diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 1995-10-18 08:53:40 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 1995-10-18 08:53:40 +0000 |
| commit | d6583bb2a13f329cf0332ef2570eb8bb8fc0e39c (patch) | |
| tree | ece253b876159b39c620e62b6c9b1174642e070e /usr.sbin/sendmail/RELEASE_NOTES | |
initial import of NetBSD tree
Diffstat (limited to 'usr.sbin/sendmail/RELEASE_NOTES')
| -rw-r--r-- | usr.sbin/sendmail/RELEASE_NOTES | 2646 |
1 files changed, 2646 insertions, 0 deletions
diff --git a/usr.sbin/sendmail/RELEASE_NOTES b/usr.sbin/sendmail/RELEASE_NOTES new file mode 100644 index 00000000000..98f746193a3 --- /dev/null +++ b/usr.sbin/sendmail/RELEASE_NOTES @@ -0,0 +1,2646 @@ + SENDMAIL RELEASE NOTES + @(#)RELEASE_NOTES 8.6.12.1 (Berkeley) 3/28/95 + +This listing shows the version of the sendmail binary, the version +of the sendmail configuration files, the date of release, and a +summary of the changes in that release. + +8.6.12/8.6.12 95/03/28 + Fix to IDENT code (it was getting the size of the reply buffer + too small, so nothing was ever accepted). Fix from several + people, including Allan Johannesen, Shane Castle of the + Boulder County Information Services, and Jeff Smith of + Warwick University (all arrived within a few hours of + each other!). + Fix a problem that could cause large jobs to run out of + file descriptors on systems that use vfork() rather + than fork(). + +8.6.11/8.6.11 95/03/08 + The ``possible attack'' message would be logged more often + than necessary if you are using Pine as a user agent. + The wrong host would be reported in the ``possible attack'' + message when attempted from IDENT. + In some cases the syslog buffer could be overflowed when + reporting the ``possible attack'' message. This can + cause denial of service attacks. Truncate the message + to 80 characters to prevent this problem. + When reading the IDENT response a loop is needed around the + read from the network to ensure that you don't get + partial lines. + Password entries without any shell listed (that is, a null + shell) wouldn't match as "ok". Problem noted by + Rob McMahon. + When running BIND 4.9.x a problem could occur because the + _res.options field is initialized differently than it + was historically -- this requires that sendmail call + res_init before it tweaks any bits. + Fix an incompatibility in openxscript() between the file open mode + and the stdio mode passed to fdopen. This caused UnixWare + 2.0 to have conniptions. Fix from Martin Sohnius of + Novell Labs Europe. + Fix problem with static linking of local getopt routine when + using GNU's ld command. Fix from John Kennedy of + Cal State Chico. + It was possible to turn off privacy flags. Problem noted by + *Hobbit*. + Be more paranoid about writing files. Suggestions by *Hobbit* + and Liudvikas Bukys. + MAKEMAP: fixes for 64 bit machines (DEC Alphas in particular) + from Spider Boardman. + CONFIG: No changes (version number only, to keep it in sync + with the binaries). + +8.6.10/8.6.10 95/02/10 + SECURITY: Diagnose bogus values to some command line flags that + could allow trash to get into headers and qf files. + Validate the name of the user returned by the IDENT protocol. + Some systems that really dislike IDENT send intentionally + bogus information. Problem pointed out by Michael Bushnell + of the Free Software Foundation. Has some security + implications. + Fix a problem causing error messages about DNS problems when + the host name contained a percent sign to act oddly + because it was passed as a printf-style format string. + In some cases this could cause core dumps. + Avoid possible buffer overrun in returntosender() if error + message is quite ling. From Fletcher Mattox of the + University of Texas. + Fix a problem that would silently drop "too many hops" error + messages if and only if you were sending to an alias. + From Jon Giltner of the University of Colorado and + Dan Harton of Oak Ridge National Laboratory. + Fix a bug that caused core dumps on some systems if -d11.2 was + set and e->e_message was null. Fix from Bruce Nagel of + Data General. + Fix problem that can still cause df files to be left around + after "hop count exceeded" messages. Fix from Andrew + Chang and Shau-Ping Lo of SunSoft. + Fix a problem that can cause buffer overflows on very long + user names (as might occur if you piped to a program + with a lot of arguments). + Avoid returning an error and re-queueing if the host signature + is null; this can occur on addresses like ``user@.''. + Problem noted by Wesley Craig and the University of + Michigan. + Avoid possible calls to malloc(0) if MCI caching is turned + off. Bug fix from Pierre David of the Laboratoire + Parallelisme, Reseaux, Systemes et Modelisation (PRiSM), + Universite de Versailles - St Quentin, and Jacky + Thibault. + Make a local copy of the line being sent via senttolist() -- in + some cases, buffers could get trashed by map lookups + causing it to do unexpected things. This also simplifies + some of the map code. + CONFIG: No changes (version number only, to keep it in sync + with the binaries). + +8.6.9/8.6.9 94/04/19 + Do all mail delivery completely disconnected from any terminal. + This provides consistency with daemon delivery and + may have some security implications. + Make sure that malloc doesn't get called with zero size, + since that fails on some systems. Reported by Ed + Hill of the University of Iowa. + Fix multi-line values for $e (SMTP greeting message). Reported + by Mike O'Connor of Ford Motor Company. + Avoid syserr if no NIS domain name is defined, but the map it + is trying to open is optional. From Win Bent of USC. + Changes for picky compilers from Ed Gould of Digital Equipment. + Hesiod support for UDB from Todd Miller of the University of + Colorado. Use "hesiod" as the service name in the U + option. + Fix a problem that failed to set the "authentic" host name (that + is, the one derived from the socket info) if you called + sendmail -bs from inetd. Based on code contributed by + Todd Miller (this problem was also reported by Guy Helmer + of Dakota State University). This also fixes a related + problem reported by Liudvikas Bukys of the University of + Rochester. + Parameterize "nroff -h" in all the Makefiles so people with + variant versions can use them easily. Suggested by + Peter Collinson of Hillside Systems. + SMTP "MAIL" commands with multiple ESMTP parameters required two + spaces between parameters instead of one. Reported by + Valdis Kletnieks of Virginia Tech. + Reduce the number of system calls during message collection by + using global timeouts around the collect() loop. This + code was contributed by Eric Wassenaar. + If the initial hostname name gathering results in a name + without a dot (usually caused by NIS misconfiguration) + and BIND is compiled in, directly access DNS to get + the canonical name. This should make life easier for + Solaris systems. If it still can't be resolved, and + if the name server is listed as "required", try again + in 30 seconds. If that also fails, exit immediately to + avoid bogus "config error: mail loops back to myself" + messages. + Improve the "MAIL DELETED BECAUSE OF LACK OF DISK SPACE" error + message to explain how much space was available and + sound a bit less threatening. Suggested by Stan Janet + of the National Institute of Standards and Technology. + If mail is delivered to an alias that has an owner, deliver any + requested return-receipt immediately, and strip the + Return-Receipt-To: header from the subsequent message. + This prevents a certain class of denial of service + attack, arguably gives more reasonable semantics, and + moves things more towards what will probably become a + network standard. Suggested by Christopher Davis of + Kapor Enterprises. + Add a "noreceipts" privacy flag to turn off all return receipts + without recompiling. + Avoid printing ESMTP parameters as part of the error message + if there are errors during parsing. This change is + purely cosmetic. + Avoid sending out error messages during the collect phase of + SMTP; there is an MVS mailer from UCLA that gets + confused by this. Of course, I think it's their bug.... + Check for the $j macro getting undefined, losing a dot, or getting + lost from $=w in the daemon before accepting a connection; + if it is, it dumps state, prints a LOG_ALERT message, + and drops core for debugging. This is an attempt to + track down a bug that I thought was long since gone. + If you see this, please forward the log fragment to + sendmail@CS.Berkeley.EDU. + Change OLD_NEWDB from a #ifdef to a #if so it can be turned off + with -DOLD_NEWDB=0 on the command line. From Christophe + Wolfhugel. + Instead of trying to truncate the listen queue for the server + SMTP port when the load average is too high, just close + the port completely and reopen it later as needed. + This ensures that the other end gets a quick "connection + refused" response, and that the connection can be + recovered later. In particular, some socket emulations + seem to get confused if you tweak the listen queue + size around and can never start listening to connections + again. The down side is that someone could start up + another daemon process in the interim, so you could + have multiple daemons all not listening to connections; + this could in turn cause the sendmail.pid file to be + incorrect. A better approach might be to accept the + connection and give a 421 code, but that could break + other mailers in mysterious ways and have paging behaviour + implications. + Fix a glitch in TCP-level debugging that caused flag 16.101 to + set debugging on the wrong socket. From Eric Wassenaar. + When creating a df* temporary file, be sure you truncate any + existing data in the file -- otherwise system crashes + and the like could result in extra data being sent. + DOC: Replace the CHANGES-R5-R8 readme file with a paper in the + doc directory. This includes some additional + information. + CONFIG: change UUCP rules to never add $U! or $k! on the front + of recipient envelope addresses. This should have been + handled by the $&h trick, but broke if people were + mixing domainized and UUCP addresses. They should + probably have converted all the way over to uucp-uudom + instead of uucp-{new,old}, but the failure mode was to + loop the mail, which was bad news. + Portability fixes: + Newer BSDI systems (several people). + Older BSDI systems from Christophe Wolfhugel. + Intergraph CLIX, from Paul Southworth of CICNet. + UnixWare, from Evan Champion. + NetBSD from Adam Glass. + Solaris from Quentin Campbell of the University of + Newcastle upon Tyne. + IRIX from Dean Cookson and Bill Driscoll of Mitre + Corporation. + NCR 3000 from Kevin Darcy of Chrysler Corporation. + SunOS (it has setsid() and setvbuf() calls) from + Jonathan Kamens of OpenVision Technologies. + HP-UX from Tor Lillqvist. + New Files: + src/Makefile.CLIX + src/Makefile.NCR3000 + doc/changes/Makefile + doc/changes/changes.me + doc/changes/changes.ps + +8.6.8/8.6.6 94/03/21 + SECURITY: it was possible to read any file as root using the + E (error message) option. Reported by Richard Jones; + fixed by Michael Corrigan and Christophe Wolfhugel. + +8.6.7/8.6.6 94/03/14 + SECURITY: it was possible to get root access by using wierd + values to the -d flag. Thanks to Alain Durand of + INRIA for forwarding me the notice from the bugtraq + list. + +8.6.6/8.6.6 94/03/13 + SECURITY: the ability to give files away on System V-based + systems proved dangerous -- don't run as the owner + of a :include: file on a system that allows giveaways. + Unfortunately, this also applies to determining a + valid shell. + IMPORTANT: Previous versions weren't expiring old connections + in the connection cache for a long time under some + circumstances. This could result in resource exhaustion, + both at your end and at the other end. This checks the + connections for timeouts much more frequently. From + Doug Anderson of NCSC. + Fix a glitch that snuck in that caused programs to be run as + the sender instead of the recipient if the mail was + from a local user to another local user. From + Motonori Nakamura of Kyoto University. + Fix "wildcard" on /etc/shell matching -- instead of looking + for "*", look for "/SENDMAIL/ANY/SHELL/". From + Bryan Costales of ICSI. + Change the method used to declare the "statfs" availability; + instead of HASSTATFS and/or HASUSTAT with a ton of + tweaking in conf.c, there is a single #define called + SFS_TYPE which takes on one of six values (SFS_NONE + for no statfs availability, SFS_USTAT for the ustat(2) + syscall, SFS_4ARGS for a four argument statfs(2) call, + and SFS_VFS, SFS_MOUNT, or SFS_STATFS for a two argument + statfs(2) call with the declarations in <sys/vfs.h>, + <sys/mount.h>, or <sys/statfs.h> respectively). + Fix glitch in NetInfo support that could return garbage if + there was no "/locations/sendmail" property. From + David Meyer of the University of Virginia. + Change HASFLOCK from defined/not-defined to a 0/1 definition + to allow Linux to turn it off even though it is a + BSD-like system. + Allow setting of "ident" timeout to zero to turn off the ident + protocol entirely. + Make 7-bit stripping local to a connection (instead of to a + mailer); this allows you to specify that SMTP is a + 7-bit channel, but revert to 8-bit should it advertise + that it supports 8BITMIME. You still have to specify + mailer flag 7 to get this stripping at all. + Improve makesendmail script so it handles more cases automatically. + Tighten up restrictions on taking ownership of :include: files + to avoid problems on systems that allow you to give away + files. + Fix a problem that made it impossible to rebuild the alias + file if it was on a read-only file system. From + Harry Edmon of the University of Washington. + Improve MX randomization function. From John Gardiner Myers + of CMU. + Fix a minor glitch causing a bogus message to be printed (used + %s instead of %d in a printf string for the line number) + when a bad queue file was read. From Harry Edmon. + Allow $s to remain NULL on locally generated mail. I'm not + sure this is necessary, but a lot of people have complained + about it, and there is a legitimate question as to whether + "localhost" is legal as an 822-style domain. + Fix a problem with very short line lengths (mailer L= flag) in + headers. This causes a leading space to be added onto + continuation lines (including in the body!), and also + tries to wrap headers containing addresses (From:, To:, + etc) intelligently at the shorter line lengths. Problem + Reported by Lars-Johan Liman of SUNET Operations Center. + Log the real user name when logging syserrs, since these can have + security implications. Suggested by several people. + Fix address logging of cached connections -- it used to always + log the numeric address as zero. This is a somewhat + bogus implementation in that it does an extra system + call, but it should be an inexpensive one. Fix from + Motonori Nakamura. + Tighten up handling of short syslog buffers even more -- there + were cases where the outgoing relay= name was too long + to share a line with delay= and mailer= logging. + Limit the overhead on split envelopes to one open file descriptor + per envelope -- previously the overhead was three + descriptors. This was in response to a problem reported + by P{r (Pell) Emanuelsson. + Fixes to better handle the case of unexpected connection closes; + this redirects the output to the transcript so the info + is not lost. From Eric Wassenaar. + Fix potential string overrun if you macro evaluate a string that + has a naked $ at the end. Problem noted by James Matheson + <jmrm@eng.cam.ac.uk>. + Make default error number on $#error messages 553 (``Requested + action not taken: mailbox name not allowed'') instead of + 501 (``Syntax error in parameters or arguments'') to + avoid bogus "protocol error" messages. + Strip off any existing trailing dot on names during $[ ... $] + lookup. This prevents it from ending up with two dots + on the end of dot terminated names. From Wesley Craig + of the University of Michigan and Bryan Costales of ICSI. + Clean up file class reading so that the debugging information is + more informative. It hadn't been using setclass, so you + didn't see the class items being added. + Avoid core dump if you are running a version of sendmail where + NIS is compiled in, and you specify an NIS map, but + NIS is not running. Fix from John Oleynick of + Rutgers. + Diagnose bizarre case where res_search returns a failure value, + but sets h_errno to a success value. + Make sure that "too many hops" messages are considered important + enough to send an error to the Postmaster (that is, the + address specified in the P option). This fix should + help problems that cause the df file to be left around + sometimes -- unfortunately, I can't seem to reproduce + the problem myself. + Avoid core dump (null pointer reference) on EXPN command; this + only occurred if your log level was set to 10 or higher + and the target account was an alias or had a .forward file. + Problem noted by Janne Himanka. + Avoid "denial of service" attacks by someone who is flooding your + SMTP port with bad commands by shutting the connection + after 25 bad commands are issued. From Kyle Jones of + UUNET. + Fix core dump on error messages with very long "to" buffers; + fmtmsg overflows the message buffer. Fixed by trimming + the to address to 203 characters. Problem reported by + John Oleynick. + Fix configuration for HASFLOCK -- there were some spots where + a #ifndef was incorrectly #ifdef. Pointed out by + George Baltz of the University of Maryland. + Fix a typo in savemail() that could cause the error message To: + lists to be incorrect in some places. From Motonori + Nakamura. + Fix a glitch that can cause duplicate error messages on split + envelopes where an address on one of the lists has a + name server failure. Fix from Voradesh Yenbut of the + University of Washington. + Fix possible bogus pointer reference on ESMTP parameters that + don't have an ``=value'' part. + CNAME loops caused an error message to be generated, but also + re-queued the message. Changed to just re-queue the + message (it's really hard to just bounce it because + of the wierd way the name server works in the presence + of CNAME loops). Problem noted by James M.R.Matheson + of Cambridge University. + Avoid giving ``warning: foo owned process doing -bs'' messages + if they use ``MAIL FROM:<foo>'' where foo is their true + user name. Suggested by Andreas Stolcke of ICSI. + Change the NAMED_BIND compile flag to be a 0/1 flag so you can + override it easily in the Makefile -- that is, you can + turn it off using -DNAMED_BIND=0. + If a gethostbyname(...) of an address with a trailing dot fails, + try it without the trailing dot. This is because if + you have a version of gethostbyname() that falls back + to NIS or the /etc/hosts file it will fail to find + perfectly reasonable names that just don't happen to + be dot terminated in the hosts file. You don't want to + strip the dot first though because we're trying to ensure + that country names that match one of your subdomains get + a chance. + PRALIASES: fix bogus output on non-null-terminated strings. + From Bill Gianopoulos of Raytheon. + CONFIG: Avoid rewriting anything that matches $w to be $j. + This was in code intended to only catch the self-literal + address (that is, [1.2.3.4], where 1.2.3.4 is your + IP address), but the code was broken. However, it will + still do this if $M is defined; this is necessary to + get client configurations to work (sigh). Note that this + means that $M overrides :mailname entries in the user + database! Problem noted by Paul Southworth. + CONFIG: Fix definition of Solaris help file location. From + Steve Cliffe <steve@gorgon.cs.uow.edu.au>. + CONFIG: Fix bug that broke news.group.USENET mappings. + CONFIG: Allow declaration of SMTP_MAILER_MAX, FAX_MAILER_MAX, + and USENET_MAILER_MAX to tweak the maximum message + size for various mailers. + CONFIG: Change definition of USENET_MAILER_ARGS to include argv[0] + instead of assuming that it is "inews" for consistency + with other mailers. From Michael Corrigan of UC San Diego. + CONFIG: When mail is forwarded to a LOCAL_RELAY or a MAIL_HUB, + qualify the address in the SMTP envelope as user@{relay|hub} + instead of user@$j. From Bill Wisner of The Well. + CONFIG: Fix route-addr syntax in nullrelay configuration set. + CONFIG: Don't turn off case mapping of user names in the local + mailer for IRIX. This was different than most every other + system. + CONFIG: Avoid infinite loops on certainly list:; syntaxes in + envelope. Noted by Thierry Besancon + <besancon@excalibur.ens.fr>. + CONFIG: Don't include -z by default on uux line -- most systems + don't want it set by default. Pointed out by Philippe + Michel of Thomson CSF. + CONFIG: Fix some bugs with mailertables -- for example, if your + host name was foo.bar.ray.com and you matched against + ".ray.com", the old implementation bound %1 to "bar" + instead of "foo.bar". Also, allow "." in the mailertable + to match anything -- essentially, take over SMART_HOST. + This also moves matching of explicit local host names + before the mailertable so they don't have to be special + cased in the mailertable data. Reported by Bill + Gianopoulos of Raytheon; the fix for the %1 binding + problem was contributed by Nicholas Comanos of the + University of Sydney. + CONFIG: Don't include "root" in class $=L (users to deliver + locally, even if a hub or relay exists) by default. + This is because of the known bug where definition of + both a LOCAL_RELAY and a MAIL_HUB causes $=L to ignore + both and deliver into the local mailbox. + CONFIG: Move up bitdomain and uudomain handling so that they + are done before .UUCP class matching; uudomain was + reported as ineffective before. This also frees up + diversion 8 for future use. Problem reported by Kimmo + Suominen. + CONFIG: Don't try to convert dotted IP address (e.g., [1.2.3.4]) + into host names. As pointed out by Jonathan Kamens, + these are often used because either the forward or reverse + mapping is broken; this translation makes it broken again. + DOC: Clarify $@ and $: in the Install & Op Guide. From Kimmo + Suominen. + Portability fixes: + Unicos from David L. Kensiski of Sterling Sofware. + DomainOS from Don Lewis of Silicon Systems. + GNU m4 1.0.3 from Karst Koymans of Utrecht University. + Convex from Kimmo Suominen <kim@tac.nyc.ny.us>. + NetBSD from Adam Glass <glass@sun-lamp.cs.berkeley.edu>. + BSD/386 from Tony Sanders of BSDI. + Apollo from Eric Wassenaar. + DGUX from Doug Anderson. + Sequent DYNIX/ptx 2.0 from Tim Wright of Sequent. + NEW FILES: + src/Makefile.DomainOS + src/Makefile.PTX + src/Makefile.SunOS.5.1 + src/Makefile.SunOS.5.2 + src/Makefile.SunOS.5.x + src/mailq.1 + cf/ostype/domainos.m4 + doc/op/Makefile + doc/intro/Makefile + doc/usenix/Makefile + +8.6.5/8.6.5 94/01/13 + Security fix: /.forward could be owned by anyone (the test + to allow root to own any file was backwards). From + Bob Campbell at U.C. Berkeley. + Security fix: group ids were not completely set when programs + were invoked. This caused programs to have group + permissions they should not have had (usually group + daemon instead of their own group). In particular, + Perl scripts would refuse to run. + Security: check to make sure files that are written are not + symbolic links (at least under some circumstances). + Although this does not respond to a specific known + attack, it's just a good idea. Suggested by + Christian Wettergren. + Security fix: if a user had an NFS mounted home directory on + a system with a restricted shell listed in their + /etc/passwd entry, they could still execute any + program by putting that in their .forward file. + This fix prevents that by insisting that their shell + appear in /etc/shells before allowing a .forward to + execute a program or write a file. You can disable + this by putting "*" in /etc/shells. It also won't + permit world-writable :include: files to reference + programs or files (there's no way to disable this). + These behaviours are only one level deep -- for + example, it is legal for a world-writable :include: + file to reference an alias that writes a file, on + the assumption that the alias file is well controlled. + Security fix: root was not treated suspiciously enough when + looking into subdirectories. This would potentially + allow a cracker to examine files that were publically + readable but in a non-publically searchable directory. + Fix a problem that causes an error on QUIT on a cached + connection to create problems on the current job. + These are typically unrelated, so errors occur in + the wrong place. + Reset CurrentLA in sendall() -- this makes sendmail queue + runs more responsive to load average, and fixes a + problem that ignored the load average in locally + generated mail. From Eric Wassenaar. + Fix possible core dump on aliases with null LHS. From + John Orthoefer of BB&N. + Revert to using flock() whenever possible -- there are just + too many bugs in fcntl() locking, particularly over + NFS, that cause sendmail to fail in perverse ways. + Fix a bug that causes the connection cache to get confused + when sending error messages. This resulted in + "unexpected close" messages. It should fix itself + on the following queue run. Problem noted by + Liudvikas Bukys of the University of Rochester. + Include $k in $=k as documented in the Install & Op Guide. + This seems odd, but it was documented.... From + Michael Corrigan of UCSD. + Fix problem that caused :include:s from alias files to be + forced to be owned by root instead of daemon + (actually DefUid). From Tim Irvin. + Diagnose unrecognized I option values -- from Mortin Forssen + of the Chalmers University of Technology. + Make "error" mailer work consistently when there is no error + code associated with it -- previously it returned OK + even though there was a real problem. Now it assumes + EX_UNAVAILABLE. + Fix bug that caused the last header line of messages that had + no body and which were terminated with EOF instead of + "." to be discarded. Problem noted by Liudvikas Bukys. + Fix core dump on SMTP mail to programs that failed -- it tried + to go to a "next MX host" when none existed, causing + a core dump. From der Mouse at McGill University. + Change IDENTPROTO from a defined/not defined to a 0/1 switch; + this makes it easier to turn it off (using + -DIDENTPROTO=0 in the Makefile). From der Mouse. + Fix YP_MASTER_NAME store to use the unupdated result of + gethostname() (instead of myhostname(), which tries + to fully qualify the name) to be consistent with + SunOS. If your hostname is unqualified, this fixes + transfers to slave servers. Bug noted by Keith + McMillan of Ameritech Services, Inc. + Fix Ultrix problem: gethostbyname() can return a very large + (> 500) h_length field, which causes the sockaddr + to be trashed. Use the size of the sockaddr instead. + Fix from Bob Manson of Ohio State. + Don't assume "-a." on host lookups if NAMED_BIND is not + defined -- this confuses gethostbyname on hosts + file lookups, which doesn't understand the trailing + dot convention. + Log SMTP server subprocesses that die with a signal instead + of from a clean exit. + If you don't have option "I" set, don't assume that a DNS + "host unknown" message is authoritative -- it + might still be found in /etc/hosts. + Fix a problem that would cause Deferred: messages to be sent + as the subject of an error message, even though the + actual cause of a message was more severe than that. + Problem noted by Chris Seabrook of OSSI. + Fix race condition in DBM alias file locking. From Kyle + Jones of UUNET. + Limit delivery syslog line length to avoid bugs in some + versions of syslog(3). This adds a new compile time + variable SYSLOG_BUFSIZE. From Jay Plett of Princeton + University, which is in turn derived from IDA. + Fix quotes inside of comments in addresses -- previously + it insisted that they be balanced, but the 822 spec + says that they should be ignored. + Dump open file state to syslog upon receiving SIGUSR1 (for + debugging). This also evaluates ruleset 89, if set + (with the null input), and logs the result. This + should be used sparingly, since the rewrite process + is not reentrant. + Change -qI, -qR, and -qS flags to be case-insensitive as + documented in the Bat Book. + If the mailer returned EX_IOERR or EX_OSERR, sendmail did not + return an error message and did not requeue the message. + Fix based on code from Roland Dirlewanger of + Reseau Regional Aquarel, Bordeaux, France. + Fix a problem that caused a seg fault if you got a 421 error + code during some parts of connection initialization. + I've only seen this when talking to buggy mailers on + the other end, but it shouldn't give a seg fault in + any case. From Amir Plivatsky. + Fix core dump caused by a ruleset call that returns null. + Fix from Bryan Costales of ICSI. + Full-Name: field was being ignored. Fix from Motonori Nakamura + of Kyoto University. + Fix a possible problem with very long input lines in setproctitle. + From P{r Emanuelsson. + Avoid putting "This is a warning message" out on return receipts. + Suggested by Douglas Anderson. + Detect loops caused by recursive ruleset calls. Suggested by + Bryan Costales. + Initialize non-alias maps during alias rebuilds -- they may be + needed for parsing. Problem noted by Douglas Anderson. + Log sender address even if no message was collected in SMTP + (e.g., if all RCPTs failed). Suggested by Motonori + Nakamura. + Don't reflect the owner-list contents into the envelope sender + address if the value contains ", :, /, or | (to avoid + illegal addresses appearing there). + Efficiency hack for toktype macro -- from Craig Partridge of + BB&N. + Clean up DNS error printing so that a host name is always + included. + Remember to set $i during queue runs. Reported by Stephen + Campbell of Dartmouth University. + If ${HOSTALIASES} is set, use it during canonification so that + headers are properly mapped. Reported by Anne Bennett + of Concordia University. + Avoid printing misleading error message if SMTP mailer (not + using [IPC]) should die on a core dump. + Avoid incorrect diagnosis of "file 1 closed" when it is caused + by the other end closing the connection. From + Dave Morrison of Oracle. + Improve several of the error messages printed by "mailq" + to include a host name or other useful information. + Add NetInfo preliminary support for NeXT systems. From Vince + DeMarco. + Fix a glitch that sometimes caused :include:s that pointed to + NFS filesystems that were down to give an "aliasing/ + forwarding loop broken" message instead of queueing + the message for retry. Noted by William C Fenner of + the NRL Connection Machine Facility. + Fix a problem that could cause a core dump if the input sequence + had (or somehow acquired) a \231 character. + Make sure that route-addrs always have <angle brackets> around + them in non-SMTP envelopes (SMTP envelopes already do + this properly). + Avoid wierd headers on unbalanced punctuation of the form: + ``Joe User <user)'' -- this caused reference to the + null macro. Fix from Rick McCarty of IO.COM. + Fix a problem that caused an alias "user: user@local.host" to + not have the QNOTREMOTE bit set; this caused configs + to act as if FEATURE(notsticky) was defined even when + it was not. The effect of the problem was to make it + very hard to to set up satellite sites that had a few + local accounts, with everything else forwarded to a + corporate hub. Reported by Detlef Drewanz of the + University of Rostock and Mark Frost of NCD. + Change queuing to not call rulesets 3, {1 or 2}, 4 on header + addresses. This is more efficient (fewer name server + calls) and fixes certain unusual configurations, such + as those that have ruleset 4 do something that is + non-idempotent unless a mailer-specific ruleset did + something else. Problem reported by Brian J. Coan + of the Institute for Global Communications. + Fix the "obsolete argument" routine in main to better understand + new arguments. For example, if you used ``sendmail + -C config -v -q'' it would choke on the -q because + the -C would stop looking for old-format arguments. + Fix the code that was intended to allow two users to forward their + mail to the same program and have them appear unique. + Portability fixes for: + SCO UNIX from Murray Kucherawy. + SCO Open Server 3.2v4 from Philippe Brand. + System V Release 4 from Rick Ellis and others. + OSF/1 from Steve Campbell. + DG/UX from Ben Mesander of the USGS and Bryan Curnutt + of Stoner Associates. + Motorola SysV88 from Kevin Johnson of Motorola. + Solaris 2.3 from Casper H.S. Dik of the University + of Amsterdam and John Caruso of University + of Maryland. + FreeBSD from Ollivier Robert. + NetBSD from Adam Glass. + TitanOS from Kate Hedstrom of Rutgers University. + Irix from Bryan Curnutt. + Dynix from Jim Davis of the University of Arizona. + RISC/os. + Linux from John Kennedy of California State University + at Chico. + Solaris 2.x from Tony Boner of the U.S. Air Force. + NEXTSTEP 3.x from Vince DeMarco. + HP-UX from various people. NOTA BENE: the location + of the config file has moved to /usr/lib + to match the HP-UX version of sendmail. + CONFIG: Don't do any recipient rewriting on relay mailer; + since this is intended only for internal use, the + usual RFC 821/822/1123 rules can be relaxed. The + main point of this is to avoid munging (ugh) UUCP + addresses when relaying internally. + CONFIG: fix typo in mailer/uucp.m4 that mutilates list:; + syntax addresses delivered via UUCP. Solution + provided by Peter Wemm. + CONFIG: fix thumb-fumble in default UUCP relaying in ruleset + zero; it caused double @ signs in addresses. From + Irving Reid of the University of Toronto. + CONFIG: Portability fixes for SCO Unix 3.2 with TCP/IP 1.2.1 + from Markku Toijala of ICL Personal Systems Oy. + CONFIG: Add trailing "." on pseudo-domains for consistency; + this fixes a problem (noted by Al Whaley of Sunnyside) + that made it hard to recognize your own pseudodomain + names. + CONFIG: catch "@host" syntax errors (i.e., null local-parts) + rather than letting them get "local configuration + error"s. Problem noted by John Gardiner Myers. + CONFIG: add uucp-uudom mailer variant, based on code posted + by Spider Boardman <spider@Orb.Nashua.NH.US>; this + has uucp-dom semantics but old UUCP syntax. This + also permits "uucp-old" as an alias for "uucp" and + "uucp-new" as a synonym for "suucp" for consistency. + CONFIG: add POP mailer support (from Kimmo Suominen + <kim@grendel.lut.fi>). + CONFIG: drop CSNET_RELAY support -- CSNET is long gone. + CONFIG: fix bug caused with domain literal addresses (e.g., + ``[128.32.131.12]'') when FEATURE(allmasquerade) + was set; it would get an additional @masquerade.host + added to the address. Problem noted by Peter Wan + of Georgia Tech. + CONFIG: make sure that the local UUCP name is in $=w. From + Jim Murray of Stratus. + CONFIG: changes to UUCP rewriting to simulate IDA-style "V" + mailer flag. Briefly, if you are sending to host + "foo", then it rewrites "foo!...!baz" to "...!baz", + "foo!baz" remains "foo!baz", and anything else has + the local name prepended. + CONFIG: portability fixes for HP-UX. + DOC: several minor problems fixed in the Install & Op Guide. + MAKEMAP: fix core dump problem on lines that are too long or + which lack newline. From Mark Delany. + MAILSTATS: print sums of columns (total messages & kbytes + in and out of the system). From Tom Ferrin of UC + San Francisco Computer Graphics Lab. + SIGNIFICANT USER- OR SYSAD-VISIBLE CHANGES: + On HP-UX, /etc/sendmail.cf has been moved to + /usr/lib/sendmail.cf to match HP sendmail. + Permissions have been tightened up on world-writable + :include: files and accounts that have shells + that are not listed in /etc/shells. This may + cause some .forward files that have worked + before to start failing. + SIGUSR1 dumps some state to the log. + NEW FILES: + src/Makefile.DGUX + src/Makefile.Dynix + src/Makefile.FreeBSD + src/Makefile.Mach386 + src/Makefile.NetBSD + src/Makefile.RISCos + src/Makefile.SCO + src/Makefile.SVR4 + src/Makefile.Titan + cf/mailer/pop.m4 + cf/ostype/bsdi1.0.m4 + cf/ostype/dgux.m4 + cf/ostype/dynix3.2.m4 + cf/ostype/sco3.2.m4 + makemap/Makefile.dist + praliases/Makefile.dist + +8.6.4/8.6.4 93/10/31 + Repair core-dump problem (write to read-only memory segment) + if you fall back to the return-to-Postmaster case in + savemail. Problem reported by Richard Liu. + Immediately diagnose bogus sender addresses in SMTP. This + makes quite certain that crackers can't use this + class of attack. + Reliability Fix: check return value from fclose() and fsync() + in a few critical places. + Minor problem in initsys() that reversed a condition for + redirecting the output channel on queue runs. It's + not clear this code even does anything. From Eric + Wassenaar of the Dutch National Institute for Nuclear + and High-Energy Physics. + Fix some problems that caused queue runs to do "too much work", + such as double-reading the Errors-To: header. From + Eric Wassenaar. + Error messages on writing the temporary file (including the + data file) were getting suppressed in SMTP -- this + fix causes them to be properly reported. From Eric + Wassenaar. + Some changes to support AF_UNIX sockets -- this will only + really become relevant in the next release, but some + people need it for local patches. From Michael + Corrigan of UC San Diego. + Use dynamically allocated memory (instead of static buffers) + for macros defined in initsys() and settime(); since + these can have different values depending on which + envelope they are in. From Eric Wassenaar. + Improve logging to show ctladdr on to= logging; this tells you + what uid/gid processes ran as. + Fix a problem that caused error messages to be discarded if + the sender address was unparseable for some reason; + this was supposed to fall back to the "return to + postmaster" case. + Improve aliaswait backoff algorithm. + Portability patches for Linux (8.6.3 required another header + file) (from Karl London) and SCO UNIX. + CONFIG: patch prog mailer to not strip host name off of envelope + addresses (so that it matches local again). From + Christopher Davis. + CONFIG: change uucp-dom mailer so that "<>" translates to $n; + this prevents uux from seeing lines with null names like + ``From Sat Oct 30 14:55:31 1993''. From Motonori + Nakamura of Kyoto University. + CONFIG: handle <list:;> syntax correctly. This isn't legal, but + it shouldn't fail miserably. From Motonori Nakamura. + +8.6.3/8.6.3 93/10/24 + IMPORTANT FIX: Fix several problems that caused open files to + be "lost" during queue runs; this overflowed the open + file table on large runs. An assumption that fdopen + always succeeds sometimes resulted in core dumps when + this happens; sometimes the message is delivered twice, + sometimes (probably) infinite times. This problem in + various form was reported by P{r (Pell) Emanuelsson and + Robert Campbell of U.C. Berkeley. + Special diagnosis of EMFILE error conditions -- it now prints + the known open file descriptors so you can figure out + what is consuming so much resources. + Fix a couple of problems caused by early address parsing + errors -- one caused it to return a "this is only a + warning" when it really wasn't, and the other started + parsing through a random pointer. The first was + noted by Eric Wassenaar. + Fix an infinite loop problem caused by null components in the + host signature. Problem noted by Jan Sorensen. + Be sure to reset the "current date" when sending an error + message -- PostMasterCopy messages were being sent + with an old Date: header. + Fix a problem that caused duplicated mail when sendmail was + (1) compiled without HASFLOCK, (2) you are sending to + an alias that has an owner-* alias, (3) you execute + sendmail with -t flag, (4) you run in -odb mode, and + (5) the sender specifies both the alias name and + another alias [i.e., the envelope is split], then + duplicate messages are sent. The problem description + and one-line fix are from Motonori Nakamura of Kyoto + University. + Avoid a problem that causes error messages to be discarded + in some cases -- this was the result of a "fix" to + avoid duplicate error messages, but two are better + than zero. Reported by Tim Rylance. + Fix a minor botch in checkfd012() -- fix from Dave Hill of + Computervision R&D Ltd. + Remove "X-Authentication-Warning: <user> set sender to <address> + using -f" entirely -- it is far too eager to include + this, and it is confusing folks. I'll try to make it + work "right" in 8.7. Problem noted by Yoshitaka + Tokugawa of dit Co., Ltd. + Fix a race condition with the errno value in tick() and + reapchild() -- this caused occasional misdiagnosis + of problems. Kyle Jones of UUNET helped this along. + Repair rule loop-detection code. From Michael Corrigan of + U.C. San Diego. + Fix a problem that caused sender domain addition (C mailer + flag to be ignored if you use -odq or use -odb with + a high load average. Problem reported by Jim Murray + of Stratus. + Fix ident protocol on multi-homed machines. It was not + always using the correct interface. Fix from J.R. + Oldroyd of Opal. + Previously, sendmail assumed that any SMTP greeting message + that wasn't 2xx was a temporary failure -- it should + only take 4xx as a temporary failure, and return a + solid error message on anything else -- for example, + to allow you to reject connections on a workstation + that is MXed to a mail server. + Portability enhancements for 386BSD/FreeBSD/NetBSD from + Ollivier Robert. + CONFIG: FEATURE(always_add_domain) didn't always add the domain; + in particular, on local mail it modified the header sender + but not the header recipient address(es). Reported by + Jeffrey Honig of Cornell University. Also, strip + any host from envelope recipient address(es), since + local mailers don't understand host names -- this is + to help mailertable entries. From Christopher Davis. + CONFIG: masquerading didn't apply to addresses that already + had a domain. This change replaces a local hostname + by the masquerade name in the SMTP mailer (previously + it only added the masquerade name if it didn't already + have a domain name). Several people complained about + this. + +8.6.2/8.6.2 93/10/15 + Put a "successful delivery" message in the transcript for + addresses that get return-receipts. + Put a prominent "this is only a warning" message in warning + messages -- some people don't read carefully enough + and end up sending the message several times. + Include reason for temporary failure in the "warning" return + message. Currently, it just says "cannot send for + four hours". + Fix the "Original message received" time generated for + returntosender messages. It was previously listed as + the current time. Bug reported by Eric Hagberg of + Cornell University Medical College. + If there is an error when writing the body of a message, + don't send the trailing dot and wait for a response + in sender SMTP, as this could cause the connection to + hang up under some bizarre circumstances. From Eric + Wassenaar. + Fix some server SMTP synchronization problems caused when + connections fail during message collection. From + Eric Wassenaar. + Fix a problem that can cause srvrsmtp to reject mail if the + name server is down -- it accepts the RCPT but rejects + the DATA command. Problem reported by Jim Murray of + Stratus. + Fix a problem that can cause core dumps if the config file + incorrectly resolves to a null hostname. Reported by + Allan Johannesen of WPI. + Non-root use of -C flag, dangerous -f flags, and use of -oQ + by non-root users were not put into + X-Authentication-Warning:s as intended because the + config file hadn't set the PrivacyFlags yet. Fix + from Sven-Ove Westberg of the University of Lulea. + Under very odd circumstances, the alias file rebuild code + could get confused as to whether a database was + open or not. + Check "vendor code" on the end of V lines -- this is + intended to provide a hook for vendor-specific + configuration syntax. (This is a "new feature", + but I've made an exception to my rule in a belief + that this is a highly exceptional case.) + Portability fixes for DG/UX (from Douglas Anderson of NCSC), + SCO Unix (from Murray Kucherawy), A/UX, and OSF/1 + (from Jon Forrest of UC Berkeley) + CONFIG: fix ``mailer:host'' form of UUCP relay naming. + +8.6.1/8.6 93/10/08 + Portability fixes for A/UX and Encore UMAX V. + Fix error message handling -- if you had a name server down + causing an error during parsing, that message was never + propogated to the queue file. + +8.6/8.6 93/10/05 + Configuration cleanup: make it easier to undo IDENTPROTO in + conf.h (other systems have the same bug). + If HASGETDTABLESIZE and _SC_OPEN_MAX are both defined, assume + getdtablesize() instead of sysconf(); a disturbingly + large number of systems defined _SC_OPEN_MAX in the + header files but don't have the syscall. + Another patch to really truly ignore MX records in getcanonname + if trymx == FALSE. + Fix problem that caused the "250 IAA25499 Message accepted for + delivery" message to be omitted if there was an error + in the header of the message (e.g., a bad Errors-To: + line). Pointed out by Michael Corrigan of UCSD. + Announce name of host we are chatting when we get errors; this + is an IDA-ism suggested by Christophe Wolfhugel. + Portability fixes for Alpha OSF/1 (from Anthony Baxter of the + Australian Artificial Intelligence Institute), SCO Unix + (from Murray Kucherawy of Hookup Communication Corp.), + NeXT (from Vince DeMarco and myself), Linux (from + Karl London <karl@borg.demon.co.uk>), BSDI (from + Christophe Wolfhugel, and SVR4 on Dell (from Kimmo + Suominen), AUX 3.0 on Macintosh, and ANSI C compilers. + Some changes to get around gcc optimizer bugs. From Takahiro + Kanbe. + Fix error recovery in queueup if another tf file of the same + name already exists. Problem stumbled over by Bill + Wisner of The Well. + Output YP_MASTER_NAME and YP_LAST_MODIFIED without null bytes. + Problem noted by Keith McMillan of Ameritech Services. + Deal with group permissions properly when opening .forward and + :include: files. This relaxes the 8.1C restrictions + slightly more. This includes proper setting of groups + when reading :include: files, allowing you to read some + files that you should be able to read but have previously + been denied unless you owned them or they had "other" + read permission. + Make certain that $j is in $=w (after the .cf is read) so that + if the user is forced to override some silly system, + MX suppression will still work. + Fix a couple of efficiency problems where newstr was double- + calling expensive routines. In at least one case, it + wasn't guaranteed that they would always return the + same result. Problem noted by Christophe Wolfhugel. + Fix null pointer dereference in putoutmsg -- only on an error + condition from a non-SMTP mailer. From Motonori + Nakamura. + Macro expand "C" line class definitions before scanning so that + "CX $Z" works. + Fix problem that caused error message to be sent while still + trying to send the original message if the connection + is closed during a DATA command after getting an error + on an RCPT command (pretty obscure). Problem reported + by John Myers of CMU. + Fix reply to NOOP to be 250 instead of 200 -- this is a long + term bug. + Fix a nasty bug causing core dumps when returning the "warning: + cannot deliver for N hours -- will keep trying" message; + it only occurred if you had PostMasterCopy set and + only on some architectures. Although sendmail would + keep trying, it would send error messages on each + queue interval. This is an important fix. + Allow u and g options to take user and group names respectively. + Don't do a chdir into the queue directory in -bt mode to make + ruleset testing a bit easier. + Don't allow users to turn off logging (using -oL) on the command + line -- command line can only raise, not lower, logging + level. + Set $u to the original recipient on the SMTP transaction or on + the command line. This is only done if there is exactly + one recipient. Technically, this does not meet the + specs, because it does not guarantee a domain on the + address. + Fix a problem that dumped error messages on bad addresses if + you used the -t flag. Problem noted by Josh Smith of + Harvey Mudd College. + Given an address such as ``<foo> <bar>'', auto-quote the first + ``<foo>'' part, giving ``"<foo>" <bar>''. This is to + avoid the problem of people who use angle brackets in + their full name information. + Fix a null pointer dereference if you set option "l", have + an Errors-To: header in the message, and have Errors-To: + defined in the config file H lines. From J.R. Oldroyd. + Put YPCOMPAT on #ifdef NIS instead -- it's one less thing to get + wrong when compiling. Suggested by Rick McCarty of TI. + Fix a problem that could pass negative SIZE parameter if the + df file got lost; this would cause servers to always + give a temporary failure, making the problem even worse. + Problem noted by Allan Johannesen of WPI. + Add "ident" timeout (one of the "r" option selectors) for IDENT + protocol timeouts (30s default). Requested by Murray + Kucherawy of HookUp Communication Corp. to handle bogus + PC TCP/IP implementations. + Change $w default definition to be just the first component of + the domain name on config level 5. The $j macro defaults + to the FQDN; $m remains as before. This lets well-behaved + config files use any of the short, long, or subdomain + names. + Add makesendmail script in src to try to automate multi-architecture + builds. I know, this is sub-optimal, but it is still + helpful. + Fix very obscure race condition that can cause a queue run to + get a queue file for an already completed job. This + problem has existed for years. Problem noted by the + long suffering Allan Johannesen of WPI. + Fix a problem that caused the raw sender name to be passed to + udbsender instead of the canonified name -- this caused + it to sometimes miss records that it should have found. + Relax check of name on HELO packet so that a program using -bs + that claims to be itself works properly. + Restore rewriting of $: part of address through 2, R, 4 in + buildaddr -- this requires passing a lot of flags to get + it right. Unlike old versions, this ONLY rewrites + recipient addresses, not sender addresses. + Fix a bug that caused core dumps in config files that cannot + resolve /file/name style addresses. Fix from Jonathan + Kamens of OpenVision Technologies. + Fix problem with fcntl locking that can cause error returns to + be lost if the lock is lost; this required fully + queueing everything, dropping the envelope (so errors + would get returned), and then re-reading the queue from + scratch. + Fix a problem that caused aliases that redefine an otherwise + true address to still send to the original address + if and only if the alias failed in certain bizarre + ways (e.g, if they pointed at a list:; syntax address). + Problem pointed out by Jonathan Kamens. + Remove support for frozen configuration files. They caused + more trouble than it was worth. + Fix problem that can cause error messages to get ignored when + using both -odb and -t flags. Problem noted by Rob + McNicholas at U.C. Berkeley. + Include all "normal" variations on hostname in $=w. For example, + if the host name is vangogh.cs.berkeley.edu, $=w will + contain vangogh, vangogh.cs, and vangogh.cs.berkeley.edu. + Add "restrictqrun" privacy flag -- without this, anyone can run + the queue. + Reset SmtpPhase global on initial connection creation so that + messages don't come out with stale information. + Pass an "ext" argument to lockfile so that error/log messages + will properly reflect the true filename being locked. + Put all [...] address forms into $=w -- this eliminates the need + for MAXIPADDR in conf.h. Suggested by John Gardiner + Myers of CMU. + Fix a bug that can cause qf files to be left around even after + an SMTP RSET command. Problem and fix from Michael + Corrigan. + Don't send a PostMasterCopy to errors when the Precedence: is + negative. Error reports still go to the envelope + sender address. + Add LA_SHORT for load averages. + Lock sendmail.st file when posting statistics. + Add "SendBufSize" and "RcvBufSize" suboptions to "O" option to + set the size of the TCP send and receive buffers; if you + run over a slow slip line you may need to set these down + (although it would be better to fix the SLIP implementation + so that it's not necessary to recompile every program + that does bulk data transfer). + Allow null defaults on $( ... $) lookups. Problem reported by + Amir Plivatsky. + Diagnose crufty S and V config lines. This resulted from an + observation that some people were using the SITE macro + without the SITECONFIG macro first, which was causing + bogus config files that were not caught. + Fix makemap -f flag to turn off case folding (it was turning it + on instead). THIS IS A USER VISIBLE CHANGE!!! + Fix a problem that caused multiple error messages to be sent if + you used "sendmail -t -oem -odb", your system uses fcntl + locking, and one of the recipient addresses is unknown. + Reset uid earlier in include() so that recursive .forwards or + :include:s don't use the wrong uid. + If file descriptor 0, 1, or 2 was closed when sendmail was + called, the code to recover the descriptor was broken. + This sometimes (only sometimes) caused problems with the + alias file. Fix from Motonori Nakamura. + Fix a problem that caused aliaswait to go into infinite recursion + if the @:@ metasymbol wasn't found in the alias file. + Improve error message on newaliases if database files cannot be + opened or if running with no database format defined. + Do a better estimation of the size of error messages when NoReturn + is set. Problem noted by P{r (Pell) Emanuelsson. + Fix a problem causing the "c" option (don't connect to expensive + mailers) to be ignored in SMTP. Problem noted and the + solution suggested by Robert Elz of Munnari University. + Improve connection caching algorithm by passing "[host]" to + hostsignature, which strips the square brackets and + returns the real name. This allows mailertable entries + to match regular entries. + Re-enable Return-Receipt-To: -- people seem to want this stupid + feature, even if it doesn't work right. + Catch and log attempts to try the "wiz" command in server SMTP. + This also ups the log level from LOG_NOTICE to LOG_CRIT. + Be more generous at assigning $z to the home directory -- do this + for programs that are specified through a .forward file. + Fix from Andrew Chang of Sun Microsystems. + Always save a fatal error message in preference to a non-fatal + error message so that the "subject" line of return + messages is the best possible. + CONFIG: reduce the number of quotes needed to quote configuration + parameters with commas: two quotes should work now, e.g., + define(ALIAS_FILE, ``/etc/aliases,/etc/aliases.local''). + CONFIG: class $=Z is a set of UUCP hosts that use uucp-dom + connections (domain-ized UUCP). + CONFIG: fix bug in default maps (-o must be before database file + name). Pointed out by Christophe Wolfhugel. + CONFIG: add FEATURE(nodns) to state that we are not relying on + DNS. This would presumably be used in UUCP islands. + CONFIG: add OSTYPE(nextstep) and OSTYPE(linux). + CONFIG: log $u in Received: line. This is in technical violation + of the standards, since it doesn't guarantee a domain + on the address. + CONFIG: don't assume "m" in local mailer flags -- this means that + if you redefine LOCAL_MAILER_FLAGS you will have to include + the "m" flag should you want it. Apparently some Solaris 2.2 + installations can't handle multiple local recipients. + Problem noted by Josh Smith. + CONFIG: add confDOMAIN_NAME to set $j (if undefined, $j defaults). + CONFIG: change default version level from 4 to 5. + CONFIG: add FEATURE(nullclient) to create a config file that + forwards all mail to a hub without ever looking at the + addresses in any detail. + CONFIG: properly strip mailer: information off of relays when + used to change .BITNET form into %-hack form. + CONFIG: fix a problem that caused infinite loops if presented + with an address such as "!foo". + CONFIG: check for self literal (e.g., [128.32.131.12]) even if + the reverse "PTR" mapping is broken. There's a better + way to do this, but the change is fairly major and I + want to hold it for another release. Problem noted by + Bret Marquis. + +8.5/8.5 93/07/23 + Serious bug: if you used a command line recipient that was unknown + sendmail would not send a return message (it was treating + everything as though it had an SMTP-style client that + would do the return itself). Problem noted by Josh Smith. + Change "trymx" option in getcanonname() to ignore all MX data, + even during a T_ANY query. This actually didn't break + anything, because the only time you called getcanonname + with !trymx was if you already knew there were no MX + records, but it is somewhat cleaner. From Motonori + Nakamura. + Don't call getcanonname from getmxrr if you already know there + are no DNS records matching the name. + Fix a problem causing error messages to always include "The + original message was received ... from localhost". + The correct original host information is now included. + Previous change to cf/sh/makeinfo.sh doesn't port to Ultrix (their + version of "test" doesn't have the -x flag). Change it + to use -f instead. From John Myers. + CONFIG: 8.4 mistakenly set the default SMTP-style mailer to + esmtp -- it should be smtp. + CONFIG: send all relayed mail using confRELAY_MAILER (defaults + to "relay" (a variant of "smtp") if MAILER(smtp) is used, + else "suucp" if MAILER(uucp) is used, else "unknown"); + this cleans up the configs somewhat. This fixes a serious + problem that caused route-addrs to get mistaken as relays, + pointed out by John Myers. WARNING: this also causes + the default on SMART_HOST to change from "suucp" to + "relay" if you have MAILER(smtp) specified. + +8.4/8.4 93/07/22 + Add option `w'. If you receive a message that comes to you because + you are the best (lowest preference) target of an MX, and + you haven't explicitly recognized the source MX host in + your .cf file, this option will cause you to try the target + host directly (as if there were no MX for it at all). If + `w' is not set, this case is a configuration error. + Beware: if `w' is set, senders may get bogus errors like + "message timed out" or "host unknown" for problems that + are really configuration errors. This option is + disrecommended, provided only for compatibility with + UIUC sendmail. + Fix a problem that caused the incoming socket to be left open + when sendmail forks after the DATA command. This caused + calling systems to wait in FIN_WAIT_2 state until the + entire list was processed and the child closed -- a + potentially prodigious amount of time. Problem noted + by Neil Rickert. + Fix problem (created in 6.64) that caused mail sent to multiple + addresses, one of which was a bad address, to completely + suppress the sending of the message. This changes + handling of EF_FATALERRS somewhat, and adds an + EF_GLOBALERRS flag. This also fixes a potential problem + with duplicate error messages if there is a syntax error + in the header of a message that isn't noticed until late + in processing. Original problem pointed out by Josh Smith + of Harvey Mudd College. This release includes quite a bit + of dickering with error handling (see below). + Back out SMTP transaction if MAIL gets nested 501 error. This + will only hurt already-broken software and should help + humans. + Fix a problem that broke aliases when neither NDBM nor NEWDB were + compiled in. It would never read the alias file. + Repair unbalanced `)' and `>' (the "open" versions are already + repaired). + Logging of "done" in dropenvelope() was incorrect: it would + log this even when the queue file still existed. Change + this to only log "done" (at log level 11) when the + queue file is actually removed. From John Myers. + Log "lost connection" in server SMTP at log level 20 if there + is no pending transaction. Some senders just close the + connection rather than sending QUIT. + Fix a bug causing getmxrr to add a dot to the end of unqualified + domains that do not have MX records -- this would cause + the subsequent host name lookup to fail. The problem + only occurred if you had FEATURE(nocanonify) set. + Problem noted by Rick McCarty of Texas Instruments. + Fix invocation of setvbuf when passed a -X flag -- I had + unwittingly used an ANSI C extension, and this caused + core dumps on some machines. + Diagnose self-destructive alias loops on RCPT as well as EXPN. + Previously it just gave an empty send queue, which + then gave either "Need RCPT (recipient)" at the DATA + (confusing, since you had given an RCPT command which + returned 250) or just dropped the email, depending on + whether you were running VERBose mode. Now it usually + diagnoses this case as "aliasing/forwarding loop broken". + Unfortunately, it still doesn't adequately diagnose + some true error conditions. + Add internal concept of "warning messages" using 6xx codes. + These are not reported only to Postmaster. Unbalanced + parens, brackets, and quotes are printed as 653 codes. + They are always mapped to 5xx codes before use in SMTP. + Clean up error messages to tell both the actual address that + failed and the alias they arose from. This makes it + somewhat easier to diagnose problems. Difficulty noted + by Motonori Nakamura. + Fix a problem that inappropriately added a ctladdr to addresses + that shouldn't have had one during a queue run. This + caused error messages to be handled differently during + a queue run than a direct run. + Don't print the qf name and line number if you get errors during + the direct run of the queue from srvrsmtp -- this was + just extra stuff for users to crawl through. + Put command line flags on second line of pid file so you can + auto-restart the daemon with all appropriate arguments. + Use "kill `head -1 /etc/sendmail.pid`" to stop the + daemon, and "eval `tail -1 /etc/sendmail.pid`" to + restart it. + Remove the ``setuid(getuid())'' in main -- this caused the + IDENT daemon to screw up. This required that I change + HASSETEUID to HASSETREUID and complicate the mode + changing somewhat because both Ultrix and SunOS seem + to have a bug causing seteuid() to set the saved uid + as well as the effective. The program test/t_setreuid.c + will test to see if your implementation of setreuid(2) + is appropriately functional. + The FallBackMX (option V) handling failed to properly identify + fallback to yourself -- most of the code was there, + but it wasn't being enabled. Problem noted by Murray + Kucherawy of the University of Waterloo. + Change :include: open timeout from ETIMEDOUT to an internal + code EOPENTIMEOUT; this avoids adding "during SmtpPhase + with CurHostName" in error messages, which can be + confusing. Reported by Jonathan Kamens of OpenVision + Technologies. + Back out setpgrp (setpgid on POSIX systems) call to reset the + process group id. The original fix was to get around + some problems with recalcitrant MUAs, but it breaks + any call from a shell that creates a process group id + different from the process id. I could try to fix + this by diddling the tty owner (using tcsetpgrp or + equivalent) but this is too likely to break other + things. + Portability changes: + Support -M as equivalent to -oM on Ultrix -- apparently + DECnet calls sendmail with -MrDECnet -Ms<HOST> -bs + instead of using standard flags. Oh joy. This + behaviour reported by Jon Giltner of University + of Colorado. + SGI IRIX -- this includes several changes that should + help other strict ANSI compilers. + SCO Unix -- from Murray Kucherawy of HookUp Communication + Corporation. + Solaris running the Sun C compiler (which despite the + documentation apparently doesn't define + __STDC__ by default). + ConvexOS from Eric Schnoebelen of Convex. + Sony NEWS workstations and Omron LUNA workstations from + Motonori Nakamura. + CONFIG: add confTRY_NULL_MX_LIST to set option `w'. + CONFIG: delete `C' and `e' from default SMTP mailers flags; + several people have made a good argument that this + creates more problems than it solves (although this + may prove painful in the short run). + CONFIG: generalize all the relays to accept a "mailer:host" + format. + CONFIG: move local processing in ruleset 0 into a new ruleset + 98 (8 on old sendmail). Domain literal [a.b.c.d] + addresses are also passed through this ruleset. + CONFIG: if neither SMART_HOST nor MAILER(smtp) were defined, + internet-style addresses would "fall off the end" of + ruleset zero and be interpreted as local -- however, + the angle brackets confused the recursive call. + These are now diagnosed as "Unrecognized host name". + CONFIG: USENET rules weren't included in S0 because of a mistaken + ifdef(`_MAILER_USENET_') instead of + ifdef(`_MAILER_usenet_'). Problem found by Rein Tollevik + of SINTEF RUNIT, Oslo. + CONFIG: move up LOCAL_RULE_0 processing so that it happens very + early in ruleset 0; this allows .mc authors to bypass + things like the "short circuit" code for local addresses. + Prompted by a comment by Bill Wisner of The Well. + CONFIG: add confSMTP_MAILER to define the mailer used (smtp or + esmtp) to send SMTP mail. This allows you to default + to esmtp but use a mailertable or other override to + deal with broken servers. This logic was pointed out + to me by Bill Wisner. Ditto for confLOCAL_MAILER. + Changes to cf/sh/makeinfo.sh to make it portable to SVR4 + environments. Ugly as sin. + +8.3/8.3 93/07/13 + Fix setuid problems introduced in 8.2 that caused messages + like "Cannot create qfXXXXXX: Invalid argument" + or "Cannot reopen dfXXXXXX: Permission denied". This + involved a new compile flag "HASSETEUID" that takes + the place of the old _POSIX_SAVED_IDS -- it turns out + that the POSIX interface is broken enough to break + some systems badly. This includes some fixes for + HP-UX. Also fixes problems where the real uid is + not reset properly on startup (from Neil Rickert). + Fix a problem that caused timed out messages to not report the + addresses that timed out. Error messages are also more + "user friendly". + Drop required bandwidth on connections from 64 bytes/sec to + 16 bytes/sec. + Further Solaris portability changes -- doesn't require the BSD + compatibility library. This also adds a new + "HASGETDTABLESIZE" compile flag which can be used if + you want to use getdtablesize(2) instead of sysconf(2). + These are loosely based on changes from David Meyer at + University of Oregon. This now seems to work, at least + for quick test cases. + Fix a problem that can cause duplicate error messages to be + sent if you are in SMTP, you send to multiple addresses, + and at least one of those addresses is good and points + to an account that has a .forward file (whew!). + Fix a problem causing messages to be discarded if checkcompat() + returned EX_TEMPFAIL (because it didn't properly mark + the "to" address). Problem noted by John Myers. + Fix dfopen to return NULL if the open failed; I was depending + on fdopen(-1) returning NULL, which isn't the case. This + isn't serious, but does result in wierd error diagnoses. + From Michael Corrigan. + CONFIG: add UUCP_MAX_SIZE M4 macro to set the maximum size of + messages sent through UUCP-family mailers. Suggested + by Bill Wisner of The Well. + CONFIG: if both MAILER(uucp) and MAILER(smtp) are specified, + include a "uucp-dom" mailer that uses domain-style + addressing. Suggested by Bill Wisner. + CONFIG: Add LOCAL_SHELL_FLAGS and LOCAL_SHELL_ARGS to match + LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS. Suggested by + Christophe Wolfhugel. + CONFIG: Add OSTYPE(aix3). From Christophe Wolfhugel. + +8.2/8.2 93/07/11 + Don't drop out on config file parse errors in -bt mode. + On older configuration files, assume option "l" (use Errors-To + header) for back compatibility. NOTE: this DOES NOT + imply an endorsement of the Errors-To: header in any way. + Accept -x flag on AIX-3 as well as OSF/1. Why, why, why??? + Don't log errors on EHLO -- it isn't a "real" error for an old + SMTP server to give an error on this command, and + logging it in the transcript can be confusing. Fix + from Bill Wisner. + IRIX compatibility changes provided by Dan Rich + <drich@sandman.lerc.nasa.gov>. + Solaris 2 compatibility changes. Provided by Bob Cunningham + <bob@kahala.soest.hawaii.edu>, John Oleynick + <juo@klinzhai.rutgers.edu> + Debugging: -d17 was overloaded (hostsignature and usersmtp.c); + move usersmtp (smtpinit and smtpmailfrom) to -d18 to + match the other flags in that file. + Flush transcript before fork in mailfile(). From Eric Wassenaar. + Save h_errno in mci struct and improve error message display. + Changes from Eric Wassenaar. + Open /dev/null for the transcript if the create of the xf file + failed; this avoids at least one possible null pointer + reference in very wierd cases. From Eric Wassenaar. + Clean up statistics gathering; it was over-reporting because of + forks. From Eric Wassenaar. + Fix problem that causes old Return-Path: line to override new + Return-Path: line (conf.c needs H_FORCE to avoid + re-using old value). From Motonori Nakamura. + Fix broken -m flag in K definition -- even if -m (match only) + was specified, it would still replace the key with the + value. Noted by Rick McCarty of Texas Instruments. + If the name server timed out over several days, no "timed out" + message would ever be sent back. The timeout code + has been moved from markfailure() to dropenvelope() + so that all such failures should be diagnosted. Pointed + out by Christophe Wolfhugel and others. + Relax safefile() constraints: directories in an include or + forward path must be readable by self if the controlling + user owns the entry, readable by all otherwise (e.g., + when reading your .forward file, you have to own and + have X permssion in it; everyone needs X permission in + the root and directories leading up to your home); + include files must be readable by anyone, but need not + be owned by you. + If _POSIX_SAVED_IDS is defined, setuid to the owner before + reading a .forward file; this gets around some problems + on NFS mounts if root permission is not exported and + the user's home directory isn't x'able. + Additional NeXT portability enhancements from Axel Zinser. + Additional HP-UX portability enhancements from Brian Bullen. + Add a timeout around SMTP message writes; this assumes you can + get throughput of at least 64 bytes/second. Note that + this does not impact the "datafinal" default, which + is separate; this is just intended to work around + network clogs that will occur before the final dot + is sent. From Eric Wassenaar. + Change map code to set the "include null" flag adaptively -- + it initially tries both, but if it finds anything + matching without a null it never tries again with a + null and vice versa. If -N is specified, it never + tries without the null and creates new maps with a + null byte. If -O is specified, it never tries with + the null (for efficiency). If -N and -O are specified, + you get -NO (get it?) lookup at all, so this would + be a bad idea. If you don't specify either -N or -O, + it adapts. + Fix recognition of "same from address" so that MH submissions + will insert the appropriate full name information; + this used to work and got broken somewhere along the + way. + Some changes to eliminate some unnecessary SYSERRs in the + log. For example, if you lost a connection, don't + bother reporting that fact on the connection you lost. + Add some "extended debugging" flags to try to track down + why we get occassional problems with file descriptor + one being closed when execing a mailer; it seems to + only happen when there has been another error in the + same transaction. This requires XDEBUG, defined + by default in conf.h. + Add "-X filename" command line flag, which logs both sides of + all SMTP transactions. This is intended ONLY for + debugging bad implementations of other mailers; start + it up, send a message from a mailer that is failing, + and then kill it off and examine the indicated log. + This output is not intended to be particularly human + readable. This also adds the HASSETVBUF compile + flag, defaulted on if your compiler defines __STDC__. + CONFIG: change SMART_HOST to override an SMTP mailer. If you + have a local net that should get direct connects, you + will need to use LOCAL_NET_CONFIG to catch these hosts. + See cf/README for an example. + CONFIG: add LOCAL_MAILER_ARGS (default: `mail -d $u') to handle + sites that don't use the -d flag. + CONFIG: hide recipient addresses as well as sender addresses + behind $M if FEATURE(allmasquerade) is specified; this + has been requested by several people, but can break + local aliases. For example, if you mail to "localalias" + this will be rewritten as "localalias@masqueradehost"; + although initial delivery will work, replies will be + broken. Use it sparingly. + CONFIG: add FEATURE(domaintable). This maps unqualified domains + to qualified domains in headers. I believe this is + largely equivalent to the IDA feature of the same name. + CONFIG: use $U as UUCP name instead of $k. This permits you + to override the "system name" as your UUCP name -- + in particular, to use domain-ized UUCP names. From + Bill Wisner of The Well. + CONFIG: create new mailer "esmtp" that always tries EHLO + first. This is currently unused in the config files, + but could be used in a mailertable entry. + +8.1C/8.1B 93/06/27 + Serious security bug fix: it was possible to read any file on + the system, regardless of ownership and permissions. + If a subroutine returns a fully qualified address, return it + immediately instead of feeding it back into rewriting. + This fixes a problem with mailertable lookups. + CONFIG: fix some M4 frotz (concat => CONCAT) + +8.1B/8.1A 93/06/12 + Serious bug fix: pattern matching backup algorithm stepped by + two tokens in classes instead of one. Found by Claus + Assmann at University of Kiel, Germany. + +8.1A/8.1A 93/06/08 + Another mailertable fix.... + +8.1/8.1 93/06/07 + 4.4BSD freeze. No semantic changes. + +6.65/6.34 93/06/06 + Fix some lintish problems. + Fix some cases where server SMTP behaved poorly when handed bogus + input, pointed out by Eric Wassenaar. + CONFIG: fix some more (sigh) mailertable bugs -- thanks to + Motonori Nakamura of Kyoto University (again). + +6.64/6.33 93/06/05 + Don't send 050 (-v) information after the 250 response to a QUIT + command in srvrsmtp -- clients usually close the connection + at this point, and it causes bogus error messages. + Don't send messages that have errors on input (such as unbalanced + parentheses) during SMTP transactions, since a return + message has (probably) already been sent. + Give better diagnostics on timeouts during network reads, including + information similar to the SMTP phase. + Fix bug that caused SMTP messages to deliver synchronously; this + happened after the DATA 250, and hence caused reading the + next command to be delayed. + Ignore Errors-To: header unless 'l' (lower case el) header is + specified. The Errors-To: header violates RFC 1123. + Errors-To: was only needed to take the place of the + envelope sender in the days when most Unix mailers + didn't understand about the two kinds of senders. + Don't send warning messages in response to automatically generated + messages (that is, those From:<>). + CONFIG: fix some rather stupid typos in the mailertable code + pointed out by Motonori Nakamura of Kyoto University. + CONFIG: add confUSE_ERRORS_TO configuration option. + CONFIG: if ALWAYS_ADD_DOMAIN is selected, try to use $M + (masquerade name) instead of $j. + CONFIG: don't add dots to relay names (added in 6.29); it breaks + several things, and can be simulated by dot terminating + the names of relays. For example, use: + DBbit.net.relay. + (note the trailing dot). + +6.63/6.32 93/06/01 + Fix prototypes to eliminate chars in argument lists -- some + compilers are pissy about this. + Log protocol ($r) and body type if set so we can determine if + the adaptive algorithms are working. + Pessimize on locking of database files (particularly for NEWDB + databases) during opens. There were problems with + processes opening the file while it was rebuilt; since + NEWDB caches heavily, the reader opened an empty file, + which is an error. If your system has the ability to + lock atomically on open, this works properly; otherwise, + there are race conditions. + Check mod time on .pag file instead of .dir in NDBM aliases + because the .dir file doesn't get updated for small + alias files. From John Gardiner Myers of CMU. + More Solaris portability -- it now compiles on Solaris, but + hangs up in gethostbyname(). + Move setting of RES_DEBUG flag before first myhostname() call + so we can see name server traffic on that call. + Fsync() queue files. + Fix a problem that causes -bi to try to rebuild maps other than + the alias file(s). + Fix a problem that caused udb to reject entries from any but + the first database listed. + Rearrange doc subdirectory for 4.4BSD release tape. + CONFIG: put $r into the Received line. This was an oversight. + CONFIG: fix typo (call to ruleset 99 should have been rulset 90). + CONFIG: move "auxiliary" subroutines to be in ruleset 90-99 + range -- in the long run, single digit rulesets may + become reserved for builtin use by sendmail. + CONFIG: fix major problem that causes host aliases (that is, + anything in $=w != $j) to not be recognized. This has + been around since 6.30. + +6.62/6.31 93/05/28 + BETA RELEASE + Fix recursive syserr (if there is an error printing a syserr + message). This makes the code much less eager to consider + a write error as serious. This also includes some + heuristics to be clever about closed connections. + Lock NEWDB files during gets. This requires version 1.5 or later + of the db library. If you have an older version, you + can use -DOLD_NEWDB. This will go away in a few weeks. + Fix problem causing aliases that use host maps to get overwritten. + Do appropriate byte swapping on port numbers in ident protocol + code. Fix from Allan Johannesen of WPI. + Defer opening of map files to the same time as alias files so that + the daemon will tend to pick up new versions more promptly. + Prototype a bunch more functions. + Some Solaris 2.1 changes (still doesn't link though). + Try to simplify Makefiles by including more subordinate #defines + in conf.h (based on OS type). + CONFIG: check for domains if FEATURE(mailertable) is defined. + For example, if the host name is "knecht.cs.berkeley.edu" + it will search the following mailertable keys: + knecht.cs.berkeley.edu + .cs.berkeley.edu + .berkeley.edu + .edu + This could be used to replace the special relays for bitnet + and similar nets. + +6.61/6.30 93/05/24 + Fix problem that prevented appending dots on canonified host + names. This breaks tons of config files -- very + important fix. + Fix improper pointer dereference in response to HELO command. + Fix core dump if debugging set in map_rewrite. + CONFIG: add FEATURE(always_add_domain) to always attach the + local domain (only impacts local mail). + CONFIG: try to avoid turning names into $j -- although + technically a host can only have one "canonical name", + it seems to be common practice to have several. + +6.60/6.29 93/05/22 + Major change: merge alias databases with maps. This expands and + changes the map class interface but fixes a bunch of bugs. + The important user-visible change is that the file name + in a K line now does not include the ".db" extension; this + is added automatically. Also, the -d (NIS domain) flag is + missing from the K config line; use @domain instead. + When compiling, the *_MAP names are gone -- just compile + in NDBM, NEWDB, and/or NIS support. + Announce mailer/host/user triple on -bv flag -- from Brian + Bullen of Stirling University. + Don't send more than one line in response to HELO -- it confuses + Pony Express, which then behaves very badly. However, + this change does send two line 220 greetings, with the + second line reading "ESMTP spoken here". The usersmtp + module recognizes this and goes into ESMTP mode regardless + of the setting of the "a" mailer flag. Thus, "a" means + "always try EHLO". + AIX portability changes (thanks to Christophe Wolfhugel of + Herve Schauer Consultants (Paris) for providing me with + an INSA account for this purpose). Lightly tested. Use + -D_AIX3. This probably breaks compatibility with some + older systems (e.g., 4.2bsd) but still works on SunOS + 4.1.2, Ultrix 4.2A, HP-UX 8.07, OSF/1 T1.3, and AIX 3.2.3. + Fix a problem causing an error message loop if the output channel + is hosed. + Add the Makefiles that I use for various environments -- some are + Berkeley make versions and some are old make versions. + My makefile for the NeXT box has gotten lost, alas! + PRALIASES: support for printing NEWDB databases. From + Michael J. Corrigan of U.C. San Diego. + CONFIG: don't pass pseudo-domains to $[ ... $] (if you have + a wildcard MX it can have wierd results). From + Christophe Wolfhugel. + CONFIG: dot terminate relay hostnames in S0. From Christophe + Wolfhugel. + +6.59/6.28 93/05/13 + Log version with SMTP daemon startup message. + Adjust setproctitle to work on NetBSD and BSD/386. + Fix null pointer reference in MX fallback code. + A bunch of minor fixes from Eric Wassenaar: + If deliver cannot execv the mailer, return EX_OSERR + instead of EX_TEMPFAIL (to give better + error messages). + Consistently malloc e_message. + Catch degenerate case of calling returntosender() + with an empty returnq. + MIME reformatting. + +6.58/6.28 93/05/13 + Fix bug that can cause incorrect verbose display of user smtp + messages. + Disable SMTP VERB command if PRIV_NOEXPN is set (since this + could reveal the same information. + Allow failure when reading SMTP greeting message to go on to + next MX host. + Add "MIME-Version: 1.0" header if using MIME (this was NOT + included in RFC 1344, but Bill King of Allan-Bradley + Company forwarded me email from Nathaniel Borenstein + claiming that it was an inadvertent omission). + Don't use Content-Type: X-message-header. According to John + Myers of CMU, many MIME readers will completely ignore + the data if they don't recognize it. Instead, just + add a blank line to make it a legal (empty) message. + Fix problem causing dots to keep getting appended to cached + hostnames. This can cause buffer overrun conditions. + The problem was found by Erik Forsberg of Retix, + although I used a different bug fix than he provided. + Fix parsing of split header/envelope rewriting specs -- from + Eric Forsberg. + Fix from Eric Wassenaar to correct To: lists in error messages. + +6.57/6.28 93/05/11 + Fix minor glitch causing extra ctladdrs to be output to queue + file. Just an annoyance. + Cache results of name server canonification lookups to avoid + backed up queue runs. + Major rewrite of alias.c: considerable cleanup, plus sample + (untested) support for NIS aliases. The "A" option + can now be a comma separated list (or be repeated) -- + that is, you can have multiple alias databases. Each + database can have the syntax ``class:file''; if no class + is specified, the "implicit" class is assumed. Implicit + searches through a list of compiled in types -- hash, + dbm, nis, and stab. Alias files are searched in the + order they are listed. For example: + OAhash:/etc/aliases.local,/etc/aliases + OAnis:mail.aliases@my.nis.domain + first searches the hash database /etc/aliases.local, + then the regular /etc/aliases database, then the NIS + map "mail.aliases" in the NIS domain "my.nis.domain". + If in Verbose mode (probably from VERB command) run SMTP job + in foreground and don't do RCPT optimizations. + Add udb :mailsender as equivalent to owner- for regular aliases. + Delete option 8; add option 7 that means the opposite. That is, + default to 8-bit mode; a special option is needed to + force sendmail into 7 bit mode. + Send error messages in encapsulated MIME format. + New compile flag "NIS" that turns on NIS alias and NIS map + support. + Add "j" option to send error messages in MIME (RFC 1341) + encapsulated message format per RFC 1344. The + syntax is pretty ugly if you don't have MIME-aware + user agents. + Clean up message handling (for display in mailq output). + New setproctitle implementation for 4.4bsd. + Create files (such as ~/dead.letter) using mode FileMode (the + F option value) instead of 0666. + Fix bug causing output of EXPN command to not be fully qualified. + This may cause some problems with UUCP addresses that + will require some config file assistance -- specifically, + the $: part has to include the host name for this output + to make sense. + Fix a problem that sometimes diagnosed errors and still sent the + message if the header syntax was bad. + Fix a bug that caused an error message to be emailed when sendmail + was operating in -bv mode. + Add "ListenQueueSize" keyword to daemon options option (OO) to + set the queue size parameter passed to listen(). You + will normally have to tweak your kernel to up this. + Strip spaces off of beginning of message-id before logging (in + case it was folded across lines). + Tweak compile flags in daemon.c -- there were some cases where + it wouldn't work without NETINET. + Change *file* mailer to output all the usual default headers + (From, Date, Message-Id). It gets used when sending + back error messages. + CONFIG: explicitly catch and diagnose list:; syntax in ruleset + zero -- this is not a valid recipient syntax according + to RFC 821. + CONFIG: add confMIME_FORMAT_ERRORS to send error messages in + MIME format. Defaults to on. + CONFIG: add SMTP_MAILER_FLAGS and UUCP_MAILER_FLAGS to augment + the flags for those mailers. + +6.56/6.27 93/05/01 + Fix problem that causes the fallback mail to postmaster + (case ESM_POSTMASTER in savemail()) to not look at + aliases (ugh). + Some more HPUX tweaking (compile flag hpux => __hpux so it + still works in ANSI mode). + Don't try to flock non-regular files when mailing to a file. + In particular, this was a problem if you tried to + send to /dev/null. + Fix a wierd bug that can cause senders to be queued as + recipients if the name server is down when the mail + is initially sent. This hack just ignores sender + deletion (essentially, it sets the MeToo flag) if there + is a TEMPFAIL during processing of the sender address. + Obscure. + Fix a dangling else problem -- from Brian Bullen from University + of Stirling, UK. + Add the "b" mailer flag to force a blank line on the end of + messages. Some brilliant versions of /bin/mail insist + on this but do not add it themselves. + Add the "g" mailer flag to prevent user SMTP from sending + "MAIL From:<>". This is only intended to be a + transitional gesture, and should not be used if at + all possible. It appears that Berkeley and IDA + config files have always handled this properly; the + UK config kit apparently does not. + Don't lowercase and then capitalize header field names -- leave + them with original capitalization. Fixes from Bill + King of Allen-Bradley Company. + Further cleanup and improved reporting of error messages, + particularly conditions that cause messages to be + requeued for future delivery. + Tweak syslog priorities in some cases. + CONFIG: clean up route-addr on UUCP addresses. + +6.55/6.25 93/04/27 + HPUX 8.07 compatibility changes in getla() -- I had to make + these changes to get it to work at Berkeley, although + others seem to have been working before (???). + Various patches to XLA code. + Fix problem that causes setuid bit on files to be ignored from + SMTP or in queue runs. Problem noted by Jason Ornstein + of Under The Wire, Inc. + Fix problem that can cause CNAMEs to be ignored. + Generalize getmxrr to match local host in $=w instead of a + single name passed in. + Some cleanup from Eric Wassenaar: + Use FileMailer instead of ProgMailer in two places. + Eliminate duplicate 8th-bit stripping in commaize. + Fix a problem with mis-parsing of backslash escapes + under some circumstances. + NIS map fix (was always including trailing null character) + from Mike Glendinning of Ingres UK. + Add "a" mailer flag to try using ESMTP. It tries the EHLO + command and if that fails falls back to regular SMTP. + Also parses EHLO option keywords. If host supports + SIZE extension, this is added to the MAIL FROM: + command. + Extend "b" option to include a second value which is the + maximum message size this server is willing to accept. + For example, a value of "10/1000000" says that there + must be ten blocks free, and sendmail will reject + any message larger than one megabyte. + Some portability hooks for NeXT (this could be applicable + to Mach in general). You have to create an empty + file called "unistd.h" to get it to compile. + Adjust config values (MAXLINE, MAXATOM, and PSBUFSIZE) to + be more generous. + Add X400-Received: to the list of headers tagged with H_TRACE + in conf.c. From Bill King, Allen-Bradley Co. + +6.54/6.25 93/04/19 + Fix problem that caused redefinition of SMTP and QUEUE compile + flags. Pointed out by Jon Forrest of the Sequoia 2000 + project at Berkeley. + Properly handle \! hack -- it was treating host\!user as one + token (host!user) instead of three (host, !, user). + Fix from Eric Wassenaar of NIKHEF-H. + Fix compilation problem in getauthinfo() if IDENTPROTO is off. + Turn off DEFNAMES and DNSRCH when getting the hostsignature + (i.e., MX records) in level 1 configuration files; this + matches the old behaviour. From Motonori Nakamura of + Kyoto University. + Improve error message printing -- if sent through an alias, + error messages include the name of the alias in the + message. Unfortunately, in order to make this work + properly in queue runs, this changes the format of the + C line in the qf file. The relatively uselessness of + the previous information was pointed out to me by + Allan E Johannesen of WPI. + Add XLA compile flag to add hooks to Christophe Wolfhugel's + extended load average code. This is still in very early + form. For information regarding the guts of the xla + code, contact Christophe.Wolfhugel@grasp.insa-lyon.fr. + Additional hooks for detecting tempfails in rewriting rules + (that is, in map lookups). + +6.53/6.25 93/04/15 + Properly diagnose ruleset zero returning null (instead of a mailer + triple). From Motonori Nakamura of Kyoto University. + More generalization of socket code for other protocols. + Shorten timeouts on reverse name lookups -- since they are done + during connection establishment, long timeouts here can + cause higher level timeouts. This mainly serves to accept + mail from hosts that do not have proper reverse (PTR) DNS + records set up. + Reset e_statmsg before each mailer invocation to avoid bogus + messages in the log. + Redefine $r, $s, and $_ in error envelopes so you don't get + incorrect cruft in the error message. Problem noted by + Motonori Nakamura of Kyoto University. + Fix a problem that can cause failure to return errors to Postmaster + in certain cases. From Motonori Nakamura. + Fix a problem that can cause some systems to give duplicate error + messages when a bad syntax address such as "<a" is presented + to an SMTP server. It doesn't seem to occur on all + machines. From Motonori Nakamura. + Default IDENTPROTO off for Ultrix and HPUX, which apparently have + the interesting "feature" that when they receive a "Host + unreachable" message they closes all open connections to + that host. However, some firewall gateways send this message + if you try to connect to an unauthorized port, such as the + IDENT port (113). Thus, no email can be received from such + hosts. There is some evidence that versions of Ultrix before + 4.3 do not have this problem. Thanks to Tom Ivar Helbekkmo + for pointing out this behaviour to me and to Michael Corrigan + of U.C. San Diego for informing me about the HPUX problem. + Allow IPC mailers to return a colon-separated list of hosts in the + $@ clause; these are searched in order as though they were + MX records. + When sending an error report, print the list of addresses tagged + as bad. Requested by Allan E Johannesen of WPI. + Change map function calls to return a status code. This gets + passed back as the result of rewrite. Parseaddr marks + the address as a QUEUEUP address if the return code is + EX_TEMPFAIL. All this to queue properly if the name + server is down. This code is not well tested. This code + changes the interface to map lookup functions (a fifth + parameter, int *statp, is added). Feature requested by + Dan Oscarsson. + Don't delete quotes (in the dequote map) if there are spaces in + the string, since this would cause them to be replaced by + the SpaceSub character. + Accept BODY=8BITMIME on SMTP MAIL command. This isn't advertised + because the 8BIT to 7BIT translation doesn't exist yet. + This does add a "bodytype" field to both envelope and + queue file and a -B command line flag to pass the type in + during direct invocations. + Discard return error messages only on responses to responses to + responses, not on responses to responses. That is, the + algorithm is to try return to sender, then return to + postmaster, then discard. Previously it discarded + immediately if the return to sender pass failed. + CONFIG: back out change to hide unqualified hostnames behind %-hack. + This screws up local aliases and .forward files. + CONFIG: add FEATURE(nocanonify) to turn off calls to $[ ... $]; + some sites only handle completely canonified names. + Requested by John Gardiner Myers of CMU. + CONFIG: some UUCP code was still included even if FEATURE(nouucp) + was specified. + +6.52/6.24 93/04/10 + Clean up some minor glitches on error return messages pointed out + by Motonori Nakamura of Kyoto University. + Fix reply() to not reset SmtpReplyBuffer on fatal errors; this + was supposed to reset SmtpMsg Buffer. This makes the + client side code virtually useless. Reported by Allan + E Johannesen of WPI and Phil Brandenberger of Swarthmore. + Better debug messages if fuzzy is disabled, suggested by Allan + E Johannesen of WPI. + Offset SmtpReplyBuffer by four in usersmtp when checking for + loopback. From Eric Wassenaar. + Don't set $s until after runinchild in srvrsmtp -- otherwise + it gets cleared. From Eric Wassenaar. + Implement IDA-style $&x for deferred macro expansion. + More POSIX compatibility. + CONFIG: Hide unqualified hostnames behind %-hack using $s as the + actual sender. This is only done if $r is non-null, that + is, if this is not locally submitted mail. + CONFIG: Add FEATURE(bitdomain) allowing mapping of BITNET host + names to internet domains. A program contributed by + John Gardiner Myers of CMU to create the maps is included + in the contrib directory (in the "misc" tar file). + CONFIG: Add FEATURE(uucpdomain) for a similar mapping for UUCP + hosts. There is currently no tool to create this map. + +6.51/6.23 93/04/04 + Add D= mailer flag to specify a path of possible working directories + in which to execute the mailer. This is intended for the + prog mailer; some shells can get upset if they don't have + access to the current directory. + Add RFC 1413 (IDENT) protocol support. This is only very loosely + tested. This adds a $_ macro to be the authenticated + info (in ``user@domain [address]'' form) and debug flag + 9 to trace the protocol. + Check for loopbacks in usersmtp instead of srvrsmtp -- there is no + reason for a local agent to not be talking to the localhost + (although the inverse is not true). + Add a few hooks for automated map rebuilding. This is certainly + not done yet. + CONFIG: Have prog mailer specify a path of ``D=$z:/'' -- that is, + user's home directory then the root. + CONFIG: Log RFC 1413 identification in Received: line. + +6.50/6.22 93/04/01 + Fixes to requeueing code to make it compute priority, nrcpts, + and the like properly. + +6.49/6.22 93/04/01 + Diagnose incorrect privacy flags. Suggested by Bryan Costales + of ICSI. + Some ANSI C fixes. + Arrange to quote backslashes as well as other special characters + in the phrase part of a route-addr. + Some fixes to FallBackMX code suggested by Motonori Nakamura of + Kyoto University. + More vigorous zeroing of CurHostAddr to avoid logging of bogus + host addresses when you are actually just printing + information from the MCI structure; problem noted by + Michael Corrigan of U.C. San Diego. + Don't ignore rest of queue if any job is not runnable. This can + also cause an incorrect job to be lost. Fix from + Eric Wassenaar. + Always respond "quickly" to RCPT command; do alias expansion and + the like later. This also means that mail for lists that + have errors will be acccepted, and an error sent back + later. This is done by instantiating the queue file + and then immediately running and requeueing it. + +6.48/6.22 93/03/30 + Fix incorrect diagnosis of infinite loop in ruleset. Problem noted + by several people. + Improve information printed when infinite loops are discovered. + Zero CurHostAddr to fix erroneous internet addresses in log when no + addresses can be bound. Pointed out by Motonori Nakamura + of Kyoto University. + "Probe" SMTP connections using RSET instead of NOOP "just in case". + Suggested by John Gardiner Myers of CMU. + Don't warn about -f if you are setting sender to yourself. + +6.47/6.22 93/03/29 + Fix incompatible call to endmailer in smtpquit which causes core + dumps. Noted by Allan E Johannesen of WPI. + HPUX portability changes from Michael J. Corrigan of UC San Diego. + Require MAIL before RCPT command in srvrsmtp.c. This had been + intentional from the 821 draft days when the order wasn't + clear, but is silly now. + Fix bug in nis_magic routine that was initializing parameters + incorrectly. Fix from Takahiro Kanbe of Fuji Xerox + Information Systems Co., Ltd. + Change default for PrivacyFlags in conf.c to 0 -- since it always + "or"s in new values, there was no way to turn off the + AuthWarning stuff. + Add O option to set SMTP daemon options. + Add V option to set fallback MX host. This always sorts at lower + priority than anything it gets from the name server. It + should only be used for environments with very bad network + connectivity. Requested by several people. + Log sending info. It's not clear this is a good idea. + CONFIG: fix typo in mailertable code. Noted by Phil Brandenberger + of Swarthmore. + CONFIG: add confDAEMON_OPTIONS and confFALLBACK_MX to set options + O and V, respectively. + +6.46/6.21 93/03/26 + Fix botch in server SMTP that broke transactions that did not + use HELO first (like MH). Fix from Michael Corrigan + of U.C. San Diego. + Fall back to other MX records if there is an error anywhere + in delivery (actually on MAIL or DATA -- RCPT is harder). + Suggested by John Gardiner Myers and Motonori Nakamura. + Revert to non-prototypes -- it turns out that our ANSI C + compiler is more forgiving than most others about + mixing prototyped extern declarations with non-prototyped + function definitions. + Fix a problem with multi-word class matching pointed out by + Neil Rickert. Given: + CX b a.b.c + R$+ $=X $+ $: $1 < $2 > $3 + the input "user@a.b.c" failed instead of being properly + rewritten as "user@a.<b>.c". + Neil also convinced me that it was correct that $~ should match + only one token -- the problem is that it's always possible + to add another token, so $~ matches far too eagerly. + +6.45/6.21 93/03/25 + Implement multi-word classes (properly!). + +6.44/6.21 93/03/25 + Add X-Authentication-Warning: headers to clue users into possible + attempts to forge mail. This is on the authwarnings + privacy flag, but is the default. Suggested by Bryan + Costales of ICSI. + Pass default units for convtime in so they can be more reasonable. + Allow config files to always add a new Comments: header (i.e., + they will be added even if an old one already exists). + Suggested by Bryan Costales of ICSI. + Allow config files to delete an existing Return-Path: header. + These should only be added at final delivery. Suggested + by Bryan Costales of ICSI. + Some debugging additions. Suggested by Bryan Costales of ICSI. + Clean up logging of Family 0 addresses. Noted by David Muir + Sharnoff and others. + Add a "dequote" map class. This allows config files to strip + quotes off of addresses. Note that this is not a builtin + map, just a class -- so you have to define the map + using the K line. + Fix a bug in the queueup() loop getting a locked tf where in + very odd cases it can fall off the bottom and core dump. + Of course, it was P{r Emanuelsson who found it.... + Open a new transcript when splitting an envelope. Problem found + by Allan E Johannesen of WPI. + Improved error output in endmailer if the mailer core dumps. + CONFIG: Fix typo in UUCP mailer definition. + CONFIG: Default several of the new options on: eight bit input, + privacy flags set to "authwarnings", and message warning + set to 4h. + CONFIG: Use dequote map. + +6.43/6.20 93/03/23 + Fix problem with assumption of an sa_len field in a generic + sockaddr -- it turns out that most vendors haven't + picked up this (very important) fix. + Change compilation flags for daemon code -- select one or both + of NETINET or NETISO, but don't ever set DAEMON manually. + CONFIG: add FEATURE(mailertable) to do IDA-style mailertables. + +6.42/6.19 93/03/19 + Use Postmaster as default fallback return address, not root. + POSIX changes for file descriptor handling. + Diagnose errors writing new queue file. + If you change the owner using an owner- alias, also change the + error mode to EM_MAIL so that errors don't get dropped + into an inappropriate directory. Problem noted by + Allan E Johannesen of WPI. + If you are su'ed to root, send email as who you really are, not + as root. From Brian Kantor of U.C. San Diego. + Allow warning messages to be sent after a configurable interval + has passed without delivery. The message is sent only + once per envelope. This changes the format of the qf + file to have an F line, and the format of the T option + to accept take the format "return/warn" (both intervals). + Don't force all local names to lower case -- this was left over + from the wierd handling of case mapping on aliases. It + is now driven (as expected) by the "u" mailer flag. + Problem noted by P{r Emanuelsson. + Fix problem that caused headers on returned email to be trashed; + they were getting freed, but are still accessible via + BlankEnvelope. + Fix problem that caused bogus ids to be created on returned + mail. + Add support for ISO and other non-INET networking. This is by + no means finished yet. This does assume a lot of other + system support, like a version of gethostbyname that + returns non-AF_INET addresses. + CONFIG: change default on prog mailer to keep upper case in + user names (i.e., in the program command line). + CONFIG: strip trailing dots off of hosts in uucp mailer before + convert to bang format. + CONFIG: create new "relay" mailer for $R (LOCAL_RELAY) and $H + (MAIL_HUB) delivery that doesn't add local domain. Note + that this violates 821, but is probably "more correct" + for what we are trying to do. Problem pointed out by + Michael Graff of Iowa State. + +6.41/6.18 93/03/18 + Clean up unnecessary creates of queue ids (i.e., empty qf files) + when not needed, such as when starting up an SMTP + connection. + Fix problem where split envelopes aren't instantiated in the queue. + This is quite a serious bug. + Owner- aliases had problems with leading spaces causing a + premature delimitation. + +6.40/6.18 93/03/18 + Have ending 250 (after DATA) include the id; suggested by + Brian Kantor of UC San Diego. + Add logging on envelope splitting. + Change queue ids to have one more letter encoding the hour of + the day so that during a single day there is a greater + likelihood of uniqueness; requested by Brian Kantor. + +6.39/6.18 93/03/18 + Fix minor compile problem if LOCKF is defined. + Define size of tobuf in conf.h. Observed by Toshinari Takahashi + of Toshiba. + Restore e_sender -- this is equivalent to e_from.q_paddr without + decorations such as angle brackets and comments. + OSF/1 on Alpha changes from Allan E Johannesen of WPI. + CONFIG: fix typo in S3 for list syntax (;: => :;). Thanks to + Christopher Hoover for noting the problem. + +6.38/6.17 93/03/17 + Pass envelope to disconnect to avoid another use of CurEnv, which + can apparently end up being null at inopportune times. + Log "received from" as "relay=" for consistency (suggested by + John Gardiner Myers). + Fix major bug in header handling: if no From: line existed in + the header (so sendmail inserts one), and the sender is + an alias that has an owner, the From: line shows the + owner (as well as the envelope). Fixed by early binding + the headers (which will change debugging output). + HPUX portability patches from Michael J. Corrigan of UC San Diego. + Some attempts to adapt better to out of open file conditions. + Some changes to ctladdr handling in queue files. + +6.37/6.17 93/03/16 + MAJOR CHANGE: delete e_sender and e_returnpath (why are these + different from e_from?) and $< macro. + Log correct IP address in relay= field even if the connection + times out. + Log "received from [RESPONSE]" on EF_RESPONSE messages (from + John Gardiner Myers). + Fixes to SysExMsg logging (sometimes just got "message: %s" + instead of "message: error message"), noted by Eric + Wassenaar. Also reported by Motonori Nakamura. + Improvements to MX piggybacking code, from Motonori Nakamura. + Fix case where CurHostName points to an auto variable that has + been deallocated (from Motonori Nakamura). + Fix bug causing newlines to be included in aliases if option + "n" (check alias RHS) is set; bug noted by David Muir + Sharnoff. + Fix problem causing user names that should be mapped to lower + case to not be mapped if they are sent during a queue + run. This greatly simplifies the case mapping code. + Problem noted by Allan E Johannesen of WPI. + Don't do recipient address rewriting in buildaddr. This + improperly did recipient rewriting on sender addresses, + and just seems bogus in general -- but the change could + break some .cf files. + Pass TZ envariable to child processes for System V. + CONFIG: allow LOCAL_RULE_1 and LOCAL_RULE_2 if you want to + define those rulesets. + KNOWN PROBLEM: I have seen some problems on SunOS that causes + the User Data Base to give errors on some addresses. I + have tracked the problem back at least as far as 93.02.15 + (version 6.22). Running with debugging on makes it + go away, so I conclude that it is referencing uninitialized + stack data. I haven't been able to track this down yet. + +6.36/6.16 93/03/08 + Allow local mailer to specify $@host -- this lets you assign the + "foo" part of jgm+foo to $h for passing in to the local + mailer. + Additional debug printing in getcanonname (show query type). + Don't add the e_fromdomain on sender addresses -- this interacts + wierdly with the owner- code. + Improve delivery logging to not log obvious or meaningless stuff. + Include numeric IP address in Received: lines per RFC 1123 section + 5.2.8. + Fixed a bug in checking stat() return value if restrictmailq is + set. Also, check the entire group set instead of just the + primary group. Both from John Gardiner Myers. + Don't have usrerr automatically print errno, since this is often + misleading. + Use transienterror() in makeconnection after connect() fails and + in openmailer after execve() fails (from Eric Wassenaar). + Also moved transienterror() from util.c to conf.c. + Clean up from= logging on response messages. + Undo patch allowing prescan to return a null vector -- it breaks + too many things. + Config: FEATURE(notsticky) lets you use UDB for everything coming + in to the machine, even if it is specifically targetted + to this machine. Without it, UDB is bypassed if the user + name is fully qualified. + Config: fix another minor botch with <> (local mailer wasn't + mapping them properly). + +6.35/6.15 93/03/05 + Fix getrealhostname to return null if sinlen <= 0 -- this can + occur if stdin is a pipe. + Avoid infinite loop in getcanonname if name server return + NO_DATA (for example). + Config: avoid having C flag qualify list syntax and error syntax. + +6.34/6.14 93/03/05 + Fix logging in deliver to not pass too many parameters to Ultrix + versions of syslog. + Don't write the pid file until after the daemon has actually + opened and conditioned the connection. + Consider addresses "different" if their q_uids differ (so that + two users forwarding to the same program will be seen + as different, rather than the same). + Fix problem with bad parameters in main() -- they set ExitStat + but don't exit. + Fix null pointer references through RealHostName -- painfully + discovered by Allan E Johannesen of WPI. + Fix bug causing user@@localhost to core dump (yuch). + Config: don't put two @host.dom.ain on users in $=E in SMTP + mailer. Also, catch user@ (no host) in ruleset 0. + +6.33/6.13 93/03/03 + Config: add confCW_FILE as the name of the cw configuration file + (defaults to /etc/sendmail.cw). From P{r Emanuelsson. + Allow prescan to return a pointer to an empty list -- this is + not an error. Also, clean up error reporting to avoid + double errors (prescan reports once, then the caller + reports again). + Changes to avoid trusting T_ANY queries -- run them, but if you + don't get the info you expected, do T_A and T_MX queries + anyhow. This also fixes an oversight where _res.options + bits were being ignored. + If PRIV_NOVRFY is set, use 252 response code instead of 502 per + RFC 1123 section 5.2.3. It's not 100% clear that this + is correct, but it probably works better with stupid + mailers that do a VRFY and only check the first digit. + +6.32/6.12 93/03/02 + Fix uninitialized variable "protocol" in smtp code. + Include <unistd.h> in sendmail.h -- move towards POSIX/ANSI. + Additional hooks for RFC 1427 (ESMTP SIZE extension). This + includes requiring that enoughspace() know the system + block size, which will undoubtedly break most ports. + Trace flag 19 in use for srvrsmtp.c. + Additional logging -- notably the sending mailer name. This + also changes the delivery logging to strict field=value + syntax. + Fix some problems with messages getting sent even to addresses + that had been marked bad -- from Eric Wassenaar. + More WIDE changes: accept host name inside [...] as non-MXed + host. This is intended ONLY for use inside firewalled + environments, where the MX points at the gateway. + Change .cf file conventions so that mapping for <> addresses + don't have an @ in them (to avoid confusing the C mailer + flag). Pointed out by Neil Rickert. + Config extensions for Sam Leffler's FlexFAX software. + +6.31/6.10 93/02/28 + Fix some more bugs in alias owner code -- there were some wierd + cases where an error in a non-aliased name would override + the return info in an aliased name with an owner. + Changes from WIDE Project, forwarded to me by Motonori Nakamura: + Log actual delivery host (after MX et al); from + yasuhiro@dcl.co.jp. + Log daemon startup. + Deliver Postmaster copies without a body. + Better logging of SMTP senders. + Send all program email as daemon even when local. + As requested in various forms from many people, accept -qIstring + to limit queue runs to jobs with queue-id matching string. + Similarly for -qRstring for recipients, -qSstring for + senders. + Initial hooks for ESMTP support (see RFC 1425). + Fixed a syntax error in the UUCP mailer specification that caused + core dumps on startup. + Check for missing A= or P= arguments in mailer definitions. + +6.30/6.10 93/02/27 + Require FROZENCONFIG compilation flag to include frozen + configuration code. Frozen configuration is really + not a very good idea any more, particularly in shared + library environments. + Do better checking of errno after opens of :include: and .forward + files to defer delivery on network and other transient + errors. Suggestion from Craig Everhart. + Fix minor botch in read timeout macro processing. + Add FEATURE(nouucp) to config files for sites that know absolutely + nothing about UUCP. + Add built cf files to distribution tape and clarify how to build + them if you don't have the Berkeley make. + Some sizeof(long) portability changes for the Alpha, from Allan + E Johannesen. + Add "restrictmailq" privacy flag -- if set, only people in the same + group as your queue directory can print the queue. If you + set this, be sure you also restrict access to log files.... + Fix another bug in owner-list stuff that can cause data files to + be "lost". + Fix a bug with queue runs that cause forwards to yourself to go + into alias/forwarding loops. I'm still iffy about this + fix. + Fix from Eric Wassenaar for suppression of return message code. + +6.29/6.9 93/02/24 + Fix yet another problem in alias owner code -- put the wrong return + address on the enclosed return-to-sender letter. + +6.28/6.9 93/02/24 + Fix botch in alias owner code that caused it to not operate if the + error was detected locally. + +6.27/6.9 93/02/24 + M_LOCAL => M_LOCALMAILER to avoid conflict with Ultrix include + file <sys/mount.h>. + Miscellaneous bug fixes from Eric Wassenaar: + sendmail -bv -t logs the from line even though in verify + mode only. + sendmail -v can go into queue mode if shouldqueue returns + TRUE. + Add route-addr pruning per RFC 1123 section 5.3.3. This can be + disabled using the "R" option. + Delete (always undocumented) -R flag (save original recipients); + there are ways to syslog(3) these now. + Clean up SMTP reply codes -- specify them as needed in the code, + instead of in conf.c -- this was needed during the NCP to + TCP transition, but seems silly now. This also changes + parameters to message and nmessage. + Have mailstats read the .cf file to find the sendmail.st file and + get text versions of mailer names. An initial version of + this code was provided by Tuominen Keijo (although the + comments indicate the good bits were written by "E.V."). + Add yet more System V compatibility hacks. + Fix bug in VRFY code (assumes everything must be a local user). + Allow specification of any of the hard-wired pathnames in the + Makefile. + Delete concept of "trusted users" -- this really didn't provide + any security anyway, and caused some problems. + Delete last vestige of support for the word "at" as an equivalent + to the character "@". + Propagate owner-foo alias information into the envelope sender. + Based on code from John Gardiner Myers. This is a major + semantic change -- beware! + Allow $@ on LHS to indicate "match zero" -- this is used to match + the null expression. + +6.26/6.8 93/02/21 + Don't "lose" queue runs. Very important fix from (who else?) + Eric Wassenaar. + Completely reset state on RSET command -- from Eric Wassenaar. + Send error messages and return receipts using an envelope sender + of <> regardless of the setting of $n. Rewriting rules + can undo this if they feel the necessity, as might be + needed for networks that don't understand the syntax. + This is permitted by RFC 821 section 3.6 and required by + RFC 1123 section 5.3.3. THIS REQUIRES VERSION 4 CONFIG + FILES because the rulesets must be able to parse <> + properly. + Don't ever send error messages to "<>" -- they will get sent to + the local postmaster or dumped in /usr/tmp/dead.letter + instead. Per RFC 1123 section 5.3.3. + Explicitly check for email to yourself as a dotted quad. You + have to call $[ [ ... ] $] to get this. + Up the message timeout to five days per RFC 1123 section 5.3.1.1. + Make all read timeouts individually configurable, as strongly + recommended by RFC 1123 section 5.3.2. + Use f_bavail (blocks available to regular users) instead of f_bfree + (blocks available to superuser) in free block checks. + Change $d macro to be the current time, not the origination time, + since this is consistent with how it is used now. + Generalization of enoughspace from Eric Wassenaar covering + SGI, Apollo, HPUX, Ultrix, and SunOS. + Ignore process group signals -- some front ends can do this if + you kill a window too quickly. From Eric Wassenaar. + Change umask to 022. + +6.25/6.8 93/02/20 + Close all cached connections before calling mailers and after + forking for delivery (caused double closes which resulted + in false errors). + Add FEATURE(redirect) in config files -- this allows you to alias + old addresses to a pointer to the new address that will + give a 551 error message, but not deliver the mail. + Some code changes to make the 551 errors look pretty. + Names of M4 program paths in config files have changed -- they + are all XXX_MAILER_PATH now, to match XXX_MAILER_FLAGS. + Fix a bug in the QSELFREF code having to do with empty .forward + files, reported by Eric Wassenaar. + Add option "p" (privacy flags); this allows you to tune how + picky the SMTP server will be. This also adds the + confPRIVACY_FLAGS M4 macro in the config files. + Add option "b" (minimum blocks free). If there are fewer than + this number of blocks free on the filesystem containing + the queue directory, the SMTP MAIL command will return + a 452 response and ask you to try again later. This + also adds the confMIN_FREE_BLOCKS M4 macro in the config + files. + Made VRFY just verify (doesn't expand aliases and .forward files); + EXPN does full expansion. RCPT in queue-only mode also + doesn't chase aliases and .forward. + +6.24/6.7 93/02/19 + Increase the number of domain search entries in domain.c to allow + for the extra "" entry indicating the root domain. + Reported by Motonori Nakamura of Kyoto U. + Add a "SMART_HOST" in the configs for UUCP-connected sites that + want to forward all mail with extra "@"s to that site. + Also allows SMART_HOST, LOCAL_RELAY, and MAIL_HUB to + be specified as ``mailer:hostname'' to use an alternate + mailer. + Clarified and updated some wording in the Operations Guide. + Add the "c" mailer flag -- this suppresses all comment parts of + addresses (requested by John Curran of NEARnet). + Have -v print prompts in -bt mode even if stdin is not a terminal + (default behaviour is to be silent if not reading from + a terminal). Suggested by Bryan Costales, ICSI. + Move the metacharacters from C0 space (\001-\037) into C1 space + (\201-\237). This also fixes a bunch of potential bugs + with G1 characters (\240-\276) in headers relating to + negative numbers passed to isspace() et al. + Add YP_LAST_MODIFIED and YP_MASTER_NAME to DBM version of alias + database if YPCOMPAT is #defined. Enhancement from + Takahiro Kanbe of Fuji Xerox Information Systems Co., Ltd. + Add "list" Precedence (-30); this can be used with old sendmails + which will map to precedence 0 (which will return error + messages). Suggested by Stephen R. van den Berg. + Many bug fixes from Eric Wassenaar of the National Institute for + Nuclear and High-Energy Physics, Amsterdam: + Clear timeouts properly on open failures in include(). + Don't dereference through NULL if no home directory found. + Re-establish SIGCHLD signal on System 5 in reapchild(). + Avoid NULL pointer reference on -pFOO flag. + Properly handle backslash escapes in comments. + Correctly check reply status on SMTP NOOP command. + Properly save SMTP error message if peer gives + "Service Shutting Down" message. + Avoid writing to the transcript if it couldn't be opened. + Signal errors in SMTP children to parent properly. + Handle self references in a list more globally (include a + QSELFREF bit in the address flags). This enhancement + was suggested by Eric Wassenaar. + Use initgroups() in hpux, even though it's System-V based. The + HASINITGROUPS compile flag can set this on other systems. + This HPUX behaviour was pointed out by Eric Wassenaar. + +6.23/6.6 93/02/16 + Clean up handling of LogLevel to make it easier to figure out + what's on what level. + Change log levels to have some consistency: + 1 serious system failures, security problems + 2 lost communications, protocol failures + 3 other serious failures + 4 minor errors + 5 message collection + 6 vrfy logging, creation of return-to-sender + 7 delivery failures + 8 delivery successes + 9 delivery tempfails (queue ups) + 10 database expansion + >64 debugging + Allow IDA-style separated processing on S= and R= in Mailer + definition lines. Note that rulesets 1 and 2 are + still used for both addresses as before. Bruce Lilly + gave a convincing argument that RFC976 insists on + this behaviour. + Added some time zones to arpatounix -- they may not be in the + standards, but they are in use. However, I may delete + arpatounix entirely -- there appears to be no reason + for it to exist. + Change to UUCP mailer (in cf directory) to try to do a saner job. + I'm still not certain about this mailer in general. + +6.22/6.5 93/02/15 + Fix bug that prevents saving letters in ~/dead.letter. + Don't add angle brackets in VRFY command if angle brackets already + exist in the address. + Fix bogus error message in udbexpand. + Null terminate host buffers in buildaddr (broken in 6.21) -- + IMPORTANT FIX!! + +6.21/6.5 93/02/15 + Fix another incorrect error message in alias.c, found by Azuma + Okamoto. + Fix a couple of problems in the more-configurable config files, + found by Tom Ivar Helbekkmo. + Fix problem with quoted :include: entries. + Don't duplicate the filename on verbose printing of .forward and + :include: contents. + Extend size of prescan buffer (to allow bigger addresses). Also, + detect some buffer overflows. + Log user SMTP protocol errors (log level 4). + +6.20/6.4 93/02/14 + Fix another problem in the MCI state machine caused when there + were errors generated from the other end to commands + other than RCPT. + +6.19/6.4 93/02/14 + Include load average support for DEC Alpha running OSF/1. + Fix multiple-response problem with errors in MAIL From: line. + Fix SMTP reply codes for invalid address syntaxes (give 501; + never give multiple error messages for a single message). + Fix problem where a cached connection timeout rejects all + later connects to that host. + Fix incorrect error message if alias.c is compiled with DBM only. + Additional changes to fix nested conditionals (from Bruce Lilly). + Recover more gracefully from operating system failures, particularly + NULL returns from openmailer (from Noritoshi Demizu, + OMRON Corporation). + Log forward, alias, and userdb expand operations on log level 10; + concept suggested by P{r (Pell) Emanuelsson. + Changes for HPUX 8.07 compatibility. + +6.18/6.4 93/02/12 + Allow any config option to be set using an M4 define. + Change UNAME compile flag to HASUNAME for IDA compatibility + (besides, it's a better name). + Note in README that on SunOS it must be linked -Bstatic. + Fairly major change in domain.c to handle wildcard MX records + more rationally. NOTE: the "w" option (no wildcard MX + records match local domain) has been eliminated. + Fix some unset variable references pointed out by Bruce Lilly. + Fix host name in process titles when using cached connection. + +6.17/6.3 93/01/28 + Fix System 5 compatibility changes to be compatible with the rest + of the world. + +6.16/6.3 93/01/28 + Experimental fix for problem handling errors in the SMTP + protocol in conjunction with connection caching. + System 5 compatibility changes. + +6.15/6.3 93/01/26 + Fix a bug that causes local mail delivered using -odq to be + eliminated as a duplicate (because it matched the + ctladdr, now passed in as a C line). These changes + are pretty tricky...... + +6.14/6.3 93/01/25 + Add debugging for some MCI errors. + +6.13/6.3 93/01/22 + Fix -e compatibility flag to take a value. + Fix a couple of minor compilation warnings on Sun cc. + Improve error messages in a few cases to be more self-explanatory. + +6.12/6.3 93/01/21 + Fix yet-another problem with environment handling, pointed out + by Yoshitaka Tokugawa and Tom Ivar Helbekkmo. + Some heuristics to try to limit resource exhaustion problems + if a downstream host has been down for a long time. + Fix problem with incorrect host name being logged in "Connection + timed out" messages (from Tom Ivar Helbekkmo). + Fix some ANSI C problems (from Takahiro Kanbe). + Properly log message sender on returned mail during queue run. + Count number of recipients properly. + Fix a problem in yp map code. + Diagnose "message timed out" (from Motonori Nakamura). + +6.11/6.3 93/01/20 + Fix problem with address delimitor inside quotes. + Define $k and $=k to be the UUCP name (from the uname call) + based on code from Bruce Lilly. + +6.10/6.2 93/01/18 + Implement arpatounix (largely code from Bruce Lilly). + Log more info (suggested by John Myers). + Allow nested $?...$|...$. (inspired by code from Bruce Lilly of + Sony US). + POSIX compatibility (noted by Keith Bostic). + Handle SMTP MAIL command errors properly (urged by several people, + notably John Myers of CMU). + Do early diagnosis of .cf errors (notably referencing a RHS + substitution that isn't on the LHS). + Adjust checkpointing to better handle batched recipients, suggested + by John Myers. + Fix miscellaneous bugs. + (config files:) Implement MAIL_HUB for all local mail (to handle + NFS-mounted directories) as urged by Tom Ivar Helbekkmo + of the Norwegian School of Economics. + +6.9/6.1 93/01/13 + Environment handling simplification/bug fix -- child processes + get a minimal, fixed environment. This avoids different + behaviour in queue runs. + Handle commas inside comments properly. + Properly limit large messages submitted in -obq mode. + +6.8/6.1 93/01/10 + Check mtime of thaw file against .cf and sendmail binary, based on + code from John Myers. + +6.7/6.1 93/01/10 + MX piggybacking, based on code from John Myers@CMU. + Allow checkcompat to return -1 to mean tempfail. + Bug fix in m_mno computation. + +6.6/6.1 93/01/09 + Tuning of queueing functions as recommended by John Gardiner Myers. + Return mail headers (no body) on messages with negative precedence. + Minor other bug fixes. + +6.5/6.1 93/01/03 + Fix botch causing queued headers to have ?XX? prefixes. + +6.4/6.1 93/01/02 + Changes to recognize special mailer types (e.g., file) early. + +6.3/6.1 93/01/01 + Pass timeouts to sfgets. + Check for control characters in addresses. + Fixed deferred error reporting. + Report duplicate aliases. + Handle mixed case recursive aliases. + Misc bug fixes. + +6.2/6.1 92/12/30 + Put return-receipt-to on a conf.c flag (but don't set it). + Fix minor syslog problem. |