PREVENT UNAUTHORIZED USE OF YOUR HOSTS AS SMTP RELAY Miquel van Smoorenburg 14-Jun-1996 The patch at the end of this file adds a new option to sendmail, `W' or `TcpWrappers'. This makes it possible for precompiled distributions to ship binaries compiled with -DTCPWRAPPERS without any unexpected side-effects, since the option is off by default. Here's the diff to the sendmail-8.8.5 source: diff -ru sendmail-8.8.5.orig/src/conf.c sendmail-8.8.5/src/conf.c --- sendmail-8.8.5.orig/src/conf.c Tue Jan 21 16:47:13 1997 +++ sendmail-8.8.5/src/conf.c Tue Jun 3 14:26:44 1997 @@ -4026,7 +4029,8 @@ return FALSE; #if TCPWRAPPERS - if (!hosts_ctl("sendmail", hostname, anynet_ntoa(sap), STRING_UNKNOWN)) + if (TcpWrappers && + !hosts_ctl("sendmail", hostname, anynet_ntoa(sap), STRING_UNKNOWN)) { # ifdef LOG if (LogLevel >= 4) diff -ru sendmail-8.8.5.orig/src/readcf.c sendmail-8.8.5/src/readcf.c --- sendmail-8.8.5.orig/src/readcf.c Wed Jan 15 02:51:29 1997 +++ sendmail-8.8.5/src/readcf.c Tue Jun 3 15:19:48 1997 @@ -1424,6 +1424,9 @@ { "FallbackMXhost", 'V', FALSE }, { "Verbose", 'v', TRUE }, { "TryNullMXList", 'w', FALSE }, +#ifdef TCPWRAPPERS + { "TcpWrappers", 'W', TRUE }, +#endif { "QueueLA", 'x', FALSE }, { "RefuseLA", 'X', FALSE }, { "RecipientFactor", 'y', FALSE }, @@ -2069,6 +2072,11 @@ break; /* 'W' available -- was wizard password */ +#ifdef TCPWRAPPERS + case 'W': + TcpWrappers = atobool(val); + break; +#endif case 'x': /* load avg at which to auto-queue msgs */ QueueLA = atoi(val); diff -ru sendmail-8.8.5.orig/src/sendmail.8 sendmail-8.8.5/src/sendmail.8 --- sendmail-8.8.5.orig/src/sendmail.8 Fri Jan 17 00:25:50 1997 +++ sendmail-8.8.5/src/sendmail.8 Tue Jun 3 15:03:28 1997 @@ -432,6 +432,15 @@ This may not be available if your sendmail does not have the .Dv USERDB option compiled in. +.It Li TcpWrappers +Use the +.Dv sendmail +entry in +.Pa /etc/hosts.allow +to decide if the remote host has access to the SMTP port. +This may not be available if your sendmail does not have the +.Dv TCPWRAPPERS +option compiled in. .It Li ForkEachJob Fork each job during queue runs. May be convenient on memory-poor machines. diff -ru sendmail-8.8.5.orig/src/sendmail.h sendmail-8.8.5/src/sendmail.h --- sendmail-8.8.5.orig/src/sendmail.h Wed Jan 15 02:51:29 1997 +++ sendmail-8.8.5/src/sendmail.h Tue Jun 3 14:25:43 1997 @@ -1168,6 +1168,9 @@ #ifdef _FFR_DSN_RRT EXTERN bool RrtImpliesDsn; /* turn Return-Receipt-To: into DSN */ #endif +#ifdef TCPWRAPPERS +EXTERN bool TcpWrappers; /* Use tcp wrappers for access control. */ +#endif EXTERN bool IgnoreHostStatus; /* ignore long term host status files */ EXTERN bool SingleThreadDelivery; /* single thread hosts on delivery */ EXTERN bool UnsafeGroupWrites; /* group-writable files are unsafe */