78d9d5927f
A seperate commit to fix the conflicts wil follow.
2647 lines
124 KiB
Plaintext
2647 lines
124 KiB
Plaintext
SENDMAIL RELEASE NOTES
|
|
@(#)RELEASE_NOTES 8.6.12.1 (Berkeley) 3/28/95
|
|
|
|
This listing shows the version of the sendmail binary, the version
|
|
of the sendmail configuration files, the date of release, and a
|
|
summary of the changes in that release.
|
|
|
|
8.6.12/8.6.12 95/03/28
|
|
Fix to IDENT code (it was getting the size of the reply buffer
|
|
too small, so nothing was ever accepted). Fix from several
|
|
people, including Allan Johannesen, Shane Castle of the
|
|
Boulder County Information Services, and Jeff Smith of
|
|
Warwick University (all arrived within a few hours of
|
|
each other!).
|
|
Fix a problem that could cause large jobs to run out of
|
|
file descriptors on systems that use vfork() rather
|
|
than fork().
|
|
|
|
8.6.11/8.6.11 95/03/08
|
|
The ``possible attack'' message would be logged more often
|
|
than necessary if you are using Pine as a user agent.
|
|
The wrong host would be reported in the ``possible attack''
|
|
message when attempted from IDENT.
|
|
In some cases the syslog buffer could be overflowed when
|
|
reporting the ``possible attack'' message. This can
|
|
cause denial of service attacks. Truncate the message
|
|
to 80 characters to prevent this problem.
|
|
When reading the IDENT response a loop is needed around the
|
|
read from the network to ensure that you don't get
|
|
partial lines.
|
|
Password entries without any shell listed (that is, a null
|
|
shell) wouldn't match as "ok". Problem noted by
|
|
Rob McMahon.
|
|
When running BIND 4.9.x a problem could occur because the
|
|
_res.options field is initialized differently than it
|
|
was historically -- this requires that sendmail call
|
|
res_init before it tweaks any bits.
|
|
Fix an incompatibility in openxscript() between the file open mode
|
|
and the stdio mode passed to fdopen. This caused UnixWare
|
|
2.0 to have conniptions. Fix from Martin Sohnius of
|
|
Novell Labs Europe.
|
|
Fix problem with static linking of local getopt routine when
|
|
using GNU's ld command. Fix from John Kennedy of
|
|
Cal State Chico.
|
|
It was possible to turn off privacy flags. Problem noted by
|
|
*Hobbit*.
|
|
Be more paranoid about writing files. Suggestions by *Hobbit*
|
|
and Liudvikas Bukys.
|
|
MAKEMAP: fixes for 64 bit machines (DEC Alphas in particular)
|
|
from Spider Boardman.
|
|
CONFIG: No changes (version number only, to keep it in sync
|
|
with the binaries).
|
|
|
|
8.6.10/8.6.10 95/02/10
|
|
SECURITY: Diagnose bogus values to some command line flags that
|
|
could allow trash to get into headers and qf files.
|
|
Validate the name of the user returned by the IDENT protocol.
|
|
Some systems that really dislike IDENT send intentionally
|
|
bogus information. Problem pointed out by Michael Bushnell
|
|
of the Free Software Foundation. Has some security
|
|
implications.
|
|
Fix a problem causing error messages about DNS problems when
|
|
the host name contained a percent sign to act oddly
|
|
because it was passed as a printf-style format string.
|
|
In some cases this could cause core dumps.
|
|
Avoid possible buffer overrun in returntosender() if error
|
|
message is quite ling. From Fletcher Mattox of the
|
|
University of Texas.
|
|
Fix a problem that would silently drop "too many hops" error
|
|
messages if and only if you were sending to an alias.
|
|
From Jon Giltner of the University of Colorado and
|
|
Dan Harton of Oak Ridge National Laboratory.
|
|
Fix a bug that caused core dumps on some systems if -d11.2 was
|
|
set and e->e_message was null. Fix from Bruce Nagel of
|
|
Data General.
|
|
Fix problem that can still cause df files to be left around
|
|
after "hop count exceeded" messages. Fix from Andrew
|
|
Chang and Shau-Ping Lo of SunSoft.
|
|
Fix a problem that can cause buffer overflows on very long
|
|
user names (as might occur if you piped to a program
|
|
with a lot of arguments).
|
|
Avoid returning an error and re-queueing if the host signature
|
|
is null; this can occur on addresses like ``user@.''.
|
|
Problem noted by Wesley Craig and the University of
|
|
Michigan.
|
|
Avoid possible calls to malloc(0) if MCI caching is turned
|
|
off. Bug fix from Pierre David of the Laboratoire
|
|
Parallelisme, Reseaux, Systemes et Modelisation (PRiSM),
|
|
Universite de Versailles - St Quentin, and Jacky
|
|
Thibault.
|
|
Make a local copy of the line being sent via senttolist() -- in
|
|
some cases, buffers could get trashed by map lookups
|
|
causing it to do unexpected things. This also simplifies
|
|
some of the map code.
|
|
CONFIG: No changes (version number only, to keep it in sync
|
|
with the binaries).
|
|
|
|
8.6.9/8.6.9 94/04/19
|
|
Do all mail delivery completely disconnected from any terminal.
|
|
This provides consistency with daemon delivery and
|
|
may have some security implications.
|
|
Make sure that malloc doesn't get called with zero size,
|
|
since that fails on some systems. Reported by Ed
|
|
Hill of the University of Iowa.
|
|
Fix multi-line values for $e (SMTP greeting message). Reported
|
|
by Mike O'Connor of Ford Motor Company.
|
|
Avoid syserr if no NIS domain name is defined, but the map it
|
|
is trying to open is optional. From Win Bent of USC.
|
|
Changes for picky compilers from Ed Gould of Digital Equipment.
|
|
Hesiod support for UDB from Todd Miller of the University of
|
|
Colorado. Use "hesiod" as the service name in the U
|
|
option.
|
|
Fix a problem that failed to set the "authentic" host name (that
|
|
is, the one derived from the socket info) if you called
|
|
sendmail -bs from inetd. Based on code contributed by
|
|
Todd Miller (this problem was also reported by Guy Helmer
|
|
of Dakota State University). This also fixes a related
|
|
problem reported by Liudvikas Bukys of the University of
|
|
Rochester.
|
|
Parameterize "nroff -h" in all the Makefiles so people with
|
|
variant versions can use them easily. Suggested by
|
|
Peter Collinson of Hillside Systems.
|
|
SMTP "MAIL" commands with multiple ESMTP parameters required two
|
|
spaces between parameters instead of one. Reported by
|
|
Valdis Kletnieks of Virginia Tech.
|
|
Reduce the number of system calls during message collection by
|
|
using global timeouts around the collect() loop. This
|
|
code was contributed by Eric Wassenaar.
|
|
If the initial hostname name gathering results in a name
|
|
without a dot (usually caused by NIS misconfiguration)
|
|
and BIND is compiled in, directly access DNS to get
|
|
the canonical name. This should make life easier for
|
|
Solaris systems. If it still can't be resolved, and
|
|
if the name server is listed as "required", try again
|
|
in 30 seconds. If that also fails, exit immediately to
|
|
avoid bogus "config error: mail loops back to myself"
|
|
messages.
|
|
Improve the "MAIL DELETED BECAUSE OF LACK OF DISK SPACE" error
|
|
message to explain how much space was available and
|
|
sound a bit less threatening. Suggested by Stan Janet
|
|
of the National Institute of Standards and Technology.
|
|
If mail is delivered to an alias that has an owner, deliver any
|
|
requested return-receipt immediately, and strip the
|
|
Return-Receipt-To: header from the subsequent message.
|
|
This prevents a certain class of denial of service
|
|
attack, arguably gives more reasonable semantics, and
|
|
moves things more towards what will probably become a
|
|
network standard. Suggested by Christopher Davis of
|
|
Kapor Enterprises.
|
|
Add a "noreceipts" privacy flag to turn off all return receipts
|
|
without recompiling.
|
|
Avoid printing ESMTP parameters as part of the error message
|
|
if there are errors during parsing. This change is
|
|
purely cosmetic.
|
|
Avoid sending out error messages during the collect phase of
|
|
SMTP; there is an MVS mailer from UCLA that gets
|
|
confused by this. Of course, I think it's their bug....
|
|
Check for the $j macro getting undefined, losing a dot, or getting
|
|
lost from $=w in the daemon before accepting a connection;
|
|
if it is, it dumps state, prints a LOG_ALERT message,
|
|
and drops core for debugging. This is an attempt to
|
|
track down a bug that I thought was long since gone.
|
|
If you see this, please forward the log fragment to
|
|
sendmail@CS.Berkeley.EDU.
|
|
Change OLD_NEWDB from a #ifdef to a #if so it can be turned off
|
|
with -DOLD_NEWDB=0 on the command line. From Christophe
|
|
Wolfhugel.
|
|
Instead of trying to truncate the listen queue for the server
|
|
SMTP port when the load average is too high, just close
|
|
the port completely and reopen it later as needed.
|
|
This ensures that the other end gets a quick "connection
|
|
refused" response, and that the connection can be
|
|
recovered later. In particular, some socket emulations
|
|
seem to get confused if you tweak the listen queue
|
|
size around and can never start listening to connections
|
|
again. The down side is that someone could start up
|
|
another daemon process in the interim, so you could
|
|
have multiple daemons all not listening to connections;
|
|
this could in turn cause the sendmail.pid file to be
|
|
incorrect. A better approach might be to accept the
|
|
connection and give a 421 code, but that could break
|
|
other mailers in mysterious ways and have paging behaviour
|
|
implications.
|
|
Fix a glitch in TCP-level debugging that caused flag 16.101 to
|
|
set debugging on the wrong socket. From Eric Wassenaar.
|
|
When creating a df* temporary file, be sure you truncate any
|
|
existing data in the file -- otherwise system crashes
|
|
and the like could result in extra data being sent.
|
|
DOC: Replace the CHANGES-R5-R8 readme file with a paper in the
|
|
doc directory. This includes some additional
|
|
information.
|
|
CONFIG: change UUCP rules to never add $U! or $k! on the front
|
|
of recipient envelope addresses. This should have been
|
|
handled by the $&h trick, but broke if people were
|
|
mixing domainized and UUCP addresses. They should
|
|
probably have converted all the way over to uucp-uudom
|
|
instead of uucp-{new,old}, but the failure mode was to
|
|
loop the mail, which was bad news.
|
|
Portability fixes:
|
|
Newer BSDI systems (several people).
|
|
Older BSDI systems from Christophe Wolfhugel.
|
|
Intergraph CLIX, from Paul Southworth of CICNet.
|
|
UnixWare, from Evan Champion.
|
|
NetBSD from Adam Glass.
|
|
Solaris from Quentin Campbell of the University of
|
|
Newcastle upon Tyne.
|
|
IRIX from Dean Cookson and Bill Driscoll of Mitre
|
|
Corporation.
|
|
NCR 3000 from Kevin Darcy of Chrysler Corporation.
|
|
SunOS (it has setsid() and setvbuf() calls) from
|
|
Jonathan Kamens of OpenVision Technologies.
|
|
HP-UX from Tor Lillqvist.
|
|
New Files:
|
|
src/Makefile.CLIX
|
|
src/Makefile.NCR3000
|
|
doc/changes/Makefile
|
|
doc/changes/changes.me
|
|
doc/changes/changes.ps
|
|
|
|
8.6.8/8.6.6 94/03/21
|
|
SECURITY: it was possible to read any file as root using the
|
|
E (error message) option. Reported by Richard Jones;
|
|
fixed by Michael Corrigan and Christophe Wolfhugel.
|
|
|
|
8.6.7/8.6.6 94/03/14
|
|
SECURITY: it was possible to get root access by using wierd
|
|
values to the -d flag. Thanks to Alain Durand of
|
|
INRIA for forwarding me the notice from the bugtraq
|
|
list.
|
|
|
|
8.6.6/8.6.6 94/03/13
|
|
SECURITY: the ability to give files away on System V-based
|
|
systems proved dangerous -- don't run as the owner
|
|
of a :include: file on a system that allows giveaways.
|
|
Unfortunately, this also applies to determining a
|
|
valid shell.
|
|
IMPORTANT: Previous versions weren't expiring old connections
|
|
in the connection cache for a long time under some
|
|
circumstances. This could result in resource exhaustion,
|
|
both at your end and at the other end. This checks the
|
|
connections for timeouts much more frequently. From
|
|
Doug Anderson of NCSC.
|
|
Fix a glitch that snuck in that caused programs to be run as
|
|
the sender instead of the recipient if the mail was
|
|
from a local user to another local user. From
|
|
Motonori Nakamura of Kyoto University.
|
|
Fix "wildcard" on /etc/shell matching -- instead of looking
|
|
for "*", look for "/SENDMAIL/ANY/SHELL/". From
|
|
Bryan Costales of ICSI.
|
|
Change the method used to declare the "statfs" availability;
|
|
instead of HASSTATFS and/or HASUSTAT with a ton of
|
|
tweaking in conf.c, there is a single #define called
|
|
SFS_TYPE which takes on one of six values (SFS_NONE
|
|
for no statfs availability, SFS_USTAT for the ustat(2)
|
|
syscall, SFS_4ARGS for a four argument statfs(2) call,
|
|
and SFS_VFS, SFS_MOUNT, or SFS_STATFS for a two argument
|
|
statfs(2) call with the declarations in <sys/vfs.h>,
|
|
<sys/mount.h>, or <sys/statfs.h> respectively).
|
|
Fix glitch in NetInfo support that could return garbage if
|
|
there was no "/locations/sendmail" property. From
|
|
David Meyer of the University of Virginia.
|
|
Change HASFLOCK from defined/not-defined to a 0/1 definition
|
|
to allow Linux to turn it off even though it is a
|
|
BSD-like system.
|
|
Allow setting of "ident" timeout to zero to turn off the ident
|
|
protocol entirely.
|
|
Make 7-bit stripping local to a connection (instead of to a
|
|
mailer); this allows you to specify that SMTP is a
|
|
7-bit channel, but revert to 8-bit should it advertise
|
|
that it supports 8BITMIME. You still have to specify
|
|
mailer flag 7 to get this stripping at all.
|
|
Improve makesendmail script so it handles more cases automatically.
|
|
Tighten up restrictions on taking ownership of :include: files
|
|
to avoid problems on systems that allow you to give away
|
|
files.
|
|
Fix a problem that made it impossible to rebuild the alias
|
|
file if it was on a read-only file system. From
|
|
Harry Edmon of the University of Washington.
|
|
Improve MX randomization function. From John Gardiner Myers
|
|
of CMU.
|
|
Fix a minor glitch causing a bogus message to be printed (used
|
|
%s instead of %d in a printf string for the line number)
|
|
when a bad queue file was read. From Harry Edmon.
|
|
Allow $s to remain NULL on locally generated mail. I'm not
|
|
sure this is necessary, but a lot of people have complained
|
|
about it, and there is a legitimate question as to whether
|
|
"localhost" is legal as an 822-style domain.
|
|
Fix a problem with very short line lengths (mailer L= flag) in
|
|
headers. This causes a leading space to be added onto
|
|
continuation lines (including in the body!), and also
|
|
tries to wrap headers containing addresses (From:, To:,
|
|
etc) intelligently at the shorter line lengths. Problem
|
|
Reported by Lars-Johan Liman of SUNET Operations Center.
|
|
Log the real user name when logging syserrs, since these can have
|
|
security implications. Suggested by several people.
|
|
Fix address logging of cached connections -- it used to always
|
|
log the numeric address as zero. This is a somewhat
|
|
bogus implementation in that it does an extra system
|
|
call, but it should be an inexpensive one. Fix from
|
|
Motonori Nakamura.
|
|
Tighten up handling of short syslog buffers even more -- there
|
|
were cases where the outgoing relay= name was too long
|
|
to share a line with delay= and mailer= logging.
|
|
Limit the overhead on split envelopes to one open file descriptor
|
|
per envelope -- previously the overhead was three
|
|
descriptors. This was in response to a problem reported
|
|
by P{r (Pell) Emanuelsson.
|
|
Fixes to better handle the case of unexpected connection closes;
|
|
this redirects the output to the transcript so the info
|
|
is not lost. From Eric Wassenaar.
|
|
Fix potential string overrun if you macro evaluate a string that
|
|
has a naked $ at the end. Problem noted by James Matheson
|
|
<jmrm@eng.cam.ac.uk>.
|
|
Make default error number on $#error messages 553 (``Requested
|
|
action not taken: mailbox name not allowed'') instead of
|
|
501 (``Syntax error in parameters or arguments'') to
|
|
avoid bogus "protocol error" messages.
|
|
Strip off any existing trailing dot on names during $[ ... $]
|
|
lookup. This prevents it from ending up with two dots
|
|
on the end of dot terminated names. From Wesley Craig
|
|
of the University of Michigan and Bryan Costales of ICSI.
|
|
Clean up file class reading so that the debugging information is
|
|
more informative. It hadn't been using setclass, so you
|
|
didn't see the class items being added.
|
|
Avoid core dump if you are running a version of sendmail where
|
|
NIS is compiled in, and you specify an NIS map, but
|
|
NIS is not running. Fix from John Oleynick of
|
|
Rutgers.
|
|
Diagnose bizarre case where res_search returns a failure value,
|
|
but sets h_errno to a success value.
|
|
Make sure that "too many hops" messages are considered important
|
|
enough to send an error to the Postmaster (that is, the
|
|
address specified in the P option). This fix should
|
|
help problems that cause the df file to be left around
|
|
sometimes -- unfortunately, I can't seem to reproduce
|
|
the problem myself.
|
|
Avoid core dump (null pointer reference) on EXPN command; this
|
|
only occurred if your log level was set to 10 or higher
|
|
and the target account was an alias or had a .forward file.
|
|
Problem noted by Janne Himanka.
|
|
Avoid "denial of service" attacks by someone who is flooding your
|
|
SMTP port with bad commands by shutting the connection
|
|
after 25 bad commands are issued. From Kyle Jones of
|
|
UUNET.
|
|
Fix core dump on error messages with very long "to" buffers;
|
|
fmtmsg overflows the message buffer. Fixed by trimming
|
|
the to address to 203 characters. Problem reported by
|
|
John Oleynick.
|
|
Fix configuration for HASFLOCK -- there were some spots where
|
|
a #ifndef was incorrectly #ifdef. Pointed out by
|
|
George Baltz of the University of Maryland.
|
|
Fix a typo in savemail() that could cause the error message To:
|
|
lists to be incorrect in some places. From Motonori
|
|
Nakamura.
|
|
Fix a glitch that can cause duplicate error messages on split
|
|
envelopes where an address on one of the lists has a
|
|
name server failure. Fix from Voradesh Yenbut of the
|
|
University of Washington.
|
|
Fix possible bogus pointer reference on ESMTP parameters that
|
|
don't have an ``=value'' part.
|
|
CNAME loops caused an error message to be generated, but also
|
|
re-queued the message. Changed to just re-queue the
|
|
message (it's really hard to just bounce it because
|
|
of the wierd way the name server works in the presence
|
|
of CNAME loops). Problem noted by James M.R.Matheson
|
|
of Cambridge University.
|
|
Avoid giving ``warning: foo owned process doing -bs'' messages
|
|
if they use ``MAIL FROM:<foo>'' where foo is their true
|
|
user name. Suggested by Andreas Stolcke of ICSI.
|
|
Change the NAMED_BIND compile flag to be a 0/1 flag so you can
|
|
override it easily in the Makefile -- that is, you can
|
|
turn it off using -DNAMED_BIND=0.
|
|
If a gethostbyname(...) of an address with a trailing dot fails,
|
|
try it without the trailing dot. This is because if
|
|
you have a version of gethostbyname() that falls back
|
|
to NIS or the /etc/hosts file it will fail to find
|
|
perfectly reasonable names that just don't happen to
|
|
be dot terminated in the hosts file. You don't want to
|
|
strip the dot first though because we're trying to ensure
|
|
that country names that match one of your subdomains get
|
|
a chance.
|
|
PRALIASES: fix bogus output on non-null-terminated strings.
|
|
From Bill Gianopoulos of Raytheon.
|
|
CONFIG: Avoid rewriting anything that matches $w to be $j.
|
|
This was in code intended to only catch the self-literal
|
|
address (that is, [1.2.3.4], where 1.2.3.4 is your
|
|
IP address), but the code was broken. However, it will
|
|
still do this if $M is defined; this is necessary to
|
|
get client configurations to work (sigh). Note that this
|
|
means that $M overrides :mailname entries in the user
|
|
database! Problem noted by Paul Southworth.
|
|
CONFIG: Fix definition of Solaris help file location. From
|
|
Steve Cliffe <steve@gorgon.cs.uow.edu.au>.
|
|
CONFIG: Fix bug that broke news.group.USENET mappings.
|
|
CONFIG: Allow declaration of SMTP_MAILER_MAX, FAX_MAILER_MAX,
|
|
and USENET_MAILER_MAX to tweak the maximum message
|
|
size for various mailers.
|
|
CONFIG: Change definition of USENET_MAILER_ARGS to include argv[0]
|
|
instead of assuming that it is "inews" for consistency
|
|
with other mailers. From Michael Corrigan of UC San Diego.
|
|
CONFIG: When mail is forwarded to a LOCAL_RELAY or a MAIL_HUB,
|
|
qualify the address in the SMTP envelope as user@{relay|hub}
|
|
instead of user@$j. From Bill Wisner of The Well.
|
|
CONFIG: Fix route-addr syntax in nullrelay configuration set.
|
|
CONFIG: Don't turn off case mapping of user names in the local
|
|
mailer for IRIX. This was different than most every other
|
|
system.
|
|
CONFIG: Avoid infinite loops on certainly list:; syntaxes in
|
|
envelope. Noted by Thierry Besancon
|
|
<besancon@excalibur.ens.fr>.
|
|
CONFIG: Don't include -z by default on uux line -- most systems
|
|
don't want it set by default. Pointed out by Philippe
|
|
Michel of Thomson CSF.
|
|
CONFIG: Fix some bugs with mailertables -- for example, if your
|
|
host name was foo.bar.ray.com and you matched against
|
|
".ray.com", the old implementation bound %1 to "bar"
|
|
instead of "foo.bar". Also, allow "." in the mailertable
|
|
to match anything -- essentially, take over SMART_HOST.
|
|
This also moves matching of explicit local host names
|
|
before the mailertable so they don't have to be special
|
|
cased in the mailertable data. Reported by Bill
|
|
Gianopoulos of Raytheon; the fix for the %1 binding
|
|
problem was contributed by Nicholas Comanos of the
|
|
University of Sydney.
|
|
CONFIG: Don't include "root" in class $=L (users to deliver
|
|
locally, even if a hub or relay exists) by default.
|
|
This is because of the known bug where definition of
|
|
both a LOCAL_RELAY and a MAIL_HUB causes $=L to ignore
|
|
both and deliver into the local mailbox.
|
|
CONFIG: Move up bitdomain and uudomain handling so that they
|
|
are done before .UUCP class matching; uudomain was
|
|
reported as ineffective before. This also frees up
|
|
diversion 8 for future use. Problem reported by Kimmo
|
|
Suominen.
|
|
CONFIG: Don't try to convert dotted IP address (e.g., [1.2.3.4])
|
|
into host names. As pointed out by Jonathan Kamens,
|
|
these are often used because either the forward or reverse
|
|
mapping is broken; this translation makes it broken again.
|
|
DOC: Clarify $@ and $: in the Install & Op Guide. From Kimmo
|
|
Suominen.
|
|
Portability fixes:
|
|
Unicos from David L. Kensiski of Sterling Sofware.
|
|
DomainOS from Don Lewis of Silicon Systems.
|
|
GNU m4 1.0.3 from Karst Koymans of Utrecht University.
|
|
Convex from Kimmo Suominen <kim@tac.nyc.ny.us>.
|
|
NetBSD from Adam Glass <glass@sun-lamp.cs.berkeley.edu>.
|
|
BSD/386 from Tony Sanders of BSDI.
|
|
Apollo from Eric Wassenaar.
|
|
DGUX from Doug Anderson.
|
|
Sequent DYNIX/ptx 2.0 from Tim Wright of Sequent.
|
|
NEW FILES:
|
|
src/Makefile.DomainOS
|
|
src/Makefile.PTX
|
|
src/Makefile.SunOS.5.1
|
|
src/Makefile.SunOS.5.2
|
|
src/Makefile.SunOS.5.x
|
|
src/mailq.1
|
|
cf/ostype/domainos.m4
|
|
doc/op/Makefile
|
|
doc/intro/Makefile
|
|
doc/usenix/Makefile
|
|
|
|
8.6.5/8.6.5 94/01/13
|
|
Security fix: /.forward could be owned by anyone (the test
|
|
to allow root to own any file was backwards). From
|
|
Bob Campbell at U.C. Berkeley.
|
|
Security fix: group ids were not completely set when programs
|
|
were invoked. This caused programs to have group
|
|
permissions they should not have had (usually group
|
|
daemon instead of their own group). In particular,
|
|
Perl scripts would refuse to run.
|
|
Security: check to make sure files that are written are not
|
|
symbolic links (at least under some circumstances).
|
|
Although this does not respond to a specific known
|
|
attack, it's just a good idea. Suggested by
|
|
Christian Wettergren.
|
|
Security fix: if a user had an NFS mounted home directory on
|
|
a system with a restricted shell listed in their
|
|
/etc/passwd entry, they could still execute any
|
|
program by putting that in their .forward file.
|
|
This fix prevents that by insisting that their shell
|
|
appear in /etc/shells before allowing a .forward to
|
|
execute a program or write a file. You can disable
|
|
this by putting "*" in /etc/shells. It also won't
|
|
permit world-writable :include: files to reference
|
|
programs or files (there's no way to disable this).
|
|
These behaviours are only one level deep -- for
|
|
example, it is legal for a world-writable :include:
|
|
file to reference an alias that writes a file, on
|
|
the assumption that the alias file is well controlled.
|
|
Security fix: root was not treated suspiciously enough when
|
|
looking into subdirectories. This would potentially
|
|
allow a cracker to examine files that were publically
|
|
readable but in a non-publically searchable directory.
|
|
Fix a problem that causes an error on QUIT on a cached
|
|
connection to create problems on the current job.
|
|
These are typically unrelated, so errors occur in
|
|
the wrong place.
|
|
Reset CurrentLA in sendall() -- this makes sendmail queue
|
|
runs more responsive to load average, and fixes a
|
|
problem that ignored the load average in locally
|
|
generated mail. From Eric Wassenaar.
|
|
Fix possible core dump on aliases with null LHS. From
|
|
John Orthoefer of BB&N.
|
|
Revert to using flock() whenever possible -- there are just
|
|
too many bugs in fcntl() locking, particularly over
|
|
NFS, that cause sendmail to fail in perverse ways.
|
|
Fix a bug that causes the connection cache to get confused
|
|
when sending error messages. This resulted in
|
|
"unexpected close" messages. It should fix itself
|
|
on the following queue run. Problem noted by
|
|
Liudvikas Bukys of the University of Rochester.
|
|
Include $k in $=k as documented in the Install & Op Guide.
|
|
This seems odd, but it was documented.... From
|
|
Michael Corrigan of UCSD.
|
|
Fix problem that caused :include:s from alias files to be
|
|
forced to be owned by root instead of daemon
|
|
(actually DefUid). From Tim Irvin.
|
|
Diagnose unrecognized I option values -- from Mortin Forssen
|
|
of the Chalmers University of Technology.
|
|
Make "error" mailer work consistently when there is no error
|
|
code associated with it -- previously it returned OK
|
|
even though there was a real problem. Now it assumes
|
|
EX_UNAVAILABLE.
|
|
Fix bug that caused the last header line of messages that had
|
|
no body and which were terminated with EOF instead of
|
|
"." to be discarded. Problem noted by Liudvikas Bukys.
|
|
Fix core dump on SMTP mail to programs that failed -- it tried
|
|
to go to a "next MX host" when none existed, causing
|
|
a core dump. From der Mouse at McGill University.
|
|
Change IDENTPROTO from a defined/not defined to a 0/1 switch;
|
|
this makes it easier to turn it off (using
|
|
-DIDENTPROTO=0 in the Makefile). From der Mouse.
|
|
Fix YP_MASTER_NAME store to use the unupdated result of
|
|
gethostname() (instead of myhostname(), which tries
|
|
to fully qualify the name) to be consistent with
|
|
SunOS. If your hostname is unqualified, this fixes
|
|
transfers to slave servers. Bug noted by Keith
|
|
McMillan of Ameritech Services, Inc.
|
|
Fix Ultrix problem: gethostbyname() can return a very large
|
|
(> 500) h_length field, which causes the sockaddr
|
|
to be trashed. Use the size of the sockaddr instead.
|
|
Fix from Bob Manson of Ohio State.
|
|
Don't assume "-a." on host lookups if NAMED_BIND is not
|
|
defined -- this confuses gethostbyname on hosts
|
|
file lookups, which doesn't understand the trailing
|
|
dot convention.
|
|
Log SMTP server subprocesses that die with a signal instead
|
|
of from a clean exit.
|
|
If you don't have option "I" set, don't assume that a DNS
|
|
"host unknown" message is authoritative -- it
|
|
might still be found in /etc/hosts.
|
|
Fix a problem that would cause Deferred: messages to be sent
|
|
as the subject of an error message, even though the
|
|
actual cause of a message was more severe than that.
|
|
Problem noted by Chris Seabrook of OSSI.
|
|
Fix race condition in DBM alias file locking. From Kyle
|
|
Jones of UUNET.
|
|
Limit delivery syslog line length to avoid bugs in some
|
|
versions of syslog(3). This adds a new compile time
|
|
variable SYSLOG_BUFSIZE. From Jay Plett of Princeton
|
|
University, which is in turn derived from IDA.
|
|
Fix quotes inside of comments in addresses -- previously
|
|
it insisted that they be balanced, but the 822 spec
|
|
says that they should be ignored.
|
|
Dump open file state to syslog upon receiving SIGUSR1 (for
|
|
debugging). This also evaluates ruleset 89, if set
|
|
(with the null input), and logs the result. This
|
|
should be used sparingly, since the rewrite process
|
|
is not reentrant.
|
|
Change -qI, -qR, and -qS flags to be case-insensitive as
|
|
documented in the Bat Book.
|
|
If the mailer returned EX_IOERR or EX_OSERR, sendmail did not
|
|
return an error message and did not requeue the message.
|
|
Fix based on code from Roland Dirlewanger of
|
|
Reseau Regional Aquarel, Bordeaux, France.
|
|
Fix a problem that caused a seg fault if you got a 421 error
|
|
code during some parts of connection initialization.
|
|
I've only seen this when talking to buggy mailers on
|
|
the other end, but it shouldn't give a seg fault in
|
|
any case. From Amir Plivatsky.
|
|
Fix core dump caused by a ruleset call that returns null.
|
|
Fix from Bryan Costales of ICSI.
|
|
Full-Name: field was being ignored. Fix from Motonori Nakamura
|
|
of Kyoto University.
|
|
Fix a possible problem with very long input lines in setproctitle.
|
|
From P{r Emanuelsson.
|
|
Avoid putting "This is a warning message" out on return receipts.
|
|
Suggested by Douglas Anderson.
|
|
Detect loops caused by recursive ruleset calls. Suggested by
|
|
Bryan Costales.
|
|
Initialize non-alias maps during alias rebuilds -- they may be
|
|
needed for parsing. Problem noted by Douglas Anderson.
|
|
Log sender address even if no message was collected in SMTP
|
|
(e.g., if all RCPTs failed). Suggested by Motonori
|
|
Nakamura.
|
|
Don't reflect the owner-list contents into the envelope sender
|
|
address if the value contains ", :, /, or | (to avoid
|
|
illegal addresses appearing there).
|
|
Efficiency hack for toktype macro -- from Craig Partridge of
|
|
BB&N.
|
|
Clean up DNS error printing so that a host name is always
|
|
included.
|
|
Remember to set $i during queue runs. Reported by Stephen
|
|
Campbell of Dartmouth University.
|
|
If ${HOSTALIASES} is set, use it during canonification so that
|
|
headers are properly mapped. Reported by Anne Bennett
|
|
of Concordia University.
|
|
Avoid printing misleading error message if SMTP mailer (not
|
|
using [IPC]) should die on a core dump.
|
|
Avoid incorrect diagnosis of "file 1 closed" when it is caused
|
|
by the other end closing the connection. From
|
|
Dave Morrison of Oracle.
|
|
Improve several of the error messages printed by "mailq"
|
|
to include a host name or other useful information.
|
|
Add NetInfo preliminary support for NeXT systems. From Vince
|
|
DeMarco.
|
|
Fix a glitch that sometimes caused :include:s that pointed to
|
|
NFS filesystems that were down to give an "aliasing/
|
|
forwarding loop broken" message instead of queueing
|
|
the message for retry. Noted by William C Fenner of
|
|
the NRL Connection Machine Facility.
|
|
Fix a problem that could cause a core dump if the input sequence
|
|
had (or somehow acquired) a \231 character.
|
|
Make sure that route-addrs always have <angle brackets> around
|
|
them in non-SMTP envelopes (SMTP envelopes already do
|
|
this properly).
|
|
Avoid wierd headers on unbalanced punctuation of the form:
|
|
``Joe User <user)'' -- this caused reference to the
|
|
null macro. Fix from Rick McCarty of IO.COM.
|
|
Fix a problem that caused an alias "user: user@local.host" to
|
|
not have the QNOTREMOTE bit set; this caused configs
|
|
to act as if FEATURE(notsticky) was defined even when
|
|
it was not. The effect of the problem was to make it
|
|
very hard to to set up satellite sites that had a few
|
|
local accounts, with everything else forwarded to a
|
|
corporate hub. Reported by Detlef Drewanz of the
|
|
University of Rostock and Mark Frost of NCD.
|
|
Change queuing to not call rulesets 3, {1 or 2}, 4 on header
|
|
addresses. This is more efficient (fewer name server
|
|
calls) and fixes certain unusual configurations, such
|
|
as those that have ruleset 4 do something that is
|
|
non-idempotent unless a mailer-specific ruleset did
|
|
something else. Problem reported by Brian J. Coan
|
|
of the Institute for Global Communications.
|
|
Fix the "obsolete argument" routine in main to better understand
|
|
new arguments. For example, if you used ``sendmail
|
|
-C config -v -q'' it would choke on the -q because
|
|
the -C would stop looking for old-format arguments.
|
|
Fix the code that was intended to allow two users to forward their
|
|
mail to the same program and have them appear unique.
|
|
Portability fixes for:
|
|
SCO UNIX from Murray Kucherawy.
|
|
SCO Open Server 3.2v4 from Philippe Brand.
|
|
System V Release 4 from Rick Ellis and others.
|
|
OSF/1 from Steve Campbell.
|
|
DG/UX from Ben Mesander of the USGS and Bryan Curnutt
|
|
of Stoner Associates.
|
|
Motorola SysV88 from Kevin Johnson of Motorola.
|
|
Solaris 2.3 from Casper H.S. Dik of the University
|
|
of Amsterdam and John Caruso of University
|
|
of Maryland.
|
|
FreeBSD from Ollivier Robert.
|
|
NetBSD from Adam Glass.
|
|
TitanOS from Kate Hedstrom of Rutgers University.
|
|
Irix from Bryan Curnutt.
|
|
Dynix from Jim Davis of the University of Arizona.
|
|
RISC/os.
|
|
Linux from John Kennedy of California State University
|
|
at Chico.
|
|
Solaris 2.x from Tony Boner of the U.S. Air Force.
|
|
NEXTSTEP 3.x from Vince DeMarco.
|
|
HP-UX from various people. NOTA BENE: the location
|
|
of the config file has moved to /usr/lib
|
|
to match the HP-UX version of sendmail.
|
|
CONFIG: Don't do any recipient rewriting on relay mailer;
|
|
since this is intended only for internal use, the
|
|
usual RFC 821/822/1123 rules can be relaxed. The
|
|
main point of this is to avoid munging (ugh) UUCP
|
|
addresses when relaying internally.
|
|
CONFIG: fix typo in mailer/uucp.m4 that mutilates list:;
|
|
syntax addresses delivered via UUCP. Solution
|
|
provided by Peter Wemm.
|
|
CONFIG: fix thumb-fumble in default UUCP relaying in ruleset
|
|
zero; it caused double @ signs in addresses. From
|
|
Irving Reid of the University of Toronto.
|
|
CONFIG: Portability fixes for SCO Unix 3.2 with TCP/IP 1.2.1
|
|
from Markku Toijala of ICL Personal Systems Oy.
|
|
CONFIG: Add trailing "." on pseudo-domains for consistency;
|
|
this fixes a problem (noted by Al Whaley of Sunnyside)
|
|
that made it hard to recognize your own pseudodomain
|
|
names.
|
|
CONFIG: catch "@host" syntax errors (i.e., null local-parts)
|
|
rather than letting them get "local configuration
|
|
error"s. Problem noted by John Gardiner Myers.
|
|
CONFIG: add uucp-uudom mailer variant, based on code posted
|
|
by Spider Boardman <spider@Orb.Nashua.NH.US>; this
|
|
has uucp-dom semantics but old UUCP syntax. This
|
|
also permits "uucp-old" as an alias for "uucp" and
|
|
"uucp-new" as a synonym for "suucp" for consistency.
|
|
CONFIG: add POP mailer support (from Kimmo Suominen
|
|
<kim@grendel.lut.fi>).
|
|
CONFIG: drop CSNET_RELAY support -- CSNET is long gone.
|
|
CONFIG: fix bug caused with domain literal addresses (e.g.,
|
|
``[128.32.131.12]'') when FEATURE(allmasquerade)
|
|
was set; it would get an additional @masquerade.host
|
|
added to the address. Problem noted by Peter Wan
|
|
of Georgia Tech.
|
|
CONFIG: make sure that the local UUCP name is in $=w. From
|
|
Jim Murray of Stratus.
|
|
CONFIG: changes to UUCP rewriting to simulate IDA-style "V"
|
|
mailer flag. Briefly, if you are sending to host
|
|
"foo", then it rewrites "foo!...!baz" to "...!baz",
|
|
"foo!baz" remains "foo!baz", and anything else has
|
|
the local name prepended.
|
|
CONFIG: portability fixes for HP-UX.
|
|
DOC: several minor problems fixed in the Install & Op Guide.
|
|
MAKEMAP: fix core dump problem on lines that are too long or
|
|
which lack newline. From Mark Delany.
|
|
MAILSTATS: print sums of columns (total messages & kbytes
|
|
in and out of the system). From Tom Ferrin of UC
|
|
San Francisco Computer Graphics Lab.
|
|
SIGNIFICANT USER- OR SYSAD-VISIBLE CHANGES:
|
|
On HP-UX, /etc/sendmail.cf has been moved to
|
|
/usr/lib/sendmail.cf to match HP sendmail.
|
|
Permissions have been tightened up on world-writable
|
|
:include: files and accounts that have shells
|
|
that are not listed in /etc/shells. This may
|
|
cause some .forward files that have worked
|
|
before to start failing.
|
|
SIGUSR1 dumps some state to the log.
|
|
NEW FILES:
|
|
src/Makefile.DGUX
|
|
src/Makefile.Dynix
|
|
src/Makefile.FreeBSD
|
|
src/Makefile.Mach386
|
|
src/Makefile.NetBSD
|
|
src/Makefile.RISCos
|
|
src/Makefile.SCO
|
|
src/Makefile.SVR4
|
|
src/Makefile.Titan
|
|
cf/mailer/pop.m4
|
|
cf/ostype/bsdi1.0.m4
|
|
cf/ostype/dgux.m4
|
|
cf/ostype/dynix3.2.m4
|
|
cf/ostype/sco3.2.m4
|
|
makemap/Makefile.dist
|
|
praliases/Makefile.dist
|
|
|
|
8.6.4/8.6.4 93/10/31
|
|
Repair core-dump problem (write to read-only memory segment)
|
|
if you fall back to the return-to-Postmaster case in
|
|
savemail. Problem reported by Richard Liu.
|
|
Immediately diagnose bogus sender addresses in SMTP. This
|
|
makes quite certain that crackers can't use this
|
|
class of attack.
|
|
Reliability Fix: check return value from fclose() and fsync()
|
|
in a few critical places.
|
|
Minor problem in initsys() that reversed a condition for
|
|
redirecting the output channel on queue runs. It's
|
|
not clear this code even does anything. From Eric
|
|
Wassenaar of the Dutch National Institute for Nuclear
|
|
and High-Energy Physics.
|
|
Fix some problems that caused queue runs to do "too much work",
|
|
such as double-reading the Errors-To: header. From
|
|
Eric Wassenaar.
|
|
Error messages on writing the temporary file (including the
|
|
data file) were getting suppressed in SMTP -- this
|
|
fix causes them to be properly reported. From Eric
|
|
Wassenaar.
|
|
Some changes to support AF_UNIX sockets -- this will only
|
|
really become relevant in the next release, but some
|
|
people need it for local patches. From Michael
|
|
Corrigan of UC San Diego.
|
|
Use dynamically allocated memory (instead of static buffers)
|
|
for macros defined in initsys() and settime(); since
|
|
these can have different values depending on which
|
|
envelope they are in. From Eric Wassenaar.
|
|
Improve logging to show ctladdr on to= logging; this tells you
|
|
what uid/gid processes ran as.
|
|
Fix a problem that caused error messages to be discarded if
|
|
the sender address was unparseable for some reason;
|
|
this was supposed to fall back to the "return to
|
|
postmaster" case.
|
|
Improve aliaswait backoff algorithm.
|
|
Portability patches for Linux (8.6.3 required another header
|
|
file) (from Karl London) and SCO UNIX.
|
|
CONFIG: patch prog mailer to not strip host name off of envelope
|
|
addresses (so that it matches local again). From
|
|
Christopher Davis.
|
|
CONFIG: change uucp-dom mailer so that "<>" translates to $n;
|
|
this prevents uux from seeing lines with null names like
|
|
``From Sat Oct 30 14:55:31 1993''. From Motonori
|
|
Nakamura of Kyoto University.
|
|
CONFIG: handle <list:;> syntax correctly. This isn't legal, but
|
|
it shouldn't fail miserably. From Motonori Nakamura.
|
|
|
|
8.6.3/8.6.3 93/10/24
|
|
IMPORTANT FIX: Fix several problems that caused open files to
|
|
be "lost" during queue runs; this overflowed the open
|
|
file table on large runs. An assumption that fdopen
|
|
always succeeds sometimes resulted in core dumps when
|
|
this happens; sometimes the message is delivered twice,
|
|
sometimes (probably) infinite times. This problem in
|
|
various form was reported by P{r (Pell) Emanuelsson and
|
|
Robert Campbell of U.C. Berkeley.
|
|
Special diagnosis of EMFILE error conditions -- it now prints
|
|
the known open file descriptors so you can figure out
|
|
what is consuming so much resources.
|
|
Fix a couple of problems caused by early address parsing
|
|
errors -- one caused it to return a "this is only a
|
|
warning" when it really wasn't, and the other started
|
|
parsing through a random pointer. The first was
|
|
noted by Eric Wassenaar.
|
|
Fix an infinite loop problem caused by null components in the
|
|
host signature. Problem noted by Jan Sorensen.
|
|
Be sure to reset the "current date" when sending an error
|
|
message -- PostMasterCopy messages were being sent
|
|
with an old Date: header.
|
|
Fix a problem that caused duplicated mail when sendmail was
|
|
(1) compiled without HASFLOCK, (2) you are sending to
|
|
an alias that has an owner-* alias, (3) you execute
|
|
sendmail with -t flag, (4) you run in -odb mode, and
|
|
(5) the sender specifies both the alias name and
|
|
another alias [i.e., the envelope is split], then
|
|
duplicate messages are sent. The problem description
|
|
and one-line fix are from Motonori Nakamura of Kyoto
|
|
University.
|
|
Avoid a problem that causes error messages to be discarded
|
|
in some cases -- this was the result of a "fix" to
|
|
avoid duplicate error messages, but two are better
|
|
than zero. Reported by Tim Rylance.
|
|
Fix a minor botch in checkfd012() -- fix from Dave Hill of
|
|
Computervision R&D Ltd.
|
|
Remove "X-Authentication-Warning: <user> set sender to <address>
|
|
using -f" entirely -- it is far too eager to include
|
|
this, and it is confusing folks. I'll try to make it
|
|
work "right" in 8.7. Problem noted by Yoshitaka
|
|
Tokugawa of dit Co., Ltd.
|
|
Fix a race condition with the errno value in tick() and
|
|
reapchild() -- this caused occasional misdiagnosis
|
|
of problems. Kyle Jones of UUNET helped this along.
|
|
Repair rule loop-detection code. From Michael Corrigan of
|
|
U.C. San Diego.
|
|
Fix a problem that caused sender domain addition (C mailer
|
|
flag to be ignored if you use -odq or use -odb with
|
|
a high load average. Problem reported by Jim Murray
|
|
of Stratus.
|
|
Fix ident protocol on multi-homed machines. It was not
|
|
always using the correct interface. Fix from J.R.
|
|
Oldroyd of Opal.
|
|
Previously, sendmail assumed that any SMTP greeting message
|
|
that wasn't 2xx was a temporary failure -- it should
|
|
only take 4xx as a temporary failure, and return a
|
|
solid error message on anything else -- for example,
|
|
to allow you to reject connections on a workstation
|
|
that is MXed to a mail server.
|
|
Portability enhancements for 386BSD/FreeBSD/NetBSD from
|
|
Ollivier Robert.
|
|
CONFIG: FEATURE(always_add_domain) didn't always add the domain;
|
|
in particular, on local mail it modified the header sender
|
|
but not the header recipient address(es). Reported by
|
|
Jeffrey Honig of Cornell University. Also, strip
|
|
any host from envelope recipient address(es), since
|
|
local mailers don't understand host names -- this is
|
|
to help mailertable entries. From Christopher Davis.
|
|
CONFIG: masquerading didn't apply to addresses that already
|
|
had a domain. This change replaces a local hostname
|
|
by the masquerade name in the SMTP mailer (previously
|
|
it only added the masquerade name if it didn't already
|
|
have a domain name). Several people complained about
|
|
this.
|
|
|
|
8.6.2/8.6.2 93/10/15
|
|
Put a "successful delivery" message in the transcript for
|
|
addresses that get return-receipts.
|
|
Put a prominent "this is only a warning" message in warning
|
|
messages -- some people don't read carefully enough
|
|
and end up sending the message several times.
|
|
Include reason for temporary failure in the "warning" return
|
|
message. Currently, it just says "cannot send for
|
|
four hours".
|
|
Fix the "Original message received" time generated for
|
|
returntosender messages. It was previously listed as
|
|
the current time. Bug reported by Eric Hagberg of
|
|
Cornell University Medical College.
|
|
If there is an error when writing the body of a message,
|
|
don't send the trailing dot and wait for a response
|
|
in sender SMTP, as this could cause the connection to
|
|
hang up under some bizarre circumstances. From Eric
|
|
Wassenaar.
|
|
Fix some server SMTP synchronization problems caused when
|
|
connections fail during message collection. From
|
|
Eric Wassenaar.
|
|
Fix a problem that can cause srvrsmtp to reject mail if the
|
|
name server is down -- it accepts the RCPT but rejects
|
|
the DATA command. Problem reported by Jim Murray of
|
|
Stratus.
|
|
Fix a problem that can cause core dumps if the config file
|
|
incorrectly resolves to a null hostname. Reported by
|
|
Allan Johannesen of WPI.
|
|
Non-root use of -C flag, dangerous -f flags, and use of -oQ
|
|
by non-root users were not put into
|
|
X-Authentication-Warning:s as intended because the
|
|
config file hadn't set the PrivacyFlags yet. Fix
|
|
from Sven-Ove Westberg of the University of Lulea.
|
|
Under very odd circumstances, the alias file rebuild code
|
|
could get confused as to whether a database was
|
|
open or not.
|
|
Check "vendor code" on the end of V lines -- this is
|
|
intended to provide a hook for vendor-specific
|
|
configuration syntax. (This is a "new feature",
|
|
but I've made an exception to my rule in a belief
|
|
that this is a highly exceptional case.)
|
|
Portability fixes for DG/UX (from Douglas Anderson of NCSC),
|
|
SCO Unix (from Murray Kucherawy), A/UX, and OSF/1
|
|
(from Jon Forrest of UC Berkeley)
|
|
CONFIG: fix ``mailer:host'' form of UUCP relay naming.
|
|
|
|
8.6.1/8.6 93/10/08
|
|
Portability fixes for A/UX and Encore UMAX V.
|
|
Fix error message handling -- if you had a name server down
|
|
causing an error during parsing, that message was never
|
|
propogated to the queue file.
|
|
|
|
8.6/8.6 93/10/05
|
|
Configuration cleanup: make it easier to undo IDENTPROTO in
|
|
conf.h (other systems have the same bug).
|
|
If HASGETDTABLESIZE and _SC_OPEN_MAX are both defined, assume
|
|
getdtablesize() instead of sysconf(); a disturbingly
|
|
large number of systems defined _SC_OPEN_MAX in the
|
|
header files but don't have the syscall.
|
|
Another patch to really truly ignore MX records in getcanonname
|
|
if trymx == FALSE.
|
|
Fix problem that caused the "250 IAA25499 Message accepted for
|
|
delivery" message to be omitted if there was an error
|
|
in the header of the message (e.g., a bad Errors-To:
|
|
line). Pointed out by Michael Corrigan of UCSD.
|
|
Announce name of host we are chatting when we get errors; this
|
|
is an IDA-ism suggested by Christophe Wolfhugel.
|
|
Portability fixes for Alpha OSF/1 (from Anthony Baxter of the
|
|
Australian Artificial Intelligence Institute), SCO Unix
|
|
(from Murray Kucherawy of Hookup Communication Corp.),
|
|
NeXT (from Vince DeMarco and myself), Linux (from
|
|
Karl London <karl@borg.demon.co.uk>), BSDI (from
|
|
Christophe Wolfhugel, and SVR4 on Dell (from Kimmo
|
|
Suominen), AUX 3.0 on Macintosh, and ANSI C compilers.
|
|
Some changes to get around gcc optimizer bugs. From Takahiro
|
|
Kanbe.
|
|
Fix error recovery in queueup if another tf file of the same
|
|
name already exists. Problem stumbled over by Bill
|
|
Wisner of The Well.
|
|
Output YP_MASTER_NAME and YP_LAST_MODIFIED without null bytes.
|
|
Problem noted by Keith McMillan of Ameritech Services.
|
|
Deal with group permissions properly when opening .forward and
|
|
:include: files. This relaxes the 8.1C restrictions
|
|
slightly more. This includes proper setting of groups
|
|
when reading :include: files, allowing you to read some
|
|
files that you should be able to read but have previously
|
|
been denied unless you owned them or they had "other"
|
|
read permission.
|
|
Make certain that $j is in $=w (after the .cf is read) so that
|
|
if the user is forced to override some silly system,
|
|
MX suppression will still work.
|
|
Fix a couple of efficiency problems where newstr was double-
|
|
calling expensive routines. In at least one case, it
|
|
wasn't guaranteed that they would always return the
|
|
same result. Problem noted by Christophe Wolfhugel.
|
|
Fix null pointer dereference in putoutmsg -- only on an error
|
|
condition from a non-SMTP mailer. From Motonori
|
|
Nakamura.
|
|
Macro expand "C" line class definitions before scanning so that
|
|
"CX $Z" works.
|
|
Fix problem that caused error message to be sent while still
|
|
trying to send the original message if the connection
|
|
is closed during a DATA command after getting an error
|
|
on an RCPT command (pretty obscure). Problem reported
|
|
by John Myers of CMU.
|
|
Fix reply to NOOP to be 250 instead of 200 -- this is a long
|
|
term bug.
|
|
Fix a nasty bug causing core dumps when returning the "warning:
|
|
cannot deliver for N hours -- will keep trying" message;
|
|
it only occurred if you had PostMasterCopy set and
|
|
only on some architectures. Although sendmail would
|
|
keep trying, it would send error messages on each
|
|
queue interval. This is an important fix.
|
|
Allow u and g options to take user and group names respectively.
|
|
Don't do a chdir into the queue directory in -bt mode to make
|
|
ruleset testing a bit easier.
|
|
Don't allow users to turn off logging (using -oL) on the command
|
|
line -- command line can only raise, not lower, logging
|
|
level.
|
|
Set $u to the original recipient on the SMTP transaction or on
|
|
the command line. This is only done if there is exactly
|
|
one recipient. Technically, this does not meet the
|
|
specs, because it does not guarantee a domain on the
|
|
address.
|
|
Fix a problem that dumped error messages on bad addresses if
|
|
you used the -t flag. Problem noted by Josh Smith of
|
|
Harvey Mudd College.
|
|
Given an address such as ``<foo> <bar>'', auto-quote the first
|
|
``<foo>'' part, giving ``"<foo>" <bar>''. This is to
|
|
avoid the problem of people who use angle brackets in
|
|
their full name information.
|
|
Fix a null pointer dereference if you set option "l", have
|
|
an Errors-To: header in the message, and have Errors-To:
|
|
defined in the config file H lines. From J.R. Oldroyd.
|
|
Put YPCOMPAT on #ifdef NIS instead -- it's one less thing to get
|
|
wrong when compiling. Suggested by Rick McCarty of TI.
|
|
Fix a problem that could pass negative SIZE parameter if the
|
|
df file got lost; this would cause servers to always
|
|
give a temporary failure, making the problem even worse.
|
|
Problem noted by Allan Johannesen of WPI.
|
|
Add "ident" timeout (one of the "r" option selectors) for IDENT
|
|
protocol timeouts (30s default). Requested by Murray
|
|
Kucherawy of HookUp Communication Corp. to handle bogus
|
|
PC TCP/IP implementations.
|
|
Change $w default definition to be just the first component of
|
|
the domain name on config level 5. The $j macro defaults
|
|
to the FQDN; $m remains as before. This lets well-behaved
|
|
config files use any of the short, long, or subdomain
|
|
names.
|
|
Add makesendmail script in src to try to automate multi-architecture
|
|
builds. I know, this is sub-optimal, but it is still
|
|
helpful.
|
|
Fix very obscure race condition that can cause a queue run to
|
|
get a queue file for an already completed job. This
|
|
problem has existed for years. Problem noted by the
|
|
long suffering Allan Johannesen of WPI.
|
|
Fix a problem that caused the raw sender name to be passed to
|
|
udbsender instead of the canonified name -- this caused
|
|
it to sometimes miss records that it should have found.
|
|
Relax check of name on HELO packet so that a program using -bs
|
|
that claims to be itself works properly.
|
|
Restore rewriting of $: part of address through 2, R, 4 in
|
|
buildaddr -- this requires passing a lot of flags to get
|
|
it right. Unlike old versions, this ONLY rewrites
|
|
recipient addresses, not sender addresses.
|
|
Fix a bug that caused core dumps in config files that cannot
|
|
resolve /file/name style addresses. Fix from Jonathan
|
|
Kamens of OpenVision Technologies.
|
|
Fix problem with fcntl locking that can cause error returns to
|
|
be lost if the lock is lost; this required fully
|
|
queueing everything, dropping the envelope (so errors
|
|
would get returned), and then re-reading the queue from
|
|
scratch.
|
|
Fix a problem that caused aliases that redefine an otherwise
|
|
true address to still send to the original address
|
|
if and only if the alias failed in certain bizarre
|
|
ways (e.g, if they pointed at a list:; syntax address).
|
|
Problem pointed out by Jonathan Kamens.
|
|
Remove support for frozen configuration files. They caused
|
|
more trouble than it was worth.
|
|
Fix problem that can cause error messages to get ignored when
|
|
using both -odb and -t flags. Problem noted by Rob
|
|
McNicholas at U.C. Berkeley.
|
|
Include all "normal" variations on hostname in $=w. For example,
|
|
if the host name is vangogh.cs.berkeley.edu, $=w will
|
|
contain vangogh, vangogh.cs, and vangogh.cs.berkeley.edu.
|
|
Add "restrictqrun" privacy flag -- without this, anyone can run
|
|
the queue.
|
|
Reset SmtpPhase global on initial connection creation so that
|
|
messages don't come out with stale information.
|
|
Pass an "ext" argument to lockfile so that error/log messages
|
|
will properly reflect the true filename being locked.
|
|
Put all [...] address forms into $=w -- this eliminates the need
|
|
for MAXIPADDR in conf.h. Suggested by John Gardiner
|
|
Myers of CMU.
|
|
Fix a bug that can cause qf files to be left around even after
|
|
an SMTP RSET command. Problem and fix from Michael
|
|
Corrigan.
|
|
Don't send a PostMasterCopy to errors when the Precedence: is
|
|
negative. Error reports still go to the envelope
|
|
sender address.
|
|
Add LA_SHORT for load averages.
|
|
Lock sendmail.st file when posting statistics.
|
|
Add "SendBufSize" and "RcvBufSize" suboptions to "O" option to
|
|
set the size of the TCP send and receive buffers; if you
|
|
run over a slow slip line you may need to set these down
|
|
(although it would be better to fix the SLIP implementation
|
|
so that it's not necessary to recompile every program
|
|
that does bulk data transfer).
|
|
Allow null defaults on $( ... $) lookups. Problem reported by
|
|
Amir Plivatsky.
|
|
Diagnose crufty S and V config lines. This resulted from an
|
|
observation that some people were using the SITE macro
|
|
without the SITECONFIG macro first, which was causing
|
|
bogus config files that were not caught.
|
|
Fix makemap -f flag to turn off case folding (it was turning it
|
|
on instead). THIS IS A USER VISIBLE CHANGE!!!
|
|
Fix a problem that caused multiple error messages to be sent if
|
|
you used "sendmail -t -oem -odb", your system uses fcntl
|
|
locking, and one of the recipient addresses is unknown.
|
|
Reset uid earlier in include() so that recursive .forwards or
|
|
:include:s don't use the wrong uid.
|
|
If file descriptor 0, 1, or 2 was closed when sendmail was
|
|
called, the code to recover the descriptor was broken.
|
|
This sometimes (only sometimes) caused problems with the
|
|
alias file. Fix from Motonori Nakamura.
|
|
Fix a problem that caused aliaswait to go into infinite recursion
|
|
if the @:@ metasymbol wasn't found in the alias file.
|
|
Improve error message on newaliases if database files cannot be
|
|
opened or if running with no database format defined.
|
|
Do a better estimation of the size of error messages when NoReturn
|
|
is set. Problem noted by P{r (Pell) Emanuelsson.
|
|
Fix a problem causing the "c" option (don't connect to expensive
|
|
mailers) to be ignored in SMTP. Problem noted and the
|
|
solution suggested by Robert Elz of Munnari University.
|
|
Improve connection caching algorithm by passing "[host]" to
|
|
hostsignature, which strips the square brackets and
|
|
returns the real name. This allows mailertable entries
|
|
to match regular entries.
|
|
Re-enable Return-Receipt-To: -- people seem to want this stupid
|
|
feature, even if it doesn't work right.
|
|
Catch and log attempts to try the "wiz" command in server SMTP.
|
|
This also ups the log level from LOG_NOTICE to LOG_CRIT.
|
|
Be more generous at assigning $z to the home directory -- do this
|
|
for programs that are specified through a .forward file.
|
|
Fix from Andrew Chang of Sun Microsystems.
|
|
Always save a fatal error message in preference to a non-fatal
|
|
error message so that the "subject" line of return
|
|
messages is the best possible.
|
|
CONFIG: reduce the number of quotes needed to quote configuration
|
|
parameters with commas: two quotes should work now, e.g.,
|
|
define(ALIAS_FILE, ``/etc/aliases,/etc/aliases.local'').
|
|
CONFIG: class $=Z is a set of UUCP hosts that use uucp-dom
|
|
connections (domain-ized UUCP).
|
|
CONFIG: fix bug in default maps (-o must be before database file
|
|
name). Pointed out by Christophe Wolfhugel.
|
|
CONFIG: add FEATURE(nodns) to state that we are not relying on
|
|
DNS. This would presumably be used in UUCP islands.
|
|
CONFIG: add OSTYPE(nextstep) and OSTYPE(linux).
|
|
CONFIG: log $u in Received: line. This is in technical violation
|
|
of the standards, since it doesn't guarantee a domain
|
|
on the address.
|
|
CONFIG: don't assume "m" in local mailer flags -- this means that
|
|
if you redefine LOCAL_MAILER_FLAGS you will have to include
|
|
the "m" flag should you want it. Apparently some Solaris 2.2
|
|
installations can't handle multiple local recipients.
|
|
Problem noted by Josh Smith.
|
|
CONFIG: add confDOMAIN_NAME to set $j (if undefined, $j defaults).
|
|
CONFIG: change default version level from 4 to 5.
|
|
CONFIG: add FEATURE(nullclient) to create a config file that
|
|
forwards all mail to a hub without ever looking at the
|
|
addresses in any detail.
|
|
CONFIG: properly strip mailer: information off of relays when
|
|
used to change .BITNET form into %-hack form.
|
|
CONFIG: fix a problem that caused infinite loops if presented
|
|
with an address such as "!foo".
|
|
CONFIG: check for self literal (e.g., [128.32.131.12]) even if
|
|
the reverse "PTR" mapping is broken. There's a better
|
|
way to do this, but the change is fairly major and I
|
|
want to hold it for another release. Problem noted by
|
|
Bret Marquis.
|
|
|
|
8.5/8.5 93/07/23
|
|
Serious bug: if you used a command line recipient that was unknown
|
|
sendmail would not send a return message (it was treating
|
|
everything as though it had an SMTP-style client that
|
|
would do the return itself). Problem noted by Josh Smith.
|
|
Change "trymx" option in getcanonname() to ignore all MX data,
|
|
even during a T_ANY query. This actually didn't break
|
|
anything, because the only time you called getcanonname
|
|
with !trymx was if you already knew there were no MX
|
|
records, but it is somewhat cleaner. From Motonori
|
|
Nakamura.
|
|
Don't call getcanonname from getmxrr if you already know there
|
|
are no DNS records matching the name.
|
|
Fix a problem causing error messages to always include "The
|
|
original message was received ... from localhost".
|
|
The correct original host information is now included.
|
|
Previous change to cf/sh/makeinfo.sh doesn't port to Ultrix (their
|
|
version of "test" doesn't have the -x flag). Change it
|
|
to use -f instead. From John Myers.
|
|
CONFIG: 8.4 mistakenly set the default SMTP-style mailer to
|
|
esmtp -- it should be smtp.
|
|
CONFIG: send all relayed mail using confRELAY_MAILER (defaults
|
|
to "relay" (a variant of "smtp") if MAILER(smtp) is used,
|
|
else "suucp" if MAILER(uucp) is used, else "unknown");
|
|
this cleans up the configs somewhat. This fixes a serious
|
|
problem that caused route-addrs to get mistaken as relays,
|
|
pointed out by John Myers. WARNING: this also causes
|
|
the default on SMART_HOST to change from "suucp" to
|
|
"relay" if you have MAILER(smtp) specified.
|
|
|
|
8.4/8.4 93/07/22
|
|
Add option `w'. If you receive a message that comes to you because
|
|
you are the best (lowest preference) target of an MX, and
|
|
you haven't explicitly recognized the source MX host in
|
|
your .cf file, this option will cause you to try the target
|
|
host directly (as if there were no MX for it at all). If
|
|
`w' is not set, this case is a configuration error.
|
|
Beware: if `w' is set, senders may get bogus errors like
|
|
"message timed out" or "host unknown" for problems that
|
|
are really configuration errors. This option is
|
|
disrecommended, provided only for compatibility with
|
|
UIUC sendmail.
|
|
Fix a problem that caused the incoming socket to be left open
|
|
when sendmail forks after the DATA command. This caused
|
|
calling systems to wait in FIN_WAIT_2 state until the
|
|
entire list was processed and the child closed -- a
|
|
potentially prodigious amount of time. Problem noted
|
|
by Neil Rickert.
|
|
Fix problem (created in 6.64) that caused mail sent to multiple
|
|
addresses, one of which was a bad address, to completely
|
|
suppress the sending of the message. This changes
|
|
handling of EF_FATALERRS somewhat, and adds an
|
|
EF_GLOBALERRS flag. This also fixes a potential problem
|
|
with duplicate error messages if there is a syntax error
|
|
in the header of a message that isn't noticed until late
|
|
in processing. Original problem pointed out by Josh Smith
|
|
of Harvey Mudd College. This release includes quite a bit
|
|
of dickering with error handling (see below).
|
|
Back out SMTP transaction if MAIL gets nested 501 error. This
|
|
will only hurt already-broken software and should help
|
|
humans.
|
|
Fix a problem that broke aliases when neither NDBM nor NEWDB were
|
|
compiled in. It would never read the alias file.
|
|
Repair unbalanced `)' and `>' (the "open" versions are already
|
|
repaired).
|
|
Logging of "done" in dropenvelope() was incorrect: it would
|
|
log this even when the queue file still existed. Change
|
|
this to only log "done" (at log level 11) when the
|
|
queue file is actually removed. From John Myers.
|
|
Log "lost connection" in server SMTP at log level 20 if there
|
|
is no pending transaction. Some senders just close the
|
|
connection rather than sending QUIT.
|
|
Fix a bug causing getmxrr to add a dot to the end of unqualified
|
|
domains that do not have MX records -- this would cause
|
|
the subsequent host name lookup to fail. The problem
|
|
only occurred if you had FEATURE(nocanonify) set.
|
|
Problem noted by Rick McCarty of Texas Instruments.
|
|
Fix invocation of setvbuf when passed a -X flag -- I had
|
|
unwittingly used an ANSI C extension, and this caused
|
|
core dumps on some machines.
|
|
Diagnose self-destructive alias loops on RCPT as well as EXPN.
|
|
Previously it just gave an empty send queue, which
|
|
then gave either "Need RCPT (recipient)" at the DATA
|
|
(confusing, since you had given an RCPT command which
|
|
returned 250) or just dropped the email, depending on
|
|
whether you were running VERBose mode. Now it usually
|
|
diagnoses this case as "aliasing/forwarding loop broken".
|
|
Unfortunately, it still doesn't adequately diagnose
|
|
some true error conditions.
|
|
Add internal concept of "warning messages" using 6xx codes.
|
|
These are not reported only to Postmaster. Unbalanced
|
|
parens, brackets, and quotes are printed as 653 codes.
|
|
They are always mapped to 5xx codes before use in SMTP.
|
|
Clean up error messages to tell both the actual address that
|
|
failed and the alias they arose from. This makes it
|
|
somewhat easier to diagnose problems. Difficulty noted
|
|
by Motonori Nakamura.
|
|
Fix a problem that inappropriately added a ctladdr to addresses
|
|
that shouldn't have had one during a queue run. This
|
|
caused error messages to be handled differently during
|
|
a queue run than a direct run.
|
|
Don't print the qf name and line number if you get errors during
|
|
the direct run of the queue from srvrsmtp -- this was
|
|
just extra stuff for users to crawl through.
|
|
Put command line flags on second line of pid file so you can
|
|
auto-restart the daemon with all appropriate arguments.
|
|
Use "kill `head -1 /etc/sendmail.pid`" to stop the
|
|
daemon, and "eval `tail -1 /etc/sendmail.pid`" to
|
|
restart it.
|
|
Remove the ``setuid(getuid())'' in main -- this caused the
|
|
IDENT daemon to screw up. This required that I change
|
|
HASSETEUID to HASSETREUID and complicate the mode
|
|
changing somewhat because both Ultrix and SunOS seem
|
|
to have a bug causing seteuid() to set the saved uid
|
|
as well as the effective. The program test/t_setreuid.c
|
|
will test to see if your implementation of setreuid(2)
|
|
is appropriately functional.
|
|
The FallBackMX (option V) handling failed to properly identify
|
|
fallback to yourself -- most of the code was there,
|
|
but it wasn't being enabled. Problem noted by Murray
|
|
Kucherawy of the University of Waterloo.
|
|
Change :include: open timeout from ETIMEDOUT to an internal
|
|
code EOPENTIMEOUT; this avoids adding "during SmtpPhase
|
|
with CurHostName" in error messages, which can be
|
|
confusing. Reported by Jonathan Kamens of OpenVision
|
|
Technologies.
|
|
Back out setpgrp (setpgid on POSIX systems) call to reset the
|
|
process group id. The original fix was to get around
|
|
some problems with recalcitrant MUAs, but it breaks
|
|
any call from a shell that creates a process group id
|
|
different from the process id. I could try to fix
|
|
this by diddling the tty owner (using tcsetpgrp or
|
|
equivalent) but this is too likely to break other
|
|
things.
|
|
Portability changes:
|
|
Support -M as equivalent to -oM on Ultrix -- apparently
|
|
DECnet calls sendmail with -MrDECnet -Ms<HOST> -bs
|
|
instead of using standard flags. Oh joy. This
|
|
behaviour reported by Jon Giltner of University
|
|
of Colorado.
|
|
SGI IRIX -- this includes several changes that should
|
|
help other strict ANSI compilers.
|
|
SCO Unix -- from Murray Kucherawy of HookUp Communication
|
|
Corporation.
|
|
Solaris running the Sun C compiler (which despite the
|
|
documentation apparently doesn't define
|
|
__STDC__ by default).
|
|
ConvexOS from Eric Schnoebelen of Convex.
|
|
Sony NEWS workstations and Omron LUNA workstations from
|
|
Motonori Nakamura.
|
|
CONFIG: add confTRY_NULL_MX_LIST to set option `w'.
|
|
CONFIG: delete `C' and `e' from default SMTP mailers flags;
|
|
several people have made a good argument that this
|
|
creates more problems than it solves (although this
|
|
may prove painful in the short run).
|
|
CONFIG: generalize all the relays to accept a "mailer:host"
|
|
format.
|
|
CONFIG: move local processing in ruleset 0 into a new ruleset
|
|
98 (8 on old sendmail). Domain literal [a.b.c.d]
|
|
addresses are also passed through this ruleset.
|
|
CONFIG: if neither SMART_HOST nor MAILER(smtp) were defined,
|
|
internet-style addresses would "fall off the end" of
|
|
ruleset zero and be interpreted as local -- however,
|
|
the angle brackets confused the recursive call.
|
|
These are now diagnosed as "Unrecognized host name".
|
|
CONFIG: USENET rules weren't included in S0 because of a mistaken
|
|
ifdef(`_MAILER_USENET_') instead of
|
|
ifdef(`_MAILER_usenet_'). Problem found by Rein Tollevik
|
|
of SINTEF RUNIT, Oslo.
|
|
CONFIG: move up LOCAL_RULE_0 processing so that it happens very
|
|
early in ruleset 0; this allows .mc authors to bypass
|
|
things like the "short circuit" code for local addresses.
|
|
Prompted by a comment by Bill Wisner of The Well.
|
|
CONFIG: add confSMTP_MAILER to define the mailer used (smtp or
|
|
esmtp) to send SMTP mail. This allows you to default
|
|
to esmtp but use a mailertable or other override to
|
|
deal with broken servers. This logic was pointed out
|
|
to me by Bill Wisner. Ditto for confLOCAL_MAILER.
|
|
Changes to cf/sh/makeinfo.sh to make it portable to SVR4
|
|
environments. Ugly as sin.
|
|
|
|
8.3/8.3 93/07/13
|
|
Fix setuid problems introduced in 8.2 that caused messages
|
|
like "Cannot create qfXXXXXX: Invalid argument"
|
|
or "Cannot reopen dfXXXXXX: Permission denied". This
|
|
involved a new compile flag "HASSETEUID" that takes
|
|
the place of the old _POSIX_SAVED_IDS -- it turns out
|
|
that the POSIX interface is broken enough to break
|
|
some systems badly. This includes some fixes for
|
|
HP-UX. Also fixes problems where the real uid is
|
|
not reset properly on startup (from Neil Rickert).
|
|
Fix a problem that caused timed out messages to not report the
|
|
addresses that timed out. Error messages are also more
|
|
"user friendly".
|
|
Drop required bandwidth on connections from 64 bytes/sec to
|
|
16 bytes/sec.
|
|
Further Solaris portability changes -- doesn't require the BSD
|
|
compatibility library. This also adds a new
|
|
"HASGETDTABLESIZE" compile flag which can be used if
|
|
you want to use getdtablesize(2) instead of sysconf(2).
|
|
These are loosely based on changes from David Meyer at
|
|
University of Oregon. This now seems to work, at least
|
|
for quick test cases.
|
|
Fix a problem that can cause duplicate error messages to be
|
|
sent if you are in SMTP, you send to multiple addresses,
|
|
and at least one of those addresses is good and points
|
|
to an account that has a .forward file (whew!).
|
|
Fix a problem causing messages to be discarded if checkcompat()
|
|
returned EX_TEMPFAIL (because it didn't properly mark
|
|
the "to" address). Problem noted by John Myers.
|
|
Fix dfopen to return NULL if the open failed; I was depending
|
|
on fdopen(-1) returning NULL, which isn't the case. This
|
|
isn't serious, but does result in wierd error diagnoses.
|
|
From Michael Corrigan.
|
|
CONFIG: add UUCP_MAX_SIZE M4 macro to set the maximum size of
|
|
messages sent through UUCP-family mailers. Suggested
|
|
by Bill Wisner of The Well.
|
|
CONFIG: if both MAILER(uucp) and MAILER(smtp) are specified,
|
|
include a "uucp-dom" mailer that uses domain-style
|
|
addressing. Suggested by Bill Wisner.
|
|
CONFIG: Add LOCAL_SHELL_FLAGS and LOCAL_SHELL_ARGS to match
|
|
LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS. Suggested by
|
|
Christophe Wolfhugel.
|
|
CONFIG: Add OSTYPE(aix3). From Christophe Wolfhugel.
|
|
|
|
8.2/8.2 93/07/11
|
|
Don't drop out on config file parse errors in -bt mode.
|
|
On older configuration files, assume option "l" (use Errors-To
|
|
header) for back compatibility. NOTE: this DOES NOT
|
|
imply an endorsement of the Errors-To: header in any way.
|
|
Accept -x flag on AIX-3 as well as OSF/1. Why, why, why???
|
|
Don't log errors on EHLO -- it isn't a "real" error for an old
|
|
SMTP server to give an error on this command, and
|
|
logging it in the transcript can be confusing. Fix
|
|
from Bill Wisner.
|
|
IRIX compatibility changes provided by Dan Rich
|
|
<drich@sandman.lerc.nasa.gov>.
|
|
Solaris 2 compatibility changes. Provided by Bob Cunningham
|
|
<bob@kahala.soest.hawaii.edu>, John Oleynick
|
|
<juo@klinzhai.rutgers.edu>
|
|
Debugging: -d17 was overloaded (hostsignature and usersmtp.c);
|
|
move usersmtp (smtpinit and smtpmailfrom) to -d18 to
|
|
match the other flags in that file.
|
|
Flush transcript before fork in mailfile(). From Eric Wassenaar.
|
|
Save h_errno in mci struct and improve error message display.
|
|
Changes from Eric Wassenaar.
|
|
Open /dev/null for the transcript if the create of the xf file
|
|
failed; this avoids at least one possible null pointer
|
|
reference in very wierd cases. From Eric Wassenaar.
|
|
Clean up statistics gathering; it was over-reporting because of
|
|
forks. From Eric Wassenaar.
|
|
Fix problem that causes old Return-Path: line to override new
|
|
Return-Path: line (conf.c needs H_FORCE to avoid
|
|
re-using old value). From Motonori Nakamura.
|
|
Fix broken -m flag in K definition -- even if -m (match only)
|
|
was specified, it would still replace the key with the
|
|
value. Noted by Rick McCarty of Texas Instruments.
|
|
If the name server timed out over several days, no "timed out"
|
|
message would ever be sent back. The timeout code
|
|
has been moved from markfailure() to dropenvelope()
|
|
so that all such failures should be diagnosted. Pointed
|
|
out by Christophe Wolfhugel and others.
|
|
Relax safefile() constraints: directories in an include or
|
|
forward path must be readable by self if the controlling
|
|
user owns the entry, readable by all otherwise (e.g.,
|
|
when reading your .forward file, you have to own and
|
|
have X permssion in it; everyone needs X permission in
|
|
the root and directories leading up to your home);
|
|
include files must be readable by anyone, but need not
|
|
be owned by you.
|
|
If _POSIX_SAVED_IDS is defined, setuid to the owner before
|
|
reading a .forward file; this gets around some problems
|
|
on NFS mounts if root permission is not exported and
|
|
the user's home directory isn't x'able.
|
|
Additional NeXT portability enhancements from Axel Zinser.
|
|
Additional HP-UX portability enhancements from Brian Bullen.
|
|
Add a timeout around SMTP message writes; this assumes you can
|
|
get throughput of at least 64 bytes/second. Note that
|
|
this does not impact the "datafinal" default, which
|
|
is separate; this is just intended to work around
|
|
network clogs that will occur before the final dot
|
|
is sent. From Eric Wassenaar.
|
|
Change map code to set the "include null" flag adaptively --
|
|
it initially tries both, but if it finds anything
|
|
matching without a null it never tries again with a
|
|
null and vice versa. If -N is specified, it never
|
|
tries without the null and creates new maps with a
|
|
null byte. If -O is specified, it never tries with
|
|
the null (for efficiency). If -N and -O are specified,
|
|
you get -NO (get it?) lookup at all, so this would
|
|
be a bad idea. If you don't specify either -N or -O,
|
|
it adapts.
|
|
Fix recognition of "same from address" so that MH submissions
|
|
will insert the appropriate full name information;
|
|
this used to work and got broken somewhere along the
|
|
way.
|
|
Some changes to eliminate some unnecessary SYSERRs in the
|
|
log. For example, if you lost a connection, don't
|
|
bother reporting that fact on the connection you lost.
|
|
Add some "extended debugging" flags to try to track down
|
|
why we get occassional problems with file descriptor
|
|
one being closed when execing a mailer; it seems to
|
|
only happen when there has been another error in the
|
|
same transaction. This requires XDEBUG, defined
|
|
by default in conf.h.
|
|
Add "-X filename" command line flag, which logs both sides of
|
|
all SMTP transactions. This is intended ONLY for
|
|
debugging bad implementations of other mailers; start
|
|
it up, send a message from a mailer that is failing,
|
|
and then kill it off and examine the indicated log.
|
|
This output is not intended to be particularly human
|
|
readable. This also adds the HASSETVBUF compile
|
|
flag, defaulted on if your compiler defines __STDC__.
|
|
CONFIG: change SMART_HOST to override an SMTP mailer. If you
|
|
have a local net that should get direct connects, you
|
|
will need to use LOCAL_NET_CONFIG to catch these hosts.
|
|
See cf/README for an example.
|
|
CONFIG: add LOCAL_MAILER_ARGS (default: `mail -d $u') to handle
|
|
sites that don't use the -d flag.
|
|
CONFIG: hide recipient addresses as well as sender addresses
|
|
behind $M if FEATURE(allmasquerade) is specified; this
|
|
has been requested by several people, but can break
|
|
local aliases. For example, if you mail to "localalias"
|
|
this will be rewritten as "localalias@masqueradehost";
|
|
although initial delivery will work, replies will be
|
|
broken. Use it sparingly.
|
|
CONFIG: add FEATURE(domaintable). This maps unqualified domains
|
|
to qualified domains in headers. I believe this is
|
|
largely equivalent to the IDA feature of the same name.
|
|
CONFIG: use $U as UUCP name instead of $k. This permits you
|
|
to override the "system name" as your UUCP name --
|
|
in particular, to use domain-ized UUCP names. From
|
|
Bill Wisner of The Well.
|
|
CONFIG: create new mailer "esmtp" that always tries EHLO
|
|
first. This is currently unused in the config files,
|
|
but could be used in a mailertable entry.
|
|
|
|
8.1C/8.1B 93/06/27
|
|
Serious security bug fix: it was possible to read any file on
|
|
the system, regardless of ownership and permissions.
|
|
If a subroutine returns a fully qualified address, return it
|
|
immediately instead of feeding it back into rewriting.
|
|
This fixes a problem with mailertable lookups.
|
|
CONFIG: fix some M4 frotz (concat => CONCAT)
|
|
|
|
8.1B/8.1A 93/06/12
|
|
Serious bug fix: pattern matching backup algorithm stepped by
|
|
two tokens in classes instead of one. Found by Claus
|
|
Assmann at University of Kiel, Germany.
|
|
|
|
8.1A/8.1A 93/06/08
|
|
Another mailertable fix....
|
|
|
|
8.1/8.1 93/06/07
|
|
4.4BSD freeze. No semantic changes.
|
|
|
|
6.65/6.34 93/06/06
|
|
Fix some lintish problems.
|
|
Fix some cases where server SMTP behaved poorly when handed bogus
|
|
input, pointed out by Eric Wassenaar.
|
|
CONFIG: fix some more (sigh) mailertable bugs -- thanks to
|
|
Motonori Nakamura of Kyoto University (again).
|
|
|
|
6.64/6.33 93/06/05
|
|
Don't send 050 (-v) information after the 250 response to a QUIT
|
|
command in srvrsmtp -- clients usually close the connection
|
|
at this point, and it causes bogus error messages.
|
|
Don't send messages that have errors on input (such as unbalanced
|
|
parentheses) during SMTP transactions, since a return
|
|
message has (probably) already been sent.
|
|
Give better diagnostics on timeouts during network reads, including
|
|
information similar to the SMTP phase.
|
|
Fix bug that caused SMTP messages to deliver synchronously; this
|
|
happened after the DATA 250, and hence caused reading the
|
|
next command to be delayed.
|
|
Ignore Errors-To: header unless 'l' (lower case el) header is
|
|
specified. The Errors-To: header violates RFC 1123.
|
|
Errors-To: was only needed to take the place of the
|
|
envelope sender in the days when most Unix mailers
|
|
didn't understand about the two kinds of senders.
|
|
Don't send warning messages in response to automatically generated
|
|
messages (that is, those From:<>).
|
|
CONFIG: fix some rather stupid typos in the mailertable code
|
|
pointed out by Motonori Nakamura of Kyoto University.
|
|
CONFIG: add confUSE_ERRORS_TO configuration option.
|
|
CONFIG: if ALWAYS_ADD_DOMAIN is selected, try to use $M
|
|
(masquerade name) instead of $j.
|
|
CONFIG: don't add dots to relay names (added in 6.29); it breaks
|
|
several things, and can be simulated by dot terminating
|
|
the names of relays. For example, use:
|
|
DBbit.net.relay.
|
|
(note the trailing dot).
|
|
|
|
6.63/6.32 93/06/01
|
|
Fix prototypes to eliminate chars in argument lists -- some
|
|
compilers are pissy about this.
|
|
Log protocol ($r) and body type if set so we can determine if
|
|
the adaptive algorithms are working.
|
|
Pessimize on locking of database files (particularly for NEWDB
|
|
databases) during opens. There were problems with
|
|
processes opening the file while it was rebuilt; since
|
|
NEWDB caches heavily, the reader opened an empty file,
|
|
which is an error. If your system has the ability to
|
|
lock atomically on open, this works properly; otherwise,
|
|
there are race conditions.
|
|
Check mod time on .pag file instead of .dir in NDBM aliases
|
|
because the .dir file doesn't get updated for small
|
|
alias files. From John Gardiner Myers of CMU.
|
|
More Solaris portability -- it now compiles on Solaris, but
|
|
hangs up in gethostbyname().
|
|
Move setting of RES_DEBUG flag before first myhostname() call
|
|
so we can see name server traffic on that call.
|
|
Fsync() queue files.
|
|
Fix a problem that causes -bi to try to rebuild maps other than
|
|
the alias file(s).
|
|
Fix a problem that caused udb to reject entries from any but
|
|
the first database listed.
|
|
Rearrange doc subdirectory for 4.4BSD release tape.
|
|
CONFIG: put $r into the Received line. This was an oversight.
|
|
CONFIG: fix typo (call to ruleset 99 should have been rulset 90).
|
|
CONFIG: move "auxiliary" subroutines to be in ruleset 90-99
|
|
range -- in the long run, single digit rulesets may
|
|
become reserved for builtin use by sendmail.
|
|
CONFIG: fix major problem that causes host aliases (that is,
|
|
anything in $=w != $j) to not be recognized. This has
|
|
been around since 6.30.
|
|
|
|
6.62/6.31 93/05/28
|
|
BETA RELEASE
|
|
Fix recursive syserr (if there is an error printing a syserr
|
|
message). This makes the code much less eager to consider
|
|
a write error as serious. This also includes some
|
|
heuristics to be clever about closed connections.
|
|
Lock NEWDB files during gets. This requires version 1.5 or later
|
|
of the db library. If you have an older version, you
|
|
can use -DOLD_NEWDB. This will go away in a few weeks.
|
|
Fix problem causing aliases that use host maps to get overwritten.
|
|
Do appropriate byte swapping on port numbers in ident protocol
|
|
code. Fix from Allan Johannesen of WPI.
|
|
Defer opening of map files to the same time as alias files so that
|
|
the daemon will tend to pick up new versions more promptly.
|
|
Prototype a bunch more functions.
|
|
Some Solaris 2.1 changes (still doesn't link though).
|
|
Try to simplify Makefiles by including more subordinate #defines
|
|
in conf.h (based on OS type).
|
|
CONFIG: check for domains if FEATURE(mailertable) is defined.
|
|
For example, if the host name is "knecht.cs.berkeley.edu"
|
|
it will search the following mailertable keys:
|
|
knecht.cs.berkeley.edu
|
|
.cs.berkeley.edu
|
|
.berkeley.edu
|
|
.edu
|
|
This could be used to replace the special relays for bitnet
|
|
and similar nets.
|
|
|
|
6.61/6.30 93/05/24
|
|
Fix problem that prevented appending dots on canonified host
|
|
names. This breaks tons of config files -- very
|
|
important fix.
|
|
Fix improper pointer dereference in response to HELO command.
|
|
Fix core dump if debugging set in map_rewrite.
|
|
CONFIG: add FEATURE(always_add_domain) to always attach the
|
|
local domain (only impacts local mail).
|
|
CONFIG: try to avoid turning names into $j -- although
|
|
technically a host can only have one "canonical name",
|
|
it seems to be common practice to have several.
|
|
|
|
6.60/6.29 93/05/22
|
|
Major change: merge alias databases with maps. This expands and
|
|
changes the map class interface but fixes a bunch of bugs.
|
|
The important user-visible change is that the file name
|
|
in a K line now does not include the ".db" extension; this
|
|
is added automatically. Also, the -d (NIS domain) flag is
|
|
missing from the K config line; use @domain instead.
|
|
When compiling, the *_MAP names are gone -- just compile
|
|
in NDBM, NEWDB, and/or NIS support.
|
|
Announce mailer/host/user triple on -bv flag -- from Brian
|
|
Bullen of Stirling University.
|
|
Don't send more than one line in response to HELO -- it confuses
|
|
Pony Express, which then behaves very badly. However,
|
|
this change does send two line 220 greetings, with the
|
|
second line reading "ESMTP spoken here". The usersmtp
|
|
module recognizes this and goes into ESMTP mode regardless
|
|
of the setting of the "a" mailer flag. Thus, "a" means
|
|
"always try EHLO".
|
|
AIX portability changes (thanks to Christophe Wolfhugel of
|
|
Herve Schauer Consultants (Paris) for providing me with
|
|
an INSA account for this purpose). Lightly tested. Use
|
|
-D_AIX3. This probably breaks compatibility with some
|
|
older systems (e.g., 4.2bsd) but still works on SunOS
|
|
4.1.2, Ultrix 4.2A, HP-UX 8.07, OSF/1 T1.3, and AIX 3.2.3.
|
|
Fix a problem causing an error message loop if the output channel
|
|
is hosed.
|
|
Add the Makefiles that I use for various environments -- some are
|
|
Berkeley make versions and some are old make versions.
|
|
My makefile for the NeXT box has gotten lost, alas!
|
|
PRALIASES: support for printing NEWDB databases. From
|
|
Michael J. Corrigan of U.C. San Diego.
|
|
CONFIG: don't pass pseudo-domains to $[ ... $] (if you have
|
|
a wildcard MX it can have wierd results). From
|
|
Christophe Wolfhugel.
|
|
CONFIG: dot terminate relay hostnames in S0. From Christophe
|
|
Wolfhugel.
|
|
|
|
6.59/6.28 93/05/13
|
|
Log version with SMTP daemon startup message.
|
|
Adjust setproctitle to work on NetBSD and BSD/386.
|
|
Fix null pointer reference in MX fallback code.
|
|
A bunch of minor fixes from Eric Wassenaar:
|
|
If deliver cannot execv the mailer, return EX_OSERR
|
|
instead of EX_TEMPFAIL (to give better
|
|
error messages).
|
|
Consistently malloc e_message.
|
|
Catch degenerate case of calling returntosender()
|
|
with an empty returnq.
|
|
MIME reformatting.
|
|
|
|
6.58/6.28 93/05/13
|
|
Fix bug that can cause incorrect verbose display of user smtp
|
|
messages.
|
|
Disable SMTP VERB command if PRIV_NOEXPN is set (since this
|
|
could reveal the same information.
|
|
Allow failure when reading SMTP greeting message to go on to
|
|
next MX host.
|
|
Add "MIME-Version: 1.0" header if using MIME (this was NOT
|
|
included in RFC 1344, but Bill King of Allan-Bradley
|
|
Company forwarded me email from Nathaniel Borenstein
|
|
claiming that it was an inadvertent omission).
|
|
Don't use Content-Type: X-message-header. According to John
|
|
Myers of CMU, many MIME readers will completely ignore
|
|
the data if they don't recognize it. Instead, just
|
|
add a blank line to make it a legal (empty) message.
|
|
Fix problem causing dots to keep getting appended to cached
|
|
hostnames. This can cause buffer overrun conditions.
|
|
The problem was found by Erik Forsberg of Retix,
|
|
although I used a different bug fix than he provided.
|
|
Fix parsing of split header/envelope rewriting specs -- from
|
|
Eric Forsberg.
|
|
Fix from Eric Wassenaar to correct To: lists in error messages.
|
|
|
|
6.57/6.28 93/05/11
|
|
Fix minor glitch causing extra ctladdrs to be output to queue
|
|
file. Just an annoyance.
|
|
Cache results of name server canonification lookups to avoid
|
|
backed up queue runs.
|
|
Major rewrite of alias.c: considerable cleanup, plus sample
|
|
(untested) support for NIS aliases. The "A" option
|
|
can now be a comma separated list (or be repeated) --
|
|
that is, you can have multiple alias databases. Each
|
|
database can have the syntax ``class:file''; if no class
|
|
is specified, the "implicit" class is assumed. Implicit
|
|
searches through a list of compiled in types -- hash,
|
|
dbm, nis, and stab. Alias files are searched in the
|
|
order they are listed. For example:
|
|
OAhash:/etc/aliases.local,/etc/aliases
|
|
OAnis:mail.aliases@my.nis.domain
|
|
first searches the hash database /etc/aliases.local,
|
|
then the regular /etc/aliases database, then the NIS
|
|
map "mail.aliases" in the NIS domain "my.nis.domain".
|
|
If in Verbose mode (probably from VERB command) run SMTP job
|
|
in foreground and don't do RCPT optimizations.
|
|
Add udb :mailsender as equivalent to owner- for regular aliases.
|
|
Delete option 8; add option 7 that means the opposite. That is,
|
|
default to 8-bit mode; a special option is needed to
|
|
force sendmail into 7 bit mode.
|
|
Send error messages in encapsulated MIME format.
|
|
New compile flag "NIS" that turns on NIS alias and NIS map
|
|
support.
|
|
Add "j" option to send error messages in MIME (RFC 1341)
|
|
encapsulated message format per RFC 1344. The
|
|
syntax is pretty ugly if you don't have MIME-aware
|
|
user agents.
|
|
Clean up message handling (for display in mailq output).
|
|
New setproctitle implementation for 4.4bsd.
|
|
Create files (such as ~/dead.letter) using mode FileMode (the
|
|
F option value) instead of 0666.
|
|
Fix bug causing output of EXPN command to not be fully qualified.
|
|
This may cause some problems with UUCP addresses that
|
|
will require some config file assistance -- specifically,
|
|
the $: part has to include the host name for this output
|
|
to make sense.
|
|
Fix a problem that sometimes diagnosed errors and still sent the
|
|
message if the header syntax was bad.
|
|
Fix a bug that caused an error message to be emailed when sendmail
|
|
was operating in -bv mode.
|
|
Add "ListenQueueSize" keyword to daemon options option (OO) to
|
|
set the queue size parameter passed to listen(). You
|
|
will normally have to tweak your kernel to up this.
|
|
Strip spaces off of beginning of message-id before logging (in
|
|
case it was folded across lines).
|
|
Tweak compile flags in daemon.c -- there were some cases where
|
|
it wouldn't work without NETINET.
|
|
Change *file* mailer to output all the usual default headers
|
|
(From, Date, Message-Id). It gets used when sending
|
|
back error messages.
|
|
CONFIG: explicitly catch and diagnose list:; syntax in ruleset
|
|
zero -- this is not a valid recipient syntax according
|
|
to RFC 821.
|
|
CONFIG: add confMIME_FORMAT_ERRORS to send error messages in
|
|
MIME format. Defaults to on.
|
|
CONFIG: add SMTP_MAILER_FLAGS and UUCP_MAILER_FLAGS to augment
|
|
the flags for those mailers.
|
|
|
|
6.56/6.27 93/05/01
|
|
Fix problem that causes the fallback mail to postmaster
|
|
(case ESM_POSTMASTER in savemail()) to not look at
|
|
aliases (ugh).
|
|
Some more HPUX tweaking (compile flag hpux => __hpux so it
|
|
still works in ANSI mode).
|
|
Don't try to flock non-regular files when mailing to a file.
|
|
In particular, this was a problem if you tried to
|
|
send to /dev/null.
|
|
Fix a wierd bug that can cause senders to be queued as
|
|
recipients if the name server is down when the mail
|
|
is initially sent. This hack just ignores sender
|
|
deletion (essentially, it sets the MeToo flag) if there
|
|
is a TEMPFAIL during processing of the sender address.
|
|
Obscure.
|
|
Fix a dangling else problem -- from Brian Bullen from University
|
|
of Stirling, UK.
|
|
Add the "b" mailer flag to force a blank line on the end of
|
|
messages. Some brilliant versions of /bin/mail insist
|
|
on this but do not add it themselves.
|
|
Add the "g" mailer flag to prevent user SMTP from sending
|
|
"MAIL From:<>". This is only intended to be a
|
|
transitional gesture, and should not be used if at
|
|
all possible. It appears that Berkeley and IDA
|
|
config files have always handled this properly; the
|
|
UK config kit apparently does not.
|
|
Don't lowercase and then capitalize header field names -- leave
|
|
them with original capitalization. Fixes from Bill
|
|
King of Allen-Bradley Company.
|
|
Further cleanup and improved reporting of error messages,
|
|
particularly conditions that cause messages to be
|
|
requeued for future delivery.
|
|
Tweak syslog priorities in some cases.
|
|
CONFIG: clean up route-addr on UUCP addresses.
|
|
|
|
6.55/6.25 93/04/27
|
|
HPUX 8.07 compatibility changes in getla() -- I had to make
|
|
these changes to get it to work at Berkeley, although
|
|
others seem to have been working before (???).
|
|
Various patches to XLA code.
|
|
Fix problem that causes setuid bit on files to be ignored from
|
|
SMTP or in queue runs. Problem noted by Jason Ornstein
|
|
of Under The Wire, Inc.
|
|
Fix problem that can cause CNAMEs to be ignored.
|
|
Generalize getmxrr to match local host in $=w instead of a
|
|
single name passed in.
|
|
Some cleanup from Eric Wassenaar:
|
|
Use FileMailer instead of ProgMailer in two places.
|
|
Eliminate duplicate 8th-bit stripping in commaize.
|
|
Fix a problem with mis-parsing of backslash escapes
|
|
under some circumstances.
|
|
NIS map fix (was always including trailing null character)
|
|
from Mike Glendinning of Ingres UK.
|
|
Add "a" mailer flag to try using ESMTP. It tries the EHLO
|
|
command and if that fails falls back to regular SMTP.
|
|
Also parses EHLO option keywords. If host supports
|
|
SIZE extension, this is added to the MAIL FROM:
|
|
command.
|
|
Extend "b" option to include a second value which is the
|
|
maximum message size this server is willing to accept.
|
|
For example, a value of "10/1000000" says that there
|
|
must be ten blocks free, and sendmail will reject
|
|
any message larger than one megabyte.
|
|
Some portability hooks for NeXT (this could be applicable
|
|
to Mach in general). You have to create an empty
|
|
file called "unistd.h" to get it to compile.
|
|
Adjust config values (MAXLINE, MAXATOM, and PSBUFSIZE) to
|
|
be more generous.
|
|
Add X400-Received: to the list of headers tagged with H_TRACE
|
|
in conf.c. From Bill King, Allen-Bradley Co.
|
|
|
|
6.54/6.25 93/04/19
|
|
Fix problem that caused redefinition of SMTP and QUEUE compile
|
|
flags. Pointed out by Jon Forrest of the Sequoia 2000
|
|
project at Berkeley.
|
|
Properly handle \! hack -- it was treating host\!user as one
|
|
token (host!user) instead of three (host, !, user).
|
|
Fix from Eric Wassenaar of NIKHEF-H.
|
|
Fix compilation problem in getauthinfo() if IDENTPROTO is off.
|
|
Turn off DEFNAMES and DNSRCH when getting the hostsignature
|
|
(i.e., MX records) in level 1 configuration files; this
|
|
matches the old behaviour. From Motonori Nakamura of
|
|
Kyoto University.
|
|
Improve error message printing -- if sent through an alias,
|
|
error messages include the name of the alias in the
|
|
message. Unfortunately, in order to make this work
|
|
properly in queue runs, this changes the format of the
|
|
C line in the qf file. The relatively uselessness of
|
|
the previous information was pointed out to me by
|
|
Allan E Johannesen of WPI.
|
|
Add XLA compile flag to add hooks to Christophe Wolfhugel's
|
|
extended load average code. This is still in very early
|
|
form. For information regarding the guts of the xla
|
|
code, contact Christophe.Wolfhugel@grasp.insa-lyon.fr.
|
|
Additional hooks for detecting tempfails in rewriting rules
|
|
(that is, in map lookups).
|
|
|
|
6.53/6.25 93/04/15
|
|
Properly diagnose ruleset zero returning null (instead of a mailer
|
|
triple). From Motonori Nakamura of Kyoto University.
|
|
More generalization of socket code for other protocols.
|
|
Shorten timeouts on reverse name lookups -- since they are done
|
|
during connection establishment, long timeouts here can
|
|
cause higher level timeouts. This mainly serves to accept
|
|
mail from hosts that do not have proper reverse (PTR) DNS
|
|
records set up.
|
|
Reset e_statmsg before each mailer invocation to avoid bogus
|
|
messages in the log.
|
|
Redefine $r, $s, and $_ in error envelopes so you don't get
|
|
incorrect cruft in the error message. Problem noted by
|
|
Motonori Nakamura of Kyoto University.
|
|
Fix a problem that can cause failure to return errors to Postmaster
|
|
in certain cases. From Motonori Nakamura.
|
|
Fix a problem that can cause some systems to give duplicate error
|
|
messages when a bad syntax address such as "<a" is presented
|
|
to an SMTP server. It doesn't seem to occur on all
|
|
machines. From Motonori Nakamura.
|
|
Default IDENTPROTO off for Ultrix and HPUX, which apparently have
|
|
the interesting "feature" that when they receive a "Host
|
|
unreachable" message they closes all open connections to
|
|
that host. However, some firewall gateways send this message
|
|
if you try to connect to an unauthorized port, such as the
|
|
IDENT port (113). Thus, no email can be received from such
|
|
hosts. There is some evidence that versions of Ultrix before
|
|
4.3 do not have this problem. Thanks to Tom Ivar Helbekkmo
|
|
for pointing out this behaviour to me and to Michael Corrigan
|
|
of U.C. San Diego for informing me about the HPUX problem.
|
|
Allow IPC mailers to return a colon-separated list of hosts in the
|
|
$@ clause; these are searched in order as though they were
|
|
MX records.
|
|
When sending an error report, print the list of addresses tagged
|
|
as bad. Requested by Allan E Johannesen of WPI.
|
|
Change map function calls to return a status code. This gets
|
|
passed back as the result of rewrite. Parseaddr marks
|
|
the address as a QUEUEUP address if the return code is
|
|
EX_TEMPFAIL. All this to queue properly if the name
|
|
server is down. This code is not well tested. This code
|
|
changes the interface to map lookup functions (a fifth
|
|
parameter, int *statp, is added). Feature requested by
|
|
Dan Oscarsson.
|
|
Don't delete quotes (in the dequote map) if there are spaces in
|
|
the string, since this would cause them to be replaced by
|
|
the SpaceSub character.
|
|
Accept BODY=8BITMIME on SMTP MAIL command. This isn't advertised
|
|
because the 8BIT to 7BIT translation doesn't exist yet.
|
|
This does add a "bodytype" field to both envelope and
|
|
queue file and a -B command line flag to pass the type in
|
|
during direct invocations.
|
|
Discard return error messages only on responses to responses to
|
|
responses, not on responses to responses. That is, the
|
|
algorithm is to try return to sender, then return to
|
|
postmaster, then discard. Previously it discarded
|
|
immediately if the return to sender pass failed.
|
|
CONFIG: back out change to hide unqualified hostnames behind %-hack.
|
|
This screws up local aliases and .forward files.
|
|
CONFIG: add FEATURE(nocanonify) to turn off calls to $[ ... $];
|
|
some sites only handle completely canonified names.
|
|
Requested by John Gardiner Myers of CMU.
|
|
CONFIG: some UUCP code was still included even if FEATURE(nouucp)
|
|
was specified.
|
|
|
|
6.52/6.24 93/04/10
|
|
Clean up some minor glitches on error return messages pointed out
|
|
by Motonori Nakamura of Kyoto University.
|
|
Fix reply() to not reset SmtpReplyBuffer on fatal errors; this
|
|
was supposed to reset SmtpMsg Buffer. This makes the
|
|
client side code virtually useless. Reported by Allan
|
|
E Johannesen of WPI and Phil Brandenberger of Swarthmore.
|
|
Better debug messages if fuzzy is disabled, suggested by Allan
|
|
E Johannesen of WPI.
|
|
Offset SmtpReplyBuffer by four in usersmtp when checking for
|
|
loopback. From Eric Wassenaar.
|
|
Don't set $s until after runinchild in srvrsmtp -- otherwise
|
|
it gets cleared. From Eric Wassenaar.
|
|
Implement IDA-style $&x for deferred macro expansion.
|
|
More POSIX compatibility.
|
|
CONFIG: Hide unqualified hostnames behind %-hack using $s as the
|
|
actual sender. This is only done if $r is non-null, that
|
|
is, if this is not locally submitted mail.
|
|
CONFIG: Add FEATURE(bitdomain) allowing mapping of BITNET host
|
|
names to internet domains. A program contributed by
|
|
John Gardiner Myers of CMU to create the maps is included
|
|
in the contrib directory (in the "misc" tar file).
|
|
CONFIG: Add FEATURE(uucpdomain) for a similar mapping for UUCP
|
|
hosts. There is currently no tool to create this map.
|
|
|
|
6.51/6.23 93/04/04
|
|
Add D= mailer flag to specify a path of possible working directories
|
|
in which to execute the mailer. This is intended for the
|
|
prog mailer; some shells can get upset if they don't have
|
|
access to the current directory.
|
|
Add RFC 1413 (IDENT) protocol support. This is only very loosely
|
|
tested. This adds a $_ macro to be the authenticated
|
|
info (in ``user@domain [address]'' form) and debug flag
|
|
9 to trace the protocol.
|
|
Check for loopbacks in usersmtp instead of srvrsmtp -- there is no
|
|
reason for a local agent to not be talking to the localhost
|
|
(although the inverse is not true).
|
|
Add a few hooks for automated map rebuilding. This is certainly
|
|
not done yet.
|
|
CONFIG: Have prog mailer specify a path of ``D=$z:/'' -- that is,
|
|
user's home directory then the root.
|
|
CONFIG: Log RFC 1413 identification in Received: line.
|
|
|
|
6.50/6.22 93/04/01
|
|
Fixes to requeueing code to make it compute priority, nrcpts,
|
|
and the like properly.
|
|
|
|
6.49/6.22 93/04/01
|
|
Diagnose incorrect privacy flags. Suggested by Bryan Costales
|
|
of ICSI.
|
|
Some ANSI C fixes.
|
|
Arrange to quote backslashes as well as other special characters
|
|
in the phrase part of a route-addr.
|
|
Some fixes to FallBackMX code suggested by Motonori Nakamura of
|
|
Kyoto University.
|
|
More vigorous zeroing of CurHostAddr to avoid logging of bogus
|
|
host addresses when you are actually just printing
|
|
information from the MCI structure; problem noted by
|
|
Michael Corrigan of U.C. San Diego.
|
|
Don't ignore rest of queue if any job is not runnable. This can
|
|
also cause an incorrect job to be lost. Fix from
|
|
Eric Wassenaar.
|
|
Always respond "quickly" to RCPT command; do alias expansion and
|
|
the like later. This also means that mail for lists that
|
|
have errors will be acccepted, and an error sent back
|
|
later. This is done by instantiating the queue file
|
|
and then immediately running and requeueing it.
|
|
|
|
6.48/6.22 93/03/30
|
|
Fix incorrect diagnosis of infinite loop in ruleset. Problem noted
|
|
by several people.
|
|
Improve information printed when infinite loops are discovered.
|
|
Zero CurHostAddr to fix erroneous internet addresses in log when no
|
|
addresses can be bound. Pointed out by Motonori Nakamura
|
|
of Kyoto University.
|
|
"Probe" SMTP connections using RSET instead of NOOP "just in case".
|
|
Suggested by John Gardiner Myers of CMU.
|
|
Don't warn about -f if you are setting sender to yourself.
|
|
|
|
6.47/6.22 93/03/29
|
|
Fix incompatible call to endmailer in smtpquit which causes core
|
|
dumps. Noted by Allan E Johannesen of WPI.
|
|
HPUX portability changes from Michael J. Corrigan of UC San Diego.
|
|
Require MAIL before RCPT command in srvrsmtp.c. This had been
|
|
intentional from the 821 draft days when the order wasn't
|
|
clear, but is silly now.
|
|
Fix bug in nis_magic routine that was initializing parameters
|
|
incorrectly. Fix from Takahiro Kanbe of Fuji Xerox
|
|
Information Systems Co., Ltd.
|
|
Change default for PrivacyFlags in conf.c to 0 -- since it always
|
|
"or"s in new values, there was no way to turn off the
|
|
AuthWarning stuff.
|
|
Add O option to set SMTP daemon options.
|
|
Add V option to set fallback MX host. This always sorts at lower
|
|
priority than anything it gets from the name server. It
|
|
should only be used for environments with very bad network
|
|
connectivity. Requested by several people.
|
|
Log sending info. It's not clear this is a good idea.
|
|
CONFIG: fix typo in mailertable code. Noted by Phil Brandenberger
|
|
of Swarthmore.
|
|
CONFIG: add confDAEMON_OPTIONS and confFALLBACK_MX to set options
|
|
O and V, respectively.
|
|
|
|
6.46/6.21 93/03/26
|
|
Fix botch in server SMTP that broke transactions that did not
|
|
use HELO first (like MH). Fix from Michael Corrigan
|
|
of U.C. San Diego.
|
|
Fall back to other MX records if there is an error anywhere
|
|
in delivery (actually on MAIL or DATA -- RCPT is harder).
|
|
Suggested by John Gardiner Myers and Motonori Nakamura.
|
|
Revert to non-prototypes -- it turns out that our ANSI C
|
|
compiler is more forgiving than most others about
|
|
mixing prototyped extern declarations with non-prototyped
|
|
function definitions.
|
|
Fix a problem with multi-word class matching pointed out by
|
|
Neil Rickert. Given:
|
|
CX b a.b.c
|
|
R$+ $=X $+ $: $1 < $2 > $3
|
|
the input "user@a.b.c" failed instead of being properly
|
|
rewritten as "user@a.<b>.c".
|
|
Neil also convinced me that it was correct that $~ should match
|
|
only one token -- the problem is that it's always possible
|
|
to add another token, so $~ matches far too eagerly.
|
|
|
|
6.45/6.21 93/03/25
|
|
Implement multi-word classes (properly!).
|
|
|
|
6.44/6.21 93/03/25
|
|
Add X-Authentication-Warning: headers to clue users into possible
|
|
attempts to forge mail. This is on the authwarnings
|
|
privacy flag, but is the default. Suggested by Bryan
|
|
Costales of ICSI.
|
|
Pass default units for convtime in so they can be more reasonable.
|
|
Allow config files to always add a new Comments: header (i.e.,
|
|
they will be added even if an old one already exists).
|
|
Suggested by Bryan Costales of ICSI.
|
|
Allow config files to delete an existing Return-Path: header.
|
|
These should only be added at final delivery. Suggested
|
|
by Bryan Costales of ICSI.
|
|
Some debugging additions. Suggested by Bryan Costales of ICSI.
|
|
Clean up logging of Family 0 addresses. Noted by David Muir
|
|
Sharnoff and others.
|
|
Add a "dequote" map class. This allows config files to strip
|
|
quotes off of addresses. Note that this is not a builtin
|
|
map, just a class -- so you have to define the map
|
|
using the K line.
|
|
Fix a bug in the queueup() loop getting a locked tf where in
|
|
very odd cases it can fall off the bottom and core dump.
|
|
Of course, it was P{r Emanuelsson who found it....
|
|
Open a new transcript when splitting an envelope. Problem found
|
|
by Allan E Johannesen of WPI.
|
|
Improved error output in endmailer if the mailer core dumps.
|
|
CONFIG: Fix typo in UUCP mailer definition.
|
|
CONFIG: Default several of the new options on: eight bit input,
|
|
privacy flags set to "authwarnings", and message warning
|
|
set to 4h.
|
|
CONFIG: Use dequote map.
|
|
|
|
6.43/6.20 93/03/23
|
|
Fix problem with assumption of an sa_len field in a generic
|
|
sockaddr -- it turns out that most vendors haven't
|
|
picked up this (very important) fix.
|
|
Change compilation flags for daemon code -- select one or both
|
|
of NETINET or NETISO, but don't ever set DAEMON manually.
|
|
CONFIG: add FEATURE(mailertable) to do IDA-style mailertables.
|
|
|
|
6.42/6.19 93/03/19
|
|
Use Postmaster as default fallback return address, not root.
|
|
POSIX changes for file descriptor handling.
|
|
Diagnose errors writing new queue file.
|
|
If you change the owner using an owner- alias, also change the
|
|
error mode to EM_MAIL so that errors don't get dropped
|
|
into an inappropriate directory. Problem noted by
|
|
Allan E Johannesen of WPI.
|
|
If you are su'ed to root, send email as who you really are, not
|
|
as root. From Brian Kantor of U.C. San Diego.
|
|
Allow warning messages to be sent after a configurable interval
|
|
has passed without delivery. The message is sent only
|
|
once per envelope. This changes the format of the qf
|
|
file to have an F line, and the format of the T option
|
|
to accept take the format "return/warn" (both intervals).
|
|
Don't force all local names to lower case -- this was left over
|
|
from the wierd handling of case mapping on aliases. It
|
|
is now driven (as expected) by the "u" mailer flag.
|
|
Problem noted by P{r Emanuelsson.
|
|
Fix problem that caused headers on returned email to be trashed;
|
|
they were getting freed, but are still accessible via
|
|
BlankEnvelope.
|
|
Fix problem that caused bogus ids to be created on returned
|
|
mail.
|
|
Add support for ISO and other non-INET networking. This is by
|
|
no means finished yet. This does assume a lot of other
|
|
system support, like a version of gethostbyname that
|
|
returns non-AF_INET addresses.
|
|
CONFIG: change default on prog mailer to keep upper case in
|
|
user names (i.e., in the program command line).
|
|
CONFIG: strip trailing dots off of hosts in uucp mailer before
|
|
convert to bang format.
|
|
CONFIG: create new "relay" mailer for $R (LOCAL_RELAY) and $H
|
|
(MAIL_HUB) delivery that doesn't add local domain. Note
|
|
that this violates 821, but is probably "more correct"
|
|
for what we are trying to do. Problem pointed out by
|
|
Michael Graff of Iowa State.
|
|
|
|
6.41/6.18 93/03/18
|
|
Clean up unnecessary creates of queue ids (i.e., empty qf files)
|
|
when not needed, such as when starting up an SMTP
|
|
connection.
|
|
Fix problem where split envelopes aren't instantiated in the queue.
|
|
This is quite a serious bug.
|
|
Owner- aliases had problems with leading spaces causing a
|
|
premature delimitation.
|
|
|
|
6.40/6.18 93/03/18
|
|
Have ending 250 (after DATA) include the id; suggested by
|
|
Brian Kantor of UC San Diego.
|
|
Add logging on envelope splitting.
|
|
Change queue ids to have one more letter encoding the hour of
|
|
the day so that during a single day there is a greater
|
|
likelihood of uniqueness; requested by Brian Kantor.
|
|
|
|
6.39/6.18 93/03/18
|
|
Fix minor compile problem if LOCKF is defined.
|
|
Define size of tobuf in conf.h. Observed by Toshinari Takahashi
|
|
of Toshiba.
|
|
Restore e_sender -- this is equivalent to e_from.q_paddr without
|
|
decorations such as angle brackets and comments.
|
|
OSF/1 on Alpha changes from Allan E Johannesen of WPI.
|
|
CONFIG: fix typo in S3 for list syntax (;: => :;). Thanks to
|
|
Christopher Hoover for noting the problem.
|
|
|
|
6.38/6.17 93/03/17
|
|
Pass envelope to disconnect to avoid another use of CurEnv, which
|
|
can apparently end up being null at inopportune times.
|
|
Log "received from" as "relay=" for consistency (suggested by
|
|
John Gardiner Myers).
|
|
Fix major bug in header handling: if no From: line existed in
|
|
the header (so sendmail inserts one), and the sender is
|
|
an alias that has an owner, the From: line shows the
|
|
owner (as well as the envelope). Fixed by early binding
|
|
the headers (which will change debugging output).
|
|
HPUX portability patches from Michael J. Corrigan of UC San Diego.
|
|
Some attempts to adapt better to out of open file conditions.
|
|
Some changes to ctladdr handling in queue files.
|
|
|
|
6.37/6.17 93/03/16
|
|
MAJOR CHANGE: delete e_sender and e_returnpath (why are these
|
|
different from e_from?) and $< macro.
|
|
Log correct IP address in relay= field even if the connection
|
|
times out.
|
|
Log "received from [RESPONSE]" on EF_RESPONSE messages (from
|
|
John Gardiner Myers).
|
|
Fixes to SysExMsg logging (sometimes just got "message: %s"
|
|
instead of "message: error message"), noted by Eric
|
|
Wassenaar. Also reported by Motonori Nakamura.
|
|
Improvements to MX piggybacking code, from Motonori Nakamura.
|
|
Fix case where CurHostName points to an auto variable that has
|
|
been deallocated (from Motonori Nakamura).
|
|
Fix bug causing newlines to be included in aliases if option
|
|
"n" (check alias RHS) is set; bug noted by David Muir
|
|
Sharnoff.
|
|
Fix problem causing user names that should be mapped to lower
|
|
case to not be mapped if they are sent during a queue
|
|
run. This greatly simplifies the case mapping code.
|
|
Problem noted by Allan E Johannesen of WPI.
|
|
Don't do recipient address rewriting in buildaddr. This
|
|
improperly did recipient rewriting on sender addresses,
|
|
and just seems bogus in general -- but the change could
|
|
break some .cf files.
|
|
Pass TZ envariable to child processes for System V.
|
|
CONFIG: allow LOCAL_RULE_1 and LOCAL_RULE_2 if you want to
|
|
define those rulesets.
|
|
KNOWN PROBLEM: I have seen some problems on SunOS that causes
|
|
the User Data Base to give errors on some addresses. I
|
|
have tracked the problem back at least as far as 93.02.15
|
|
(version 6.22). Running with debugging on makes it
|
|
go away, so I conclude that it is referencing uninitialized
|
|
stack data. I haven't been able to track this down yet.
|
|
|
|
6.36/6.16 93/03/08
|
|
Allow local mailer to specify $@host -- this lets you assign the
|
|
"foo" part of jgm+foo to $h for passing in to the local
|
|
mailer.
|
|
Additional debug printing in getcanonname (show query type).
|
|
Don't add the e_fromdomain on sender addresses -- this interacts
|
|
wierdly with the owner- code.
|
|
Improve delivery logging to not log obvious or meaningless stuff.
|
|
Include numeric IP address in Received: lines per RFC 1123 section
|
|
5.2.8.
|
|
Fixed a bug in checking stat() return value if restrictmailq is
|
|
set. Also, check the entire group set instead of just the
|
|
primary group. Both from John Gardiner Myers.
|
|
Don't have usrerr automatically print errno, since this is often
|
|
misleading.
|
|
Use transienterror() in makeconnection after connect() fails and
|
|
in openmailer after execve() fails (from Eric Wassenaar).
|
|
Also moved transienterror() from util.c to conf.c.
|
|
Clean up from= logging on response messages.
|
|
Undo patch allowing prescan to return a null vector -- it breaks
|
|
too many things.
|
|
Config: FEATURE(notsticky) lets you use UDB for everything coming
|
|
in to the machine, even if it is specifically targetted
|
|
to this machine. Without it, UDB is bypassed if the user
|
|
name is fully qualified.
|
|
Config: fix another minor botch with <> (local mailer wasn't
|
|
mapping them properly).
|
|
|
|
6.35/6.15 93/03/05
|
|
Fix getrealhostname to return null if sinlen <= 0 -- this can
|
|
occur if stdin is a pipe.
|
|
Avoid infinite loop in getcanonname if name server return
|
|
NO_DATA (for example).
|
|
Config: avoid having C flag qualify list syntax and error syntax.
|
|
|
|
6.34/6.14 93/03/05
|
|
Fix logging in deliver to not pass too many parameters to Ultrix
|
|
versions of syslog.
|
|
Don't write the pid file until after the daemon has actually
|
|
opened and conditioned the connection.
|
|
Consider addresses "different" if their q_uids differ (so that
|
|
two users forwarding to the same program will be seen
|
|
as different, rather than the same).
|
|
Fix problem with bad parameters in main() -- they set ExitStat
|
|
but don't exit.
|
|
Fix null pointer references through RealHostName -- painfully
|
|
discovered by Allan E Johannesen of WPI.
|
|
Fix bug causing user@@localhost to core dump (yuch).
|
|
Config: don't put two @host.dom.ain on users in $=E in SMTP
|
|
mailer. Also, catch user@ (no host) in ruleset 0.
|
|
|
|
6.33/6.13 93/03/03
|
|
Config: add confCW_FILE as the name of the cw configuration file
|
|
(defaults to /etc/sendmail.cw). From P{r Emanuelsson.
|
|
Allow prescan to return a pointer to an empty list -- this is
|
|
not an error. Also, clean up error reporting to avoid
|
|
double errors (prescan reports once, then the caller
|
|
reports again).
|
|
Changes to avoid trusting T_ANY queries -- run them, but if you
|
|
don't get the info you expected, do T_A and T_MX queries
|
|
anyhow. This also fixes an oversight where _res.options
|
|
bits were being ignored.
|
|
If PRIV_NOVRFY is set, use 252 response code instead of 502 per
|
|
RFC 1123 section 5.2.3. It's not 100% clear that this
|
|
is correct, but it probably works better with stupid
|
|
mailers that do a VRFY and only check the first digit.
|
|
|
|
6.32/6.12 93/03/02
|
|
Fix uninitialized variable "protocol" in smtp code.
|
|
Include <unistd.h> in sendmail.h -- move towards POSIX/ANSI.
|
|
Additional hooks for RFC 1427 (ESMTP SIZE extension). This
|
|
includes requiring that enoughspace() know the system
|
|
block size, which will undoubtedly break most ports.
|
|
Trace flag 19 in use for srvrsmtp.c.
|
|
Additional logging -- notably the sending mailer name. This
|
|
also changes the delivery logging to strict field=value
|
|
syntax.
|
|
Fix some problems with messages getting sent even to addresses
|
|
that had been marked bad -- from Eric Wassenaar.
|
|
More WIDE changes: accept host name inside [...] as non-MXed
|
|
host. This is intended ONLY for use inside firewalled
|
|
environments, where the MX points at the gateway.
|
|
Change .cf file conventions so that mapping for <> addresses
|
|
don't have an @ in them (to avoid confusing the C mailer
|
|
flag). Pointed out by Neil Rickert.
|
|
Config extensions for Sam Leffler's FlexFAX software.
|
|
|
|
6.31/6.10 93/02/28
|
|
Fix some more bugs in alias owner code -- there were some wierd
|
|
cases where an error in a non-aliased name would override
|
|
the return info in an aliased name with an owner.
|
|
Changes from WIDE Project, forwarded to me by Motonori Nakamura:
|
|
Log actual delivery host (after MX et al); from
|
|
yasuhiro@dcl.co.jp.
|
|
Log daemon startup.
|
|
Deliver Postmaster copies without a body.
|
|
Better logging of SMTP senders.
|
|
Send all program email as daemon even when local.
|
|
As requested in various forms from many people, accept -qIstring
|
|
to limit queue runs to jobs with queue-id matching string.
|
|
Similarly for -qRstring for recipients, -qSstring for
|
|
senders.
|
|
Initial hooks for ESMTP support (see RFC 1425).
|
|
Fixed a syntax error in the UUCP mailer specification that caused
|
|
core dumps on startup.
|
|
Check for missing A= or P= arguments in mailer definitions.
|
|
|
|
6.30/6.10 93/02/27
|
|
Require FROZENCONFIG compilation flag to include frozen
|
|
configuration code. Frozen configuration is really
|
|
not a very good idea any more, particularly in shared
|
|
library environments.
|
|
Do better checking of errno after opens of :include: and .forward
|
|
files to defer delivery on network and other transient
|
|
errors. Suggestion from Craig Everhart.
|
|
Fix minor botch in read timeout macro processing.
|
|
Add FEATURE(nouucp) to config files for sites that know absolutely
|
|
nothing about UUCP.
|
|
Add built cf files to distribution tape and clarify how to build
|
|
them if you don't have the Berkeley make.
|
|
Some sizeof(long) portability changes for the Alpha, from Allan
|
|
E Johannesen.
|
|
Add "restrictmailq" privacy flag -- if set, only people in the same
|
|
group as your queue directory can print the queue. If you
|
|
set this, be sure you also restrict access to log files....
|
|
Fix another bug in owner-list stuff that can cause data files to
|
|
be "lost".
|
|
Fix a bug with queue runs that cause forwards to yourself to go
|
|
into alias/forwarding loops. I'm still iffy about this
|
|
fix.
|
|
Fix from Eric Wassenaar for suppression of return message code.
|
|
|
|
6.29/6.9 93/02/24
|
|
Fix yet another problem in alias owner code -- put the wrong return
|
|
address on the enclosed return-to-sender letter.
|
|
|
|
6.28/6.9 93/02/24
|
|
Fix botch in alias owner code that caused it to not operate if the
|
|
error was detected locally.
|
|
|
|
6.27/6.9 93/02/24
|
|
M_LOCAL => M_LOCALMAILER to avoid conflict with Ultrix include
|
|
file <sys/mount.h>.
|
|
Miscellaneous bug fixes from Eric Wassenaar:
|
|
sendmail -bv -t logs the from line even though in verify
|
|
mode only.
|
|
sendmail -v can go into queue mode if shouldqueue returns
|
|
TRUE.
|
|
Add route-addr pruning per RFC 1123 section 5.3.3. This can be
|
|
disabled using the "R" option.
|
|
Delete (always undocumented) -R flag (save original recipients);
|
|
there are ways to syslog(3) these now.
|
|
Clean up SMTP reply codes -- specify them as needed in the code,
|
|
instead of in conf.c -- this was needed during the NCP to
|
|
TCP transition, but seems silly now. This also changes
|
|
parameters to message and nmessage.
|
|
Have mailstats read the .cf file to find the sendmail.st file and
|
|
get text versions of mailer names. An initial version of
|
|
this code was provided by Tuominen Keijo (although the
|
|
comments indicate the good bits were written by "E.V.").
|
|
Add yet more System V compatibility hacks.
|
|
Fix bug in VRFY code (assumes everything must be a local user).
|
|
Allow specification of any of the hard-wired pathnames in the
|
|
Makefile.
|
|
Delete concept of "trusted users" -- this really didn't provide
|
|
any security anyway, and caused some problems.
|
|
Delete last vestige of support for the word "at" as an equivalent
|
|
to the character "@".
|
|
Propagate owner-foo alias information into the envelope sender.
|
|
Based on code from John Gardiner Myers. This is a major
|
|
semantic change -- beware!
|
|
Allow $@ on LHS to indicate "match zero" -- this is used to match
|
|
the null expression.
|
|
|
|
6.26/6.8 93/02/21
|
|
Don't "lose" queue runs. Very important fix from (who else?)
|
|
Eric Wassenaar.
|
|
Completely reset state on RSET command -- from Eric Wassenaar.
|
|
Send error messages and return receipts using an envelope sender
|
|
of <> regardless of the setting of $n. Rewriting rules
|
|
can undo this if they feel the necessity, as might be
|
|
needed for networks that don't understand the syntax.
|
|
This is permitted by RFC 821 section 3.6 and required by
|
|
RFC 1123 section 5.3.3. THIS REQUIRES VERSION 4 CONFIG
|
|
FILES because the rulesets must be able to parse <>
|
|
properly.
|
|
Don't ever send error messages to "<>" -- they will get sent to
|
|
the local postmaster or dumped in /usr/tmp/dead.letter
|
|
instead. Per RFC 1123 section 5.3.3.
|
|
Explicitly check for email to yourself as a dotted quad. You
|
|
have to call $[ [ ... ] $] to get this.
|
|
Up the message timeout to five days per RFC 1123 section 5.3.1.1.
|
|
Make all read timeouts individually configurable, as strongly
|
|
recommended by RFC 1123 section 5.3.2.
|
|
Use f_bavail (blocks available to regular users) instead of f_bfree
|
|
(blocks available to superuser) in free block checks.
|
|
Change $d macro to be the current time, not the origination time,
|
|
since this is consistent with how it is used now.
|
|
Generalization of enoughspace from Eric Wassenaar covering
|
|
SGI, Apollo, HPUX, Ultrix, and SunOS.
|
|
Ignore process group signals -- some front ends can do this if
|
|
you kill a window too quickly. From Eric Wassenaar.
|
|
Change umask to 022.
|
|
|
|
6.25/6.8 93/02/20
|
|
Close all cached connections before calling mailers and after
|
|
forking for delivery (caused double closes which resulted
|
|
in false errors).
|
|
Add FEATURE(redirect) in config files -- this allows you to alias
|
|
old addresses to a pointer to the new address that will
|
|
give a 551 error message, but not deliver the mail.
|
|
Some code changes to make the 551 errors look pretty.
|
|
Names of M4 program paths in config files have changed -- they
|
|
are all XXX_MAILER_PATH now, to match XXX_MAILER_FLAGS.
|
|
Fix a bug in the QSELFREF code having to do with empty .forward
|
|
files, reported by Eric Wassenaar.
|
|
Add option "p" (privacy flags); this allows you to tune how
|
|
picky the SMTP server will be. This also adds the
|
|
confPRIVACY_FLAGS M4 macro in the config files.
|
|
Add option "b" (minimum blocks free). If there are fewer than
|
|
this number of blocks free on the filesystem containing
|
|
the queue directory, the SMTP MAIL command will return
|
|
a 452 response and ask you to try again later. This
|
|
also adds the confMIN_FREE_BLOCKS M4 macro in the config
|
|
files.
|
|
Made VRFY just verify (doesn't expand aliases and .forward files);
|
|
EXPN does full expansion. RCPT in queue-only mode also
|
|
doesn't chase aliases and .forward.
|
|
|
|
6.24/6.7 93/02/19
|
|
Increase the number of domain search entries in domain.c to allow
|
|
for the extra "" entry indicating the root domain.
|
|
Reported by Motonori Nakamura of Kyoto U.
|
|
Add a "SMART_HOST" in the configs for UUCP-connected sites that
|
|
want to forward all mail with extra "@"s to that site.
|
|
Also allows SMART_HOST, LOCAL_RELAY, and MAIL_HUB to
|
|
be specified as ``mailer:hostname'' to use an alternate
|
|
mailer.
|
|
Clarified and updated some wording in the Operations Guide.
|
|
Add the "c" mailer flag -- this suppresses all comment parts of
|
|
addresses (requested by John Curran of NEARnet).
|
|
Have -v print prompts in -bt mode even if stdin is not a terminal
|
|
(default behaviour is to be silent if not reading from
|
|
a terminal). Suggested by Bryan Costales, ICSI.
|
|
Move the metacharacters from C0 space (\001-\037) into C1 space
|
|
(\201-\237). This also fixes a bunch of potential bugs
|
|
with G1 characters (\240-\276) in headers relating to
|
|
negative numbers passed to isspace() et al.
|
|
Add YP_LAST_MODIFIED and YP_MASTER_NAME to DBM version of alias
|
|
database if YPCOMPAT is #defined. Enhancement from
|
|
Takahiro Kanbe of Fuji Xerox Information Systems Co., Ltd.
|
|
Add "list" Precedence (-30); this can be used with old sendmails
|
|
which will map to precedence 0 (which will return error
|
|
messages). Suggested by Stephen R. van den Berg.
|
|
Many bug fixes from Eric Wassenaar of the National Institute for
|
|
Nuclear and High-Energy Physics, Amsterdam:
|
|
Clear timeouts properly on open failures in include().
|
|
Don't dereference through NULL if no home directory found.
|
|
Re-establish SIGCHLD signal on System 5 in reapchild().
|
|
Avoid NULL pointer reference on -pFOO flag.
|
|
Properly handle backslash escapes in comments.
|
|
Correctly check reply status on SMTP NOOP command.
|
|
Properly save SMTP error message if peer gives
|
|
"Service Shutting Down" message.
|
|
Avoid writing to the transcript if it couldn't be opened.
|
|
Signal errors in SMTP children to parent properly.
|
|
Handle self references in a list more globally (include a
|
|
QSELFREF bit in the address flags). This enhancement
|
|
was suggested by Eric Wassenaar.
|
|
Use initgroups() in hpux, even though it's System-V based. The
|
|
HASINITGROUPS compile flag can set this on other systems.
|
|
This HPUX behaviour was pointed out by Eric Wassenaar.
|
|
|
|
6.23/6.6 93/02/16
|
|
Clean up handling of LogLevel to make it easier to figure out
|
|
what's on what level.
|
|
Change log levels to have some consistency:
|
|
1 serious system failures, security problems
|
|
2 lost communications, protocol failures
|
|
3 other serious failures
|
|
4 minor errors
|
|
5 message collection
|
|
6 vrfy logging, creation of return-to-sender
|
|
7 delivery failures
|
|
8 delivery successes
|
|
9 delivery tempfails (queue ups)
|
|
10 database expansion
|
|
>64 debugging
|
|
Allow IDA-style separated processing on S= and R= in Mailer
|
|
definition lines. Note that rulesets 1 and 2 are
|
|
still used for both addresses as before. Bruce Lilly
|
|
gave a convincing argument that RFC976 insists on
|
|
this behaviour.
|
|
Added some time zones to arpatounix -- they may not be in the
|
|
standards, but they are in use. However, I may delete
|
|
arpatounix entirely -- there appears to be no reason
|
|
for it to exist.
|
|
Change to UUCP mailer (in cf directory) to try to do a saner job.
|
|
I'm still not certain about this mailer in general.
|
|
|
|
6.22/6.5 93/02/15
|
|
Fix bug that prevents saving letters in ~/dead.letter.
|
|
Don't add angle brackets in VRFY command if angle brackets already
|
|
exist in the address.
|
|
Fix bogus error message in udbexpand.
|
|
Null terminate host buffers in buildaddr (broken in 6.21) --
|
|
IMPORTANT FIX!!
|
|
|
|
6.21/6.5 93/02/15
|
|
Fix another incorrect error message in alias.c, found by Azuma
|
|
Okamoto.
|
|
Fix a couple of problems in the more-configurable config files,
|
|
found by Tom Ivar Helbekkmo.
|
|
Fix problem with quoted :include: entries.
|
|
Don't duplicate the filename on verbose printing of .forward and
|
|
:include: contents.
|
|
Extend size of prescan buffer (to allow bigger addresses). Also,
|
|
detect some buffer overflows.
|
|
Log user SMTP protocol errors (log level 4).
|
|
|
|
6.20/6.4 93/02/14
|
|
Fix another problem in the MCI state machine caused when there
|
|
were errors generated from the other end to commands
|
|
other than RCPT.
|
|
|
|
6.19/6.4 93/02/14
|
|
Include load average support for DEC Alpha running OSF/1.
|
|
Fix multiple-response problem with errors in MAIL From: line.
|
|
Fix SMTP reply codes for invalid address syntaxes (give 501;
|
|
never give multiple error messages for a single message).
|
|
Fix problem where a cached connection timeout rejects all
|
|
later connects to that host.
|
|
Fix incorrect error message if alias.c is compiled with DBM only.
|
|
Additional changes to fix nested conditionals (from Bruce Lilly).
|
|
Recover more gracefully from operating system failures, particularly
|
|
NULL returns from openmailer (from Noritoshi Demizu,
|
|
OMRON Corporation).
|
|
Log forward, alias, and userdb expand operations on log level 10;
|
|
concept suggested by P{r (Pell) Emanuelsson.
|
|
Changes for HPUX 8.07 compatibility.
|
|
|
|
6.18/6.4 93/02/12
|
|
Allow any config option to be set using an M4 define.
|
|
Change UNAME compile flag to HASUNAME for IDA compatibility
|
|
(besides, it's a better name).
|
|
Note in README that on SunOS it must be linked -Bstatic.
|
|
Fairly major change in domain.c to handle wildcard MX records
|
|
more rationally. NOTE: the "w" option (no wildcard MX
|
|
records match local domain) has been eliminated.
|
|
Fix some unset variable references pointed out by Bruce Lilly.
|
|
Fix host name in process titles when using cached connection.
|
|
|
|
6.17/6.3 93/01/28
|
|
Fix System 5 compatibility changes to be compatible with the rest
|
|
of the world.
|
|
|
|
6.16/6.3 93/01/28
|
|
Experimental fix for problem handling errors in the SMTP
|
|
protocol in conjunction with connection caching.
|
|
System 5 compatibility changes.
|
|
|
|
6.15/6.3 93/01/26
|
|
Fix a bug that causes local mail delivered using -odq to be
|
|
eliminated as a duplicate (because it matched the
|
|
ctladdr, now passed in as a C line). These changes
|
|
are pretty tricky......
|
|
|
|
6.14/6.3 93/01/25
|
|
Add debugging for some MCI errors.
|
|
|
|
6.13/6.3 93/01/22
|
|
Fix -e compatibility flag to take a value.
|
|
Fix a couple of minor compilation warnings on Sun cc.
|
|
Improve error messages in a few cases to be more self-explanatory.
|
|
|
|
6.12/6.3 93/01/21
|
|
Fix yet-another problem with environment handling, pointed out
|
|
by Yoshitaka Tokugawa and Tom Ivar Helbekkmo.
|
|
Some heuristics to try to limit resource exhaustion problems
|
|
if a downstream host has been down for a long time.
|
|
Fix problem with incorrect host name being logged in "Connection
|
|
timed out" messages (from Tom Ivar Helbekkmo).
|
|
Fix some ANSI C problems (from Takahiro Kanbe).
|
|
Properly log message sender on returned mail during queue run.
|
|
Count number of recipients properly.
|
|
Fix a problem in yp map code.
|
|
Diagnose "message timed out" (from Motonori Nakamura).
|
|
|
|
6.11/6.3 93/01/20
|
|
Fix problem with address delimitor inside quotes.
|
|
Define $k and $=k to be the UUCP name (from the uname call)
|
|
based on code from Bruce Lilly.
|
|
|
|
6.10/6.2 93/01/18
|
|
Implement arpatounix (largely code from Bruce Lilly).
|
|
Log more info (suggested by John Myers).
|
|
Allow nested $?...$|...$. (inspired by code from Bruce Lilly of
|
|
Sony US).
|
|
POSIX compatibility (noted by Keith Bostic).
|
|
Handle SMTP MAIL command errors properly (urged by several people,
|
|
notably John Myers of CMU).
|
|
Do early diagnosis of .cf errors (notably referencing a RHS
|
|
substitution that isn't on the LHS).
|
|
Adjust checkpointing to better handle batched recipients, suggested
|
|
by John Myers.
|
|
Fix miscellaneous bugs.
|
|
(config files:) Implement MAIL_HUB for all local mail (to handle
|
|
NFS-mounted directories) as urged by Tom Ivar Helbekkmo
|
|
of the Norwegian School of Economics.
|
|
|
|
6.9/6.1 93/01/13
|
|
Environment handling simplification/bug fix -- child processes
|
|
get a minimal, fixed environment. This avoids different
|
|
behaviour in queue runs.
|
|
Handle commas inside comments properly.
|
|
Properly limit large messages submitted in -obq mode.
|
|
|
|
6.8/6.1 93/01/10
|
|
Check mtime of thaw file against .cf and sendmail binary, based on
|
|
code from John Myers.
|
|
|
|
6.7/6.1 93/01/10
|
|
MX piggybacking, based on code from John Myers@CMU.
|
|
Allow checkcompat to return -1 to mean tempfail.
|
|
Bug fix in m_mno computation.
|
|
|
|
6.6/6.1 93/01/09
|
|
Tuning of queueing functions as recommended by John Gardiner Myers.
|
|
Return mail headers (no body) on messages with negative precedence.
|
|
Minor other bug fixes.
|
|
|
|
6.5/6.1 93/01/03
|
|
Fix botch causing queued headers to have ?XX? prefixes.
|
|
|
|
6.4/6.1 93/01/02
|
|
Changes to recognize special mailer types (e.g., file) early.
|
|
|
|
6.3/6.1 93/01/01
|
|
Pass timeouts to sfgets.
|
|
Check for control characters in addresses.
|
|
Fixed deferred error reporting.
|
|
Report duplicate aliases.
|
|
Handle mixed case recursive aliases.
|
|
Misc bug fixes.
|
|
|
|
6.2/6.1 92/12/30
|
|
Put return-receipt-to on a conf.c flag (but don't set it).
|
|
Fix minor syslog problem.
|