 4)
|
||||
sm_dprintf("[%d] got cmd '%c' len %d\n",
|
||||
(int) ctx->ctx_id, cmd, len);
|
||||
(int) ctx->ctx_id, cmd, (int) len);
|
||||
for (i = 0; i < ncmds; i++)
|
||||
{
|
||||
if (cmd == cmds[i].cm_cmd)
|
||||
@ -292,8 +292,8 @@ mi_engine(ctx)
|
||||
if (ctx->ctx_dbg > 1)
|
||||
sm_dprintf("[%d] abort: cur %d (%x) new %d (%x) next %x\n",
|
||||
(int) ctx->ctx_id,
|
||||
curstate, MASK(curstate),
|
||||
newstate, MASK(newstate),
|
||||
curstate, MI_MASK(curstate),
|
||||
newstate, MI_MASK(newstate),
|
||||
next_states[curstate]);
|
||||
|
||||
/* call abort only if in a mail transaction */
|
||||
@ -511,7 +511,7 @@ st_optionneg(g)
|
||||
smi_log(SMI_LOG_ERR,
|
||||
"%s: st_optionneg[%d]: len too short %d < %d",
|
||||
g->a_ctx->ctx_smfi->xxfi_name,
|
||||
(int) g->a_ctx->ctx_id, g->a_len,
|
||||
(int) g->a_ctx->ctx_id, (int) g->a_len,
|
||||
MILTER_OPTLEN);
|
||||
return _SMFIS_ABORT;
|
||||
}
|
||||
@ -615,7 +615,7 @@ st_connectinfo(g)
|
||||
smi_log(SMI_LOG_ERR,
|
||||
"%s: connect[%d]: wrong len %d >= %d",
|
||||
g->a_ctx->ctx_smfi->xxfi_name,
|
||||
(int) g->a_ctx->ctx_id, i, l);
|
||||
(int) g->a_ctx->ctx_id, (int) i, (int) l);
|
||||
return _SMFIS_ABORT;
|
||||
}
|
||||
|
||||
@ -990,7 +990,7 @@ trans_ok(old, new)
|
||||
do
|
||||
{
|
||||
/* is this state transition allowed? */
|
||||
if ((MASK(new) & next_states[s]) != 0)
|
||||
if ((MI_MASK(new) & next_states[s]) != 0)
|
||||
return true;
|
||||
|
||||
/*
|
||||
|
@ -9,7 +9,7 @@
|
||||
*/
|
||||
|
||||
#include <sm/gen.h>
|
||||
SM_RCSID("@(#)$Id: handler.c,v 8.30 2002/04/29 15:06:48 ca Exp $")
|
||||
SM_RCSID("@(#)$Id: handler.c,v 8.30.2.2 2002/12/18 23:15:35 ca Exp $")
|
||||
|
||||
#include "libmilter.h"
|
||||
|
||||
@ -35,8 +35,8 @@ mi_handle_session(ctx)
|
||||
ctx->ctx_id = (sthread_t) sthread_get_id();
|
||||
|
||||
/*
|
||||
** detach so resources are free when the thread returns
|
||||
** if we ever "wait" for threads, this call must be removed
|
||||
** Detach so resources are free when the thread returns.
|
||||
** If we ever "wait" for threads, this call must be removed.
|
||||
*/
|
||||
|
||||
if (pthread_detach(ctx->ctx_id) != 0)
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1999-2001 Sendmail, Inc. and its suppliers.
|
||||
* Copyright (c) 1999-2002 Sendmail, Inc. and its suppliers.
|
||||
* All rights reserved.
|
||||
*
|
||||
* By using this file, you agree to the terms and conditions set
|
||||
@ -19,7 +19,7 @@
|
||||
#ifdef _DEFINE
|
||||
# define EXTERN
|
||||
# define INIT(x) = x
|
||||
SM_IDSTR(MilterlId, "@(#)$Id: libmilter.h,v 8.33 2002/04/30 23:52:24 msk Exp $")
|
||||
SM_IDSTR(MilterlId, "@(#)$Id: libmilter.h,v 8.33.2.7 2002/12/18 23:15:35 ca Exp $")
|
||||
#else /* _DEFINE */
|
||||
# define EXTERN extern
|
||||
# define INIT(x)
|
||||
@ -118,4 +118,4 @@ extern int mi_wr_cmd __P((socket_t, struct timeval *, int, char *, size_t));
|
||||
extern bool mi_sendok __P((SMFICTX_PTR, int));
|
||||
|
||||
|
||||
#endif /* !_LIBMILTER_H */
|
||||
#endif /* ! _LIBMILTER_H */
|
||||
|
@ -9,7 +9,7 @@
|
||||
*/
|
||||
|
||||
#include <sm/gen.h>
|
||||
SM_RCSID("@(#)$Id: listener.c,v 8.85.2.1 2002/08/09 22:13:36 gshapiro Exp $")
|
||||
SM_RCSID("@(#)$Id: listener.c,v 8.85.2.7 2002/12/10 04:02:25 ca Exp $")
|
||||
|
||||
/*
|
||||
** listener.c -- threaded network listener
|
||||
@ -17,6 +17,7 @@ SM_RCSID("@(#)$Id: listener.c,v 8.85.2.1 2002/08/09 22:13:36 gshapiro Exp $")
|
||||
|
||||
#include "libmilter.h"
|
||||
#include <sm/errstring.h>
|
||||
#include <sm/fdset.h>
|
||||
|
||||
|
||||
# if NETINET || NETINET6
|
||||
@ -73,7 +74,13 @@ mi_opensocket(conn, backlog, dbg, smfi)
|
||||
(void) smutex_unlock(&L_Mutex);
|
||||
return MI_FAILURE;
|
||||
}
|
||||
|
||||
if (!SM_FD_OK_SELECT(listenfd))
|
||||
{
|
||||
smi_log(SMI_LOG_ERR, "%s: fd %d is larger than FD_SETSIZE %d",
|
||||
smfi->xxfi_name, listenfd, FD_SETSIZE);
|
||||
(void) smutex_unlock(&L_Mutex);
|
||||
return MI_FAILURE;
|
||||
}
|
||||
return MI_SUCCESS;
|
||||
}
|
||||
|
||||
@ -482,7 +489,7 @@ mi_milteropen(conn, backlog, name)
|
||||
{
|
||||
smi_log(SMI_LOG_ERR,
|
||||
"%s: can't malloc(%d) for sockpath: %s",
|
||||
name, len, sm_errstring(errno));
|
||||
name, (int) len, sm_errstring(errno));
|
||||
(void) closesocket(sock);
|
||||
return INVALID_SOCKET;
|
||||
}
|
||||
@ -630,9 +637,10 @@ mi_closener()
|
||||
if (rs != 0) \
|
||||
{ \
|
||||
smi_log(SMI_LOG_ERR, \
|
||||
"MI_SLEEP(): select() returned non-zero result %d, errno = %d", \
|
||||
"MI_SLEEP(): select() returned non-zero result %d, errno = %d", \
|
||||
rs, errno); \
|
||||
} \
|
||||
break; \
|
||||
} \
|
||||
} \
|
||||
}
|
||||
@ -668,16 +676,7 @@ mi_listener(conn, dbg, smfi, timeout, backlog)
|
||||
return MI_FAILURE;
|
||||
|
||||
clilen = L_socksize;
|
||||
|
||||
if (listenfd >= FD_SETSIZE)
|
||||
{
|
||||
smi_log(SMI_LOG_ERR, "%s: fd %d is larger than FD_SETSIZE %d",
|
||||
smfi->xxfi_name, listenfd, FD_SETSIZE);
|
||||
(void) smutex_unlock(&L_Mutex);
|
||||
return MI_FAILURE;
|
||||
}
|
||||
(void) smutex_unlock(&L_Mutex);
|
||||
|
||||
while (mi_stop() == MILTER_CONT)
|
||||
{
|
||||
(void) smutex_lock(&L_Mutex);
|
||||
@ -755,6 +754,14 @@ mi_listener(conn, dbg, smfi, timeout, backlog)
|
||||
save_errno = EINVAL;
|
||||
}
|
||||
|
||||
/* check if acceptable for select() */
|
||||
if (ValidSocket(connfd) && !SM_FD_OK_SELECT(connfd))
|
||||
{
|
||||
(void) closesocket(connfd);
|
||||
connfd = INVALID_SOCKET;
|
||||
save_errno = ERANGE;
|
||||
}
|
||||
|
||||
if (!ValidSocket(connfd))
|
||||
{
|
||||
if (save_errno == EINTR)
|
||||
|
@ -9,7 +9,7 @@
|
||||
*/
|
||||
|
||||
#include <sm/gen.h>
|
||||
SM_RCSID("@(#)$Id: main.c,v 8.64 2002/06/04 02:32:32 geir Exp $")
|
||||
SM_RCSID("@(#)$Id: main.c,v 8.64.2.8 2002/12/18 23:13:45 ca Exp $")
|
||||
|
||||
#define _DEFINE 1
|
||||
#include "libmilter.h"
|
||||
@ -98,13 +98,13 @@ static int backlog = MI_SOMAXCONN;
|
||||
#if _FFR_SMFI_OPENSOCKET
|
||||
/*
|
||||
** SMFI_OPENSOCKET -- try the socket setup to make sure we'll be
|
||||
** able to start up
|
||||
** able to start up
|
||||
**
|
||||
** Parameters:
|
||||
** None.
|
||||
** Parameters:
|
||||
** None.
|
||||
**
|
||||
** Return:
|
||||
** MI_SUCCESS/MI_FAILURE
|
||||
** Return:
|
||||
** MI_SUCCESS/MI_FAILURE
|
||||
*/
|
||||
|
||||
int
|
||||
@ -236,6 +236,6 @@ smfi_main()
|
||||
/* Startup the listener */
|
||||
if (mi_listener(conn, dbg, smfi, timeout, backlog) != MI_SUCCESS)
|
||||
r = MI_FAILURE;
|
||||
|
||||
return r;
|
||||
}
|
||||
|
||||
|
@ -9,7 +9,7 @@
|
||||
*/
|
||||
|
||||
#include <sm/gen.h>
|
||||
SM_RCSID("@(#)$Id: signal.c,v 8.37 2002/03/23 00:55:19 ca Exp $")
|
||||
SM_RCSID("@(#)$Id: signal.c,v 8.37.2.2 2002/10/23 16:52:00 ca Exp $")
|
||||
|
||||
#include "libmilter.h"
|
||||
|
||||
@ -107,6 +107,9 @@ mi_signal_thread(name)
|
||||
if (sigwait(&set, &sig) != 0)
|
||||
#endif /* defined(SOLARIS) || defined(__svr5__) */
|
||||
{
|
||||
/* this can happen on OSF/1 (at least) */
|
||||
if (errno == EINTR)
|
||||
continue;
|
||||
smi_log(SMI_LOG_ERR,
|
||||
"%s: sigwait returned error: %d",
|
||||
(char *)name, errno);
|
||||
|
@ -11,7 +11,7 @@
|
||||
* forth in the LICENSE file which can be found at the top level of
|
||||
* the sendmail distribution.
|
||||
*
|
||||
* $Id: local.h,v 1.51 2002/02/20 02:40:24 ca Exp $
|
||||
* $Id: local.h,v 1.51.2.1 2002/09/09 21:38:08 gshapiro Exp $
|
||||
*/
|
||||
|
||||
/*
|
||||
@ -279,6 +279,11 @@ extern const char SmFileMagic[];
|
||||
sm_io_to.tv_sec = (to) / 1000; \
|
||||
sm_io_to.tv_usec = ((to) - (sm_io_to.tv_sec * 1000)) * 10; \
|
||||
} \
|
||||
if (FD_SETSIZE > 0 && (fd) >= FD_SETSIZE) \
|
||||
{ \
|
||||
errno = EINVAL; \
|
||||
return SM_IO_EOF; \
|
||||
} \
|
||||
FD_ZERO(&sm_io_to_mask); \
|
||||
FD_SET((fd), &sm_io_to_mask); \
|
||||
FD_ZERO(&sm_io_x_mask); \
|
||||
|
@ -8,7 +8,7 @@
|
||||
*/
|
||||
|
||||
#include <sm/gen.h>
|
||||
SM_RCSID("@(#)$Id: mbdb.c,v 1.38 2002/04/05 22:59:56 gshapiro Exp $")
|
||||
SM_RCSID("@(#)$Id: mbdb.c,v 1.38.2.1 2002/11/20 22:59:06 gshapiro Exp $")
|
||||
|
||||
#include <sys/param.h>
|
||||
|
||||
@ -17,6 +17,7 @@ SM_RCSID("@(#)$Id: mbdb.c,v 1.38 2002/04/05 22:59:56 gshapiro Exp $")
|
||||
#include <pwd.h>
|
||||
#include <stdlib.h>
|
||||
#include <setjmp.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include <sm/limits.h>
|
||||
#include <sm/conf.h>
|
||||
@ -466,10 +467,6 @@ mbdb_ldap_initialize(arg)
|
||||
}
|
||||
LDAPLMAP.ldap_base = new;
|
||||
}
|
||||
|
||||
/* No connection yet, connect */
|
||||
if (!sm_ldap_start(MBDB_LDAP_LABEL, &LDAPLMAP))
|
||||
return EX_UNAVAILABLE;
|
||||
return EX_OK;
|
||||
}
|
||||
|
||||
@ -518,6 +515,12 @@ mbdb_ldap_lookup(name, user)
|
||||
return EX_TEMPFAIL;
|
||||
}
|
||||
|
||||
if (LDAPLMAP.ldap_pid != getpid())
|
||||
{
|
||||
/* re-open map in this child process */
|
||||
LDAPLMAP.ldap_ld = NULL;
|
||||
}
|
||||
|
||||
if (LDAPLMAP.ldap_ld == NULL)
|
||||
{
|
||||
/* map not open, try to open now */
|
||||
|
@ -13,7 +13,7 @@
|
||||
*/
|
||||
|
||||
#include <sm/gen.h>
|
||||
SM_RCSID("@(#)$Id: refill.c,v 1.49 2001/09/11 04:04:49 gshapiro Exp $")
|
||||
SM_RCSID("@(#)$Id: refill.c,v 1.49.2.1 2002/09/09 21:38:08 gshapiro Exp $")
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
#include <errno.h>
|
||||
@ -65,6 +65,11 @@ static int sm_lflush __P((SM_FILE_T *, int *));
|
||||
errno = EAGAIN; \
|
||||
return SM_IO_EOF; \
|
||||
} \
|
||||
if (FD_SETSIZE > 0 && (fd) >= FD_SETSIZE) \
|
||||
{ \
|
||||
errno = EINVAL; \
|
||||
return SM_IO_EOF; \
|
||||
} \
|
||||
FD_ZERO(&sm_io_to_mask); \
|
||||
FD_SET((fd), &sm_io_to_mask); \
|
||||
FD_ZERO(&sm_io_x_mask); \
|
||||
|
@ -13,7 +13,7 @@
|
||||
*/
|
||||
|
||||
#include <sm/gen.h>
|
||||
SM_RCSID("@(#)$Id: stdio.c,v 1.56 2002/04/03 21:55:15 ca Exp $")
|
||||
SM_RCSID("@(#)$Id: stdio.c,v 1.56.2.3 2002/10/22 23:07:19 ca Exp $")
|
||||
#include <unistd.h>
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
@ -24,9 +24,9 @@ SM_RCSID("@(#)$Id: stdio.c,v 1.56 2002/04/03 21:55:15 ca Exp $")
|
||||
#include <sm/assert.h>
|
||||
#include <sm/varargs.h>
|
||||
#include <sm/io.h>
|
||||
#include <sm/fdset.h>
|
||||
#include <sm/setjmp.h>
|
||||
#include <sm/conf.h>
|
||||
#include <sm/fdset.h>
|
||||
#include "local.h"
|
||||
|
||||
/*
|
||||
@ -353,6 +353,11 @@ sm_stdgetinfo(fp, what, valp)
|
||||
fd_set readfds;
|
||||
struct timeval timeout;
|
||||
|
||||
if (SM_FD_SETSIZE > 0 && fp->f_file >= SM_FD_SETSIZE)
|
||||
{
|
||||
errno = EINVAL;
|
||||
return -1;
|
||||
}
|
||||
FD_ZERO(&readfds);
|
||||
SM_FD_SET(fp->f_file, &readfds);
|
||||
timeout.tv_sec = 0;
|
||||
@ -422,7 +427,6 @@ sm_stdfdopen(fp, info, flags, rpool)
|
||||
/* Make sure the mode the user wants is a subset of the actual mode. */
|
||||
if ((fdflags = fcntl(fd, F_GETFL, 0)) < 0)
|
||||
return -1;
|
||||
|
||||
tmp = fdflags & O_ACCMODE;
|
||||
if (tmp != O_RDWR && (tmp != (oflags & O_ACCMODE)))
|
||||
{
|
||||
|
@ -8,7 +8,7 @@
|
||||
*/
|
||||
|
||||
#include <sm/gen.h>
|
||||
SM_RCSID("@(#)$Id: smdb2.c,v 8.72 2002/05/24 23:09:11 gshapiro Exp $")
|
||||
SM_RCSID("@(#)$Id: smdb2.c,v 8.72.2.4 2002/12/03 17:01:15 ca Exp $")
|
||||
|
||||
#include <fcntl.h>
|
||||
#include <stdlib.h>
|
||||
@ -523,7 +523,9 @@ smdb_db_open_internal(db_name, db_type, db_flags, db_params, db)
|
||||
}
|
||||
}
|
||||
|
||||
result = (*db)->open(*db, db_name, NULL, db_type, db_flags, DBMMODE);
|
||||
result = (*db)->open(*db,
|
||||
DBTXN /* transaction for DB 4.1 */
|
||||
db_name, NULL, db_type, db_flags, DBMMODE);
|
||||
if (result != 0)
|
||||
{
|
||||
(void) (*db)->close(*db, 0);
|
||||
@ -633,9 +635,7 @@ smdb_db_open(database, db_name, mode, mode_mask, sff, type, user_info, db_params
|
||||
db_flags |= DB_TRUNCATE;
|
||||
if (mode == O_RDONLY)
|
||||
db_flags |= DB_RDONLY;
|
||||
# if !HASFLOCK && defined(DB_FCNTL_LOCKING)
|
||||
db_flags |= DB_FCNTL_LOCKING;
|
||||
# endif /* !HASFLOCK && defined(DB_FCNTL_LOCKING) */
|
||||
SM_DB_FLAG_ADD(db_flags);
|
||||
|
||||
result = smdb_db_open_internal(db_file_name, db_type,
|
||||
db_flags, db_params, &db);
|
||||
|
@ -9,7 +9,7 @@
|
||||
*/
|
||||
|
||||
#include <sendmail.h>
|
||||
SM_RCSID("@(#)$Id: cf.c,v 8.18 2002/05/25 00:09:16 gshapiro Exp $")
|
||||
SM_RCSID("@(#)$Id: cf.c,v 8.18.2.1 2002/09/24 21:48:23 ca Exp $")
|
||||
#include <sendmail/pathnames.h>
|
||||
|
||||
/*
|
||||
@ -37,21 +37,13 @@ getcfname(opmode, submitmode, cftype, conffile)
|
||||
int cftype;
|
||||
char *conffile;
|
||||
{
|
||||
#if NETINFO
|
||||
char *cflocation;
|
||||
#endif /* NETINFO */
|
||||
|
||||
if (conffile != NULL)
|
||||
return conffile;
|
||||
|
||||
#if NETINFO
|
||||
{
|
||||
char *cflocation;
|
||||
|
||||
cflocation = ni_propval("/locations", NULL, "sendmail",
|
||||
"sendmail.cf", '\0');
|
||||
if (cflocation != NULL)
|
||||
return cflocation;
|
||||
}
|
||||
#endif /* NETINFO */
|
||||
|
||||
if (cftype == SM_GET_SUBMIT_CF ||
|
||||
((submitmode != SUBMIT_UNKNOWN ||
|
||||
opmode == MD_DELIVER ||
|
||||
@ -62,10 +54,23 @@ getcfname(opmode, submitmode, cftype, conffile)
|
||||
struct stat sbuf;
|
||||
static char cf[MAXPATHLEN];
|
||||
|
||||
(void) sm_strlcpyn(cf, sizeof cf, 2, _DIR_SENDMAILCF,
|
||||
"submit.cf");
|
||||
#if NETINFO
|
||||
cflocation = ni_propval("/locations", NULL, "sendmail",
|
||||
"submit.cf", '\0');
|
||||
if (cflocation != NULL)
|
||||
(void) sm_strlcpy(cf, cflocation, sizeof cf);
|
||||
else
|
||||
#endif /* NETINFO */
|
||||
(void) sm_strlcpyn(cf, sizeof cf, 2, _DIR_SENDMAILCF,
|
||||
"submit.cf");
|
||||
if (cftype == SM_GET_SUBMIT_CF || stat(cf, &sbuf) == 0)
|
||||
return cf;
|
||||
}
|
||||
#if NETINFO
|
||||
cflocation = ni_propval("/locations", NULL, "sendmail",
|
||||
"sendmail.cf", '\0');
|
||||
if (cflocation != NULL)
|
||||
return cflocation;
|
||||
#endif /* NETINFO */
|
||||
return _PATH_SENDMAILCF;
|
||||
}
|
||||
|
@ -6,9 +6,9 @@
|
||||
.\" the sendmail distribution.
|
||||
.\"
|
||||
.\"
|
||||
.\" $Id: mailstats.8,v 8.30 2002/04/12 00:42:33 ca Exp $
|
||||
.\" $Id: mailstats.8,v 8.30.2.1 2002/09/26 23:03:39 gshapiro Exp $
|
||||
.\"
|
||||
.TH MAILSTATS 8 "$Date: 2002/04/12 00:42:33 $"
|
||||
.TH MAILSTATS 8 "$Date: 2002/09/26 23:03:39 $"
|
||||
.SH NAME
|
||||
mailstats
|
||||
\- display mail statistics
|
||||
@ -50,10 +50,10 @@ Number of messages to the mailer.
|
||||
Kbytes to the mailer.
|
||||
.TP
|
||||
.B msgsrej
|
||||
Number of messages rejected (by check_* rulesets).
|
||||
Number of messages rejected.
|
||||
.TP
|
||||
.B msgsdis
|
||||
Number of messages discarded (by check_* rulesets).
|
||||
Number of messages discarded.
|
||||
.TP
|
||||
.B Mailer
|
||||
The name of the mailer.
|
||||
|
@ -1,4 +1,4 @@
|
||||
dnl $Id: Makefile.m4,v 8.91.2.3 2002/07/29 22:08:09 gshapiro Exp $
|
||||
dnl $Id: Makefile.m4,v 8.91.2.4 2002/09/09 02:48:54 gshapiro Exp $
|
||||
include(confBUILDTOOLSDIR`/M4/switch.m4')
|
||||
|
||||
define(`confREQUIRE_LIBSM', `true')
|
||||
@ -40,7 +40,6 @@ bldPUSH_TARGET(`statistics')
|
||||
divert(bldTARGETS_SECTION)
|
||||
statistics:
|
||||
${CP} /dev/null statistics
|
||||
chmod ifdef(`confSTMODE', `confSTMODE', `0600') statistics
|
||||
|
||||
${DESTDIR}/etc/mail/submit.cf:
|
||||
@echo "Please read INSTALL if anything fails while installing the binary."
|
||||
|
@ -9,7 +9,7 @@
|
||||
# the sendmail distribution.
|
||||
#
|
||||
#
|
||||
# $Id: README,v 8.355.2.3 2002/06/21 22:44:56 gshapiro Exp $
|
||||
# $Id: README,v 8.355.2.11 2002/12/18 17:15:46 ca Exp $
|
||||
#
|
||||
|
||||
This directory contains the source files for sendmail(TM).
|
||||
@ -102,6 +102,8 @@ NEWDB The new Berkeley DB package. Some systems (e.g., BSD/OS and
|
||||
Berkeley DB library to a current version. NEWDB is included
|
||||
automatically if the Build script can find a library named
|
||||
libdb.a or libdb.so.
|
||||
See also OPERATING SYSTEM AND COMPILE QUIRKS about Berkeley
|
||||
DB versions, e.g., DB 4.1.x.
|
||||
NDBM The older NDBM implementation -- the very old V7 DBM
|
||||
implementation is no longer supported.
|
||||
NIS Network Information Services. To use this you must have
|
||||
@ -597,10 +599,15 @@ MILTER Turn on support for external filters using the Milter API.
|
||||
See libmilter/README for more information.
|
||||
REQUIRES_DIR_FSYNC Turn on support for file systems that require to
|
||||
call fsync() for a directory if the meta-data in it has
|
||||
been changed. This should be turned on at least for
|
||||
ReiserFS; it is enabled by default for Linux. An alternative
|
||||
to this compile time flag is to mount the queue directory
|
||||
without the -async option, or using chattr +S on Linux.
|
||||
been changed. This should be turned on at least for older
|
||||
versions of ReiserFS; it is enabled by default for Linux.
|
||||
According to some information this flag is not needed
|
||||
anymore for kernel 2.4.16 and newer. We would appreciate
|
||||
feedback about the semantics of the various file systems
|
||||
available for Linux.
|
||||
An alternative to this compile time flag is to mount the
|
||||
queue directory without the -async option, or using
|
||||
chattr +S on Linux.
|
||||
DBMMODE The default file permissions to use when creating new
|
||||
database files for maps and aliases. Defaults to 0640.
|
||||
|
||||
@ -679,6 +686,20 @@ and try again. Then take a look at the logfile and see whether
|
||||
there are any problems listed about permissions (unsafe files)
|
||||
or the validity of X.509 certificates.
|
||||
|
||||
From: Garrett Wollman <wollman@lcs.mit.edu>
|
||||
|
||||
If your certificate authority is hierarchical, and you only include
|
||||
the top-level CA certificate in the CACertFile file, some mail clients
|
||||
may be unable to infer the proper certificate chain when selecting a
|
||||
client certificate. Including the bottom-level CA certificate(s) in
|
||||
the CACertFile file will allow these clients to work properly. This
|
||||
is not necessary if you are not using client certificates for
|
||||
authentication, or if all your clients are running Sendmail or other
|
||||
programs using the OpenSSL library (which get it right automatically).
|
||||
In addition, some mail clients are totally incapable of using
|
||||
certificate authentication -- even some of those which already support
|
||||
SSL/TLS for confidentiality.
|
||||
|
||||
Further information can be found via:
|
||||
http://www.sendmail.org/tips/
|
||||
|
||||
@ -690,7 +711,7 @@ http://www.sendmail.org/tips/
|
||||
Please read the documentation accompanying the Cyrus SASL library
|
||||
(INSTALL and README). If you use Berkeley DB for Cyrus SASL then
|
||||
you must compile sendmail with the same version of Berkeley DB.
|
||||
See devtools/README how to set the correct compile time parameters;
|
||||
See devtools/README for how to set the correct compile time parameters;
|
||||
you should at least set the following variables:
|
||||
|
||||
APPENDDEF(`conf_sendmail_ENVDEF', `-DSASL')
|
||||
@ -703,7 +724,7 @@ BUILDING SENDMAIL.
|
||||
|
||||
You have to select and install authentication mechanisms and tell
|
||||
sendmail where to find the sasl library and the include files (see
|
||||
devtools/README for the parameters to set). Setup the required
|
||||
devtools/README for the parameters to set). Set up the required
|
||||
users and passwords as explained in the SASL documentation. See
|
||||
also cf/README for authentication related options (especially
|
||||
DefaultAuthInfo if you want authentication between MTAs).
|
||||
@ -752,7 +773,11 @@ GCC problems
|
||||
We have been told there are problems with gcc 2.8.0. If you are
|
||||
using this version, you should upgrade to 2.8.1 or later.
|
||||
|
||||
GDBM GDBM does not work with sendmail 8.8 because the additional
|
||||
Berkeley DB
|
||||
Berkeley DB 4.1.x with x <= 24 does not work with sendmail.
|
||||
You need at least 4.1.25.
|
||||
|
||||
GDBM GDBM does not work with sendmail because the additional
|
||||
security checks and file locking cause problems. Unfortunately,
|
||||
gdbm does not provide a compile flag in its version of ndbm.h so
|
||||
the code can adapt. Until the GDBM authors can fix these problems,
|
||||
@ -990,7 +1015,7 @@ Solaris
|
||||
|
||||
Do not use:
|
||||
|
||||
host: nisplus dns [NOTFOUND=return] files
|
||||
hosts: nisplus dns [NOTFOUND=return] files
|
||||
|
||||
Note that 'nisplus' above is an illustration. The same comment
|
||||
applies no matter what naming services you are using. If you have
|
||||
@ -1329,7 +1354,7 @@ AIX 4.X
|
||||
/usr/lib and /lib. If you need to allow more directories, such as
|
||||
/usr/local/lib, modify your devtools/Site/site.AIX.4.2.m4,
|
||||
site.AIX.4.3.m4, and/or site.AIX.4.x.m4 file(s) and set confLDOPTS
|
||||
approriately. For example:
|
||||
appropriately. For example:
|
||||
|
||||
define(`confLDOPTS', `-blibpath:/usr/lib:/lib:/usr/local/lib')
|
||||
|
||||
@ -1481,7 +1506,7 @@ UNICOS 8.0.3.4
|
||||
running sendmail. Reported by Jerry G. DeLapp <jgd@acl.lanl.gov>.
|
||||
|
||||
Darwin/Mac OS X (10.X.X)
|
||||
The linker errors produced regarding getopt() and it's associated
|
||||
The linker errors produced regarding getopt() and its associated
|
||||
variables can safely be ignored.
|
||||
|
||||
From Mike Zimmerman <zimmy@torrentnet.com>:
|
||||
@ -1596,7 +1621,7 @@ Listproc 6.0c
|
||||
|
||||
Just upgraded to sendmail 8.7, and discovered that listproc 6.0c
|
||||
breaks, because it, by default, sends a blank "HELO" rather than
|
||||
a "HELO hostname" when using the 'system' or 'telnet' mailmethod.
|
||||
a "HELO hostname" when using the 'system' or 'telnet' mail method.
|
||||
|
||||
The fix is to include -DZMAILER in the compilation, which will
|
||||
cause it to use "HELO hostname" (which Z-mail apparently requires
|
||||
@ -1768,4 +1793,4 @@ util.c Some general purpose routines used by sendmail.
|
||||
version.c The version number and information about this
|
||||
version of sendmail.
|
||||
|
||||
(Version $Revision: 8.355.2.3 $, last update $Date: 2002/06/21 22:44:56 $ )
|
||||
(Version $Revision: 8.355.2.11 $, last update $Date: 2002/12/18 17:15:46 $ )
|
||||
|
@ -5,7 +5,7 @@
|
||||
# forth in the LICENSE file which can be found at the top level of
|
||||
# the sendmail distribution.
|
||||
#
|
||||
# $Id: SECURITY,v 1.50 2002/03/29 19:45:48 ca Exp $
|
||||
# $Id: SECURITY,v 1.50.2.1 2002/09/23 21:28:48 ca Exp $
|
||||
#
|
||||
|
||||
This file gives some hints how to configure and run sendmail for
|
||||
@ -199,4 +199,5 @@ Then you can use
|
||||
sh ./Build install-set-user-id
|
||||
|
||||
to install the package in the old (pre-8.12) way. Make sure that
|
||||
no submit.cf file is installed.
|
||||
no submit.cf file is installed. See devtools/README about
|
||||
confSETUSERID_INSTALL which you need to define.
|
||||
|
@ -1,4 +1,4 @@
|
||||
# $Id: TRACEFLAGS,v 8.37.2.1 2002/07/01 20:55:47 gshapiro Exp $
|
||||
# $Id: TRACEFLAGS,v 8.37.2.3 2002/09/12 02:57:36 gshapiro Exp $
|
||||
0, 4 main.c main canonical name, UUCP node name, a.k.a.s
|
||||
0, 15 main.c main print configuration
|
||||
0, 44 util.c printav print address of each string
|
||||
@ -75,8 +75,12 @@
|
||||
63 queue.c runqueue process watching
|
||||
64 multiple Milter
|
||||
65 main.c permission checks
|
||||
#if _FFR_ADAPTIVE_EOL
|
||||
66 srvrsmtp.c conformance checks
|
||||
#endif /* _FFR_ADAPTIVE_EOL */
|
||||
#if _FFR_QUEUE_SCHED_DBG
|
||||
69 queue.c scheduling
|
||||
#endif /* _FFR_QUEUE_SCHED_DBG */
|
||||
#if _FFR_QUARANTINE
|
||||
70 queue.c quarantining
|
||||
#endif /* _FFR_QUARANTINE */
|
||||
@ -84,6 +88,7 @@
|
||||
80 content length
|
||||
81 sun remote mode
|
||||
91 mci.c syslogging of MCI cache information
|
||||
93,>99 * Prevent daemon connection fork for profiling/debugging
|
||||
94,>99 srvrsmtp.c cause commands to fail (for protocol testing)
|
||||
95 srvrsmtp.c AUTH
|
||||
95 usersmtp.c AUTH
|
||||
|
@ -13,7 +13,7 @@
|
||||
|
||||
#include <sendmail.h>
|
||||
|
||||
SM_RCSID("@(#)$Id: collect.c,v 8.242.2.2 2002/08/16 14:56:01 ca Exp $")
|
||||
SM_RCSID("@(#)$Id: collect.c,v 8.242.2.3 2002/12/03 17:06:30 gshapiro Exp $")
|
||||
|
||||
static void collecttimeout __P((time_t));
|
||||
static void dferror __P((SM_FILE_T *volatile, char *, ENVELOPE *));
|
||||
@ -350,6 +350,16 @@ collect(fp, smtpmode, hdrp, e)
|
||||
"timeout waiting for input from %s during message collect",
|
||||
CURHOSTNAME);
|
||||
errno = 0;
|
||||
if (smtpmode)
|
||||
{
|
||||
/*
|
||||
** Override e_message in usrerr() as this
|
||||
** is the reason for failure that should
|
||||
** be logged for undelivered recipients.
|
||||
*/
|
||||
|
||||
e->e_message = NULL;
|
||||
}
|
||||
usrerr("451 4.4.1 timeout waiting for input during message collect");
|
||||
goto readerr;
|
||||
}
|
||||
|
@ -10,7 +10,9 @@
|
||||
|
||||
#include <sendmail.h>
|
||||
|
||||
SM_RCSID("@(#)$Id: control.c,v 8.118 2002/03/19 00:23:27 gshapiro Exp $")
|
||||
SM_RCSID("@(#)$Id: control.c,v 8.118.4.3 2002/11/14 00:15:56 ca Exp $")
|
||||
|
||||
#include <sm/fdset.h>
|
||||
|
||||
/* values for cmd_code */
|
||||
#define CMDERROR 0 /* bad command */
|
||||
@ -90,6 +92,12 @@ opencontrolsocket()
|
||||
ControlSocket = socket(AF_UNIX, SOCK_STREAM, 0);
|
||||
if (ControlSocket < 0)
|
||||
return -1;
|
||||
if (SM_FD_SETSIZE > 0 && ControlSocket >= SM_FD_SETSIZE)
|
||||
{
|
||||
clrcontrol();
|
||||
errno = EINVAL;
|
||||
return -1;
|
||||
}
|
||||
|
||||
(void) unlink(ControlSocketName);
|
||||
memset(&controladdr, '\0', sizeof controladdr);
|
||||
|
@ -13,7 +13,7 @@
|
||||
|
||||
#include <sendmail.h>
|
||||
|
||||
SM_RCSID("@(#)$Id: daemon.c,v 8.613 2002/06/05 21:26:35 gshapiro Exp $")
|
||||
SM_RCSID("@(#)$Id: daemon.c,v 8.613.2.11 2002/12/05 16:13:52 ca Exp $")
|
||||
|
||||
#if defined(SOCK_STREAM) || defined(__GNU_LIBRARY__)
|
||||
# define USE_SOCK_STREAM 1
|
||||
@ -627,35 +627,40 @@ getrequests(e)
|
||||
(void) getfallbackmxrr(FallBackMX);
|
||||
#endif /* NAMED_BIND */
|
||||
|
||||
#if !PROFILING
|
||||
/*
|
||||
** Create a pipe to keep the child from writing to the
|
||||
** socket until after the parent has closed it. Otherwise
|
||||
** the parent may hang if the child has closed it first.
|
||||
*/
|
||||
|
||||
if (pipe(pipefd) < 0)
|
||||
pipefd[0] = pipefd[1] = -1;
|
||||
|
||||
(void) sm_blocksignal(SIGCHLD);
|
||||
pid = fork();
|
||||
if (pid < 0)
|
||||
if (tTd(93, 100))
|
||||
{
|
||||
syserr("daemon: cannot fork");
|
||||
if (pipefd[0] != -1)
|
||||
{
|
||||
(void) close(pipefd[0]);
|
||||
(void) close(pipefd[1]);
|
||||
}
|
||||
(void) sm_releasesignal(SIGCHLD);
|
||||
(void) sleep(10);
|
||||
(void) close(t);
|
||||
continue;
|
||||
/* don't fork, handle connection in this process */
|
||||
pid = 0;
|
||||
pipefd[0] = pipefd[1] = -1;
|
||||
}
|
||||
else
|
||||
{
|
||||
/*
|
||||
** Create a pipe to keep the child from writing to
|
||||
** the socket until after the parent has closed
|
||||
** it. Otherwise the parent may hang if the child
|
||||
** has closed it first.
|
||||
*/
|
||||
|
||||
#else /* !PROFILING */
|
||||
pid = 0;
|
||||
#endif /* !PROFILING */
|
||||
if (pipe(pipefd) < 0)
|
||||
pipefd[0] = pipefd[1] = -1;
|
||||
|
||||
(void) sm_blocksignal(SIGCHLD);
|
||||
pid = fork();
|
||||
if (pid < 0)
|
||||
{
|
||||
syserr("daemon: cannot fork");
|
||||
if (pipefd[0] != -1)
|
||||
{
|
||||
(void) close(pipefd[0]);
|
||||
(void) close(pipefd[1]);
|
||||
}
|
||||
(void) sm_releasesignal(SIGCHLD);
|
||||
(void) sleep(10);
|
||||
(void) close(t);
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
if (pid == 0)
|
||||
{
|
||||
@ -736,7 +741,6 @@ getrequests(e)
|
||||
anynet_ntoa(&RealHostAddr));
|
||||
}
|
||||
|
||||
#if !PROFILING
|
||||
if (pipefd[0] != -1)
|
||||
{
|
||||
auto char c;
|
||||
@ -758,7 +762,6 @@ getrequests(e)
|
||||
continue;
|
||||
(void) close(pipefd[0]);
|
||||
}
|
||||
#endif /* !PROFILING */
|
||||
|
||||
/* control socket processing */
|
||||
if (control)
|
||||
@ -914,8 +917,8 @@ getrequests(e)
|
||||
if (Daemons[curdaemon].d_inputfilterlist != NULL)
|
||||
{
|
||||
for (i = 0;
|
||||
(Daemons[curdaemon].d_inputfilters[i] != NULL &&
|
||||
i < MAXFILTERS);
|
||||
(i < MAXFILTERS &&
|
||||
Daemons[curdaemon].d_inputfilters[i] != NULL);
|
||||
i++)
|
||||
{
|
||||
InputFilters[i] = Daemons[curdaemon].d_inputfilters[i];
|
||||
@ -1093,6 +1096,14 @@ opendaemonsocket(d, firsttime)
|
||||
continue;
|
||||
}
|
||||
|
||||
if (SM_FD_SETSIZE > 0 && d->d_socket >= SM_FD_SETSIZE)
|
||||
{
|
||||
save_errno = EINVAL;
|
||||
syserr("opendaemonsocket: daemon %s: server SMTP socket (%d) too large",
|
||||
d->d_name, d->d_socket);
|
||||
goto fail;
|
||||
}
|
||||
|
||||
/* turn on network debugging? */
|
||||
if (tTd(15, 101))
|
||||
(void) setsockopt(d->d_socket, SOL_SOCKET,
|
||||
@ -3289,7 +3300,7 @@ getauthinfo(fd, may_be_forged)
|
||||
char *ostype = NULL;
|
||||
char **ha;
|
||||
char ibuf[MAXNAME + 1];
|
||||
static char hbuf[MAXNAME * 2 + 11];
|
||||
static char hbuf[MAXNAME + MAXAUTHINFO + 11];
|
||||
|
||||
*may_be_forged = false;
|
||||
falen = sizeof RealHostAddr;
|
||||
@ -3473,7 +3484,6 @@ getauthinfo(fd, may_be_forged)
|
||||
/* put a timeout around the whole thing */
|
||||
ev = sm_setevent(TimeOuts.to_ident, authtimeout, 0);
|
||||
|
||||
|
||||
/* connect to foreign IDENT server using same address as SMTP socket */
|
||||
s = socket(la.sa.sa_family, SOCK_STREAM, 0);
|
||||
if (s < 0)
|
||||
@ -3567,10 +3577,10 @@ getauthinfo(fd, may_be_forged)
|
||||
(ostype[5] == ' ' || ostype[5] == '\0'))
|
||||
{
|
||||
(void) sm_strlcpy(hbuf, "IDENT:", sizeof hbuf);
|
||||
cleanstrcpy(&hbuf[6], p, MAXNAME);
|
||||
cleanstrcpy(&hbuf[6], p, MAXAUTHINFO);
|
||||
}
|
||||
else
|
||||
cleanstrcpy(hbuf, p, MAXNAME);
|
||||
cleanstrcpy(hbuf, p, MAXAUTHINFO);
|
||||
len = strlen(hbuf);
|
||||
(void) sm_strlcpyn(&hbuf[len], sizeof hbuf - len, 2, "@",
|
||||
RealHostName == NULL ? "localhost" : RealHostName);
|
||||
|
@ -14,7 +14,7 @@
|
||||
#include <sendmail.h>
|
||||
#include <sys/time.h>
|
||||
|
||||
SM_RCSID("@(#)$Id: deliver.c,v 8.940.2.3 2002/08/16 14:56:01 ca Exp $")
|
||||
SM_RCSID("@(#)$Id: deliver.c,v 8.940.2.10 2002/12/12 22:46:34 ca Exp $")
|
||||
|
||||
#if HASSETUSERCONTEXT
|
||||
# include <login_cap.h>
|
||||
@ -623,7 +623,6 @@ sendall(e, mode)
|
||||
/* and save qid for reacquisition */
|
||||
ee->e_id = qid;
|
||||
}
|
||||
|
||||
#endif /* !HASFLOCK */
|
||||
|
||||
/*
|
||||
@ -954,6 +953,11 @@ sync_dir(filename, panic)
|
||||
char *dirp;
|
||||
char dir[MAXPATHLEN];
|
||||
|
||||
#if _FFR_REQ_DIR_FSYNC_OPT
|
||||
if (!RequiresDirfsync)
|
||||
return;
|
||||
#endif /* _FFR_REQ_DIR_FSYNC_OPT */
|
||||
|
||||
/* filesystems which require the directory be synced */
|
||||
dirp = strrchr(filename, '/');
|
||||
if (dirp != NULL)
|
||||
@ -1620,6 +1624,16 @@ deliver(e, firstto)
|
||||
stripquotes(user);
|
||||
stripquotes(host);
|
||||
}
|
||||
#if _FFR_STRIPBACKSL
|
||||
/*
|
||||
** Strip one leading backslash if requesting and the
|
||||
** next character is alphanumerical (the latter can
|
||||
** probably relaxed a bit, see RFC2821).
|
||||
*/
|
||||
|
||||
if (bitnset(M_STRIPBACKSL, m->m_flags) && user[0] == '\\')
|
||||
stripbackslash(user);
|
||||
#endif /* _FFR_STRIPBACKSL */
|
||||
|
||||
/* hack attack -- delivermail compatibility */
|
||||
if (m == ProgMailer && *user == '|')
|
||||
@ -2352,15 +2366,20 @@ tryhost:
|
||||
|
||||
if (contextaddr != NULL)
|
||||
{
|
||||
int sucflags;
|
||||
struct passwd *pwd;
|
||||
|
||||
if (contextaddr->q_ruser != NULL)
|
||||
pwd = sm_getpwnam(contextaddr->q_ruser);
|
||||
else
|
||||
pwd = sm_getpwnam(contextaddr->q_user);
|
||||
sucflags = LOGIN_SETRESOURCES|LOGIN_SETPRIORITY;
|
||||
#ifdef LOGIN_SETMAC
|
||||
sucflags |= LOGIN_SETMAC;
|
||||
#endif /* LOGIN_SETMAC */
|
||||
if (pwd != NULL &&
|
||||
setusercontext(NULL, pwd, pwd->pw_uid,
|
||||
LOGIN_SETRESOURCES|LOGIN_SETPRIORITY) == -1 &&
|
||||
sucflags) == -1 &&
|
||||
suidwarn)
|
||||
{
|
||||
syserr("openmailer: setusercontext() failed");
|
||||
@ -5943,8 +5962,8 @@ initclttls(tls_ok)
|
||||
return false;
|
||||
if (clt_ctx != NULL)
|
||||
return true; /* already done */
|
||||
tls_ok_clt = inittls(&clt_ctx, TLS_I_CLT, false, CltCERTfile,
|
||||
Cltkeyfile, CACERTpath, CACERTfile, DHParams);
|
||||
tls_ok_clt = inittls(&clt_ctx, TLS_I_CLT, false, CltCertFile,
|
||||
CltKeyFile, CACertPath, CACertFile, DHParams);
|
||||
return tls_ok_clt;
|
||||
}
|
||||
|
||||
@ -6063,6 +6082,21 @@ ssl_retry:
|
||||
tv.tv_usec = 0;
|
||||
}
|
||||
|
||||
if (!timedout && FD_SETSIZE > 0 &&
|
||||
(rfd >= FD_SETSIZE ||
|
||||
(i == SSL_ERROR_WANT_WRITE && wfd >= FD_SETSIZE)))
|
||||
{
|
||||
if (LogLevel > 5)
|
||||
{
|
||||
sm_syslog(LOG_ERR, e->e_id,
|
||||
"STARTTLS=client, error: fd %d/%d too large",
|
||||
rfd, wfd);
|
||||
if (LogLevel > 8)
|
||||
tlslogerr("client");
|
||||
}
|
||||
errno = EINVAL;
|
||||
goto tlsfail;
|
||||
}
|
||||
if (!timedout && i == SSL_ERROR_WANT_READ)
|
||||
{
|
||||
fd_set ssl_maskr, ssl_maskx;
|
||||
@ -6095,6 +6129,7 @@ ssl_retry:
|
||||
if (LogLevel > 8)
|
||||
tlslogerr("client");
|
||||
}
|
||||
tlsfail:
|
||||
SSL_free(clt_ssl);
|
||||
clt_ssl = NULL;
|
||||
return EX_SOFTWARE;
|
||||
|
@ -13,7 +13,42 @@
|
||||
|
||||
#include <sendmail.h>
|
||||
|
||||
SM_RCSID("@(#)$Id: envelope.c,v 8.282 2002/05/10 15:41:11 ca Exp $")
|
||||
SM_RCSID("@(#)$Id: envelope.c,v 8.282.2.2 2002/12/04 15:44:08 ca Exp $")
|
||||
|
||||
/*
|
||||
** CLRSESSENVELOPE -- clear session oriented data in an envelope
|
||||
**
|
||||
** Parameters:
|
||||
** e -- the envelope to clear.
|
||||
**
|
||||
** Returns:
|
||||
** none.
|
||||
*/
|
||||
|
||||
void
|
||||
clrsessenvelope(e)
|
||||
ENVELOPE *e;
|
||||
{
|
||||
#if SASL
|
||||
macdefine(&e->e_macro, A_PERM, macid("{auth_type}"), "");
|
||||
macdefine(&e->e_macro, A_PERM, macid("{auth_authen}"), "");
|
||||
macdefine(&e->e_macro, A_PERM, macid("{auth_author}"), "");
|
||||
macdefine(&e->e_macro, A_PERM, macid("{auth_ssf}"), "");
|
||||
#endif /* SASL */
|
||||
#if STARTTLS
|
||||
macdefine(&e->e_macro, A_PERM, macid("{cert_issuer}"), "");
|
||||
macdefine(&e->e_macro, A_PERM, macid("{cert_subject}"), "");
|
||||
macdefine(&e->e_macro, A_PERM, macid("{cipher_bits}"), "");
|
||||
macdefine(&e->e_macro, A_PERM, macid("{cipher}"), "");
|
||||
macdefine(&e->e_macro, A_PERM, macid("{tls_version}"), "");
|
||||
macdefine(&e->e_macro, A_PERM, macid("{verify}"), "");
|
||||
# if _FFR_TLS_1
|
||||
macdefine(&e->e_macro, A_PERM, macid("{alg_bits}"), "");
|
||||
macdefine(&e->e_macro, A_PERM, macid("{cn_issuer}"), "");
|
||||
macdefine(&e->e_macro, A_PERM, macid("{cn_subject}"), "");
|
||||
# endif /* _FFR_TLS_1 */
|
||||
#endif /* STARTTLS */
|
||||
}
|
||||
|
||||
/*
|
||||
** NEWENVELOPE -- fill in a new envelope
|
||||
@ -923,6 +958,9 @@ setsender(from, e, delimptr, delimchar, internal)
|
||||
if (tTd(45, 1))
|
||||
sm_dprintf("setsender(%s)\n", from == NULL ? "" : from);
|
||||
|
||||
/* may be set from earlier calls */
|
||||
macdefine(&e->e_macro, A_PERM, 'x', "");
|
||||
|
||||
/*
|
||||
** Figure out the real user executing us.
|
||||
** Username can return errno != 0 on non-errors.
|
||||
@ -1077,7 +1115,7 @@ setsender(from, e, delimptr, delimchar, internal)
|
||||
e->e_from.q_home = NULL;
|
||||
}
|
||||
if (FullName != NULL && !internal)
|
||||
macdefine(&e->e_macro, A_PERM, 'x', FullName);
|
||||
macdefine(&e->e_macro, A_TEMP, 'x', FullName);
|
||||
}
|
||||
else if (!internal && OpMode != MD_DAEMON && OpMode != MD_SMTP)
|
||||
{
|
||||
|
@ -25,7 +25,7 @@ SM_UNUSED(static char copyright[]) =
|
||||
The Regents of the University of California. All rights reserved.\n";
|
||||
#endif /* ! lint */
|
||||
|
||||
SM_RCSID("@(#)$Id: main.c,v 8.887.2.1 2002/08/04 17:36:06 gshapiro Exp $")
|
||||
SM_RCSID("@(#)$Id: main.c,v 8.887.2.12 2002/12/05 17:38:44 ca Exp $")
|
||||
|
||||
|
||||
#if NETINET || NETINET6
|
||||
@ -213,6 +213,10 @@ main(argc, argv, envp)
|
||||
/* install default exception handler */
|
||||
sm_exc_newthread(fatal_error);
|
||||
|
||||
/* set the default in/out channel so errors reported to screen */
|
||||
InChannel = smioin;
|
||||
OutChannel = smioout;
|
||||
|
||||
/*
|
||||
** Check to see if we reentered.
|
||||
** This would normally happen if e_putheader or e_putbody
|
||||
@ -609,9 +613,6 @@ main(argc, argv, envp)
|
||||
sm_printoptions(FFRCompileOptions);
|
||||
}
|
||||
|
||||
InChannel = smioin;
|
||||
OutChannel = smioout;
|
||||
|
||||
/* clear sendmail's environment */
|
||||
ExternalEnviron = environ;
|
||||
emptyenviron[0] = NULL;
|
||||
@ -845,7 +846,10 @@ main(argc, argv, envp)
|
||||
ExitStat = EX_USAGE;
|
||||
break;
|
||||
}
|
||||
from = newstr(denlstring(optarg, true, true));
|
||||
if (optarg[0] == '\0')
|
||||
from = newstr("<>");
|
||||
else
|
||||
from = newstr(denlstring(optarg, true, true));
|
||||
if (strcmp(RealUserName, from) != 0)
|
||||
warn_f_flag = j;
|
||||
break;
|
||||
@ -1390,10 +1394,13 @@ main(argc, argv, envp)
|
||||
|
||||
if (tTd(0, 10))
|
||||
{
|
||||
char pidpath[MAXPATHLEN];
|
||||
|
||||
/* Now we know which .cf file we use */
|
||||
sm_dprintf(" Conf file:\t%s (selected)\n",
|
||||
getcfname(OpMode, SubmitMode, cftype, conffile));
|
||||
sm_dprintf(" Pid file:\t%s (selected)\n", PidFile);
|
||||
expand(PidFile, pidpath, sizeof pidpath, &BlankEnvelope);
|
||||
sm_dprintf(" Pid file:\t%s (selected)\n", pidpath);
|
||||
}
|
||||
|
||||
if (tTd(0, 1))
|
||||
@ -2184,6 +2191,8 @@ main(argc, argv, envp)
|
||||
CurrentPid = getpid();
|
||||
if (qgrp != NOQGRP)
|
||||
{
|
||||
int rwgflags = RWG_NONE;
|
||||
|
||||
/*
|
||||
** To run a specific queue group mark it to
|
||||
** be run, select the work group it's in and
|
||||
@ -2194,9 +2203,13 @@ main(argc, argv, envp)
|
||||
i++)
|
||||
Queue[i]->qg_nextrun = (time_t) -1;
|
||||
Queue[qgrp]->qg_nextrun = 0;
|
||||
if (Verbose)
|
||||
rwgflags |= RWG_VERBOSE;
|
||||
if (queuepersistent)
|
||||
rwgflags |= RWG_PERSISTENT;
|
||||
rwgflags |= RWG_FORCE;
|
||||
(void) run_work_group(Queue[qgrp]->qg_wgrp,
|
||||
false, Verbose,
|
||||
queuepersistent, false);
|
||||
rwgflags);
|
||||
}
|
||||
else
|
||||
(void) runqueue(false, Verbose,
|
||||
@ -2440,9 +2453,8 @@ main(argc, argv, envp)
|
||||
/* init TLS for server, ignore result for now */
|
||||
(void) initsrvtls(tls_ok);
|
||||
#endif /* STARTTLS */
|
||||
#if PROFILING
|
||||
|
||||
nextreq:
|
||||
#endif /* PROFILING */
|
||||
p_flags = getrequests(&MainEnvelope);
|
||||
|
||||
/* drop privileges */
|
||||
@ -2466,7 +2478,7 @@ main(argc, argv, envp)
|
||||
if (LogLevel > 9)
|
||||
{
|
||||
/* log connection information */
|
||||
sm_syslog(LOG_INFO, NULL, "connect from %.100s", authinfo);
|
||||
sm_syslog(LOG_INFO, NULL, "connect from %s", authinfo);
|
||||
}
|
||||
|
||||
/*
|
||||
@ -2541,12 +2553,14 @@ main(argc, argv, envp)
|
||||
/* turn off profiling */
|
||||
SM_PROF(1);
|
||||
smtp(nullserver, *p_flags, &MainEnvelope);
|
||||
#if PROFILING
|
||||
/* turn off profiling */
|
||||
SM_PROF(0);
|
||||
if (OpMode == MD_DAEMON)
|
||||
goto nextreq;
|
||||
#endif /* PROFILING */
|
||||
|
||||
if (tTd(93, 100))
|
||||
{
|
||||
/* turn off profiling */
|
||||
SM_PROF(0);
|
||||
if (OpMode == MD_DAEMON)
|
||||
goto nextreq;
|
||||
}
|
||||
}
|
||||
|
||||
sm_rpool_free(MainEnvelope.e_rpool);
|
||||
@ -4086,7 +4100,7 @@ testmodeline(line, e)
|
||||
"Name too long\n");
|
||||
return;
|
||||
}
|
||||
(void) getcanonname(host, sizeof host, HasWildcardMX,
|
||||
(void) getcanonname(host, sizeof host, !HasWildcardMX,
|
||||
NULL);
|
||||
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
|
||||
"getcanonname(%s) returns %s\n",
|
||||
|
@ -13,7 +13,7 @@
|
||||
|
||||
#include <sendmail.h>
|
||||
|
||||
SM_RCSID("@(#)$Id: map.c,v 8.645.2.3 2002/08/09 22:23:13 gshapiro Exp $")
|
||||
SM_RCSID("@(#)$Id: map.c,v 8.645.2.7 2002/12/03 17:01:15 ca Exp $")
|
||||
|
||||
#if LDAPMAP
|
||||
# include <sm/ldap.h>
|
||||
@ -29,10 +29,7 @@ SM_RCSID("@(#)$Id: map.c,v 8.645.2.3 2002/08/09 22:23:13 gshapiro Exp $")
|
||||
# endif /* R_FIRST */
|
||||
#endif /* NDBM */
|
||||
#if NEWDB
|
||||
# include <db.h>
|
||||
# ifndef DB_VERSION_MAJOR
|
||||
# define DB_VERSION_MAJOR 1
|
||||
# endif /* ! DB_VERSION_MAJOR */
|
||||
# include "sm/bdb.h"
|
||||
#endif /* NEWDB */
|
||||
#if NIS
|
||||
struct dom_binding; /* forward reference needed on IRIX */
|
||||
@ -2084,10 +2081,7 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
|
||||
flags |= DB_CREATE;
|
||||
if (bitset(O_TRUNC, omode))
|
||||
flags |= DB_TRUNCATE;
|
||||
|
||||
# if !HASFLOCK && defined(DB_FCNTL_LOCKING)
|
||||
flags |= DB_FCNTL_LOCKING;
|
||||
# endif /* !HASFLOCK && defined(DB_FCNTL_LOCKING) */
|
||||
SM_DB_FLAG_ADD(flags);
|
||||
|
||||
# if DB_VERSION_MAJOR > 2
|
||||
ret = db_create(&db, NULL, 0);
|
||||
@ -2115,7 +2109,9 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo)
|
||||
# endif /* DB_HASH_NELEM */
|
||||
if (ret == 0 && db != NULL)
|
||||
{
|
||||
ret = db->open(db, buf, NULL, dbtype, flags, DBMMODE);
|
||||
ret = db->open(db,
|
||||
DBTXN /* transaction for DB 4.1 */
|
||||
buf, NULL, dbtype, flags, DBMMODE);
|
||||
if (ret != 0)
|
||||
{
|
||||
#ifdef DB_OLD_VERSION
|
||||
@ -4888,11 +4884,25 @@ ldapmap_set_defaults(spec)
|
||||
*/
|
||||
|
||||
/* what version of the ph map code we're running */
|
||||
static char phmap_id[PH_BUF_SIZE];
|
||||
static char phmap_id[128];
|
||||
|
||||
/* sendmail version for phmap id string */
|
||||
extern const char Version[];
|
||||
|
||||
/* assume we're using nph-1.1.x if not specified */
|
||||
# ifndef NPH_VERSION
|
||||
# define NPH_VERSION 10100
|
||||
# endif
|
||||
|
||||
/* compatibility for versions older than nph-1.2.0 */
|
||||
# if NPH_VERSION < 10200
|
||||
# define PH_OPEN_ROUNDROBIN PH_ROUNDROBIN
|
||||
# define PH_OPEN_DONTID PH_DONTID
|
||||
# define PH_CLOSE_FAST PH_FASTCLOSE
|
||||
# define PH_ERR_DATAERR PH_DATAERR
|
||||
# define PH_ERR_NOMATCH PH_NOMATCH
|
||||
# endif /* NPH_VERSION < 10200 */
|
||||
|
||||
/*
|
||||
** PH_MAP_PARSEARGS -- parse ph map definition args.
|
||||
*/
|
||||
@ -5090,7 +5100,12 @@ ph_timeout(unused)
|
||||
}
|
||||
|
||||
static void
|
||||
#if NPH_VERSION >= 10200
|
||||
ph_map_send_debug(appdata, text)
|
||||
void *appdata;
|
||||
#else
|
||||
ph_map_send_debug(text)
|
||||
#endif
|
||||
char *text;
|
||||
{
|
||||
if (LogLevel > 9)
|
||||
@ -5101,7 +5116,12 @@ ph_map_send_debug(text)
|
||||
}
|
||||
|
||||
static void
|
||||
#if NPH_VERSION >= 10200
|
||||
ph_map_recv_debug(appdata, text)
|
||||
void *appdata;
|
||||
#else
|
||||
ph_map_recv_debug(text)
|
||||
#endif
|
||||
char *text;
|
||||
{
|
||||
if (LogLevel > 10)
|
||||
@ -5178,9 +5198,14 @@ ph_map_open(map, mode)
|
||||
}
|
||||
|
||||
/* open connection to server */
|
||||
if (!ph_open(&(pmap->ph), host, PH_ROUNDROBIN|PH_DONTID,
|
||||
ph_map_send_debug, ph_map_recv_debug) &&
|
||||
!ph_id(pmap->ph, phmap_id))
|
||||
if (ph_open(&(pmap->ph), host,
|
||||
PH_OPEN_ROUNDROBIN|PH_OPEN_DONTID,
|
||||
ph_map_send_debug, ph_map_recv_debug
|
||||
#if NPH_VERSION >= 10200
|
||||
, NULL
|
||||
#endif
|
||||
) == 0
|
||||
&& ph_id(pmap->ph, phmap_id) == 0)
|
||||
{
|
||||
if (ev != NULL)
|
||||
sm_clrevent(ev);
|
||||
@ -5192,7 +5217,7 @@ ph_map_open(map, mode)
|
||||
save_errno = errno;
|
||||
if (ev != NULL)
|
||||
sm_clrevent(ev);
|
||||
pmap->ph_fastclose = PH_FASTCLOSE;
|
||||
pmap->ph_fastclose = PH_CLOSE_FAST;
|
||||
ph_map_close(map);
|
||||
errno = save_errno;
|
||||
}
|
||||
@ -5253,7 +5278,7 @@ ph_map_lookup(map, key, args, pstat)
|
||||
i = ph_email_resolve(pmap->ph, key, pmap->ph_field_list, &value);
|
||||
if (i == -1)
|
||||
*pstat = EX_TEMPFAIL;
|
||||
else if (i == PH_NOMATCH || i == PH_DATAERR)
|
||||
else if (i == PH_ERR_NOMATCH || i == PH_ERR_DATAERR)
|
||||
*pstat = EX_UNAVAILABLE;
|
||||
|
||||
ph_map_lookup_abort:
|
||||
@ -5268,7 +5293,7 @@ ph_map_lookup(map, key, args, pstat)
|
||||
if (*pstat == EX_TEMPFAIL)
|
||||
{
|
||||
save_errno = errno;
|
||||
pmap->ph_fastclose = PH_FASTCLOSE;
|
||||
pmap->ph_fastclose = PH_CLOSE_FAST;
|
||||
ph_map_close(map);
|
||||
errno = save_errno;
|
||||
}
|
||||
|
@ -10,7 +10,7 @@
|
||||
|
||||
#include <sendmail.h>
|
||||
|
||||
SM_RCSID("@(#)$Id: milter.c,v 8.197.2.2 2002/08/06 22:58:38 gshapiro Exp $")
|
||||
SM_RCSID("@(#)$Id: milter.c,v 8.197.2.5 2002/11/11 23:22:28 ca Exp $")
|
||||
|
||||
#if MILTER
|
||||
# include <libmilter/mfapi.h>
|
||||
@ -580,7 +580,7 @@ milter_open(m, parseonly, e)
|
||||
if (parseonly)
|
||||
syserr("X%s: empty or missing socket information",
|
||||
m->mf_name);
|
||||
else if (MilterLogLevel > 10)
|
||||
else if (MilterLogLevel > 0)
|
||||
sm_syslog(LOG_ERR, e->e_id,
|
||||
"Milter (%s): empty or missing socket information",
|
||||
m->mf_name);
|
||||
@ -611,9 +611,10 @@ milter_open(m, parseonly, e)
|
||||
addr.sa.sa_family = AF_INET6;
|
||||
# else /* NETINET6 */
|
||||
/* no protocols available */
|
||||
sm_syslog(LOG_ERR, e->e_id,
|
||||
"Milter (%s): no valid socket protocols available",
|
||||
m->mf_name);
|
||||
if (MilterLogLevel > 0)
|
||||
sm_syslog(LOG_ERR, e->e_id,
|
||||
"Milter (%s): no valid socket protocols available",
|
||||
m->mf_name);
|
||||
milter_error(m, e);
|
||||
return -1;
|
||||
# endif /* NETINET6 */
|
||||
@ -646,7 +647,7 @@ milter_open(m, parseonly, e)
|
||||
if (parseonly)
|
||||
syserr("X%s: unknown socket type %s",
|
||||
m->mf_name, p);
|
||||
else if (MilterLogLevel > 10)
|
||||
else if (MilterLogLevel > 0)
|
||||
sm_syslog(LOG_ERR, e->e_id,
|
||||
"Milter (%s): unknown socket type %s",
|
||||
m->mf_name, p);
|
||||
@ -677,7 +678,7 @@ milter_open(m, parseonly, e)
|
||||
if (parseonly)
|
||||
syserr("X%s: local socket name %s too long",
|
||||
m->mf_name, colon);
|
||||
else if (MilterLogLevel > 10)
|
||||
else if (MilterLogLevel > 0)
|
||||
sm_syslog(LOG_ERR, e->e_id,
|
||||
"Milter (%s): local socket name %s too long",
|
||||
m->mf_name, colon);
|
||||
@ -712,7 +713,7 @@ milter_open(m, parseonly, e)
|
||||
syserr("X%s: local socket name %s unsafe",
|
||||
m->mf_name, colon);
|
||||
}
|
||||
else if (MilterLogLevel > 10)
|
||||
else if (MilterLogLevel > 0)
|
||||
sm_syslog(LOG_ERR, e->e_id,
|
||||
"Milter (%s): local socket name %s unsafe",
|
||||
m->mf_name, colon);
|
||||
@ -748,7 +749,7 @@ milter_open(m, parseonly, e)
|
||||
if (parseonly)
|
||||
syserr("X%s: bad address %s (expected port@host)",
|
||||
m->mf_name, colon);
|
||||
else if (MilterLogLevel > 10)
|
||||
else if (MilterLogLevel > 0)
|
||||
sm_syslog(LOG_ERR, e->e_id,
|
||||
"Milter (%s): bad address %s (expected port@host)",
|
||||
m->mf_name, colon);
|
||||
@ -767,7 +768,7 @@ milter_open(m, parseonly, e)
|
||||
if (parseonly)
|
||||
syserr("X%s: invalid port number %s",
|
||||
m->mf_name, colon);
|
||||
else if (MilterLogLevel > 10)
|
||||
else if (MilterLogLevel > 0)
|
||||
sm_syslog(LOG_ERR, e->e_id,
|
||||
"Milter (%s): invalid port number %s",
|
||||
m->mf_name, colon);
|
||||
@ -787,7 +788,7 @@ milter_open(m, parseonly, e)
|
||||
if (parseonly)
|
||||
syserr("X%s: unknown port name %s",
|
||||
m->mf_name, colon);
|
||||
else if (MilterLogLevel > 10)
|
||||
else if (MilterLogLevel > 0)
|
||||
sm_syslog(LOG_ERR, e->e_id,
|
||||
"Milter (%s): unknown port name %s",
|
||||
m->mf_name, colon);
|
||||
@ -843,7 +844,7 @@ milter_open(m, parseonly, e)
|
||||
if (parseonly)
|
||||
syserr("X%s: Invalid numeric domain spec \"%s\"",
|
||||
m->mf_name, at);
|
||||
else if (MilterLogLevel > 10)
|
||||
else if (MilterLogLevel > 0)
|
||||
sm_syslog(LOG_ERR, e->e_id,
|
||||
"Milter (%s): Invalid numeric domain spec \"%s\"",
|
||||
m->mf_name, at);
|
||||
@ -859,7 +860,7 @@ milter_open(m, parseonly, e)
|
||||
if (parseonly)
|
||||
syserr("X%s: Invalid numeric domain spec \"%s\"",
|
||||
m->mf_name, at);
|
||||
else if (MilterLogLevel > 10)
|
||||
else if (MilterLogLevel > 0)
|
||||
sm_syslog(LOG_ERR, e->e_id,
|
||||
"Milter (%s): Invalid numeric domain spec \"%s\"",
|
||||
m->mf_name, at);
|
||||
@ -880,7 +881,7 @@ milter_open(m, parseonly, e)
|
||||
if (parseonly)
|
||||
syserr("X%s: Unknown host name %s",
|
||||
m->mf_name, at);
|
||||
else if (MilterLogLevel > 10)
|
||||
else if (MilterLogLevel > 0)
|
||||
sm_syslog(LOG_ERR, e->e_id,
|
||||
"Milter (%s): Unknown host name %s",
|
||||
m->mf_name, at);
|
||||
@ -918,7 +919,7 @@ milter_open(m, parseonly, e)
|
||||
if (parseonly)
|
||||
syserr("X%s: Unknown protocol for %s (%d)",
|
||||
m->mf_name, at, hp->h_addrtype);
|
||||
else if (MilterLogLevel > 10)
|
||||
else if (MilterLogLevel > 0)
|
||||
sm_syslog(LOG_ERR, e->e_id,
|
||||
"Milter (%s): Unknown protocol for %s (%d)",
|
||||
m->mf_name, at,
|
||||
@ -939,7 +940,7 @@ milter_open(m, parseonly, e)
|
||||
m->mf_name);
|
||||
if (parseonly)
|
||||
syserr("X%s: unknown socket protocol", m->mf_name);
|
||||
else if (MilterLogLevel > 10)
|
||||
else if (MilterLogLevel > 0)
|
||||
sm_syslog(LOG_ERR, e->e_id,
|
||||
"Milter (%s): unknown socket protocol",
|
||||
m->mf_name);
|
||||
@ -3226,7 +3227,14 @@ milter_connect(hostname, addr, e, state)
|
||||
{
|
||||
if (response != NULL &&
|
||||
*response == '4')
|
||||
*state = SMFIR_TEMPFAIL;
|
||||
{
|
||||
#if _FFR_MILTER_421
|
||||
if (strncmp(response, "421 ", 4) == 0)
|
||||
*state = SMFIR_SHUTDOWN;
|
||||
else
|
||||
#endif /* _FFR_MILTER_421 */
|
||||
*state = SMFIR_TEMPFAIL;
|
||||
}
|
||||
else
|
||||
*state = SMFIR_REJECT;
|
||||
if (response != NULL)
|
||||
@ -3724,7 +3732,7 @@ milter_data(e, state)
|
||||
case SMFIR_REPLBODY:
|
||||
if (!bitset(SMFIF_MODBODY, m->mf_fflags))
|
||||
{
|
||||
if (MilterLogLevel > 0)
|
||||
if (MilterLogLevel > 9)
|
||||
sm_syslog(LOG_ERR, e->e_id,
|
||||
"milter_data(%s): lied about replacing body, rejecting request and tempfailing message",
|
||||
m->mf_name);
|
||||
|
@ -13,7 +13,7 @@
|
||||
|
||||
#include <sendmail.h>
|
||||
|
||||
SM_RCSID("@(#)$Id: parseaddr.c,v 8.359.2.2 2002/08/16 14:56:01 ca Exp $")
|
||||
SM_RCSID("@(#)$Id: parseaddr.c,v 8.359.2.3 2002/09/26 23:03:39 gshapiro Exp $")
|
||||
|
||||
static void allocaddr __P((ADDRESS *, int, char *, ENVELOPE *));
|
||||
static int callsubr __P((char**, int, ENVELOPE *));
|
||||
@ -2086,6 +2086,7 @@ badaddr:
|
||||
}
|
||||
return a;
|
||||
}
|
||||
|
||||
/*
|
||||
** CATADDR -- concatenate pieces of addresses (putting in <LWSP> subs)
|
||||
**
|
||||
|
@ -13,7 +13,7 @@
|
||||
|
||||
#include <sendmail.h>
|
||||
|
||||
SM_RCSID("@(#)$Id: queue.c,v 8.863.2.6 2002/08/16 16:27:37 gshapiro Exp $")
|
||||
SM_RCSID("@(#)$Id: queue.c,v 8.863.2.22 2002/12/19 18:00:39 ca Exp $")
|
||||
|
||||
#include <dirent.h>
|
||||
|
||||
@ -27,8 +27,10 @@ SM_RCSID("@(#)$Id: queue.c,v 8.863.2.6 2002/08/16 16:27:37 gshapiro Exp $")
|
||||
|
||||
/*
|
||||
** Historical notes:
|
||||
** QF_VERSION==4 was sendmail 8.10/8.11 without _FFR_QUEUEDELAY
|
||||
** QF_VERSION==5 was sendmail 8.10/8.11 with _FFR_QUEUEDELAY
|
||||
** QF_VERSION == 4 was sendmail 8.10/8.11 without _FFR_QUEUEDELAY
|
||||
** QF_VERSION == 5 was sendmail 8.10/8.11 with _FFR_QUEUEDELAY
|
||||
** QF_VERSION == 6 is sendmail 8.12 without _FFR_QUEUEDELAY
|
||||
** QF_VERSION == 7 is sendmail 8.12 with _FFR_QUEUEDELAY
|
||||
*/
|
||||
|
||||
#if _FFR_QUEUEDELAY
|
||||
@ -134,6 +136,7 @@ static int workcmpf1();
|
||||
static int workcmpf2();
|
||||
static int workcmpf3();
|
||||
static int workcmpf4();
|
||||
static int randi = 3; /* index for workcmpf5() */
|
||||
static int workcmpf5();
|
||||
static int workcmpf6();
|
||||
#if _FFR_RHS
|
||||
@ -198,6 +201,7 @@ static void *Pshm; /* pointer to shared memory */
|
||||
static FILESYS *PtrFileSys; /* pointer to queue file system array */
|
||||
int ShmId = SM_SHM_NO_ID; /* shared memory id */
|
||||
static QUEUE_SHM_T *QShm; /* pointer to shared queue data */
|
||||
static size_t shms;
|
||||
|
||||
# define SHM_OFF_PID(p) (((char *) (p)) + sizeof(int))
|
||||
# define SHM_OFF_TAG(p) (((char *) (p)) + sizeof(pid_t) + sizeof(int))
|
||||
@ -255,6 +259,7 @@ hash_q(p, h)
|
||||
return h;
|
||||
}
|
||||
|
||||
|
||||
#else /* SM_CONF_SHM */
|
||||
# define FILE_SYS(i) FileSys[i]
|
||||
#endif /* SM_CONF_SHM */
|
||||
@ -265,6 +270,7 @@ hash_q(p, h)
|
||||
#define FILE_SYS_BLKSIZE(i) FILE_SYS(i).fs_blksize
|
||||
#define FILE_SYS_DEV(i) FILE_SYS(i).fs_dev
|
||||
|
||||
|
||||
/*
|
||||
** Current qf file field assignments:
|
||||
**
|
||||
@ -1200,7 +1206,7 @@ restart_work_group(wgrp)
|
||||
{
|
||||
/* avoid overflow; increment here */
|
||||
WorkGrp[wgrp].wg_restartcnt++;
|
||||
(void) run_work_group(wgrp, true, false, true, true);
|
||||
(void) run_work_group(wgrp, RWG_FORK|RWG_PERSISTENT|RWG_RUNALL);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -1438,6 +1444,8 @@ runqueue(forkflag, verbose, persistent, runall)
|
||||
|
||||
for (i = 0; i < NumWorkGroups && !NoMoreRunners; i++)
|
||||
{
|
||||
int rwgflags = RWG_NONE;
|
||||
|
||||
/*
|
||||
** If MaxQueueChildren active then test whether the start
|
||||
** of the next queue group's additional queue runners (maximum)
|
||||
@ -1477,8 +1485,15 @@ runqueue(forkflag, verbose, persistent, runall)
|
||||
*/
|
||||
|
||||
CurRunners += WorkGrp[curnum].wg_maxact;
|
||||
ret = run_work_group(curnum, forkflag, verbose, persistent,
|
||||
runall);
|
||||
if (forkflag)
|
||||
rwgflags |= RWG_FORK;
|
||||
if (verbose)
|
||||
rwgflags |= RWG_VERBOSE;
|
||||
if (persistent)
|
||||
rwgflags |= RWG_PERSISTENT;
|
||||
if (runall)
|
||||
rwgflags |= RWG_RUNALL;
|
||||
ret = run_work_group(curnum, rwgflags);
|
||||
|
||||
/*
|
||||
** Failure means a message was printed for ETRN
|
||||
@ -1676,7 +1691,7 @@ runner_work(e, sequenceno, didfork, skip, njobs)
|
||||
w->w_name + 2);
|
||||
|
||||
(void) dowork(w->w_qgrp, w->w_qdir, w->w_name + 2,
|
||||
false, false, e);
|
||||
ForkQueueRuns , false, e);
|
||||
errno = 0;
|
||||
}
|
||||
sm_free(w->w_name); /* XXX */
|
||||
@ -1711,12 +1726,7 @@ runner_work(e, sequenceno, didfork, skip, njobs)
|
||||
**
|
||||
** Parameters:
|
||||
** wgrp -- work group to process.
|
||||
** forkflag -- true if the queue scanning should be done in
|
||||
** a child process. We double-fork so it is not our
|
||||
** child and we don't have to clean up after it.
|
||||
** verbose -- if true, print out status information.
|
||||
** persistent -- persistent queue runner?
|
||||
** runall -- true: run all of the queue groups in this work group
|
||||
** flags -- RWG_* flags
|
||||
**
|
||||
** Returns:
|
||||
** true if the queue run successfully began.
|
||||
@ -1729,12 +1739,9 @@ runner_work(e, sequenceno, didfork, skip, njobs)
|
||||
#define MIN_SLEEP_TIME 5
|
||||
|
||||
bool
|
||||
run_work_group(wgrp, forkflag, verbose, persistent, runall)
|
||||
run_work_group(wgrp, flags)
|
||||
int wgrp;
|
||||
bool forkflag;
|
||||
bool verbose;
|
||||
bool persistent;
|
||||
bool runall;
|
||||
int flags;
|
||||
{
|
||||
register ENVELOPE *e;
|
||||
int njobs, qdir;
|
||||
@ -1758,11 +1765,12 @@ run_work_group(wgrp, forkflag, verbose, persistent, runall)
|
||||
sm_getla(); /* get load average */
|
||||
current_la_time = curtime();
|
||||
|
||||
if (!persistent && shouldqueue(WkRecipFact, current_la_time))
|
||||
if (!bitset(RWG_PERSISTENT, flags) &&
|
||||
shouldqueue(WkRecipFact, current_la_time))
|
||||
{
|
||||
char *msg = "Skipping queue run -- load average too high";
|
||||
|
||||
if (verbose)
|
||||
if (bitset(RWG_VERBOSE, flags))
|
||||
message("458 %s\n", msg);
|
||||
if (LogLevel > 8)
|
||||
sm_syslog(LOG_INFO, NOQID, "runqueue: %s", msg);
|
||||
@ -1773,12 +1781,14 @@ run_work_group(wgrp, forkflag, verbose, persistent, runall)
|
||||
** See if we already have too many children.
|
||||
*/
|
||||
|
||||
if (forkflag && WorkGrp[wgrp].wg_lowqintvl > 0 && !persistent &&
|
||||
if (bitset(RWG_FORK, flags) &&
|
||||
WorkGrp[wgrp].wg_lowqintvl > 0 &&
|
||||
!bitset(RWG_PERSISTENT, flags) &&
|
||||
MaxChildren > 0 && CurChildren >= MaxChildren)
|
||||
{
|
||||
char *msg = "Skipping queue run -- too many children";
|
||||
|
||||
if (verbose)
|
||||
if (bitset(RWG_VERBOSE, flags))
|
||||
message("458 %s (%d)\n", msg, CurChildren);
|
||||
if (LogLevel > 8)
|
||||
sm_syslog(LOG_INFO, NOQID, "runqueue: %s (%d)",
|
||||
@ -1790,7 +1800,7 @@ run_work_group(wgrp, forkflag, verbose, persistent, runall)
|
||||
** See if we want to go off and do other useful work.
|
||||
*/
|
||||
|
||||
if (forkflag)
|
||||
if (bitset(RWG_FORK, flags))
|
||||
{
|
||||
pid_t pid;
|
||||
|
||||
@ -1803,7 +1813,7 @@ run_work_group(wgrp, forkflag, verbose, persistent, runall)
|
||||
const char *msg = "Skipping queue run -- fork() failed";
|
||||
const char *err = sm_errstring(errno);
|
||||
|
||||
if (verbose)
|
||||
if (bitset(RWG_VERBOSE, flags))
|
||||
message("458 %s: %s\n", msg, err);
|
||||
if (LogLevel > 8)
|
||||
sm_syslog(LOG_INFO, NOQID, "runqueue: %s: %s",
|
||||
@ -1819,7 +1829,7 @@ run_work_group(wgrp, forkflag, verbose, persistent, runall)
|
||||
/* wgrp only used when queue runners are persistent */
|
||||
proc_list_add(pid, "Queue runner", PROC_QUEUE,
|
||||
WorkGrp[wgrp].wg_maxact,
|
||||
persistent ? wgrp : -1);
|
||||
bitset(RWG_PERSISTENT, flags) ? wgrp : -1);
|
||||
(void) sm_releasesignal(SIGALRM);
|
||||
(void) sm_releasesignal(SIGCHLD);
|
||||
return true;
|
||||
@ -1876,7 +1886,7 @@ run_work_group(wgrp, forkflag, verbose, persistent, runall)
|
||||
e->e_parent = NULL;
|
||||
|
||||
/* make sure we have disconnected from parent */
|
||||
if (forkflag)
|
||||
if (bitset(RWG_FORK, flags))
|
||||
{
|
||||
disconnect(1, e);
|
||||
QuickAbort = false;
|
||||
@ -1908,7 +1918,7 @@ run_work_group(wgrp, forkflag, verbose, persistent, runall)
|
||||
|
||||
/*
|
||||
** Run a queue group if:
|
||||
** runall is set or the bit for this group is set.
|
||||
** RWG_RUNALL bit is set or the bit for this group is set.
|
||||
*/
|
||||
|
||||
now = curtime();
|
||||
@ -1922,14 +1932,14 @@ run_work_group(wgrp, forkflag, verbose, persistent, runall)
|
||||
qgrp = WorkGrp[wgrp].wg_qgs[WorkGrp[wgrp].wg_curqgrp]->qg_index;
|
||||
WorkGrp[wgrp].wg_curqgrp++; /* advance */
|
||||
WorkGrp[wgrp].wg_curqgrp %= WorkGrp[wgrp].wg_numqgrp; /* wrap */
|
||||
if (runall ||
|
||||
if (bitset(RWG_RUNALL, flags) ||
|
||||
(Queue[qgrp]->qg_nextrun <= now &&
|
||||
Queue[qgrp]->qg_nextrun != (time_t) -1))
|
||||
break;
|
||||
if (endgrp == WorkGrp[wgrp].wg_curqgrp)
|
||||
{
|
||||
e->e_id = NULL;
|
||||
if (forkflag)
|
||||
if (bitset(RWG_FORK, flags))
|
||||
finis(true, true, ExitStat);
|
||||
return true; /* we're done */
|
||||
}
|
||||
@ -1958,7 +1968,7 @@ run_work_group(wgrp, forkflag, verbose, persistent, runall)
|
||||
sm_syslog(LOG_DEBUG, NOQID,
|
||||
"runqueue %s, pid=%d, forkflag=%d",
|
||||
qid_printqueue(qgrp, qdir), (int) CurrentPid,
|
||||
forkflag);
|
||||
bitset(RWG_FORK, flags));
|
||||
|
||||
/*
|
||||
** Start making passes through the queue.
|
||||
@ -2015,24 +2025,6 @@ run_work_group(wgrp, forkflag, verbose, persistent, runall)
|
||||
maxrunners = njobs;
|
||||
for (loop = 0; loop < maxrunners; loop++)
|
||||
{
|
||||
#if _FFR_NONSTOP_PERSISTENCE
|
||||
/*
|
||||
** Require a free "slot" before processing
|
||||
** this queue runner.
|
||||
*/
|
||||
|
||||
while (MaxQueueChildren > 0 &&
|
||||
CurChildren > MaxQueueChildren)
|
||||
{
|
||||
int status;
|
||||
pid_t ret;
|
||||
|
||||
while ((ret = sm_wait(&status)) <= 0)
|
||||
continue;
|
||||
proc_list_drop(ret, status, NULL);
|
||||
}
|
||||
#endif /* _FFR_NONSTOP_PERSISTENCE */
|
||||
|
||||
/*
|
||||
** Since the delivery may happen in a child and the
|
||||
** parent does not wait, the parent may close the
|
||||
@ -2116,7 +2108,6 @@ run_work_group(wgrp, forkflag, verbose, persistent, runall)
|
||||
|
||||
sm_releasesignal(SIGCHLD);
|
||||
|
||||
#if !_FFR_NONSTOP_PERSISTENCE
|
||||
/*
|
||||
** Wait until all of the runners have completed before
|
||||
** seeing if there is another queue group in the
|
||||
@ -2135,9 +2126,8 @@ run_work_group(wgrp, forkflag, verbose, persistent, runall)
|
||||
continue;
|
||||
proc_list_drop(ret, status, NULL);
|
||||
}
|
||||
#endif /* !_FFR_NONSTOP_PERSISTENCE */
|
||||
}
|
||||
else
|
||||
else if (Queue[qgrp]->qg_maxqrun > 0 || bitset(RWG_FORCE, flags))
|
||||
{
|
||||
/*
|
||||
** When current process will not fork children to do the work,
|
||||
@ -2162,7 +2152,7 @@ run_work_group(wgrp, forkflag, verbose, persistent, runall)
|
||||
}
|
||||
|
||||
/* No more queues in work group to process. Now check persistent. */
|
||||
if (persistent)
|
||||
if (bitset(RWG_PERSISTENT, flags))
|
||||
{
|
||||
sequenceno = 1;
|
||||
sm_setproctitle(true, CurEnv, "running queue: %s",
|
||||
@ -2244,7 +2234,7 @@ run_work_group(wgrp, forkflag, verbose, persistent, runall)
|
||||
|
||||
/* exit without the usual cleanup */
|
||||
e->e_id = NULL;
|
||||
if (forkflag)
|
||||
if (bitset(RWG_FORK, flags))
|
||||
finis(true, true, ExitStat);
|
||||
/* NOTREACHED */
|
||||
return true;
|
||||
@ -2918,12 +2908,14 @@ sortq(max)
|
||||
else if (QueueSortOrder == QSO_RANDOM)
|
||||
{
|
||||
/*
|
||||
** Sort randomly.
|
||||
** workcmpf5() returns a random 1 or -1.
|
||||
** As long as nobody does a verification pass over the
|
||||
** sorted list, we should be golden.
|
||||
** Sort randomly. To avoid problems with an instable sort,
|
||||
** use a random index into the queue file name to start
|
||||
** comparison.
|
||||
*/
|
||||
|
||||
randi = get_rand_mod(MAXQFNAME);
|
||||
if (randi < 2)
|
||||
randi = 3;
|
||||
qsort((char *) WorkList, wc, sizeof *WorkList, workcmpf5);
|
||||
}
|
||||
else if (QueueSortOrder == QSO_BYMODTIME)
|
||||
@ -3226,7 +3218,9 @@ workcmpf5(a, b)
|
||||
register WORK *a;
|
||||
register WORK *b;
|
||||
{
|
||||
return (get_rand_mod(2)) ? 1 : -1;
|
||||
if (strlen(a->w_name) < randi || strlen(b->w_name) < randi)
|
||||
return -1;
|
||||
return a->w_name[randi] - b->w_name[randi];
|
||||
}
|
||||
/*
|
||||
** WORKCMPF6 -- simple modification-time-only compare function.
|
||||
@ -3452,6 +3446,7 @@ dowork(qgrp, qdir, id, forkflag, requeueflag, e)
|
||||
** handler for child process.
|
||||
*/
|
||||
|
||||
|
||||
/* Reset global flags */
|
||||
RestartRequest = NULL;
|
||||
RestartWorkGroup = false;
|
||||
@ -3638,6 +3633,7 @@ doworklist(el, forkflag, requeueflag)
|
||||
** handler for child process.
|
||||
*/
|
||||
|
||||
|
||||
/* Reset global flags */
|
||||
RestartRequest = NULL;
|
||||
RestartWorkGroup = false;
|
||||
@ -6476,7 +6472,7 @@ write_key_file(keypath, key)
|
||||
sff = SFF_NOLINK|SFF_ROOTOK|SFF_REGONLY|SFF_CREAT;
|
||||
if (TrustedUid != 0 && RealUid == TrustedUid)
|
||||
sff |= SFF_OPENASROOT;
|
||||
keyf = safefopen(keypath, O_WRONLY|O_TRUNC, 0644, sff);
|
||||
keyf = safefopen(keypath, O_WRONLY|O_TRUNC, FileMode, sff);
|
||||
if (keyf == NULL)
|
||||
{
|
||||
sm_syslog(LOG_ERR, NOQID, "unable to write %s: %s",
|
||||
@ -6486,7 +6482,7 @@ write_key_file(keypath, key)
|
||||
{
|
||||
ok = sm_io_fprintf(keyf, SM_TIME_DEFAULT, "%ld\n", key) !=
|
||||
SM_IO_EOF;
|
||||
ok = ok && (sm_io_close(keyf, SM_TIME_DEFAULT) != SM_IO_EOF);
|
||||
ok = (sm_io_close(keyf, SM_TIME_DEFAULT) != SM_IO_EOF) && ok;
|
||||
}
|
||||
return ok;
|
||||
}
|
||||
@ -6514,9 +6510,9 @@ read_key_file(keypath, key)
|
||||
if (keypath == NULL || *keypath == '\0')
|
||||
return key;
|
||||
sff = SFF_NOLINK|SFF_ROOTOK|SFF_REGONLY;
|
||||
if (TrustedUid != 0 && RealUid == TrustedUid)
|
||||
if (RealUid == 0 || (TrustedUid != 0 && RealUid == TrustedUid))
|
||||
sff |= SFF_OPENASROOT;
|
||||
keyf = safefopen(keypath, O_RDONLY, 0644, sff);
|
||||
keyf = safefopen(keypath, O_RDONLY, FileMode, sff);
|
||||
if (keyf == NULL)
|
||||
{
|
||||
sm_syslog(LOG_ERR, NOQID, "unable to read %s: %s",
|
||||
@ -6577,7 +6573,6 @@ init_shm(qn, owner, hash)
|
||||
{
|
||||
int count;
|
||||
int save_errno;
|
||||
size_t shms;
|
||||
|
||||
count = 0;
|
||||
shms = SM_T_SIZE + qn * sizeof(QUEUE_SHM_T);
|
||||
@ -8012,6 +8007,8 @@ split_within_queue(e)
|
||||
e->e_sibling = firstsibling;
|
||||
for (i = 0; i < nrcpt - 1; ++i)
|
||||
addrs[i]->q_next = addrs[i + 1];
|
||||
if (lsplits != NULL)
|
||||
sm_free(lsplits);
|
||||
return SM_SPLIT_FAIL;
|
||||
}
|
||||
|
||||
@ -8054,12 +8051,15 @@ split_within_queue(e)
|
||||
break;
|
||||
i += maxrcpt;
|
||||
}
|
||||
if (LogLevel > SPLIT_LOG_LEVEL && lsplits != NULL && nsplit > 0)
|
||||
if (LogLevel > SPLIT_LOG_LEVEL && lsplits != NULL)
|
||||
{
|
||||
sm_syslog(LOG_NOTICE, e->e_id,
|
||||
"split: maxrcpts=%d, rcpts=%d, count=%d, id%s=%s",
|
||||
maxrcpt, nrcpt - ndead, nsplit,
|
||||
nsplit > 1 ? "s" : "", lsplits);
|
||||
if (nsplit > 0)
|
||||
{
|
||||
sm_syslog(LOG_NOTICE, e->e_id,
|
||||
"split: maxrcpts=%d, rcpts=%d, count=%d, id%s=%s",
|
||||
maxrcpt, nrcpt - ndead, nsplit,
|
||||
nsplit > 1 ? "s" : "", lsplits);
|
||||
}
|
||||
sm_free(lsplits);
|
||||
}
|
||||
return SM_SPLIT_NEW(nsplit);
|
||||
|
@ -13,7 +13,7 @@
|
||||
|
||||
#include <sendmail.h>
|
||||
|
||||
SM_RCSID("@(#)$Id: readcf.c,v 8.607.2.2 2002/08/19 21:50:49 gshapiro Exp $")
|
||||
SM_RCSID("@(#)$Id: readcf.c,v 8.607.2.7 2002/11/10 19:13:11 ca Exp $")
|
||||
|
||||
#if NETINET || NETINET6
|
||||
# include <arpa/inet.h>
|
||||
@ -2045,9 +2045,9 @@ static struct optioninfo
|
||||
#define O_CLTKEYFILE 0xb7
|
||||
{ "ClientKeyFile", O_CLTKEYFILE, OI_NONE },
|
||||
#define O_CACERTFILE 0xb8
|
||||
{ "CACERTFile", O_CACERTFILE, OI_NONE },
|
||||
{ "CACertFile", O_CACERTFILE, OI_NONE },
|
||||
#define O_CACERTPATH 0xb9
|
||||
{ "CACERTPath", O_CACERTPATH, OI_NONE },
|
||||
{ "CACertPath", O_CACERTPATH, OI_NONE },
|
||||
#define O_DHPARAMS 0xba
|
||||
{ "DHParameters", O_DHPARAMS, OI_NONE },
|
||||
#define O_INPUTMILTER 0xbb
|
||||
@ -2100,6 +2100,14 @@ static struct optioninfo
|
||||
# define O_SHMKEYFILE 0xd0
|
||||
{ "SharedMemoryKeyFile", O_SHMKEYFILE, OI_NONE },
|
||||
#endif /* _FFR_SELECT_SHM */
|
||||
#if _FFR_REJECT_LOG
|
||||
# define O_REJECTLOGINTERVAL 0xd1
|
||||
{ "RejectLogInterval", O_REJECTLOGINTERVAL, OI_NONE },
|
||||
#endif /* _FFR_REJECT_LOG */
|
||||
#if _FFR_REQ_DIR_FSYNC_OPT
|
||||
# define O_REQUIRES_DIR_FSYNC 0xd2
|
||||
{ "RequiresDirfsync", O_REQUIRES_DIR_FSYNC, OI_NONE },
|
||||
#endif /* _FFR_REQ_DIR_FSYNC_OPT */
|
||||
{ NULL, '\0', OI_NONE }
|
||||
};
|
||||
|
||||
@ -3337,18 +3345,23 @@ setoption(opt, val, safe, sticky, e)
|
||||
case 'A':
|
||||
SASLOpts |= SASL_AUTH_AUTH;
|
||||
break;
|
||||
|
||||
case 'a':
|
||||
SASLOpts |= SASL_SEC_NOACTIVE;
|
||||
break;
|
||||
|
||||
case 'c':
|
||||
SASLOpts |= SASL_SEC_PASS_CREDENTIALS;
|
||||
break;
|
||||
|
||||
case 'd':
|
||||
SASLOpts |= SASL_SEC_NODICTIONARY;
|
||||
break;
|
||||
|
||||
case 'f':
|
||||
SASLOpts |= SASL_SEC_FORWARD_SECRECY;
|
||||
break;
|
||||
|
||||
# if _FFR_SASL_OPT_M
|
||||
/* to be activated in 8.13 */
|
||||
# if SASL >= 20101
|
||||
@ -3357,16 +3370,20 @@ setoption(opt, val, safe, sticky, e)
|
||||
break;
|
||||
# endif /* SASL >= 20101 */
|
||||
# endif /* _FFR_SASL_OPT_M */
|
||||
|
||||
case 'p':
|
||||
SASLOpts |= SASL_SEC_NOPLAINTEXT;
|
||||
break;
|
||||
|
||||
case 'y':
|
||||
SASLOpts |= SASL_SEC_NOANONYMOUS;
|
||||
break;
|
||||
|
||||
case ' ': /* ignore */
|
||||
case '\t': /* ignore */
|
||||
case ',': /* ignore */
|
||||
break;
|
||||
|
||||
default:
|
||||
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
|
||||
"Warning: Option: %s unknown parameter '%c'\n",
|
||||
@ -3382,6 +3399,7 @@ setoption(opt, val, safe, sticky, e)
|
||||
++val;
|
||||
}
|
||||
break;
|
||||
|
||||
case O_SASLBITS:
|
||||
MaxSLBits = atoi(val);
|
||||
break;
|
||||
@ -3399,17 +3417,17 @@ setoption(opt, val, safe, sticky, e)
|
||||
|
||||
#if STARTTLS
|
||||
case O_SRVCERTFILE:
|
||||
SET_STRING_EXP(SrvCERTfile);
|
||||
SET_STRING_EXP(SrvCertFile);
|
||||
case O_SRVKEYFILE:
|
||||
SET_STRING_EXP(Srvkeyfile);
|
||||
SET_STRING_EXP(SrvKeyFile);
|
||||
case O_CLTCERTFILE:
|
||||
SET_STRING_EXP(CltCERTfile);
|
||||
SET_STRING_EXP(CltCertFile);
|
||||
case O_CLTKEYFILE:
|
||||
SET_STRING_EXP(Cltkeyfile);
|
||||
SET_STRING_EXP(CltKeyFile);
|
||||
case O_CACERTFILE:
|
||||
SET_STRING_EXP(CACERTfile);
|
||||
SET_STRING_EXP(CACertFile);
|
||||
case O_CACERTPATH:
|
||||
SET_STRING_EXP(CACERTpath);
|
||||
SET_STRING_EXP(CACertPath);
|
||||
case O_DHPARAMS:
|
||||
SET_STRING_EXP(DHParams);
|
||||
# if _FFR_TLS_1
|
||||
@ -3574,6 +3592,22 @@ setoption(opt, val, safe, sticky, e)
|
||||
break;
|
||||
#endif /* _FFR_SOFT_BOUNCE */
|
||||
|
||||
#if _FFR_REJECT_LOG
|
||||
case O_REJECTLOGINTERVAL: /* time btwn log msgs while refusing */
|
||||
RejectLogInterval = convtime(val, 'h');
|
||||
break;
|
||||
#endif /* _FFR_REJECT_LOG */
|
||||
|
||||
#if _FFR_REQ_DIR_FSYNC_OPT
|
||||
case O_REQUIRES_DIR_FSYNC:
|
||||
# if REQUIRES_DIR_FSYNC
|
||||
RequiresDirfsync = atobool(val);
|
||||
# else /* REQUIRES_DIR_FSYNC */
|
||||
/* silently ignored... required for cf file option */
|
||||
# endif /* REQUIRES_DIR_FSYNC */
|
||||
break;
|
||||
#endif /* _FFR_REQ_DIR_FSYNC_OPT */
|
||||
|
||||
default:
|
||||
if (tTd(37, 1))
|
||||
{
|
||||
|
@ -13,7 +13,7 @@
|
||||
|
||||
#include <sendmail.h>
|
||||
|
||||
SM_RCSID("@(#)$Id: recipient.c,v 8.330 2002/05/29 18:20:03 gshapiro Exp $")
|
||||
SM_RCSID("@(#)$Id: recipient.c,v 8.330.2.1 2002/08/27 20:21:02 gshapiro Exp $")
|
||||
|
||||
static void includetimeout __P((void));
|
||||
static ADDRESS *self_reference __P((ADDRESS *));
|
||||
@ -679,7 +679,7 @@ recipient(new, sendq, aliaslevel, e)
|
||||
** the current recipient is marked expensive.
|
||||
*/
|
||||
|
||||
if (WILL_BE_QUEUED(e->e_sendmode) ||
|
||||
if (UseMSP || WILL_BE_QUEUED(e->e_sendmode) ||
|
||||
(!bitset(EF_SPLIT, e->e_flags) && e->e_ntries == 0 &&
|
||||
FastSplit > 0))
|
||||
sortfn = sorthost;
|
||||
|
@ -9,7 +9,7 @@
|
||||
*/
|
||||
|
||||
#include <sm/gen.h>
|
||||
SM_RCSID("@(#)$Id: sasl.c,v 8.19.2.1 2002/07/13 18:04:56 ca Exp $")
|
||||
SM_RCSID("@(#)$Id: sasl.c,v 8.19.2.2 2002/09/26 23:03:40 gshapiro Exp $")
|
||||
|
||||
#if SASL
|
||||
# include <stdlib.h>
|
||||
@ -208,7 +208,7 @@ intersect(s1, s2, rpool)
|
||||
# if SASL >= 20000
|
||||
/*
|
||||
** IPTOSTRING -- create string for SASL_IP*PORT property
|
||||
** (borrowed from lib/iptostring.c in Cyrus-IMAP)
|
||||
** (borrowed from lib/iptostring.c in Cyrus-IMAP)
|
||||
**
|
||||
** Parameters:
|
||||
** addr -- (pointer to) socket address
|
||||
|
@ -48,7 +48,7 @@
|
||||
|
||||
#ifdef _DEFINE
|
||||
# ifndef lint
|
||||
SM_UNUSED(static char SmailId[]) = "@(#)$Id: sendmail.h,v 8.919.2.4 2002/08/16 14:56:01 ca Exp $";
|
||||
SM_UNUSED(static char SmailId[]) = "@(#)$Id: sendmail.h,v 8.919.2.15 2002/12/12 22:46:35 ca Exp $";
|
||||
# endif /* ! lint */
|
||||
#endif /* _DEFINE */
|
||||
|
||||
@ -392,6 +392,9 @@ struct mailer
|
||||
#define M_ESMTP 'a' /* run Extended SMTP */
|
||||
#define M_ALIASABLE 'A' /* user can be LHS of an alias */
|
||||
#define M_BLANKEND 'b' /* ensure blank line at end of message */
|
||||
#if _FFR_STRIPBACKSL
|
||||
# define M_STRIPBACKSL 'B' /* strip leading backslash from user */
|
||||
#endif /* _FFR_STRIPBACKSL */
|
||||
#define M_NOCOMMENT 'c' /* don't include comment part of address */
|
||||
#define M_CANONICAL 'C' /* make addresses canonical "u@dom" */
|
||||
#define M_NOBRACKET 'd' /* never angle bracket envelope route-addrs */
|
||||
@ -581,7 +584,7 @@ extern bool filesys_free __P((long));
|
||||
ERROR: change SASL_SEC_MASK_ notify sendmail.org!
|
||||
# endif /* SASL_SEC_NOPLAINTEXT & SASL_SEC_MASK) == 0 ... */
|
||||
# endif /* SASL >= 20101 */
|
||||
# define MAXOUTLEN 1024 /* length of output buffer */
|
||||
# define MAXOUTLEN 8192 /* length of output buffer */
|
||||
|
||||
/* functions */
|
||||
extern char *intersect __P((char *, char *, SM_RPOOL_T *));
|
||||
@ -690,6 +693,7 @@ MCI
|
||||
#define MCIF_AUTHACT 0x00010000 /* SASL (AUTH) active */
|
||||
#define MCIF_ENHSTAT 0x00020000 /* ENHANCEDSTATUSCODES supported */
|
||||
#define MCIF_PIPELINED 0x00040000 /* PIPELINING supported */
|
||||
#define MCIF_VERB 0x00080000 /* VERB supported */
|
||||
#if STARTTLS
|
||||
#define MCIF_TLS 0x00100000 /* STARTTLS supported */
|
||||
#define MCIF_TLSACT 0x00200000 /* STARTTLS active */
|
||||
@ -955,6 +959,7 @@ extern ENVELOPE BlankEnvelope;
|
||||
extern void clearenvelope __P((ENVELOPE *, bool, SM_RPOOL_T *));
|
||||
extern void dropenvelope __P((ENVELOPE *, bool, bool));
|
||||
extern ENVELOPE *newenvelope __P((ENVELOPE *, ENVELOPE *, SM_RPOOL_T *));
|
||||
extern void clrsessenvelope __P((ENVELOPE *));
|
||||
extern void printenvflags __P((ENVELOPE *));
|
||||
extern void putbody __P((MCI *, ENVELOPE *, char *));
|
||||
extern void putheader __P((MCI *, HDR *, ENVELOPE *, int));
|
||||
@ -1567,7 +1572,7 @@ EXTERN unsigned long PrivacyFlags; /* privacy flags */
|
||||
** Flags passed to rscheck
|
||||
*/
|
||||
|
||||
#define RSF_RMCOMM 0x0001 /* strip comments */
|
||||
#define RSF_RMCOMM 0x0001 /* strip comments */
|
||||
#define RSF_UNSTRUCTURED 0x0002 /* unstructured, ignore syntax errors */
|
||||
#define RSF_COUNT 0x0004 /* count rejections (statistics)? */
|
||||
|
||||
@ -1769,14 +1774,14 @@ struct termescape
|
||||
|
||||
/* what to do in the TLS initialization */
|
||||
#define TLS_I_NONE 0x00000000 /* no requirements... */
|
||||
#define TLS_I_CERT_EX 0x00000001 /* CERT must exist */
|
||||
#define TLS_I_CERT_UNR 0x00000002 /* CERT must be g/o unreadable */
|
||||
#define TLS_I_KEY_EX 0x00000004 /* KEY must exist */
|
||||
#define TLS_I_KEY_UNR 0x00000008 /* KEY must be g/o unreadable */
|
||||
#define TLS_I_CERTP_EX 0x00000010 /* CA CERT PATH must exist */
|
||||
#define TLS_I_CERTP_UNR 0x00000020 /* CA CERT PATH must be g/o unreadable */
|
||||
#define TLS_I_CERTF_EX 0x00000040 /* CA CERT FILE must exist */
|
||||
#define TLS_I_CERTF_UNR 0x00000080 /* CA CERT FILE must be g/o unreadable */
|
||||
#define TLS_I_CERT_EX 0x00000001 /* cert must exist */
|
||||
#define TLS_I_CERT_UNR 0x00000002 /* cert must be g/o unreadable */
|
||||
#define TLS_I_KEY_EX 0x00000004 /* key must exist */
|
||||
#define TLS_I_KEY_UNR 0x00000008 /* key must be g/o unreadable */
|
||||
#define TLS_I_CERTP_EX 0x00000010 /* CA cert path must exist */
|
||||
#define TLS_I_CERTP_UNR 0x00000020 /* CA cert path must be g/o unreadable */
|
||||
#define TLS_I_CERTF_EX 0x00000040 /* CA cert file must exist */
|
||||
#define TLS_I_CERTF_UNR 0x00000080 /* CA cert file must be g/o unreadable */
|
||||
#define TLS_I_RSA_TMP 0x00000100 /* RSA TMP must be generated */
|
||||
#define TLS_I_USE_KEY 0x00000200 /* private key must usable */
|
||||
#define TLS_I_USE_CERT 0x00000400 /* certificate must be usable */
|
||||
@ -1791,7 +1796,7 @@ struct termescape
|
||||
#define TLS_I_DH1024 0x00080000 /* generate 1024bit DH param */
|
||||
#define TLS_I_DH2048 0x00100000 /* generate 2048bit DH param */
|
||||
#define TLS_I_NO_VRFY 0x00200000 /* do not require authentication */
|
||||
#define TLS_I_KEY_OUNR 0x00400000 /* KEY must be o unreadable */
|
||||
#define TLS_I_KEY_OUNR 0x00400000 /* Key must be other unreadable */
|
||||
|
||||
/* require server cert */
|
||||
#define TLS_I_SRV_CERT (TLS_I_CERT_EX | TLS_I_KEY_EX | \
|
||||
@ -1821,18 +1826,18 @@ extern int endtls __P((SSL *, char *));
|
||||
extern void tlslogerr __P((char *));
|
||||
|
||||
|
||||
EXTERN char *CACERTpath; /* path to CA certificates (dir. with hashes) */
|
||||
EXTERN char *CACERTfile; /* file with CA certificate */
|
||||
EXTERN char *CltCERTfile; /* file with client certificate */
|
||||
EXTERN char *Cltkeyfile; /* file with client private key */
|
||||
EXTERN char *CACertPath; /* path to CA certificates (dir. with hashes) */
|
||||
EXTERN char *CACertFile; /* file with CA certificate */
|
||||
EXTERN char *CltCertFile; /* file with client certificate */
|
||||
EXTERN char *CltKeyFile; /* file with client private key */
|
||||
# if _FFR_TLS_1
|
||||
EXTERN char *CipherList; /* list of ciphers */
|
||||
EXTERN char *DHParams5; /* file with DH parameters (512) */
|
||||
# endif /* _FFR_TLS_1 */
|
||||
EXTERN char *DHParams; /* file with DH parameters */
|
||||
EXTERN char *RandFile; /* source of random data */
|
||||
EXTERN char *SrvCERTfile; /* file with server certificate */
|
||||
EXTERN char *Srvkeyfile; /* file with server private key */
|
||||
EXTERN char *SrvCertFile; /* file with server certificate */
|
||||
EXTERN char *SrvKeyFile; /* file with server private key */
|
||||
EXTERN unsigned long TLS_Srv_Opts; /* TLS server options */
|
||||
#endif /* STARTTLS */
|
||||
|
||||
@ -1904,6 +1909,14 @@ struct queue_char
|
||||
struct queue_char *queue_next;
|
||||
};
|
||||
|
||||
/* run_work_group() flags */
|
||||
#define RWG_NONE 0x0000
|
||||
#define RWG_FORK 0x0001
|
||||
#define RWG_VERBOSE 0x0002
|
||||
#define RWG_PERSISTENT 0x0004
|
||||
#define RWG_FORCE 0x0008
|
||||
#define RWG_RUNALL 0x0010
|
||||
|
||||
typedef struct queue_char QUEUE_CHAR;
|
||||
|
||||
EXTERN int volatile CurRunners; /* current number of runner children */
|
||||
@ -1949,7 +1962,7 @@ extern void quarantine_queue __P((char *, int));
|
||||
extern char *queuename __P((ENVELOPE *, int));
|
||||
extern void queueup __P((ENVELOPE *, bool, bool));
|
||||
extern bool runqueue __P((bool, bool, bool, bool));
|
||||
extern int run_work_group __P((int, bool, bool, bool, bool));
|
||||
extern int run_work_group __P((int, int));
|
||||
extern void set_def_queueval __P((QUEUEGRP *, bool));
|
||||
extern void setup_queues __P((bool));
|
||||
extern bool setnewqueue __P((ENVELOPE *));
|
||||
@ -2134,6 +2147,9 @@ EXTERN bool NoAlias; /* suppress aliasing */
|
||||
EXTERN bool NoConnect; /* don't connect to non-local mailers */
|
||||
EXTERN bool OnlyOneError; /* .... or only want to give one SMTP reply */
|
||||
EXTERN bool QuickAbort; /* .... but only if we want a quick abort */
|
||||
#if _FFR_REQ_DIR_FSYNC_OPT
|
||||
EXTERN bool RequiresDirfsync; /* requires fsync() for directory */
|
||||
#endif /* _FFR_REQ_DIR_FSYNC_OPT */
|
||||
EXTERN bool ResNoAliases; /* don't use $HOSTALIASES */
|
||||
EXTERN bool volatile RestartWorkGroup; /* daemon needs to restart some work groups */
|
||||
EXTERN bool RrtImpliesDsn; /* turn Return-Receipt-To: into DSN */
|
||||
@ -2194,6 +2210,9 @@ EXTERN int NumFileSys; /* number of queue file systems */
|
||||
|
||||
EXTERN int QueueLA; /* load average starting forced queueing */
|
||||
EXTERN int RefuseLA; /* load average refusing connections */
|
||||
#if _FFR_REJECT_LOG
|
||||
EXTERN time_t RejectLogInterval; /* time btwn log msgs while refusing */
|
||||
#endif /* _FFR_REJECT_LOG */
|
||||
EXTERN int SuperSafe; /* be extra careful, even if expensive */
|
||||
EXTERN int VendorCode; /* vendor-specific operation enhancements */
|
||||
EXTERN int Verbose; /* set if blow-by-blow desired */
|
||||
@ -2459,7 +2478,9 @@ extern void makeworkgroups __P((void));
|
||||
extern void mark_work_group_restart __P((int, int));
|
||||
extern char * munchstring __P((char *, char **, int));
|
||||
extern struct hostent *myhostname __P((char *, int));
|
||||
#if NISPLUS
|
||||
extern char *nisplus_default_domain __P((void)); /* extern for Sun */
|
||||
#endif /* NISPLUS */
|
||||
extern bool path_is_dir __P((char *, bool));
|
||||
extern int pickqdir __P((QUEUEGRP *qg, long fsize, ENVELOPE *e));
|
||||
extern char *pintvl __P((time_t, bool));
|
||||
@ -2508,6 +2529,9 @@ extern pid_t sm_wait __P((int *));
|
||||
extern bool split_by_recipient __P((ENVELOPE *e));
|
||||
extern void stop_sendmail __P((void));
|
||||
extern char *str2prt __P((char *));
|
||||
#if _FFR_STRIPBACKSL
|
||||
extern void stripbackslash __P((char *));
|
||||
#endif /* _FFR_STRIPBACKSL */
|
||||
extern bool strreplnonprt __P((char *, int));
|
||||
extern bool strcontainedin __P((bool, char *, char *));
|
||||
extern int switch_map_find __P((char *, char *[], short []));
|
||||
|
@ -9,7 +9,7 @@
|
||||
*/
|
||||
|
||||
#include <sm/gen.h>
|
||||
SM_RCSID("@(#)$Id: sfsasl.c,v 8.91.2.1 2002/08/27 01:35:17 ca Exp $")
|
||||
SM_RCSID("@(#)$Id: sfsasl.c,v 8.91.2.2 2002/09/12 21:07:50 ca Exp $")
|
||||
#include <stdlib.h>
|
||||
#include <sendmail.h>
|
||||
#include <errno.h>
|
||||
@ -177,7 +177,7 @@ sasl_read(fp, buf, size)
|
||||
int result;
|
||||
ssize_t len;
|
||||
# if SASL >= 20000
|
||||
const char *outbuf = NULL;
|
||||
static const char *outbuf = NULL;
|
||||
# else /* SASL >= 20000 */
|
||||
static char *outbuf = NULL;
|
||||
# endif /* SASL >= 20000 */
|
||||
@ -194,7 +194,11 @@ sasl_read(fp, buf, size)
|
||||
** if necessary.
|
||||
*/
|
||||
|
||||
# if SASL >= 20000
|
||||
while (outlen == 0)
|
||||
# else /* SASL >= 20000 */
|
||||
while (outbuf == NULL && outlen == 0)
|
||||
# endif /* SASL >= 20000 */
|
||||
{
|
||||
len = sm_io_read(so->fp, SM_TIME_DEFAULT, buf, size);
|
||||
if (len <= 0)
|
||||
|
@ -16,7 +16,7 @@
|
||||
# include <libmilter/mfdef.h>
|
||||
#endif /* MILTER */
|
||||
|
||||
SM_RCSID("@(#)$Id: srvrsmtp.c,v 8.829.2.4 2002/08/16 14:56:01 ca Exp $")
|
||||
SM_RCSID("@(#)$Id: srvrsmtp.c,v 8.829.2.17 2002/12/09 16:46:18 ca Exp $")
|
||||
|
||||
#if SASL || STARTTLS
|
||||
# include <sys/time.h>
|
||||
@ -218,6 +218,18 @@ static void smtp_data __P((SMTP_T *, ENVELOPE *));
|
||||
|
||||
#if MILTER
|
||||
# define MILTER_ABORT(e) milter_abort((e))
|
||||
|
||||
#if _FFR_MILTER_421
|
||||
# define MILTER_SHUTDOWN \
|
||||
if (strncmp(response, "421 ", 4) == 0) \
|
||||
{ \
|
||||
e->e_sendqueue = NULL; \
|
||||
goto doquit; \
|
||||
}
|
||||
#else /* _FFR_MILTER_421 */
|
||||
# define MILTER_SHUTDOWN
|
||||
#endif /* _FFR_MILTER_421 */
|
||||
|
||||
# define MILTER_REPLY(str) \
|
||||
{ \
|
||||
int savelogusrerrs = LogUsrErrs; \
|
||||
@ -233,6 +245,7 @@ static void smtp_data __P((SMTP_T *, ENVELOPE *));
|
||||
LogUsrErrs = false; \
|
||||
} \
|
||||
usrerr(response); \
|
||||
MILTER_SHUTDOWN \
|
||||
break; \
|
||||
\
|
||||
case SMFIR_REJECT: \
|
||||
@ -355,9 +368,9 @@ smtp(nullserver, d_flags, e)
|
||||
volatile unsigned int n_noop = 0; /* count of NOOP/VERB/etc */
|
||||
volatile unsigned int n_helo = 0; /* count of HELO/EHLO */
|
||||
bool ok;
|
||||
#if _FFR_ADAPTIVE_EOL
|
||||
#if _FFR_BLOCK_PROXIES || _FFR_ADAPTIVE_EOL
|
||||
volatile bool first;
|
||||
#endif /* _FFR_ADAPTIVE_EOL */
|
||||
#endif /* _FFR_BLOCK_PROXIES || _FFR_ADAPTIVE_EOL */
|
||||
volatile bool tempfail = false;
|
||||
volatile time_t wt; /* timeout after too many commands */
|
||||
volatile time_t previous; /* time after checksmtpattack() */
|
||||
@ -726,6 +739,23 @@ smtp(nullserver, d_flags, e)
|
||||
tempfail = true;
|
||||
smtp.sm_milterize = false;
|
||||
break;
|
||||
|
||||
#if _FFR_MILTER_421
|
||||
case SMFIR_SHUTDOWN:
|
||||
if (MilterLogLevel > 3)
|
||||
sm_syslog(LOG_INFO, e->e_id,
|
||||
"Milter: connect: host=%s, addr=%s, shutdown",
|
||||
peerhostname,
|
||||
anynet_ntoa(&RealHostAddr));
|
||||
tempfail = true;
|
||||
smtp.sm_milterize = false;
|
||||
message("421 4.7.0 %s closing connection",
|
||||
MyHostName);
|
||||
|
||||
/* arrange to ignore send list */
|
||||
e->e_sendqueue = NULL;
|
||||
goto doquit;
|
||||
#endif /* _FFR_MILTER_421 */
|
||||
}
|
||||
if (response != NULL)
|
||||
|
||||
@ -797,9 +827,9 @@ smtp(nullserver, d_flags, e)
|
||||
/* sendinghost's storage must outlive the current envelope */
|
||||
if (sendinghost != NULL)
|
||||
sendinghost = sm_strdup_x(sendinghost);
|
||||
#if _FFR_ADAPTIVE_EOL
|
||||
#if _FFR_BLOCK_PROXIES || _FFR_ADAPTIVE_EOL
|
||||
first = true;
|
||||
#endif /* _FFR_ADAPTIVE_EOL */
|
||||
#endif /* _FFR_BLOCK_PROXIES || _FFR_ADAPTIVE_EOL */
|
||||
gothello = false;
|
||||
smtp.sm_gotmail = false;
|
||||
for (;;)
|
||||
@ -851,7 +881,7 @@ smtp(nullserver, d_flags, e)
|
||||
MyHostName, CurSmtpClient);
|
||||
if (LogLevel > (smtp.sm_gotmail ? 1 : 19))
|
||||
sm_syslog(LOG_NOTICE, e->e_id,
|
||||
"lost input channel from %.100s to %s after %s",
|
||||
"lost input channel from %s to %s after %s",
|
||||
CurSmtpClient, d,
|
||||
(c == NULL || c->cmd_name == NULL) ? "startup" : c->cmd_name);
|
||||
/*
|
||||
@ -864,9 +894,36 @@ smtp(nullserver, d_flags, e)
|
||||
goto doquit;
|
||||
}
|
||||
|
||||
#if _FFR_ADAPTIVE_EOL
|
||||
#if _FFR_BLOCK_PROXIES || _FFR_ADAPTIVE_EOL
|
||||
if (first)
|
||||
{
|
||||
#if _FFR_BLOCK_PROXIES
|
||||
size_t inplen, cmdlen;
|
||||
int idx;
|
||||
char *http_cmd;
|
||||
static char *http_cmds[] = { "GET", "POST",
|
||||
"CONNECT", "USER", NULL };
|
||||
|
||||
inplen = strlen(inp);
|
||||
for (idx = 0; (http_cmd = http_cmds[idx]) != NULL;
|
||||
idx++)
|
||||
{
|
||||
cmdlen = strlen(http_cmd);
|
||||
if (cmdlen < inplen &&
|
||||
sm_strncasecmp(inp, http_cmd, cmdlen) == 0 &&
|
||||
isascii(inp[cmdlen]) && isspace(inp[cmdlen]))
|
||||
{
|
||||
/* Open proxy, drop it */
|
||||
message("421 4.7.0 %s Rejecting open proxy %s",
|
||||
MyHostName, CurSmtpClient);
|
||||
sm_syslog(LOG_INFO, e->e_id,
|
||||
"%s: probable open proxy: command=%.40s",
|
||||
CurSmtpClient, inp);
|
||||
goto doquit;
|
||||
}
|
||||
}
|
||||
#endif /* _FFR_BLOCK_PROXIES */
|
||||
#if _FFR_ADAPTIVE_EOL
|
||||
char *p;
|
||||
|
||||
smtp.sm_crlf = true;
|
||||
@ -878,13 +935,14 @@ smtp(nullserver, d_flags, e)
|
||||
{
|
||||
/* how many bad guys are there? */
|
||||
sm_syslog(LOG_INFO, NOQID,
|
||||
"%.100s did not use CRLF",
|
||||
"%s did not use CRLF",
|
||||
CurSmtpClient);
|
||||
}
|
||||
}
|
||||
#endif /* _FFR_ADAPTIVE_EOL */
|
||||
first = false;
|
||||
}
|
||||
#endif /* _FFR_ADAPTIVE_EOL */
|
||||
#endif /* _FFR_BLOCK_PROXIES || _FFR_ADAPTIVE_EOL */
|
||||
|
||||
/* clean up end of line */
|
||||
fixcrlf(inp, true);
|
||||
@ -900,7 +958,7 @@ smtp(nullserver, d_flags, e)
|
||||
*/
|
||||
|
||||
if (bitset(SRV_NO_PIPE, features) &&
|
||||
sm_io_getinfo(InChannel, SM_IO_IS_READABLE, NULL))
|
||||
sm_io_getinfo(InChannel, SM_IO_IS_READABLE, NULL) > 0)
|
||||
{
|
||||
if (++np_log < 3)
|
||||
sm_syslog(LOG_INFO, NOQID,
|
||||
@ -1054,7 +1112,7 @@ smtp(nullserver, d_flags, e)
|
||||
/* NULL pointer ok since it's our function */
|
||||
if (LogLevel > 8)
|
||||
sm_syslog(LOG_INFO, NOQID,
|
||||
"AUTH=server, relay=%.100s, authid=%.128s, mech=%.16s, bits=%d",
|
||||
"AUTH=server, relay=%s, authid=%.128s, mech=%.16s, bits=%d",
|
||||
CurSmtpClient,
|
||||
shortenstring(user, 128),
|
||||
auth_type, *ssf);
|
||||
@ -1250,7 +1308,7 @@ smtp(nullserver, d_flags, e)
|
||||
{
|
||||
if (LogLevel > 9)
|
||||
sm_syslog(LOG_INFO, e->e_id,
|
||||
"SMTP AUTH command (%.100s) from %.100s tempfailed (due to previous checks)",
|
||||
"SMTP AUTH command (%.100s) from %s tempfailed (due to previous checks)",
|
||||
p, CurSmtpClient);
|
||||
usrerr("454 4.7.1 Please try again later");
|
||||
break;
|
||||
@ -1419,7 +1477,7 @@ smtp(nullserver, d_flags, e)
|
||||
{
|
||||
if (LogLevel > 9)
|
||||
sm_syslog(LOG_INFO, e->e_id,
|
||||
"SMTP STARTTLS command (%.100s) from %.100s tempfailed (due to previous checks)",
|
||||
"SMTP STARTTLS command (%.100s) from %s tempfailed (due to previous checks)",
|
||||
p, CurSmtpClient);
|
||||
usrerr("454 4.7.1 Please try again later");
|
||||
break;
|
||||
@ -1533,6 +1591,22 @@ smtp(nullserver, d_flags, e)
|
||||
tv.tv_usec = 0;
|
||||
}
|
||||
|
||||
if (!timedout && FD_SETSIZE > 0 &&
|
||||
(rfd >= FD_SETSIZE ||
|
||||
(i == SSL_ERROR_WANT_WRITE &&
|
||||
wfd >= FD_SETSIZE)))
|
||||
{
|
||||
if (LogLevel > 5)
|
||||
{
|
||||
sm_syslog(LOG_ERR, NOQID,
|
||||
"STARTTLS=server, error: fd %d/%d too large",
|
||||
rfd, wfd);
|
||||
if (LogLevel > 8)
|
||||
tlslogerr("server");
|
||||
}
|
||||
goto tlsfail;
|
||||
}
|
||||
|
||||
/* XXX what about SSL_pending() ? */
|
||||
if (!timedout && i == SSL_ERROR_WANT_READ)
|
||||
{
|
||||
@ -1566,6 +1640,7 @@ smtp(nullserver, d_flags, e)
|
||||
if (LogLevel > 8)
|
||||
tlslogerr("server");
|
||||
}
|
||||
tlsfail:
|
||||
tls_ok_srv = false;
|
||||
SSL_free(srv_ssl);
|
||||
srv_ssl = NULL;
|
||||
@ -1723,7 +1798,7 @@ smtp(nullserver, d_flags, e)
|
||||
usrerr("501 Invalid domain name");
|
||||
if (LogLevel > 9)
|
||||
sm_syslog(LOG_INFO, CurEnv->e_id,
|
||||
"invalid domain name (too long) from %.100s",
|
||||
"invalid domain name (too long) from %s",
|
||||
CurSmtpClient);
|
||||
break;
|
||||
}
|
||||
@ -1757,7 +1832,7 @@ smtp(nullserver, d_flags, e)
|
||||
usrerr("501 Invalid domain name");
|
||||
if (LogLevel > 9)
|
||||
sm_syslog(LOG_INFO, CurEnv->e_id,
|
||||
"invalid domain name (%.100s) from %.100s",
|
||||
"invalid domain name (%s) from %.100s",
|
||||
p, CurSmtpClient);
|
||||
break;
|
||||
}
|
||||
@ -1943,7 +2018,7 @@ smtp(nullserver, d_flags, e)
|
||||
{
|
||||
if (LogLevel > 9)
|
||||
sm_syslog(LOG_INFO, e->e_id,
|
||||
"SMTP MAIL command (%.100s) from %.100s tempfailed (due to previous checks)",
|
||||
"SMTP MAIL command (%.100s) from %s tempfailed (due to previous checks)",
|
||||
p, CurSmtpClient);
|
||||
usrerr(MSG_TEMPFAIL);
|
||||
break;
|
||||
@ -2267,7 +2342,7 @@ smtp(nullserver, d_flags, e)
|
||||
n_badrcpts == BadRcptThrottle)
|
||||
{
|
||||
sm_syslog(LOG_INFO, e->e_id,
|
||||
"%.100s: Possible SMTP RCPT flood, throttling.",
|
||||
"%s: Possible SMTP RCPT flood, throttling.",
|
||||
CurSmtpClient);
|
||||
|
||||
/* To avoid duplicated message */
|
||||
@ -2479,7 +2554,7 @@ smtp(nullserver, d_flags, e)
|
||||
{
|
||||
if (LogLevel > 9)
|
||||
sm_syslog(LOG_INFO, e->e_id,
|
||||
"SMTP %s command (%.100s) from %.100s tempfailed (due to previous checks)",
|
||||
"SMTP %s command (%.100s) from %s tempfailed (due to previous checks)",
|
||||
vrfy ? "VRFY" : "EXPN",
|
||||
p, CurSmtpClient);
|
||||
|
||||
@ -2490,8 +2565,8 @@ smtp(nullserver, d_flags, e)
|
||||
wt = checksmtpattack(&n_verifies, MAXVRFYCOMMANDS,
|
||||
false, vrfy ? "VRFY" : "EXPN", e);
|
||||
previous = curtime();
|
||||
if (bitset(vrfy ? PRIV_NOVRFY : PRIV_NOEXPN,
|
||||
PrivacyFlags))
|
||||
if ((vrfy && bitset(PRIV_NOVRFY, PrivacyFlags)) ||
|
||||
(!vrfy && !bitset(SRV_OFFER_EXPN, features)))
|
||||
{
|
||||
if (vrfy)
|
||||
message("252 2.5.2 Cannot VRFY user; try RCPT to attempt delivery (or try finger)");
|
||||
@ -2499,7 +2574,7 @@ smtp(nullserver, d_flags, e)
|
||||
message("502 5.7.0 Sorry, we do not allow this operation");
|
||||
if (LogLevel > 5)
|
||||
sm_syslog(LOG_INFO, e->e_id,
|
||||
"%.100s: %s [rejected]",
|
||||
"%s: %s [rejected]",
|
||||
CurSmtpClient,
|
||||
shortenstring(inp, MAXSHORTSTR));
|
||||
break;
|
||||
@ -2514,7 +2589,7 @@ smtp(nullserver, d_flags, e)
|
||||
if (Errors > 0)
|
||||
break;
|
||||
if (LogLevel > 5)
|
||||
sm_syslog(LOG_INFO, e->e_id, "%.100s: %s",
|
||||
sm_syslog(LOG_INFO, e->e_id, "%s: %s",
|
||||
CurSmtpClient,
|
||||
shortenstring(inp, MAXSHORTSTR));
|
||||
SM_TRY
|
||||
@ -2594,7 +2669,7 @@ smtp(nullserver, d_flags, e)
|
||||
message("502 5.7.0 Sorry, we do not allow this operation");
|
||||
if (LogLevel > 5)
|
||||
sm_syslog(LOG_INFO, e->e_id,
|
||||
"%.100s: %s [rejected]",
|
||||
"%s: %s [rejected]",
|
||||
CurSmtpClient,
|
||||
shortenstring(inp, MAXSHORTSTR));
|
||||
break;
|
||||
@ -2603,7 +2678,7 @@ smtp(nullserver, d_flags, e)
|
||||
{
|
||||
if (LogLevel > 9)
|
||||
sm_syslog(LOG_INFO, e->e_id,
|
||||
"SMTP ETRN command (%.100s) from %.100s tempfailed (due to previous checks)",
|
||||
"SMTP ETRN command (%.100s) from %s tempfailed (due to previous checks)",
|
||||
p, CurSmtpClient);
|
||||
usrerr(MSG_TEMPFAIL);
|
||||
break;
|
||||
@ -2636,7 +2711,7 @@ smtp(nullserver, d_flags, e)
|
||||
|
||||
if (LogLevel > 5)
|
||||
sm_syslog(LOG_INFO, e->e_id,
|
||||
"%.100s: ETRN %s", CurSmtpClient,
|
||||
"%s: ETRN %s", CurSmtpClient,
|
||||
shortenstring(p, MAXSHORTSTR));
|
||||
|
||||
id = p;
|
||||
@ -2652,8 +2727,7 @@ smtp(nullserver, d_flags, e)
|
||||
id);
|
||||
break;
|
||||
}
|
||||
ok = run_work_group(wgrp, true, false,
|
||||
false, true);
|
||||
ok = run_work_group(wgrp, RWG_FORK|RWG_RUNALL);
|
||||
if (ok && Errors == 0)
|
||||
message("250 2.0.0 Queuing for queue group %s started", id);
|
||||
break;
|
||||
@ -2751,20 +2825,21 @@ doquit:
|
||||
*/
|
||||
|
||||
sm_syslog(LOG_INFO, e->e_id,
|
||||
"%.100s did not issue MAIL/EXPN/VRFY/ETRN during connection to %s",
|
||||
"%s did not issue MAIL/EXPN/VRFY/ETRN during connection to %s",
|
||||
CurSmtpClient, d);
|
||||
}
|
||||
#if PROFILING
|
||||
return;
|
||||
#endif /* PROFILING */
|
||||
if (tTd(93, 100))
|
||||
{
|
||||
/* return to handle next connection */
|
||||
return;
|
||||
}
|
||||
finis(true, true, ExitStat);
|
||||
/* NOTREACHED */
|
||||
|
||||
case CMDVERB: /* set verbose mode */
|
||||
DELAY_CONN("VERB");
|
||||
if (bitset(PRIV_NOEXPN, PrivacyFlags) ||
|
||||
!bitset(SRV_OFFER_VERB, features) ||
|
||||
bitset(PRIV_NOVERB, PrivacyFlags))
|
||||
if (!bitset(SRV_OFFER_EXPN, features) ||
|
||||
!bitset(SRV_OFFER_VERB, features))
|
||||
{
|
||||
/* this would give out the same info */
|
||||
message("502 5.7.0 Verbose unavailable");
|
||||
@ -2798,7 +2873,7 @@ doquit:
|
||||
DELAY_CONN("Bogus");
|
||||
if (LogLevel > 0)
|
||||
sm_syslog(LOG_CRIT, e->e_id,
|
||||
"\"%s\" command from %.100s (%.100s)",
|
||||
"\"%s\" command from %s (%.100s)",
|
||||
c->cmd_name, CurSmtpClient,
|
||||
anynet_ntoa(&RealHostAddr));
|
||||
/* FALLTHROUGH */
|
||||
@ -3289,7 +3364,7 @@ checksmtpattack(pcounter, maxcount, waitnow, cname, e)
|
||||
if (*pcounter == maxcount && LogLevel > 5)
|
||||
{
|
||||
sm_syslog(LOG_INFO, e->e_id,
|
||||
"%.100s: possible SMTP attack: command=%.40s, count=%u",
|
||||
"%s: possible SMTP attack: command=%.40s, count=%u",
|
||||
CurSmtpClient, cname, *pcounter);
|
||||
}
|
||||
s = 1 << (*pcounter - maxcount);
|
||||
@ -4014,8 +4089,8 @@ initsrvtls(tls_ok)
|
||||
return false;
|
||||
|
||||
/* do NOT remove assignment */
|
||||
tls_ok_srv = inittls(&srv_ctx, TLS_Srv_Opts, true, SrvCERTfile,
|
||||
Srvkeyfile, CACERTpath, CACERTfile, DHParams);
|
||||
tls_ok_srv = inittls(&srv_ctx, TLS_Srv_Opts, true, SrvCertFile,
|
||||
SrvKeyFile, CACertPath, CACertFile, DHParams);
|
||||
return tls_ok_srv;
|
||||
}
|
||||
#endif /* STARTTLS */
|
||||
@ -4039,21 +4114,21 @@ static struct
|
||||
} srv_feat_table[] =
|
||||
{
|
||||
{ 'A', SRV_OFFER_AUTH },
|
||||
{ 'B', SRV_OFFER_VERB },
|
||||
{ 'D', SRV_OFFER_DSN },
|
||||
{ 'E', SRV_OFFER_ETRN },
|
||||
{ 'L', SRV_REQ_AUTH }, /* not documented in 8.12 */
|
||||
{ 'B', SRV_OFFER_VERB }, /* FFR; not documented in 8.12 */
|
||||
{ 'D', SRV_OFFER_DSN }, /* FFR; not documented in 8.12 */
|
||||
{ 'E', SRV_OFFER_ETRN }, /* FFR; not documented in 8.12 */
|
||||
{ 'L', SRV_REQ_AUTH }, /* FFR; not documented in 8.12 */
|
||||
#if PIPELINING
|
||||
# if _FFR_NO_PIPE
|
||||
{ 'N', SRV_NO_PIPE },
|
||||
# endif /* _FFR_NO_PIPE */
|
||||
{ 'P', SRV_OFFER_PIPE },
|
||||
#endif /* PIPELINING */
|
||||
{ 'R', SRV_VRFY_CLT },
|
||||
{ 'R', SRV_VRFY_CLT }, /* FFR; not documented in 8.12 */
|
||||
{ 'S', SRV_OFFER_TLS },
|
||||
/* { 'T', SRV_TMP_FAIL }, */
|
||||
{ 'V', SRV_VRFY_CLT },
|
||||
{ 'X', SRV_OFFER_EXPN },
|
||||
{ 'X', SRV_OFFER_EXPN }, /* FFR; not documented in 8.12 */
|
||||
/* { 'Y', SRV_OFFER_VRFY }, */
|
||||
{ '\0', SRV_NONE }
|
||||
};
|
||||
|
@ -13,7 +13,7 @@
|
||||
|
||||
#include <sendmail.h>
|
||||
|
||||
SM_RCSID("@(#)$Id: sysexits.c,v 8.33 2001/09/11 04:05:17 gshapiro Exp $")
|
||||
SM_RCSID("@(#)$Id: sysexits.c,v 8.33.4.1 2002/09/09 02:42:37 gshapiro Exp $")
|
||||
|
||||
/*
|
||||
** DSNTOEXITSTAT -- convert DSN-style error code to EX_ style.
|
||||
@ -37,6 +37,10 @@ dsntoexitstat(dsncode)
|
||||
if (*dsncode == '4')
|
||||
return EX_TEMPFAIL;
|
||||
|
||||
/* reject other illegal values */
|
||||
if (*dsncode != '5')
|
||||
return EX_CONFIG;
|
||||
|
||||
/* now decode the other two field parts */
|
||||
if (*++dsncode == '.')
|
||||
dsncode++;
|
||||
@ -75,7 +79,8 @@ dsntoexitstat(dsncode)
|
||||
return EX_UNAVAILABLE;
|
||||
|
||||
case 5: /* Destination address valid */
|
||||
return EX_OK;
|
||||
/* According to RFC1893, this can't happen */
|
||||
return EX_CONFIG;
|
||||
}
|
||||
break;
|
||||
|
||||
@ -130,7 +135,7 @@ dsntoexitstat(dsncode)
|
||||
case 7: /* Security Status */
|
||||
return EX_DATAERR;
|
||||
}
|
||||
return EX_CONFIG;
|
||||
return EX_UNAVAILABLE;
|
||||
}
|
||||
/*
|
||||
** EXITSTAT -- convert EX_ value to error text.
|
||||
|
@ -10,7 +10,7 @@
|
||||
|
||||
#include <sendmail.h>
|
||||
|
||||
SM_RCSID("@(#)$Id: tls.c,v 8.79 2002/03/21 22:24:13 gshapiro Exp $")
|
||||
SM_RCSID("@(#)$Id: tls.c,v 8.79.4.1 2002/09/03 17:31:45 gshapiro Exp $")
|
||||
|
||||
#if STARTTLS
|
||||
# include <openssl/err.h>
|
||||
@ -326,21 +326,21 @@ tls_set_verify(ctx, ssl, vrfy)
|
||||
** [due to permissions]
|
||||
*/
|
||||
|
||||
# define TLS_S_NONE 0x00000000 /* none yet */
|
||||
# define TLS_S_CERT_EX 0x00000001 /* CERT file exists */
|
||||
# define TLS_S_CERT_OK 0x00000002 /* CERT file is ok */
|
||||
# define TLS_S_KEY_EX 0x00000004 /* KEY file exists */
|
||||
# define TLS_S_KEY_OK 0x00000008 /* KEY file is ok */
|
||||
# define TLS_S_CERTP_EX 0x00000010 /* CA CERT PATH exists */
|
||||
# define TLS_S_CERTP_OK 0x00000020 /* CA CERT PATH is ok */
|
||||
# define TLS_S_CERTF_EX 0x00000040 /* CA CERT FILE exists */
|
||||
# define TLS_S_CERTF_OK 0x00000080 /* CA CERT FILE is ok */
|
||||
# define TLS_S_NONE 0x00000000 /* none yet */
|
||||
# define TLS_S_CERT_EX 0x00000001 /* cert file exists */
|
||||
# define TLS_S_CERT_OK 0x00000002 /* cert file is ok */
|
||||
# define TLS_S_KEY_EX 0x00000004 /* key file exists */
|
||||
# define TLS_S_KEY_OK 0x00000008 /* key file is ok */
|
||||
# define TLS_S_CERTP_EX 0x00000010 /* CA cert path exists */
|
||||
# define TLS_S_CERTP_OK 0x00000020 /* CA cert path is ok */
|
||||
# define TLS_S_CERTF_EX 0x00000040 /* CA cert file exists */
|
||||
# define TLS_S_CERTF_OK 0x00000080 /* CA cert file is ok */
|
||||
|
||||
# if _FFR_TLS_1
|
||||
# define TLS_S_CERT2_EX 0x00001000 /* 2nd CERT file exists */
|
||||
# define TLS_S_CERT2_OK 0x00002000 /* 2nd CERT file is ok */
|
||||
# define TLS_S_KEY2_EX 0x00004000 /* 2nd KEY file exists */
|
||||
# define TLS_S_KEY2_OK 0x00008000 /* 2nd KEY file is ok */
|
||||
# define TLS_S_CERT2_EX 0x00001000 /* 2nd cert file exists */
|
||||
# define TLS_S_CERT2_OK 0x00002000 /* 2nd cert file is ok */
|
||||
# define TLS_S_KEY2_EX 0x00004000 /* 2nd key file exists */
|
||||
# define TLS_S_KEY2_OK 0x00008000 /* 2nd key file is ok */
|
||||
# endif /* _FFR_TLS_1 */
|
||||
|
||||
# define TLS_S_DH_OK 0x00200000 /* DH cert is ok */
|
||||
@ -545,9 +545,9 @@ inittls(ctx, req, srv, certfile, keyfile, cacertpath, cacertfile, dhparam)
|
||||
TLS_S_CERT_EX, srv);
|
||||
TLS_OK_F(keyfile, "KeyFile", bitset(TLS_I_KEY_EX, req),
|
||||
TLS_S_KEY_EX, srv);
|
||||
TLS_OK_F(cacertpath, "CACERTPath", bitset(TLS_I_CERTP_EX, req),
|
||||
TLS_OK_F(cacertpath, "CACertPath", bitset(TLS_I_CERTP_EX, req),
|
||||
TLS_S_CERTP_EX, srv);
|
||||
TLS_OK_F(cacertfile, "CACERTFile", bitset(TLS_I_CERTF_EX, req),
|
||||
TLS_OK_F(cacertfile, "CACertFile", bitset(TLS_I_CERTF_EX, req),
|
||||
TLS_S_CERTF_EX, srv);
|
||||
|
||||
# if _FFR_TLS_1
|
||||
|
@ -15,7 +15,7 @@
|
||||
#include <sm/debug.h>
|
||||
#include <sm/string.h>
|
||||
|
||||
SM_RCSID("@(#)$Id: trace.c,v 8.37 2001/09/11 04:05:17 gshapiro Exp $")
|
||||
SM_RCSID("@(#)$Id: trace.c,v 8.37.4.1 2002/12/05 17:28:05 ca Exp $")
|
||||
|
||||
static char *tTnewflag __P((char *));
|
||||
static char *tToldflag __P((char *));
|
||||
@ -204,7 +204,7 @@ void
|
||||
tTflag(s)
|
||||
register char *s;
|
||||
{
|
||||
if (*s == '\0')
|
||||
if (s == NULL || *s == '\0')
|
||||
s = DefFlags;
|
||||
|
||||
for (;;)
|
||||
|
@ -14,18 +14,15 @@
|
||||
#include <sendmail.h>
|
||||
|
||||
#if USERDB
|
||||
SM_RCSID("@(#)$Id: udb.c,v 8.153 2001/09/11 04:05:17 gshapiro Exp $ (with USERDB)")
|
||||
SM_RCSID("@(#)$Id: udb.c,v 8.153.4.4 2002/12/03 17:57:41 gshapiro Exp $ (with USERDB)")
|
||||
#else /* USERDB */
|
||||
SM_RCSID("@(#)$Id: udb.c,v 8.153 2001/09/11 04:05:17 gshapiro Exp $ (without USERDB)")
|
||||
SM_RCSID("@(#)$Id: udb.c,v 8.153.4.4 2002/12/03 17:57:41 gshapiro Exp $ (without USERDB)")
|
||||
#endif /* USERDB */
|
||||
|
||||
#if USERDB
|
||||
|
||||
# if NEWDB
|
||||
# include <db.h>
|
||||
# ifndef DB_VERSION_MAJOR
|
||||
# define DB_VERSION_MAJOR 1
|
||||
# endif /* ! DB_VERSION_MAJOR */
|
||||
# include "sm/bdb.h"
|
||||
# else /* NEWDB */
|
||||
# define DBT struct _data_base_thang_
|
||||
DBT
|
||||
@ -190,9 +187,9 @@ udbexpand(a, sendq, aliaslevel, e)
|
||||
int usersize;
|
||||
int userleft;
|
||||
char userbuf[MEMCHUNKSIZE];
|
||||
# if defined(HESIOD) && defined(HES_GETMAILHOST)
|
||||
# if HESIOD && HES_GETMAILHOST
|
||||
char pobuf[MAXNAME];
|
||||
# endif /* defined(HESIOD) && defined(HES_GETMAILHOST) */
|
||||
# endif /* HESIOD && HES_GETMAILHOST */
|
||||
# if defined(NEWDB) && DB_VERSION_MAJOR > 1
|
||||
DBC *dbc = NULL;
|
||||
# endif /* defined(NEWDB) && DB_VERSION_MAJOR > 1 */
|
||||
@ -996,12 +993,8 @@ _udbx_init(e)
|
||||
int ret;
|
||||
# endif /* DB_VERSION_MAJOR > 2 */
|
||||
|
||||
# if !HASFLOCK && defined(DB_FCNTL_LOCKING)
|
||||
flags |= DB_FCNTL_LOCKING;
|
||||
# endif /* !HASFLOCK && defined(DB_FCNTL_LOCKING) */
|
||||
|
||||
SM_DB_FLAG_ADD(flags);
|
||||
up->udb_dbp = NULL;
|
||||
|
||||
# if DB_VERSION_MAJOR > 2
|
||||
ret = db_create(&up->udb_dbp, NULL, 0);
|
||||
if (ret != 0)
|
||||
@ -1013,6 +1006,7 @@ _udbx_init(e)
|
||||
else
|
||||
{
|
||||
ret = up->udb_dbp->open(up->udb_dbp,
|
||||
DBTXN
|
||||
up->udb_dbname,
|
||||
NULL,
|
||||
DB_BTREE,
|
||||
|
@ -13,7 +13,7 @@
|
||||
|
||||
#include <sendmail.h>
|
||||
|
||||
SM_RCSID("@(#)$Id: usersmtp.c,v 8.437.2.5 2002/08/16 16:48:11 ca Exp $")
|
||||
SM_RCSID("@(#)$Id: usersmtp.c,v 8.437.2.8 2002/12/12 17:40:07 ca Exp $")
|
||||
|
||||
#include <sysexits.h>
|
||||
|
||||
@ -127,6 +127,7 @@ smtpinit(m, mci, e, onlyhelo)
|
||||
goto helo;
|
||||
|
||||
mci->mci_state = MCIS_OPENING;
|
||||
clrsessenvelope(e);
|
||||
|
||||
/*
|
||||
** Get the greeting message.
|
||||
@ -222,13 +223,20 @@ tryhelo:
|
||||
return;
|
||||
}
|
||||
|
||||
#if !_FFR_DEPRECATE_MAILER_FLAG_I
|
||||
/*
|
||||
** If this is expected to be another sendmail, send some internal
|
||||
** commands.
|
||||
*/
|
||||
|
||||
if (bitnset(M_INTERNAL, m->m_flags))
|
||||
if (false
|
||||
# if !_FFR_DEPRECATE_MAILER_FLAG_I
|
||||
|| bitnset(M_INTERNAL, m->m_flags)
|
||||
# endif /* !_FFR_DEPRECATE_MAILER_FLAG_I */
|
||||
# if _FFR_MSP_VERBOSE
|
||||
/* If we're running as MSP, "propagate" -v flag if possible. */
|
||||
|| (UseMSP && Verbose && bitset(MCIF_VERB, mci->mci_flags))
|
||||
# endif /* _FFR_MSP_VERBOSE */
|
||||
)
|
||||
{
|
||||
/* tell it to be verbose */
|
||||
smtpmessage("VERB", m, mci);
|
||||
@ -236,7 +244,6 @@ tryhelo:
|
||||
if (r < 0)
|
||||
goto tempfail1;
|
||||
}
|
||||
#endif /* !_FFR_DEPRECATE_MAILER_FLAG_I */
|
||||
|
||||
if (mci->mci_state != MCIS_CLOSED)
|
||||
{
|
||||
@ -453,6 +460,8 @@ helo_options(line, firstline, m, mci, e)
|
||||
mci->mci_flags |= MCIF_ENHSTAT;
|
||||
else if (sm_strcasecmp(line, "pipelining") == 0)
|
||||
mci->mci_flags |= MCIF_PIPELINED;
|
||||
else if (sm_strcasecmp(line, "verb") == 0)
|
||||
mci->mci_flags |= MCIF_VERB;
|
||||
#if STARTTLS
|
||||
else if (sm_strcasecmp(line, "starttls") == 0)
|
||||
mci->mci_flags |= MCIF_TLS;
|
||||
@ -2261,7 +2270,7 @@ smtprcpt(to, m, mci, e, ctladdr, xstart)
|
||||
*/
|
||||
|
||||
while (mci->mci_nextaddr != NULL &&
|
||||
sm_io_getinfo(mci->mci_in, SM_IO_IS_READABLE, NULL))
|
||||
sm_io_getinfo(mci->mci_in, SM_IO_IS_READABLE, NULL) > 0)
|
||||
{
|
||||
int r;
|
||||
|
||||
@ -2668,7 +2677,7 @@ smtpdata(m, mci, e, ctladdr, xstart)
|
||||
#endif /* PIPELINING */
|
||||
|
||||
#if _FFR_CATCH_BROKEN_MTAS
|
||||
if (sm_io_getinfo(mci->mci_in, SM_IO_IS_READABLE, NULL))
|
||||
if (sm_io_getinfo(mci->mci_in, SM_IO_IS_READABLE, NULL) > 0)
|
||||
{
|
||||
/* terminate the message */
|
||||
(void) sm_io_fprintf(mci->mci_out, SM_TIME_DEFAULT, ".%s",
|
||||
|
@ -13,7 +13,7 @@
|
||||
|
||||
#include <sendmail.h>
|
||||
|
||||
SM_RCSID("@(#)$Id: util.c,v 8.363.2.1 2002/06/21 20:25:25 ca Exp $")
|
||||
SM_RCSID("@(#)$Id: util.c,v 8.363.2.5 2002/12/12 22:50:41 ca Exp $")
|
||||
|
||||
#include <sysexits.h>
|
||||
#include <sm/xtrap.h>
|
||||
@ -67,6 +67,38 @@ addquotes(s, rpool)
|
||||
*q = '\0';
|
||||
return r;
|
||||
}
|
||||
|
||||
#if _FFR_STRIPBACKSL
|
||||
/*
|
||||
** STRIPBACKSLASH -- Strip leading backslash from a string.
|
||||
**
|
||||
** This is done in place.
|
||||
**
|
||||
** Parameters:
|
||||
** s -- the string to strip.
|
||||
**
|
||||
** Returns:
|
||||
** none.
|
||||
*/
|
||||
|
||||
void
|
||||
stripbackslash(s)
|
||||
char *s;
|
||||
{
|
||||
char *p, *q, c;
|
||||
|
||||
if (s == NULL || *s == '\0')
|
||||
return;
|
||||
p = q = s;
|
||||
while (*p == '\\' && (p[1] == '\\' || (isascii(p[1]) && isalnum(p[1]))))
|
||||
p++;
|
||||
do
|
||||
{
|
||||
c = *q++ = *p++;
|
||||
} while (c != '\0');
|
||||
}
|
||||
#endif /* _FFR_STRIPBACKSL */
|
||||
|
||||
/*
|
||||
** RFC822_STRING -- Checks string for proper RFC822 string quoting.
|
||||
**
|
||||
|
@ -13,6 +13,6 @@
|
||||
|
||||
#include <sm/gen.h>
|
||||
|
||||
SM_RCSID("@(#)$Id: version.c,v 8.104.2.5 2002/08/24 16:27:21 ca Exp $")
|
||||
SM_RCSID("@(#)$Id: version.c,v 8.104.2.11 2002/12/28 19:45:53 ca Exp $")
|
||||
|
||||
char Version[] = "8.12.6";
|
||||
char Version[] = "8.12.7";
|
||||
|
@ -20,7 +20,7 @@ SM_IDSTR(copyright,
|
||||
The Regents of the University of California. All rights reserved.\n\
|
||||
Copyright (c) 1983 Eric P. Allman. All rights reserved.\n")
|
||||
|
||||
SM_IDSTR(id, "@(#)$Id: vacation.c,v 8.137.2.1 2002/08/15 16:23:08 gshapiro Exp $")
|
||||
SM_IDSTR(id, "@(#)$Id: vacation.c,v 8.137.2.2 2002/11/01 16:48:55 ca Exp $")
|
||||
|
||||
|
||||
#include <ctype.h>
|
||||
@ -1095,7 +1095,7 @@ listdb()
|
||||
char *timestamp;
|
||||
|
||||
/* skip magic VIT entry */
|
||||
if ((int)db_key.size - 1 == strlen(VIT) &&
|
||||
if (db_key.size == strlen(VIT) + 1 &&
|
||||
strncmp((char *)db_key.data, VIT,
|
||||
(int)db_key.size - 1) == 0)
|
||||
continue;
|
||||
|
Loading…
x
Reference in New Issue
Block a user