| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
8.16.1/8.16.1 2020/07/05
SECURITY: If sendmail tried to reuse an SMTP session which had
already been closed by the server, then the connection
cache could have invalid information about the session.
One possible consequence was that STARTTLS was not
used even if offered. This problem has been fixed
by clearing out all relevant status information
when a closed session is encountered.
OpenSSL versions before 0.9.8 are no longer supported.
OpenSSL version 1.1.0 and 1.1.1 are supported.
Initial support for DANE (see RFC 7672 et.al.) is available if
the compile time option DANE is set. Only TLSA RR 3-1-x
is currently implemented.
New options SSLEngine and SSLEnginePath to support OpenSSL engines.
Note: this feature has so far only been tested with the
"chil" engine; please report problems with other engines
if you encounter any.
New option CRLPath to specify a directory which contains
hashes pointing to certificate revocations files.
Based on patch from Al Smith.
New rulesets tls_srv_features and tls_clt_features which
can return a (semicolon separated) list of TLS related
options, e.g., CipherList, CertFile, KeyFile,
see doc/op/op.me for details.
To automatically handle TLS interoperability problems for outgoing
mail, sendmail can now immediately try a connection again
without STARTTLS after a TLS handshake failure.
This can be configured globally via the option
TLSFallbacktoClear or per session via the 'C' flag
of tls_clt_features.
This also adds the new value "CLEAR" for the macro
{verify}: STARTTLS has been disabled internally for
a clear text delivery attempt.
Apply Timeout.starttls also to the server waiting for the TLS
handshake to begin. Based on patch from Simon Hradecky.
New compile time option TLS_EC to enable the use of elliptic
curve cryptography in STARTTLS (previously available as
_FFR_TLS_EC).
Handle MIME boundaries specified in headers which contain CRLF.
Fix detection of loopback net (it was broken when compiled
with NETINET6) and only set the macros {if_addr_out}
and {if_family_out} if the interface of the outgoing
connection does not belong to the loopback net.
Fix logic to enable a milter to delete a recipient in
DeliveryMode=interactive even if it might be subject
to alias expansion.
Log name of a milter making changes (this was missing for
some functions).
Log the actual reply of a server when an SMTP delivery problem
occurs in a "reply=" field if possible.
Log user= for failed AUTH attempts if possible. Based on
patch from Packet Hack, Jim Hranicky, Kevin A. McGrail,
and Joe Quinn.
Add CDB as map type. Note: CDB is a "Constant DataBase", i.e.,
no changes can be made after it is created, hence it
does not work with vacation(1) nor editmap(8) (except
for query mode).
Fix some memory leaks (mostly in error cases) and properly handle
copied varargs in sm_io_vfprintf(). The issues were found
using Coverity Scan and reported (including patches) by
Ondřej Lysoněk of Red Hat.
Do not override ServerSSLOptions and ClientSSLOptions when they
are specified on the command line. Based on patch from
Hiroki Sato.
Add RFC7505 Null MX support for domains that declare they do not
accept mail.
New compile time option LDAP_NETWORK_TIMEOUT which is set
automatically when LDAPMAP is used and
LDAP_OPT_NETWORK_TIMEOUT is available to enable the
new -c option for LDAP maps to specify the network timeout.
CONFIG: New FEATURE(`tls_session_features') to enable standard
rules for tls_srv_features and tls_clt_features; for
details see cf/README.
CONFIG: New options confSSL_ENGINE and confSSL_ENGINE_PATH
for SSLEngine and SSLEnginePath, respectively.
CONFIG: New options confDANE to enable DANE support.
CONFIG: New option confTLS_FALLBACK_TO_CLEAR for TLSFallbacktoClear.
CONFIG: New extension CITag: for TLS restrictions, see cf/README
for details.
CONFIG: FEATURE(`blacklist_recipients') renamed to
FEATURE(`blocklist_recipients').
CONTRIB: cidrexpand updated to support IPv6 CIDR ranges and to
canonicalize IPv6 addresses; if cidrexpand is used with IPv6
addresses then UseCompressedIPv6Addresses must be disabled.
DOC: The dns map can return multiple values in a single result
if the -z option is used.
DOC: Note to set MustQuoteChars=. due to DKIM signatures.
LIBMILTER: Fix typo in a macro. Patch from Ignacio Goyret
of Alcatel-Lucent.
LIBMILTER: Fix reference in xxfi_negotiate documentation.
Patch from Sven Neuhaus.
LIBMILTER: Fix function name in smfi_addrcpt_par documentation.
Patch from G.W. Haywood.
LIBMILTER: Fix a potential memory leak in smfi_setsymlist().
Patch from Martin Svec.
MAKEMAP: New map type "implicit" refers to the first available type,
i.e., it depends on the compile time options NEWDB, DBM,
and CDB. This can be used in conjunction with the
"implicit" map type in sendmail.cf.
Note: makemap, libsmdb, and sendmail must be compiled
with the same options (and library versions of course).
Portability:
Add support for Darwin 14-18 (Mac OS X 10.x).
New option HAS_GETHOSTBYNAME2: set if your system
supports gethostbyname2(2).
Set SM_CONF_SEM=2 for FreeBSD 12 and later due to
changes in sys/sem.h
On Linux set MAXHOSTNAMELEN (the maximum length
of a FQHN) to 256 if it is less than that value.
Added Files:
cf/feature/blocklist_recipients.m4
cf/feature/tls_failures.m4
devtools/OS/Darwin.14.x
devtools/OS/Darwin.15.x
devtools/OS/Darwin.16.x
libsmdb/smcdb.c
sendmail/ratectrl.h
|
|
path.h must be present thus.
|
|
8.14.1/8.14.1 2007/04/03
Even though a milter rejects a recipient the MTA will still keep
it in its list of recipients and deliver to it if the
transaction is accepted. This is a regression introduced
in 8.14.0 due to the change for SMFIP_RCPT_REJ. Bug
found by Andy Fiddaman.
The new DaemonPortOptions which begin with a lower case character
could not be set in 8.14.0.
If a server shut down the connection in response to a STARTTLS
command, sendmail would log a misleading error message
due to an internal inconsistency. Problem found by
Werner Wiethege.
Document how some sendmail.cf options change the behavior of mailq.
Noted by Paul Menchini of the North Carolina School of
Science and Mathematics.
CONFIG: Add confSOFT_BOUNCE m4 option for setting SoftBounce.
CONFIG: 8.14.0's RELEASE_NOTES failed to mention the addition
of the confMAX_NOOP_COMMANDS and confSHARED_MEMORY_KEY_FILE
m4 options for setting MaxNOOPCommands and
SharedMemoryKeyFile.
CONFIG: Add confMILTER_MACROS_EOH and confMILTER_MACROS_DATA m4
options for setting Milter.macros.eoh and Milter.macros.data.
CONTRIB: Use flock() and fcntl() in qtool.pl if necessary.
Patch from Daniel Carroll of Mesa State College.
LIBMILTER: Make sure an unknown command does not affect the
currently available macros. Problem found by Andy Fiddaman.
LIBMILTER: The MTA did not offer SMFIF_SETSYMLIST during option
negotiation. Problem reported by Bryan Costales.
LIBMILTER: Fix several minor errors in the documentation.
Patches from Bryan Costales.
PORTABILITY FIXES:
AIX 5.{1,2}: libsm/util.c failed to compile due to
redefinition of several macros, e.g., SIG_ERR.
Patch from Jim Pirzyk with assistance by Bob
Booth, University of Illinois at Urbana-Champaign.
Add support for QNX.6. Patch from Sean Boudreau of QNX
Software Systems.
New Files:
devtools/M4/depend/QNX6.m4
devtools/OS/QNX.6.x
include/sm/os/sm_os_qnx.h
New Files added in 8.14.0, but not shown in the release notes entry:
libmilter/docs/smfi_chgfrom.html
libmilter/docs/smfi_version.html
8.14.0/8.14.0 2007/01/31
Header field values are now 8 bit clean. Notes:
- header field names are still restricted to 7 bit.
- RFC 2822 allows only 7 bit (US-ASCII) characters in
headers.
Preserve spaces after the colon in a header. Previously, any
number of spaces after the colon would be changed to
exactly one space.
In some cases of deeply nested aliases/forwarding, mail can
be silently lost. Moreover, the MaxAliasRecursion
limit may be reached too early, e.g., the counter
may be off by a factor of 4 in case of a sequence of
.forward files that refer to others. Patch from
Motonori Nakamura of Kyoto University.
Fix a regression in 8.13.8: if InputMailFilters is set then
"sendmail -bs" can trigger an assertion because the
hostname of the client is undefined. It is now set
to "localhost" for the xxfi_connect() callback.
Avoid referencing a freed variable during cleanup when terminating.
Problem reported and diagnosed by Joe Maimon.
New option HeloName to set the name for the HELO/EHLO command.
Patch from Nik Clayton.
New option SoftBounce to issue temporary errors (4xy) instead of
permanent errors (5xy). This can be useful for testing.
New suboptions for DaemonPortOptions to set them individually
per daemon socket:
DeliveryMode DeliveryMode
refuseLA RefuseLA
delayLA DelayLA
queueLA QueueLA
children MaxDaemonChildren
New option -K for LDAP maps to replace %1 through %9 in the
lookup key with the LDAP escaped contents of the
arguments specified in the map lookup. Loosely based
on patch from Wolfgang Hottgenroth.
Log the time after which a greet_pause delay triggered. Patch
from Nik Clayton.
If a client is rejected via TCP wrapper or some other check
performed by validate_connection() (in conf.c) then do
not also invoke greet_pause. Problem noted by Jim Pirzyk
of the University of Illinois at Urbana-Champaign.
If a client terminates the SMTP connection during a pause
introduced by greet_pause, then a misleading message
was logged previously. Problem noted by Vernon Schryver
et.al., patch from Matej Vela.
New command "mstat" for control socket to provide "machine
readable" status.
New named config file rule check_eom which is called at the end
of a message, its parameter is the size of the message.
If the macro {addr_type} indicates that the current address
is a header address it also distinguishes between
recipient and sender addresses (as it is done for
envelope addresses).
When a macro is set in check_relay, then its value is accessible
by all transactions in the same SMTP session.
Increase size of key for ldap lookups to 1024 (MAXKEY).
New option MaxNOOPCommands to override default of 20 for the
number of "useless" commands before the SMTP server will
slow down responding.
New option SharedMemoryKeyFile: if shared memory support is
enabled, the MTA can be asked to select a shared memory
key itself by setting SharedMemoryKey to -1 and specifying
a file where to store the selected key.
Try to deal with open HTTP proxies that are used to send spam
by recognizing some commands from them. If the first command
from the client is GET, POST, CONNECT, or USER, then the
connection is terminated immediately.
New PrivacyOptions noactualrecipient to avoid putting
X-Actual-Recipient lines in DSNs revealing the actual
account that addresses map to. Patch from Dan Harkless.
New options B, z, and Z for DNS maps:
-B: specify a domain that is always appended to queries.
-z: specify the delimiter at which to cut off the result of
a query if it is too long.
-Z: specify the maximum number of entries to be concatenated
to form the result of a lookup.
New target "check" in the Makefile of libsm: instead of running tests
implicitly while building libsm, they must be explicitly
started by using "make check".
Fixed some inconsistent checks for NULL pointers that have been
reported by the SATURN tool which has been developed by
Isil Dillig and Thomas Dillig of Stanford University.
Fix a potential race condition caused by a signal handler for
terminated child processes. Problem noted by David F. Skoll.
When a milter deleted a recipient, that recipient could cause a
queue group selection. This has been disabled as it was not
intended.
New operator 'r' for the arith map to return a random number.
Patch from Motonori Nakamura of Kyoto University.
New compile time option MILTER_NO_NAGLE to turn off the Nagle
algorithm for communication with libmilter ("cork" on Linux),
which may improve the communication performance on some
operating systems. Patch from John Gardiner Myers of
Proofpoint.
If sendmail received input that contained a CR without subsequent LF
(thus violating RFC 2821 (2.3.7)), it could previously
generate an additional blank line in the output as the last
line.
Restarting persistent queue runners by sending a HUP signal to
the "queue control process" (QCP) works now.
Increase the length of an input line to 12288 to deal with
really long lines during SMTP AUTH negotiations.
Problem noted by Werner Wiethege.
If ARPANET mode (-ba) was selected STARTTLS would fail (due to
a missing initialization call for that case). Problem
noted by Neil Rickert of Northern Illinois University.
If sendmail is linked against a library that initializes Cyrus-SASL
before sendmail did it (such as libnss-ldap), then SMTP AUTH
could fail for the sendmail client. A patch by Moritz Both
works around the API design flaw of Cyrus-SASLv2.
CONFIG: Make it possible to unset the StatusFile option by
undefining STATUS_FILE. By not setting StatusFile,
the MTA will not attempt to open a statistics file on
each delivery.
CONFIG: New FEATURE(`require_rdns') to reject messages from SMTP
clients whose IP address does not have proper reverse DNS.
Contributed by Neil Rickert of Northern Illinois University
and John Beck of Sun Microsystems.
CONFIG: New FEATURE(`block_bad_helo') to reject messages from SMTP
clients which provide a HELO/EHLO argument which is either
unqualified, or is one of our own names (i.e., the server
name instead of the client name). Contributed by Neil
Rickert of Northern Illinois University and John Beck of
Sun Microsystems.
CONFIG: New FEATURE(`badmx') to reject envelope sender addresses
(MAIL) whose domain part resolves to a "bad" MX record.
Based on contribution from William Dell Wisner.
CONFIG: New macros SMTP_MAILER_LL and RELAY_MAILER_LL to override
the maximum line length of the smtp mailers.
CONFIG: New option `relaytofulladdress' for FEATURE(`access_db')
to allow entries in the access map to be of the form
To:user@example.com RELAY
CONFIG: New subsuboptions eoh and data to specify the list of
macros a milter should receive at those stages in the
SMTP dialogue.
CONFIG: New option confHELO_NAME for HeloName to set the name
for the HELO/EHLO command.
CONFIG: dnsbl and enhdnsbl can now also discard or quarantine
messages by using those values as second argument.
Patches from Nelson Fung.
CONTRIB: cidrexpand uses a hash symbol as comment character and
ignores everything after it unless it is in quotes or
preceeded by a backslash.
DEVTOOLS: New macro confMKDIR: if set to a program that creates
directories, then it used for "make install" to create
the required installation directories.
DEVTOOLS: New macro confCCLINK to specify the linker to use for
executables (defaults to confCC).
LIBMILTER: A new version of the milter API has been created that
has several changes which are listed below and documented
in the webpages reachable via libmilter/docs/index.html.
LIBMILTER: The meaning of the version macro SMFI_VERSION has been
changed. It now refers only to the version of libmilter,
not to the protocol version (which is used only internally,
it is not user/milter-programmer visible). Additionally,
a version function smfi_version() has been introduced such
that a milter program can check the libmilter version also
at runtime which is useful if a shared library is used.
LIBMILTER: A new callback xxfi_negotiate() can be used to
dynamically (i.e., at runtime) determine the available
protocol actions and features of the MTA and also to
specify which of these a milter wants to use. This allows
for more flexibility than hardcoding these flags in the
xxfi_flags field of the smfiDesc structure.
LIBMILTER: A new callback xxfi_data() is available so milters
can act on the DATA command.
LIBMILTER: A new callback xxfi_unknown() is available so milters
can receive also unknown SMTP commands.
LIBMILTER: A new return code SMFIS_NOREPLY has been added which
can be used by the xxfi_header() callback provided the
milter requested the SMFIP_NOHREPL protocol action.
LIBMILTER: The new return code SMFIS_SKIP can be used in the
xxfi_body() callback to skip over further body chunks
and directly advance to the xxfi_eom() callback. This
is useful if a milter can make a decision based on the
body chunks it already received without reading the entire
rest of the body and the milter wants to invoke functions
that are only available from the xxfi_eom() callback.
LIBMILTER: A new function smfi_addrcpt_par() can be used to add
new recipients including ESMTP parameters.
LIBMILTER: A new function smfi_chgfrom() can be used to change the
envelope sender including ESMTP parameters.
LIBMILTER: A milter can now request to be informed about rejected
recipients (RCPT) too. This requires to set the protocol
flag SMFIP_RCPT_REJ during option negotiation. Whether
a RCPT has been rejected can be checked by comparing the
value of the macro {rcpt_mailer} with "error".
LIBMILTER: A milter can now override the list of macros that it
wants to receive from the MTA for each protocol step
by invoking the function smfi_setsymlist() during option
negotiation.
LIBMILTER: A milter can receive header field values with all
leading spaces by requesting the SMFIP_HDR_LEADSPC
protocol action. Also, if the flag is set then the MTA
does not add a leading space to headers that are added,
inserted, or replaced.
LIBMILTER: If a milter sets the reply code to "421" for the HELO
callback, the SMTP server will terminate the SMTP session
with that error to match the behavior of all other callbacks.
New Files:
cf/feature/badmx.m4
cf/feature/block_bad_helo.m4
cf/feature/require_rdns.m4
devtools/M4/UNIX/check.m4
include/sm/misc.h
include/sm/sendmail.h
include/sm/tailq.h
libmilter/docs/smfi_addrcpt_par.html
libmilter/docs/smfi_setsymlist.html
libmilter/docs/xxfi_data.html
libmilter/docs/xxfi_negotiate.html
libmilter/docs/xxfi_unknown.html
libmilter/example.c
libmilter/monitor.c
libmilter/worker.c
libsm/memstat.c
libsm/t-memstat.c
libsm/t-qic.c
libsm/util.c
sendmail/daemon.h
sendmail/map.h
|
|
> 8.13.6/8.13.6 2006/03/22
> SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
> and client side of sendmail with timeouts in the libsm I/O
> layer and fix problems in that code. Also fix handling of
> a buffer in sm_syslog() which could have been used as an
> attack vector to exploit the unsafe handling of
> setjmp(3)/longjmp(3) in combination with signals.
> Problem detected by Mark Dowd of ISS X-Force.
> Handle theoretical integer overflows that could triggered if
> the server accepted headers larger than the maximum
> (signed) integer value. This is prevented in the default
> configuration by restricting the size of a header, and on
> most machines memory allocations would fail before reaching
> those values. Problems found by Phil Brass of ISS.
> If a server returns 421 for an RSET command when trying to start
> another transaction in a session while sending mail, do
> not trigger an internal consistency check. Problem found
> by Allan E Johannesen of Worcester Polytechnic Institute.
> If a server returns a 5xy error code (other than 501) in response
> to a STARTTLS command despite the fact that it advertised
> STARTTLS and that the code is not valid according to RFC
> 2487 treat it nevertheless as a permanent failure instead
> of a protocol error (which has been changed to a
> temporary error in 8.13.5). Problem reported by Jeff
> A. Earickson of Colby College.
> Clear SMTP state after a HELO/EHLO command. Patch from John
> Myers of Proofpoint.
> Observe MinQueueAge option when gathering entries from the queue
> for sorting etc instead of waiting until the entries are
> processed. Patch from Brian Fundakowski Feldman.
> Set up TLS session cache to properly handle clients that try to
> resume a stored TLS session.
> Properly count the number of (direct) child processes such that
> a configured value (MaxDaemonChildren) is not exceeded.
> Based on patch from Attila Bruncsak.
> LIBMILTER: Remove superfluous backslash in macro definition
> (libmilter.h). Based on patch from Mike Kupfer of
> Sun Microsystems.
> LIBMILTER: Don't try to set SO_REUSEADDR on UNIX domain sockets.
> This generates an error message from libmilter on
> Solaris, though other systems appear to just discard the
> request silently.
> LIBMILTER: Deal with sigwait(2) implementations that return
> -1 and set errno instead of returning an error code
> directly. Patch from Chris Adams of HiWAAY Informations
> Services.
> Portability:
> Fix compilation checks for closefrom(3) and statvfs(2)
> in NetBSD. Problem noted by S. Moonesamy, patch from
> Andrew Brown.
|
|
|
|
|
|
|
|
pkgsrc changes:
- move to use options.mk framework
- solaris support tidy-up
- fix linux man page extension handling bug
- allow for a user defined smrsh directory
- update MASTER_SITES
- optional SOCKETMAP support and sample script installation
- ok'ed snj@/wiz@
Summary of some of the major changes include:
- New map "socket" to query maps via TCP/IP sockets.
- Connection rate control as well as control over the number of incoming open
connections.
- Several LDAP enhancements such as LDAP recursion and LDAP URI support.
- Message quarantining.
- AUTH EXTERNAL will only be enabled if STARTTLS was successful and the client
has been authenticated, i.e., {verify} is OK.
- Basic support for certificate revocation lists.
- New queue timeouts for DSN messages.
- Experimental support for MTAMark.
For a full list of changes see:
- http://www.sendmail.org/8.13.0.html
- http://www.sendmail.org/8.13.1.html
|
|
Patch from Julian C. Dunn in PR 25481 slightly modified by me.
|
|
version.
From PR pkg/21012 from Jim Bernard.
|
|
Also SASL 2 support added and PLIST tuning.
8.12.8/8.12.8 2003/02/11
SECURITY: Fix a remote buffer overflow in header parsing by
dropping sender and recipient header comments if the
comments are too long. Problem noted by Mark Dowd
of ISS X-Force.
Fix a potential non-exploitable buffer overflow in parsing the
.cf queue settings and potential buffer underflow in
parsing ident responses. Problem noted by Yichen Xie of
Stanford University Compilation Group.
Fix ETRN #queuegroup command: actually start a queue run for
the selected queue group. Problem noted by Jos Vos.
If MaxMimeHeaderLength is set and a malformed MIME header is fixed,
log the fixup as "Fixed MIME header" instead of "Truncated
MIME header". Problem noted by Ian J Hart.
CONFIG: Fix regression bug in proto.m4 that caused a bogus
error message: "FEATURE() should be before MAILER()".
MAIL.LOCAL: Be more explicit in some error cases, i.e., whether
a mailbox has more than one link or whether it is not
a regular file. Patch from John Beck of Sun Microsystems.
8.12.7/8.12.7 2002/12/29
Properly clean up macros to avoid persistence of session data
across various connections. This could cause session
oriented restrictions, e.g., STARTTLS requirements,
to erroneously allow a connection. Problem noted
by Tim Maletic of Priority Health.
Do not lookup MX records when sorting the MSP queue. The MSP
only needs to relay all mail to the MTA. Problem found
by Gary Mills of the University of Manitoba.
Do not restrict the length of connection information to 100
characters in some logging statements. Problem noted by
Erik Parker.
When converting an enhanced status code to an exit status, use
EX_CONFIG if the first digit is not 2, 4, or 5 or if *.1.5
is used.
Reset macro $x when receiving another MAIL command. Problem
noted by Vlado Potisk of Wigro s.r.o.
Don't bother setting the permissions on the build area statistics
file, the proper permissions will be put on the file at
install time. This fixes installation over NFS for some
users. Problem noted by Martin J. Dellwo of 3-Dimensional
Pharmaceuticals, Inc.
Fix problem of decoding SASLv2 encrypted data. Problem noted by
Alex Deiter of Mobile TeleSystems, Komi Republic.
Log milter socket open errors at MilterLogLevel 1 or higher instead
of 11 or higher.
Print early system errors to the console instead of silently
exiting. Problem noted by James Jong of IBM.
Do not process a queue group if Runners is set to 0, regardless
of whether F=f or sendmail is run in verbose mode (-v).
The use of -qGname will still force queue group "name"
to be run even if Runners=0.
Change the level for logging the fact that a daemon is refusing
connections due to high load from LOG_INFO to LOG_NOTICE.
Patch from John Beck of Sun Microsystems.
Use location information for submit.cf from NetInfo
(/locations/sendmail/submit.cf) if available.
Re-enable ForkEachJob which was lost in 8.12.0. Problem noted by
Neil Rickert of Northern Illinois University.
Make behavior of /canon in debug mode consistent with usage in
rulesets. Patch from Shigeno Kazutaka of IIJ.
Fix a potential memory leak in envelope splitting. Problem noted
by John Majikes of IBM.
Do not try to share an mailbox database LDAP connection across
different processes. Problem noted by Randy Kunkee.
Fix logging for undelivered recipients when the SMTP connection
times out during message collection. Problem noted by Neil
Rickert of Northern Illinois University.
Avoid problems with QueueSortOrder=random due to problems with
qsort() on Solaris (and maybe some other operating systems).
Problem noted by Stephan Schulz of Gruner+Jahr..
If -f "" is specified, set the sender address to "<>". Problem
noted by Matthias Andree.
Fix formatting problem of footnotes for plain text output on some
versions of tmac. Patch from Per Hedeland.
Portability:
Berkeley DB 4.1 support (requires at least 4.1.25).
Some getopt(3) implementations in GNU/Linux are broken
and pass a NULL pointer to an option which requires
an argument, hence the builtin version of
sendmail is used instead. This can be overridden
by using -DSM_CONF_GETOPT=0. Problem noted by
Vlado Potisk of Wigro s.r.o.
Support for nph-1.2.0 from Mark D. Roth of the University
of Illinois at Urbana-Champaign.
Support for FreeBSD 5.0's MAC labeling from Robert Watson
of the TrustedBSD Project.
Support for reading the number of processors on an IRIX
system from Michel Bourget of SGI.
Support for UnixWare 7.1 based on input from Larry Rosenman.
Interix support from Nedelcho Stanev of Atlantic Sky
Corporation.
Update Mac OS X/Darwin portability from Wilfredo Sanchez.
CONFIG: Enforce tls_client restrictions even if delay_checks
is used. Problem noted by Malte Starostik.
CONFIG: Deal with an empty hostname created via bogus
DNS entries to get around access restrictions.
Problem noted by Kai Schlichting.
CONFIG: Use FEATURE(`msp', `[127.0.0.1]') in submit.mc by default
to avoid problems with hostname resolution for localhost
which on many systems does not resolve to 127.0.0.1 (or
::1 for IPv6). If you do not use IPv4 but only IPv6 then
you need to change submit.mc accordingly, see the comment
in the file itself.
CONFIG: Set confDONT_INIT_GROUPS to True in submit.mc to avoid
error messages from initgroups(3) on AIX 4.3 when sending
mail to non-existing users. Problem noted by Mark Roth of
the University of Illinois at Urbana-Champaign.
CONFIG: Allow local_procmail to override local_lmtp settings.
CONFIG: Always allow connections from 127.0.0.1 or IPv6:::1 to
relay.
CONTRIB: cidrexpand: Deal with the prefix tags that may be included
in access_db.
CONTRIB: New version of doublebounce.pl contributed by Leo Bicknell.
LIBMILTER: On Solaris libmilter may get into an endless loop if
an error in the communication from/to the MTA occurs.
Patch from Gurusamy Sarathy of Active State.
LIBMILTER: Ignore EINTR from sigwait(3) which may happen on Tru64.
Patch from from Jose Marcio Martins da Cruz of Ecole
Nationale Superieure des Mines de Paris.
MAIL.LOCAL: Fix a truncation race condition if the close() on
the mailbox fails. Problem noted by Tomoko Fukuzawa of
Sun Microsystems.
MAIL.LOCAL: Fix a potential file descriptor leak if mkstemp(3)
fails. Patch from John Beck of Sun Microsystems.
SMRSH: SECURITY: Only allow regular files or symbolic links to be
used for a command. Problem noted by David Endler of
iDEFENSE, Inc.
New Files:
devtools/OS/Interix
include/sm/bdb.h
|
|
|
|
The unify failure problem in RCPT_HASH (WIDE extention) has been fixed,
and also strip extra spaces before #@# comment in alias expansion.
|
|
|
|
|
