aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGregory Neil Shapiro <gshapiro@FreeBSD.org>2002-02-17 21:56:45 +0000
committerGregory Neil Shapiro <gshapiro@FreeBSD.org>2002-02-17 21:56:45 +0000
commit4026605903c0ab8df33c4ae8c419acdb2b652af8 (patch)
treee7a33b132264d449a512ddf4a8685df097669c1d
parentc86d59657f992c17a947200225b50f07e1776cd1 (diff)
downloadsrc-4026605903c0ab8df33c4ae8c419acdb2b652af8.tar.gz
src-4026605903c0ab8df33c4ae8c419acdb2b652af8.zip
Import sendmail 8.12.2
Notes
Notes: svn path=/vendor/sendmail/dist/; revision=90792
-rw-r--r--contrib/sendmail/INSTALL25
-rw-r--r--contrib/sendmail/KNOWNBUGS40
-rw-r--r--contrib/sendmail/LICENSE2
-rw-r--r--contrib/sendmail/Makefile14
-rw-r--r--contrib/sendmail/PGPKEYS76
-rw-r--r--contrib/sendmail/README36
-rw-r--r--contrib/sendmail/RELEASE_NOTES914
-rw-r--r--contrib/sendmail/cf/README1470
-rw-r--r--contrib/sendmail/cf/cf/Makefile54
-rw-r--r--contrib/sendmail/cf/cf/README34
-rw-r--r--contrib/sendmail/cf/cf/generic-hpux10.mc2
-rw-r--r--contrib/sendmail/cf/cf/generic-mpeix.mc25
-rw-r--r--contrib/sendmail/cf/cf/generic-solaris.mc29
-rw-r--r--contrib/sendmail/cf/cf/knecht.mc144
-rw-r--r--contrib/sendmail/cf/cf/submit.cf1369
-rw-r--r--contrib/sendmail/cf/cf/submit.mc22
-rw-r--r--contrib/sendmail/cf/cf/tcpproto.mc2
-rw-r--r--contrib/sendmail/cf/feature/access_db.m424
-rw-r--r--contrib/sendmail/cf/feature/allmasquerade.m410
-rw-r--r--contrib/sendmail/cf/feature/always_add_domain.m49
-rw-r--r--contrib/sendmail/cf/feature/authinfo.m422
-rw-r--r--contrib/sendmail/cf/feature/bestmx_is_local.m46
-rw-r--r--contrib/sendmail/cf/feature/bitdomain.m48
-rw-r--r--contrib/sendmail/cf/feature/compat_check.m433
-rw-r--r--contrib/sendmail/cf/feature/delay_checks.m45
-rw-r--r--contrib/sendmail/cf/feature/dnsbl.m415
-rw-r--r--contrib/sendmail/cf/feature/domaintable.m48
-rw-r--r--contrib/sendmail/cf/feature/enhdnsbl.m444
-rw-r--r--contrib/sendmail/cf/feature/genericstable.m48
-rw-r--r--contrib/sendmail/cf/feature/ldap_routing.m49
-rw-r--r--contrib/sendmail/cf/feature/local_lmtp.m45
-rw-r--r--contrib/sendmail/cf/feature/local_no_masquerade.m418
-rw-r--r--contrib/sendmail/cf/feature/lookupdotdomain.m422
-rw-r--r--contrib/sendmail/cf/feature/mailertable.m48
-rw-r--r--contrib/sendmail/cf/feature/msp.m476
-rw-r--r--contrib/sendmail/cf/feature/no_default_msa.m42
-rw-r--r--contrib/sendmail/cf/feature/nullclient.m42
-rw-r--r--contrib/sendmail/cf/feature/preserve_local_plus_detail.m416
-rw-r--r--contrib/sendmail/cf/feature/preserve_luser_host.m419
-rw-r--r--contrib/sendmail/cf/feature/promiscuous_relay.m47
-rw-r--r--contrib/sendmail/cf/feature/queuegroup.m427
-rw-r--r--contrib/sendmail/cf/feature/relay_local_from.m48
-rw-r--r--contrib/sendmail/cf/feature/relay_mail_from.m49
-rw-r--r--contrib/sendmail/cf/feature/use_ct_file.m49
-rw-r--r--contrib/sendmail/cf/feature/use_cw_file.m410
-rw-r--r--contrib/sendmail/cf/feature/uucpdomain.m48
-rw-r--r--contrib/sendmail/cf/feature/virtusertable.m48
-rw-r--r--contrib/sendmail/cf/m4/cfhead.m476
-rw-r--r--contrib/sendmail/cf/m4/proto.m41341
-rw-r--r--contrib/sendmail/cf/m4/version.m46
-rw-r--r--contrib/sendmail/cf/mailer/cyrus.m412
-rw-r--r--contrib/sendmail/cf/mailer/fax.m47
-rw-r--r--contrib/sendmail/cf/mailer/local.m442
-rw-r--r--contrib/sendmail/cf/mailer/mail11.m417
-rw-r--r--contrib/sendmail/cf/mailer/phquery.m410
-rw-r--r--contrib/sendmail/cf/mailer/pop.m410
-rw-r--r--contrib/sendmail/cf/mailer/procmail.m410
-rw-r--r--contrib/sendmail/cf/mailer/qpage.m47
-rw-r--r--contrib/sendmail/cf/mailer/smtp.m441
-rw-r--r--contrib/sendmail/cf/mailer/usenet.m410
-rw-r--r--contrib/sendmail/cf/mailer/uucp.m435
-rw-r--r--contrib/sendmail/cf/ostype/a-ux.m421
-rw-r--r--contrib/sendmail/cf/ostype/aix5.m42
-rw-r--r--contrib/sendmail/cf/ostype/darwin.m42
-rw-r--r--contrib/sendmail/cf/ostype/freebsd5.m420
-rw-r--r--contrib/sendmail/cf/ostype/linux.m42
-rw-r--r--contrib/sendmail/cf/ostype/mklinux.m42
-rw-r--r--contrib/sendmail/cf/ostype/mpeix.m422
-rw-r--r--contrib/sendmail/cf/ostype/solaris8.m42
-rw-r--r--contrib/sendmail/cf/sendmail.schema216
-rwxr-xr-xcontrib/sendmail/contrib/buildvirtuser2
-rw-r--r--contrib/sendmail/contrib/dnsblaccess.m494
-rw-r--r--contrib/sendmail/contrib/domainmap.m48
-rw-r--r--contrib/sendmail/contrib/link_hash.sh2
-rw-r--r--contrib/sendmail/contrib/qtool.866
-rwxr-xr-xcontrib/sendmail/contrib/qtool.pl124
-rw-r--r--contrib/sendmail/doc/op/Makefile10
-rw-r--r--contrib/sendmail/doc/op/op.me2135
-rw-r--r--contrib/sendmail/editmap/Makefile17
-rw-r--r--contrib/sendmail/editmap/Makefile.m422
-rw-r--r--contrib/sendmail/editmap/editmap.8106
-rw-r--r--contrib/sendmail/editmap/editmap.c420
-rw-r--r--contrib/sendmail/include/libmilter/mfapi.h82
-rw-r--r--contrib/sendmail/include/libmilter/mfdef.h84
-rw-r--r--contrib/sendmail/include/libmilter/milter.h60
-rw-r--r--contrib/sendmail/include/libsmdb/smdb.h135
-rw-r--r--contrib/sendmail/include/sendmail/mailstats.h11
-rw-r--r--contrib/sendmail/include/sendmail/pathnames.h64
-rw-r--r--contrib/sendmail/include/sendmail/sendmail.h103
-rw-r--r--contrib/sendmail/include/sm/assert.h113
-rw-r--r--contrib/sendmail/include/sm/bitops.h57
-rw-r--r--contrib/sendmail/include/sm/cdefs.h142
-rw-r--r--contrib/sendmail/include/sm/cf.h29
-rw-r--r--contrib/sendmail/include/sm/clock.h81
-rw-r--r--contrib/sendmail/include/sm/conf.h2803
-rw-r--r--contrib/sendmail/include/sm/config.h146
-rw-r--r--contrib/sendmail/include/sm/debug.h141
-rw-r--r--contrib/sendmail/include/sm/errstring.h79
-rw-r--r--contrib/sendmail/include/sm/exc.h186
-rw-r--r--contrib/sendmail/include/sm/fdset.h19
-rw-r--r--contrib/sendmail/include/sm/gen.h79
-rw-r--r--contrib/sendmail/include/sm/heap.h101
-rw-r--r--contrib/sendmail/include/sm/io.h382
-rw-r--r--contrib/sendmail/include/sm/ldap.h112
-rw-r--r--contrib/sendmail/include/sm/limits.h55
-rw-r--r--contrib/sendmail/include/sm/mbdb.h43
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_aix.h35
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_freebsd.h41
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_hp.h34
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_irix.h55
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_linux.h42
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_mpeix.h34
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_next.h29
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_openbsd.h30
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_openunix.h25
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_osf1.h18
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_sunos.h70
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_ultrix.h18
-rw-r--r--contrib/sendmail/include/sm/os/sm_os_unixware.h32
-rw-r--r--contrib/sendmail/include/sm/path.h32
-rw-r--r--contrib/sendmail/include/sm/rpool.h185
-rw-r--r--contrib/sendmail/include/sm/setjmp.h46
-rw-r--r--contrib/sendmail/include/sm/shm.h42
-rw-r--r--contrib/sendmail/include/sm/signal.h81
-rw-r--r--contrib/sendmail/include/sm/string.h135
-rw-r--r--contrib/sendmail/include/sm/sysexits.h109
-rw-r--r--contrib/sendmail/include/sm/test.h46
-rw-r--r--contrib/sendmail/include/sm/types.h65
-rw-r--r--contrib/sendmail/include/sm/varargs.h45
-rw-r--r--contrib/sendmail/include/sm/xtrap.h38
-rw-r--r--contrib/sendmail/libmilter/Makefile.m422
-rw-r--r--contrib/sendmail/libmilter/README85
-rw-r--r--contrib/sendmail/libmilter/comm.c47
-rw-r--r--contrib/sendmail/libmilter/docs/api.html194
-rw-r--r--contrib/sendmail/libmilter/docs/design.html144
-rw-r--r--contrib/sendmail/libmilter/docs/figure1.fig56
-rw-r--r--contrib/sendmail/libmilter/docs/figure1.jpgbin0 -> 21406 bytes
-rw-r--r--contrib/sendmail/libmilter/docs/figure1.ps173
-rw-r--r--contrib/sendmail/libmilter/docs/figure2.fig67
-rw-r--r--contrib/sendmail/libmilter/docs/figure2.jpgbin0 -> 47947 bytes
-rw-r--r--contrib/sendmail/libmilter/docs/figure2.ps242
-rw-r--r--contrib/sendmail/libmilter/docs/index.html92
-rw-r--r--contrib/sendmail/libmilter/docs/installation.html169
-rw-r--r--contrib/sendmail/libmilter/docs/other.html15
-rw-r--r--contrib/sendmail/libmilter/docs/overview.html194
-rw-r--r--contrib/sendmail/libmilter/docs/sample.html426
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_addheader.html94
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_addrcpt.html80
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_chgheader.html96
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_delrcpt.html79
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_getpriv.html59
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_getsymval.html92
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_main.html48
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_register.html160
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_replacebody.html90
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_setconn.html77
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_setpriv.html77
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_setreply.html92
-rw-r--r--contrib/sendmail/libmilter/docs/smfi_settimeout.html60
-rw-r--r--contrib/sendmail/libmilter/docs/xxfi_abort.html80
-rw-r--r--contrib/sendmail/libmilter/docs/xxfi_body.html80
-rw-r--r--contrib/sendmail/libmilter/docs/xxfi_close.html66
-rw-r--r--contrib/sendmail/libmilter/docs/xxfi_connect.html90
-rw-r--r--contrib/sendmail/libmilter/docs/xxfi_envfrom.html92
-rw-r--r--contrib/sendmail/libmilter/docs/xxfi_envrcpt.html94
-rw-r--r--contrib/sendmail/libmilter/docs/xxfi_eoh.html53
-rw-r--r--contrib/sendmail/libmilter/docs/xxfi_eom.html58
-rw-r--r--contrib/sendmail/libmilter/docs/xxfi_header.html74
-rw-r--r--contrib/sendmail/libmilter/docs/xxfi_helo.html59
-rw-r--r--contrib/sendmail/libmilter/engine.c153
-rw-r--r--contrib/sendmail/libmilter/handler.c9
-rw-r--r--contrib/sendmail/libmilter/libmilter.h36
-rw-r--r--contrib/sendmail/libmilter/listener.c216
-rw-r--r--contrib/sendmail/libmilter/main.c80
-rw-r--r--contrib/sendmail/libmilter/signal.c41
-rw-r--r--contrib/sendmail/libmilter/sm_gethost.c45
-rw-r--r--contrib/sendmail/libmilter/smfi.c232
-rw-r--r--contrib/sendmail/libsm/Makefile17
-rw-r--r--contrib/sendmail/libsm/Makefile.m436
-rw-r--r--contrib/sendmail/libsm/README126
-rw-r--r--contrib/sendmail/libsm/assert.c187
-rw-r--r--contrib/sendmail/libsm/assert.html359
-rw-r--r--contrib/sendmail/libsm/b-strcmp.c148
-rw-r--r--contrib/sendmail/libsm/b-strl.c202
-rw-r--r--contrib/sendmail/libsm/cdefs.html107
-rw-r--r--contrib/sendmail/libsm/cf.c100
-rw-r--r--contrib/sendmail/libsm/clock.c516
-rw-r--r--contrib/sendmail/libsm/clrerr.c39
-rw-r--r--contrib/sendmail/libsm/config.c239
-rw-r--r--contrib/sendmail/libsm/debug.c368
-rw-r--r--contrib/sendmail/libsm/debug.html276
-rw-r--r--contrib/sendmail/libsm/errstring.c206
-rw-r--r--contrib/sendmail/libsm/exc.c669
-rw-r--r--contrib/sendmail/libsm/exc.html757
-rw-r--r--contrib/sendmail/libsm/fclose.c149
-rw-r--r--contrib/sendmail/libsm/feof.c42
-rw-r--r--contrib/sendmail/libsm/ferror.c41
-rw-r--r--contrib/sendmail/libsm/fflush.c151
-rw-r--r--contrib/sendmail/libsm/fget.c110
-rw-r--r--contrib/sendmail/libsm/findfp.c428
-rw-r--r--contrib/sendmail/libsm/flags.c61
-rw-r--r--contrib/sendmail/libsm/fopen.c372
-rw-r--r--contrib/sendmail/libsm/fpos.c152
-rw-r--r--contrib/sendmail/libsm/fprintf.c55
-rw-r--r--contrib/sendmail/libsm/fpurge.c53
-rw-r--r--contrib/sendmail/libsm/fput.c52
-rw-r--r--contrib/sendmail/libsm/fread.c100
-rw-r--r--contrib/sendmail/libsm/fscanf.c55
-rw-r--r--contrib/sendmail/libsm/fseek.c335
-rw-r--r--contrib/sendmail/libsm/fvwrite.c279
-rw-r--r--contrib/sendmail/libsm/fvwrite.h30
-rw-r--r--contrib/sendmail/libsm/fwalk.c61
-rw-r--r--contrib/sendmail/libsm/fwrite.c67
-rw-r--r--contrib/sendmail/libsm/gen.html43
-rw-r--r--contrib/sendmail/libsm/get.c46
-rw-r--r--contrib/sendmail/libsm/glue.h27
-rw-r--r--contrib/sendmail/libsm/heap.c819
-rw-r--r--contrib/sendmail/libsm/heap.html424
-rw-r--r--contrib/sendmail/libsm/index.html174
-rw-r--r--contrib/sendmail/libsm/io.html745
-rw-r--r--contrib/sendmail/libsm/ldap.c961
-rw-r--r--contrib/sendmail/libsm/local.h340
-rw-r--r--contrib/sendmail/libsm/makebuf.c154
-rw-r--r--contrib/sendmail/libsm/match.c137
-rw-r--r--contrib/sendmail/libsm/mbdb.c746
-rw-r--r--contrib/sendmail/libsm/mpeix.c646
-rw-r--r--contrib/sendmail/libsm/niprop.c213
-rw-r--r--contrib/sendmail/libsm/path.c15
-rw-r--r--contrib/sendmail/libsm/put.c80
-rw-r--r--contrib/sendmail/libsm/refill.c294
-rw-r--r--contrib/sendmail/libsm/rewind.c44
-rw-r--r--contrib/sendmail/libsm/rpool.c493
-rw-r--r--contrib/sendmail/libsm/rpool.html187
-rw-r--r--contrib/sendmail/libsm/setvbuf.c190
-rw-r--r--contrib/sendmail/libsm/shm.c102
-rw-r--r--contrib/sendmail/libsm/signal.c340
-rw-r--r--contrib/sendmail/libsm/smstdio.c327
-rw-r--r--contrib/sendmail/libsm/snprintf.c86
-rw-r--r--contrib/sendmail/libsm/sscanf.c103
-rw-r--r--contrib/sendmail/libsm/stdio.c497
-rw-r--r--contrib/sendmail/libsm/strcasecmp.c106
-rw-r--r--contrib/sendmail/libsm/strdup.c72
-rw-r--r--contrib/sendmail/libsm/strerror.c60
-rw-r--r--contrib/sendmail/libsm/strexit.c127
-rw-r--r--contrib/sendmail/libsm/string.c56
-rw-r--r--contrib/sendmail/libsm/stringf.c86
-rw-r--r--contrib/sendmail/libsm/strio.c466
-rw-r--r--contrib/sendmail/libsm/strl.c321
-rw-r--r--contrib/sendmail/libsm/strrevcmp.c101
-rw-r--r--contrib/sendmail/libsm/strto.c254
-rw-r--r--contrib/sendmail/libsm/syslogio.c220
-rw-r--r--contrib/sendmail/libsm/t-cf.c46
-rw-r--r--contrib/sendmail/libsm/t-event.c85
-rw-r--r--contrib/sendmail/libsm/t-exc.c145
-rw-r--r--contrib/sendmail/libsm/t-float.c72
-rw-r--r--contrib/sendmail/libsm/t-fopen.c34
-rw-r--r--contrib/sendmail/libsm/t-heap.c64
-rw-r--r--contrib/sendmail/libsm/t-match.c47
-rw-r--r--contrib/sendmail/libsm/t-path.c35
-rw-r--r--contrib/sendmail/libsm/t-rpool.c69
-rw-r--r--contrib/sendmail/libsm/t-scanf.c59
-rw-r--r--contrib/sendmail/libsm/t-shm.c266
-rw-r--r--contrib/sendmail/libsm/t-smstdio.c75
-rw-r--r--contrib/sendmail/libsm/t-string.c46
-rw-r--r--contrib/sendmail/libsm/t-strio.c33
-rw-r--r--contrib/sendmail/libsm/t-strl.c136
-rw-r--r--contrib/sendmail/libsm/t-strrevcmp.c53
-rw-r--r--contrib/sendmail/libsm/t-types.c103
-rw-r--r--contrib/sendmail/libsm/test.c155
-rw-r--r--contrib/sendmail/libsm/ungetc.c179
-rw-r--r--contrib/sendmail/libsm/vasprintf.c115
-rw-r--r--contrib/sendmail/libsm/vfprintf.c1107
-rw-r--r--contrib/sendmail/libsm/vfscanf.c874
-rw-r--r--contrib/sendmail/libsm/vprintf.c39
-rw-r--r--contrib/sendmail/libsm/vsnprintf.c78
-rw-r--r--contrib/sendmail/libsm/vsprintf.c66
-rw-r--r--contrib/sendmail/libsm/vsscanf.c88
-rw-r--r--contrib/sendmail/libsm/wbuf.c88
-rw-r--r--contrib/sendmail/libsm/wsetup.c82
-rw-r--r--contrib/sendmail/libsm/xtrap.c21
-rw-r--r--contrib/sendmail/libsmdb/Makefile.m41
-rw-r--r--contrib/sendmail/libsmdb/smdb.c93
-rw-r--r--contrib/sendmail/libsmdb/smdb1.c74
-rw-r--r--contrib/sendmail/libsmdb/smdb2.c69
-rw-r--r--contrib/sendmail/libsmdb/smndbm.c64
-rw-r--r--contrib/sendmail/libsmutil/Makefile.m43
-rw-r--r--contrib/sendmail/libsmutil/cf.c71
-rw-r--r--contrib/sendmail/libsmutil/debug.c31
-rw-r--r--contrib/sendmail/libsmutil/err.c63
-rw-r--r--contrib/sendmail/libsmutil/lockfile.c23
-rw-r--r--contrib/sendmail/libsmutil/safefile.c245
-rw-r--r--contrib/sendmail/libsmutil/snprintf.c386
-rw-r--r--contrib/sendmail/mail.local/Makefile.m45
-rw-r--r--contrib/sendmail/mail.local/README8
-rw-r--r--contrib/sendmail/mail.local/mail.local.833
-rw-r--r--contrib/sendmail/mail.local/mail.local.c614
-rw-r--r--contrib/sendmail/mailstats/Makefile.m42
-rw-r--r--contrib/sendmail/mailstats/mailstats.813
-rw-r--r--contrib/sendmail/mailstats/mailstats.c205
-rw-r--r--contrib/sendmail/makemap/Makefile.m42
-rw-r--r--contrib/sendmail/makemap/makemap.822
-rw-r--r--contrib/sendmail/makemap/makemap.c274
-rw-r--r--contrib/sendmail/praliases/Makefile.m42
-rw-r--r--contrib/sendmail/praliases/praliases.84
-rw-r--r--contrib/sendmail/praliases/praliases.c154
-rw-r--r--contrib/sendmail/rmail/Makefile.m45
-rw-r--r--contrib/sendmail/rmail/rmail.86
-rw-r--r--contrib/sendmail/rmail/rmail.c186
-rw-r--r--contrib/sendmail/smrsh/Makefile.m43
-rw-r--r--contrib/sendmail/smrsh/README4
-rw-r--r--contrib/sendmail/smrsh/smrsh.810
-rw-r--r--contrib/sendmail/smrsh/smrsh.c141
-rw-r--r--contrib/sendmail/src/Makefile.m443
-rw-r--r--contrib/sendmail/src/README361
-rw-r--r--contrib/sendmail/src/SECURITY192
-rw-r--r--contrib/sendmail/src/TRACEFLAGS10
-rw-r--r--contrib/sendmail/src/TUNING232
-rw-r--r--contrib/sendmail/src/alias.c329
-rw-r--r--contrib/sendmail/src/aliases45
-rw-r--r--contrib/sendmail/src/aliases.54
-rw-r--r--contrib/sendmail/src/arpadate.c9
-rw-r--r--contrib/sendmail/src/bf.c846
-rw-r--r--contrib/sendmail/src/bf.h30
-rw-r--r--contrib/sendmail/src/collect.c714
-rw-r--r--contrib/sendmail/src/conf.c2518
-rw-r--r--contrib/sendmail/src/conf.h2733
-rw-r--r--contrib/sendmail/src/control.c167
-rw-r--r--contrib/sendmail/src/convtime.c43
-rw-r--r--contrib/sendmail/src/daemon.c2508
-rw-r--r--contrib/sendmail/src/deliver.c2860
-rw-r--r--contrib/sendmail/src/domain.c536
-rw-r--r--contrib/sendmail/src/envelope.c653
-rw-r--r--contrib/sendmail/src/err.c421
-rw-r--r--contrib/sendmail/src/headers.c466
-rw-r--r--contrib/sendmail/src/helpfile6
-rw-r--r--contrib/sendmail/src/macro.c350
-rw-r--r--contrib/sendmail/src/mailq.16
-rw-r--r--contrib/sendmail/src/main.c3033
-rw-r--r--contrib/sendmail/src/map.c3298
-rw-r--r--contrib/sendmail/src/mci.c522
-rw-r--r--contrib/sendmail/src/milter.c1310
-rw-r--r--contrib/sendmail/src/mime.c253
-rw-r--r--contrib/sendmail/src/newaliases.115
-rw-r--r--contrib/sendmail/src/parseaddr.c1233
-rw-r--r--contrib/sendmail/src/queue.c6910
-rw-r--r--contrib/sendmail/src/readcf.c1489
-rw-r--r--contrib/sendmail/src/recipient.c1196
-rw-r--r--contrib/sendmail/src/sasl.c208
-rw-r--r--contrib/sendmail/src/savemail.c622
-rw-r--r--contrib/sendmail/src/sendmail.878
-rw-r--r--contrib/sendmail/src/sendmail.h1415
-rw-r--r--contrib/sendmail/src/sfsasl.c827
-rw-r--r--contrib/sendmail/src/sfsasl.h49
-rw-r--r--contrib/sendmail/src/shmticklib.c18
-rw-r--r--contrib/sendmail/src/sm_resolve.c411
-rw-r--r--contrib/sendmail/src/sm_resolve.h142
-rw-r--r--contrib/sendmail/src/srvrsmtp.c4361
-rw-r--r--contrib/sendmail/src/stab.c248
-rw-r--r--contrib/sendmail/src/stats.c85
-rw-r--r--contrib/sendmail/src/statusd_shm.h13
-rw-r--r--contrib/sendmail/src/sysexits.c76
-rw-r--r--contrib/sendmail/src/timers.c23
-rw-r--r--contrib/sendmail/src/timers.h6
-rw-r--r--contrib/sendmail/src/tls.c1469
-rw-r--r--contrib/sendmail/src/trace.c210
-rw-r--r--contrib/sendmail/src/udb.c286
-rw-r--r--contrib/sendmail/src/usersmtp.c1721
-rw-r--r--contrib/sendmail/src/util.c1549
-rw-r--r--contrib/sendmail/src/version.c10
-rw-r--r--contrib/sendmail/test/Makefile17
-rw-r--r--contrib/sendmail/test/Makefile.m418
-rw-r--r--contrib/sendmail/test/README27
-rw-r--r--contrib/sendmail/test/Results40
-rw-r--r--contrib/sendmail/test/t_dropgid.c154
-rw-r--r--contrib/sendmail/test/t_exclopen.c12
-rw-r--r--contrib/sendmail/test/t_pathconf.c12
-rw-r--r--contrib/sendmail/test/t_seteuid.c24
-rw-r--r--contrib/sendmail/test/t_setgid.c119
-rw-r--r--contrib/sendmail/test/t_setreuid.c40
-rw-r--r--contrib/sendmail/test/t_setuid.c24
-rw-r--r--contrib/sendmail/test/t_snprintf.c14
-rw-r--r--contrib/sendmail/vacation/Makefile.m42
-rw-r--r--contrib/sendmail/vacation/vacation.167
-rw-r--r--contrib/sendmail/vacation/vacation.c461
384 files changed, 72206 insertions, 22730 deletions
diff --git a/contrib/sendmail/INSTALL b/contrib/sendmail/INSTALL
index 3286207f8e0f..96558c537955 100644
--- a/contrib/sendmail/INSTALL
+++ b/contrib/sendmail/INSTALL
@@ -1,9 +1,10 @@
Installing sendmail
-Note: as of sendmail 8.9, a new build architecture is in place that allows
-you to use the "Build" shell script in any of the program directories.
-On many environments this will do everything for you, no fuss, no muss.
+**Note**: Starting with sendmail 8.12, sendmail is no longer set-user-ID
+root by default. As a result of this, you need to install two .cf files.
+See steps 4 and 6 in this document. We also strongly recommend reading
+sendmail/SECURITY for more installation information.
1. Read all the README files noted in the INTRODUCTION section of the README
file in this top-level directory.
@@ -15,16 +16,22 @@ On many environments this will do everything for you, no fuss, no muss.
details).
4. Change to the cf/cf/ directory (that's not a typo): Copy whichever .mc
- file best matches your environment to config.mc, where config can be any
- name. Next, tailor it as explained in cf/README. Then run
- "sh Build config.cf".
+ file best matches your environment to sendmail.mc. Next, tailor it
+ as explained in cf/README. Then run
+ "sh Build sendmail.cf".
5. Back up your current /etc/mail/sendmail.cf and the sendmail binary (whose
location varies from operating system to operating system, but is usually
in /usr/sbin or /usr/lib).
-6. Install config.cf as /etc/mail/sendmail.cf and install the sendmail binary
- built in step 3 by cd-ing back to sendmail/ and running "sh Build install".
+6. Install sendmail.cf as /etc/mail/sendmail.cf and submit.cf as
+ /etc/mail/submit.cf. This can be done in the cf/cf by using
+ "sh Build install-cf".
+
+ Please read sendmail/SECURITY before continuing; you have to create a
+ new user smmsp and a new group smmsp for the default installation.
+ Then install the sendmail binary built in step 3 by cd-ing back to
+ sendmail/ and running "sh Build install".
7. For each of the associated sendmail utilities (makemap, mailstats, etc.),
read the README in the utility's directory. When you are ready to install
@@ -35,4 +42,4 @@ On many environments this will do everything for you, no fuss, no muss.
in case you are now using a different (and thereby incompatible) version
of Berkeley DB.
-$Revision: 8.3.16.2 $, Last updated $Date: 2000/12/30 06:24:03 $
+$Revision: 8.14 $, Last updated $Date: 2001/11/04 20:59:11 $
diff --git a/contrib/sendmail/KNOWNBUGS b/contrib/sendmail/KNOWNBUGS
index f3a42e7e9df7..0fa616bdab7a 100644
--- a/contrib/sendmail/KNOWNBUGS
+++ b/contrib/sendmail/KNOWNBUGS
@@ -3,7 +3,7 @@
K N O W N B U G S I N S E N D M A I L
-The following are bugs or deficiencies in sendmail that I am aware of
+The following are bugs or deficiencies in sendmail that we are aware of
but which have not been fixed in the current release. You probably
want to get the most up to date version of this from ftp.sendmail.org
in /pub/sendmail/KNOWNBUGS. For descriptions of bugs that have been
@@ -13,7 +13,6 @@ distribution).
This list is not guaranteed to be complete.
* Delivery to programs that generate too much output may cause problems
- (8.10, 8.11)
If e-mail is delivered to a program which generates too much
output, then sendmail may issue an error:
@@ -35,7 +34,7 @@ This list is not guaranteed to be complete.
restructuring of the code -- for example, almost no C library support
could be used to handle strings.
-* Header checks are not called if header value is too long.
+* Header checks are not called if header value is too long or empty.
If the value of a header is longer than 1250 (MAXNAME + MAXATOM - 6)
characters or it contains a single word longer than 256 (MAXNAME)
@@ -47,13 +46,12 @@ This list is not guaranteed to be complete.
Sometimes identical, duplicate error messages can be generated. As
near as I can tell, this is rare and relatively innocuous.
-* $c (hop count) macro improperly set.
+* Misleading error messages.
- The $c macro is supposed to contain the current hop count, for use
- when calling a mailer. This macro is initialized too early, and
- is always zero (or the value of the -c command line flag, if any).
- This macro will probably be removed entirely in a future release;
- I don't believe there are any mailers left that require it.
+ If an illegal address is specified on the command line together
+ with at least one valid address and PostmasterCopy is set, the
+ DSN does not contain the illegal address, but only the valid
+ address(es).
* \231 considered harmful.
@@ -121,6 +119,14 @@ This list is not guaranteed to be complete.
account for the SMTP on-the-wire \r\n expansion. It probably doesn't
allow for 8->7 bit MIME conversions either.
+* Client ignores SIZE parameter.
+
+ When sendmail acts as client and the server specifies a limit
+ for the mail size, sendmail will ignore this and try to send the
+ mail anyway. The server will usually reject the MAIL command
+ which specifies the size of the message and hence this problem
+ is not significant.
+
* Paths to programs being executed and the mode of program files are
not checked. Essentially, the RunProgramInUnsafeDirPath and
RunWritableProgram bits in the DontBlameSendmail option are always
@@ -150,7 +156,7 @@ This list is not guaranteed to be complete.
* MIME encoded full name phrases in the From: header
If a full name phrase includes characters from MustQuoteChars, sendmail
- will quote the entire full name phrase. If MustQuoteChars includes
+ will quote the entire full name phrase. If MustQuoteChars includes
characters which are not special characters according to STD 11 (RFC
822), this quotation can interfere with MIME encoded full name phrases.
By default, sendmail includes the single quote character (') in
@@ -200,22 +206,14 @@ This list is not guaranteed to be complete.
local mail delivery and NFS hard mounted home directories should be
avoided, as attempts to open the forward files could hang.
-* Race condition for delivery to set-user-id files
+* Race condition for delivery to set-user-ID files
Sendmail will deliver to a fail if the file is owned by the DefaultUser
- or has the set-user-id bit set. Unfortunately, some systems clear that bit
+ or has the set-user-ID bit set. Unfortunately, some systems clear that bit
when a file is modified. Sendmail compensates by resetting the file mode
back to it's original settings. Unfortunately, there's still a
permission failure race as sendmail checks the permissions before locking
the file. This is unavoidable as sendmail must verify the file is safe
to open before opening it. A file can not be locked until it is open.
-* Potential denial of service attack with AutoRebuildAliases
-
- There is a potential for a denial of service attack if the
- AutoRebuildAliases option is set as a user can kill the sendmail process
- while it is rebuilding the aliases file leaving it in an inconsistent
- state. This option and it's use is deprecated and will be removed from a
- future version of sendmail.
-
-$Revision: 8.43.16.2 $, Last updated $Date: 2001/07/31 22:42:46 $
+$Revision: 8.54 $, Last updated $Date: 2001/12/17 16:07:51 $
diff --git a/contrib/sendmail/LICENSE b/contrib/sendmail/LICENSE
index 0101f4843699..ea4a7dad034d 100644
--- a/contrib/sendmail/LICENSE
+++ b/contrib/sendmail/LICENSE
@@ -76,4 +76,4 @@ each of the following conditions is met:
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
-$Revision: 8.9.4.1 $, Last updated $Date: 2001/02/14 04:07:19 $
+$Revision: 8.10 $, Last updated $Date: 2001/02/14 04:39:34 $
diff --git a/contrib/sendmail/Makefile b/contrib/sendmail/Makefile
index 547e46deea9e..97b2afc54c50 100644
--- a/contrib/sendmail/Makefile
+++ b/contrib/sendmail/Makefile
@@ -1,8 +1,9 @@
-# $Id: Makefile.dist,v 8.9 1999/09/27 21:39:11 gshapiro Exp $
+# $Id: Makefile.dist,v 8.15 2001/08/23 20:44:39 ca Exp $
SHELL= /bin/sh
-SUBDIRS= libsmutil libsmdb sendmail mail.local mailstats makemap \
- praliases rmail smrsh vacation
+SUBDIRS= libsm libsmutil libsmdb sendmail editmap mail.local \
+ mailstats makemap praliases rmail smrsh vacation
+# libmilter: requires pthread
BUILD= ./Build
OPTIONS= $(CONFIG) $(FLAGS)
@@ -27,6 +28,13 @@ install: FRC
$(SHELL) $(BUILD) $(OPTIONS) $@); \
done
+install-docs: FRC
+ @for x in $(SUBDIRS); \
+ do \
+ (cd $$x; echo Making $@ in:; pwd; \
+ $(SHELL) $(BUILD) $(OPTIONS) $@); \
+ done
+
fresh: FRC
@for x in $(SUBDIRS); \
do \
diff --git a/contrib/sendmail/PGPKEYS b/contrib/sendmail/PGPKEYS
index f77e4a72f406..11654e967861 100644
--- a/contrib/sendmail/PGPKEYS
+++ b/contrib/sendmail/PGPKEYS
@@ -88,6 +88,80 @@ y+PVZ1MwnEXfTQReVSla0AAOIRirHEh4YnUVZzFSNEJqoDRZQwVd7Q==
-----END PGP PUBLIC KEY BLOCK-----
Type Bits KeyID Created Expires Algorithm Use
+sec+ 1024 0x678C0A03 2001-12-18 ---------- RSA Sign & Encrypt
+f16 Fingerprint16 = 7B 02 F4 AA FC C0 22 DA 47 3E 2A 9A 9B 35 22 45
+uid Sendmail Signing Key/2002 <sendmail@Sendmail.ORG>
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: PGPfreeware 5.0i for non-commercial use
+
+mQCNAzwfgwEAAAEEALejONfYzPrNw5IhjBfjpkj1hCwVGCa91d0Pr9SyMgFdrEam
+v4jWiz80rFoKdm3dr1bDqBhdiq4tH49Rul+RLLEXLyiPiLyRoldl54cPeOUoGafp
+PvcCihSgWM2tFO1saYtf+/oM5/9S/TA+pb4hpXAZE4CfL4e7X4lpYrhnjAoDAAUR
+tDFTZW5kbWFpbCBTaWduaW5nIEtleS8yMDAyIDxzZW5kbWFpbEBTZW5kbWFpbC5P
+Ukc+iQCVAwUQPB+DAYlpYrhnjAoDAQFKqQP/YG77bGGhCqr8PxSpWSNxDuIPAmX4
+VJdLsIQNUBqI/3noPfTec3553EsXMUvJh/4iiI/+6CYExQi4WQELZDPmfUUWQWUA
+aiv6upSOKOAmuiVO2cjZzNaETswwyabk2rOE0RzmCuzMDCrkbFugoBRofuUjXwq6
+FAnTaM5LkAgprfaJAJUDBRA8H4OufEtnbaAOFWMBAWP3A/9Y4JqmHQtcz0t/kIcE
+ZwGwYd8+kyeo0/0voW07STq/C60hX3eFiegoqO6bqILIaswZ6djnYOMdOYhMtM+f
+VzcMNTyJCRe3KcWvY4xRQMYc+zmwqqxY1cW6F1mWLT6fwZ6hlIRG/A91OfIDbnuh
+WqNFOJR3NNMmC97nB3D36e4vWYkAlQMFEDwfg/jBnB0lEtNGHQEB9+sD/R6kEta/
+JNgmBhnVRheM5+4ijQpz9csP0Y2Ccd5C2BFkURQztRxgldaTRdmzAltjG49ZmgAj
+C15v0S5CunWI2gHNvNzh0odyKD5+FEcU2arz2TEqnEIzoDdAq4B6Qwf48EVBqtOa
+rIY6LoLV2/POFqTZvP2fzdp1kju6KpfMLgeniQCVAwUQPB+EB+9YlmTUMuGdAQEp
+fQP/faSN6UtxXPrEtnqF+9V+pEc77BJO6oa9lpI9Qdbupo1wqNtFH6ZmYhnLPD65
+qAFnyKZU6VW58ulobd5nZqISdTV0CorPJ1I+7zTS4IuZkiDg6/YCTzWdcgs7M7W5
+sI4mnDt4bPdIRvz0ffM8r6WmVQISuI78+9usnZMLGoJn2P+JAJUDBRA8H4Qmb1KT
+2KObplUBAduAA/oDRlld+jlosLu1TDZD9J9srEK7mdT3+HIVohcfkqpAhXXcZrvd
+avKucihNrCa+dj1u03A0xxMPQoeuFQRlL587M1sEtowVGuyMTyiVtut7zsta/eEQ
+nkp0MYTqNftkRxoc7vMx98tqO4Xlfe2mLekV8w7TUQxGVi9JFIBx6ZATUYkAlQMF
+EDwfhDWcHL3i41xWNQEBoGED+gIvGFmUUu7fkdEmaT559dapdxCCEJkV/dUZUrbo
+EmYtllCo0yNxzfBdXVwlBlHFV7fAW+QZRhCQx9TBv0JrNf/AJp4XIo837PmKhoJr
+C5UsbT5SIypBi9Ai8AX4HQrB5SQQMd53efjmsdOITtdM0Cp+/uMUVuO+7oFeEWtW
+MvxaiQCVAwUQPB+ESDgi20fMN08tAQHyUAP/ajusqW//1Z6622HWr8GTVpTua/YG
+H3qGW0ZdXoqnzUNBIc9lksOV62JL91pzfDWaTCqMTEYzT6W94e7n8SYFtbroemxb
+kdSb8DO3C4bOa1w1dJsQfTeRYEuIMVHtjJmqw43J7pNn2HazVcnPf95YkMhGvs4b
+P2zfvyWwhgRCbWOJAJUDBRA8H4SLwCnKQBb0zOkBAddvBACYxaTZc+HsPEMLpoHW
+QIsntukJgdT/onZcTFZiVNmA6bYyQ0VPTiZ27HN7LjHkVgtdyEQceKq4T3iQ670h
+/Pp0gwk4ZDpmA/k2oqgs4aE/C6KDy6nMCGaucJhC9I0/0EFD32skvkQ5fj65oeoC
+2r/coIoA44Jp6ikzGA8i5aXuyIkAlQMFEDwfhK7W4KH+T74q3QEBwXED/1TiGmh1
+lnvOLIyn2lG+HIM4fzjlU4EmEm9we+lTi/zKOz+3w/O+jZKPEeYXvhjFjEbWIYI7
+XGtJQalipU4+Uhwv+bIliwWpYlFs0Roi6L/mN3CKXN8S62TI8RdArRKtPH9OxvGv
+1AXnEM0DRFuvcRVEBkUlnZKEit+8ttu5rIx5iQCVAwUQPB+Igs8etQMiMnoBAQE7
+hwQAtxoIqHHKs2IG8tTiNcjgfReeXovMeGttNua6rd6m2f8hA/UNt3U9houeGEsb
+62iU4ahd3zRRrQyof2ZshLZ6kSNM/5KrRSP2YlpzLSGbXJjuQQdc6rbQItOxo2rz
+lkQ4IlBj1XgYqO67GimlXk5GxpsTLhCFh2dfONxcgj3/P2OJAJUDBRA8H44OI+Ri
+1L97pCEBARSeA/9Ep+EhBQUhnr0lq5PX/35uSfyaSFYVNnJ6KQqgoGJXIsktW47a
+CIlGNireedg6t1TpjC6O4mWLZbromFYX6tq3ItNJopoMEN7kQjG+joWgYeBb5e3u
+qDCThHonW552ev9HNGtCROG6Dvb8gDbjutlcKQMNygJdAdQquLdxAMWeeIkAlQMF
+EDwfjdV3HZKuiXLHwQEBe74EAI8cKrwohEOLVUNRZSCmNpttwPQ1UddzPF0JtFLy
+1CdaQWQpR85jarWCzYGioWWMpKrOHjQC2dzezaXbbaegWgC+NNylcgSuPlbAgexY
+KCHy8zARQQR87XzRFyfSgG3eJaChSpqNxZ38MS81P3BXpLoKeUA7LOyQbLOAK9Dz
+NCSqiQBGBBARAgAGBQI8H435AAoJENNJPvDSl6uOsq4AoIAKkPCRfhY4O/UMWlsC
+JqX/dY7DAJsGrYZYJAYOM2uyi7UVpNM4XrpcKYkAlQMFEDwfjpVfHshviAyeVQEB
+dNkD/2D9uVWeD9RD6eO1VLrMatDfqRrjVFa7S0tKkJSH2v2Kdes9cuFeUAXSRLOt
+u7knPiGun++AfYCWCl6rr80sCHtT2Af84C7rhKSImkeTlxUOBYid5s9GiNAJXn7b
+LZZBYylfdGrdU2wFeLULRhNvPB7hSmMSOloDulgJPk20Y7JfiQCVAwUQPB+PPKVT
+ksHk9ElFAQEVkAQAnE/KrfYoCMeEHvbS0MVoCuVjPvbwshWzUF3kH9hKCG+0pIRl
+mvMXLRtAx8DP2RxfCrzAMatyL80fd+vdAjh3TK+TXhJm0SK+KbYjbk8PhPxDN85l
+mJkybMnUKAirjKcdyigCAKIzvc30NyadLyq08mGaYPjrK61LuLxr91KOKSWJAEYE
+EBECAAYFAjwfkSgACgkQAm4U2qPreYqQJQCg6XPb/+6fZfkscGlAyqWICmv3Ir8A
+oMdaGZp1kH901+GqmEA9yAm8FVnziQBGBBARAgAGBQI8H5GqAAoJEKK7+yQM+Vb3
+czEAn2OCdDNEGlJt0wwUi37vvNJJXAvtAJ0SAOrKsE+jH0Hq/0Y181nCcjWafokA
+lQMFEDwfnYXh1PwU5tB0cQEBlS0D/jnLmHQtNmKxV/CXWgyHwcfHP5QcbgGYJfLE
+9SDVARN+VJnFQqXDAPI5qwcdAEOJal8AVs4cnoTwuJm5dnKSjPOPsPEVALFPyX2v
+LZv3M/QF+FMuaUowqAM4HCIqPT+ksd+j4jBSRwGvYI6BeBYIWdmHvrIVkh9Cy6Mz
+z8+sAZ4WiQBGBBARAgAGBQI8H55mAAoJEHAt5Vm009ew6SoAoPQHwI0VMEouunZD
+kM/iWMdKPOLqAJ9+xhZHRCDTqaqrOcUV6LkvKAzvxYkAlQMFEDwgMQAA8tkJ67sb
+QQEBEUcD/ROzXCXemtAui6WTjRKXbw0amx7XTxvbRWmhF9Q3d1OOgWMWQ4LAs4JG
+irFdCjPn1sl/oDTLvU5YAUpRj/Eu9XGxqTlvJXoOE4Gfh1UMPoSxK7CIeuzQUgJ8
+8JCRGmytKngupzQ1o0agAOsB96bM8H9UJiB/mo8iqHijotVbagntiQBGBBARAgAG
+BQI8IIEQAAoJENvMSAFp0LW+8/oAoIgGzgkjm5zeOlHCl3vdeH7IMKC4AJ9Dg2VP
+k0ouvT33gc0C1lvqHOuWMw==
+=Yoii
+-----END PGP PUBLIC KEY BLOCK-----
+
+Type Bits KeyID Created Expires Algorithm Use
pub 1024 0xCC374F2D 2000-12-14 ---------- RSA Sign & Encrypt
f16 Fingerprint16 = 59 AF DC 3E A2 7D 29 56 89 FA 25 70 90 0D 7E C1
uid Sendmail Signing Key/2001 <sendmail@Sendmail.ORG>
@@ -830,4 +904,4 @@ SIXqPke2iCW6+zdG1T/gS5T9T9/Lf2c9FQf0FjURAi3ynDA2RBLA5FDsI8v3
=dbDm
-----END PGP PUBLIC KEY BLOCK-----
-$Revision: 8.5.16.4 $, Last updated $Date: 2001/07/31 22:36:18 $
+$Revision: 8.13 $, Last updated $Date: 2001/12/19 19:10:01 $
diff --git a/contrib/sendmail/README b/contrib/sendmail/README
index 4188f9db94d4..715f34fc40cd 100644
--- a/contrib/sendmail/README
+++ b/contrib/sendmail/README
@@ -27,10 +27,12 @@ the latest updates.
You may also find these useful:
- d. devtools/README
- e. devtools/Site/README
- f. mail.local/README
- g. smrsh/README
+ d. sendmail/SECURITY
+ e. devtools/README
+ f. devtools/Site/README
+ g. libmilter/README
+ h. mail.local/README
+ i. smrsh/README
4. Read cf/README.
@@ -93,7 +95,7 @@ the items in the file to be marked as safe for file and program
delivery.
Other files affected by this strengthened security include class
-files (i.e. Fw /etc/mail/local-host-names), persistent host status files,
+files (i.e., Fw /etc/mail/local-host-names), persistent host status files,
and the files specified by the ErrorHeader and HelpFile options. Similar
DontBlameSendmail flags are available for the class, ErrorHeader, and
HelpFile files.
@@ -174,15 +176,13 @@ Important RFCs for electronic mail are:
RFC974 MX routing
RFC976 UUCP mail format
RFC1123 Host requirements (modifies 821, 822, and 974)
- RFC1413 Identification server
- RFC1869 SMTP Service Extensions (ESMTP spec)
- RFC1652 SMTP Service Extension for 8bit-MIMEtransport
- RFC1870 SMTP Service Extension for Message Size Declaration
- RFC2045 Multipurpose Internet Mail Extensions (MIME) Part One:
- Format of Internet Message Bodies
RFC1344 Implications of MIME for Internet Mail Gateways
+ RFC1413 Identification server
RFC1428 Transition of Internet Mail from Just-Send-8 to
8-bit SMTP/MIME
+ RFC1652 SMTP Service Extension for 8bit-MIMEtransport
+ RFC1869 SMTP Service Extensions (ESMTP spec)
+ RFC1870 SMTP Service Extension for Message Size Declaration
RFC1891 SMTP Service Extension for Delivery Status Notifications
RFC1892 Multipart/Report Content Type for the Reporting of
Mail System Administrative Messages
@@ -192,9 +192,15 @@ Important RFCs for electronic mail are:
RFC1985 SMTP Service Extension for Remote Message Queue Starting
RFC2033 Local Mail Transfer Protocol (LMTP)
RFC2034 SMTP Service Extension for Returning Enhanced Error Codes
+ RFC2045 Multipurpose Internet Mail Extensions (MIME) Part One:
+ Format of Internet Message Bodies
RFC2476 Message Submission
RFC2487 SMTP Service Extension for Secure SMTP over TLS
RFC2554 SMTP Service Extension for Authentication
+ RFC2821 Simple Mail Transfer Protocol
+ RFC2822 Internet Message Format
+ RFC2852 Deliver By SMTP Service Extension
+ RFC2920 SMTP Service Extension for Command Pipelining
Other standards that may be of interest (but which are less directly
relevant to sendmail) are:
@@ -221,8 +227,8 @@ PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR
COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL
SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE
YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT
-AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS ARE NOT LIABLE FOR
-ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.
+AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS ARE NOT LIABLE FOR
+ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.
If you use OpenSSL then make sure you read their README file which
contains information about patents etc.
@@ -360,6 +366,8 @@ contrib Some contributed tools to help with sendmail. THESE
devtools Build environment. See devtools/README.
doc Documentation. If you are getting source, read
op.me -- it's long, but worth it.
+editmap A program to edit and query maps that have been created
+ with makemap, e.g., adding and deleting entries.
include Include files used by multiple programs in the distribution.
libsmdb sendmail database library with support for Berkeley DB 1.X,
Berkeley DB 2.X, Berkeley DB 3.X, and NDBM.
@@ -392,4 +400,4 @@ sendmail Source for the sendmail program itself.
test Some test scripts (currently only for compilation aids).
vacation Source for the vacation program. NOT PART OF SENDMAIL!
-$Revision: 8.71.4.8 $, Last updated $Date: 2001/07/31 22:42:46 $
+$Revision: 8.81 $, Last updated $Date: 2001/09/26 16:22:19 $
diff --git a/contrib/sendmail/RELEASE_NOTES b/contrib/sendmail/RELEASE_NOTES
index ad6aecf9b292..f0d9d4d573e0 100644
--- a/contrib/sendmail/RELEASE_NOTES
+++ b/contrib/sendmail/RELEASE_NOTES
@@ -1,11 +1,907 @@
SENDMAIL RELEASE NOTES
- $Id: RELEASE_NOTES,v 8.561.2.5.2.261 2001/08/20 14:45:32 gshapiro Exp $
+ $Id: RELEASE_NOTES,v 8.1218 2002/01/13 18:24:15 ca Exp $
This listing shows the version of the sendmail binary, the version
of the sendmail configuration files, the date of release, and a
summary of the changes in that release.
+8.12.2/8.12.2 2002/01/13
+ Don't complain too much if stdin, stdout, or stderr are missing
+ at startup, only log an error message.
+ Fix potential problem if an unknown operation mode (character
+ following -b) has been specified.
+ Prevent purgestat from looping even if someone changes the
+ permissions or owner of hoststatus files. Problem noted
+ by Kari Hurtta of the Finnish Meteorological Institute.
+ Properly record dropped connections in persistent host status.
+ Problem noted by Ulrich Windl of the Universitat
+ Regensburg.
+ Remove newlines from recipients read via sendmail -t to prevent
+ SMTP protocol errors when sending the RCPT command.
+ Problem noted by William D. Colburn of the New Mexico
+ Institute of Mining and Technology.
+ Only log milter body replacements once instead of for each body
+ chunk sent by a filter. Problem noted by Kari Hurtta of
+ the Finnish Meteorological Institute.
+ In 8.12.0 and 8.12.1, the headers were mistakenly not included in
+ the message size calculation. Problem noted by Kari Hurtta
+ of the Finnish Meteorological Institute.
+ Since 8.12 no longer forks at the SMTP MAIL command, the daemon
+ needs to collect children status to avoid zombie processes.
+ Problem noted by Chris Adams of HiWAAY Informations Services.
+ Shut down "nullserver" and ETRN-only connections after 25 bad
+ commands are issued. This makes it consistent with normal
+ SMTP connections.
+ Avoid duplicate logging of milter rejections. Problem noted by
+ William D. Colburn of the New Mexico Institute of Mining
+ and Technology.
+ Error and delay DSNs were being sent to postmaster instead of the
+ message sender if the sender had used a deprecated RFC822
+ source route. Problem noted by Kari Hurtta of the Finnish
+ Meteorological Institute.
+ Fix FallbackMXhost behavior for temporary errors during address
+ parsing. Problem noted by Jorg Bielak from Coastal Web
+ Online.
+ For systems on which stat(2) does not return a value for st_blksize
+ that is the "optimal blocksize for I/O" three new compile
+ time flags are available: SM_IO_MAX_BUF_FILE, SM_IO_MIN_BUF,
+ and SM_IO_MAX_BUF, which define an upper limit for
+ regular files, and a lower and upper limit for other file
+ types, respectively.
+ Fix a potential deadlock if two events are supposed to occur at
+ exactly the same time. Problem noted by Valdis Kletnieks
+ of Virginia Tech.
+ Perform envelope splitting for aliases listed directly in the
+ alias file, not just for include/.forward files.
+ Problem noted by John Beck of Sun Microsystems.
+ Allow selection of queue group for mailq using -qGgroup.
+ Based on patch by John Beck of Sun Microsystems.
+ Make sure cached LDAP connections used my multiple maps in the same
+ process are closed. Patch from Taso N. Devetzis.
+ If running as root, allow reading of class files in protected
+ directories. Patch from Alexander Talos of the University
+ of Vienna.
+ Correct a few LDAP related memory leaks. Patch from David Powell
+ of Sun Microsystems.
+ Allow specification of an empty realm via the authinfo ruleset.
+ This is necessary to interoperate as an SMTP AUTH client
+ with servers that do not support realms when using
+ CRAM-MD5. Problem noted by Bjoern Voigt of TU Berlin.
+ Avoid a potential information leak if AUTH PLAIN is used and the
+ server gets stuck while processing that command. Problem
+ noted by Chris Adams from HiWAAY Informations Services.
+ In addition to printing errors when parsing recipients during
+ command line invocations log them to make it simpler
+ to understand possible DSNs to postmaster.
+ Do not use FallbackMXhost on mailers which have the F=0 flag set.
+ Allow local mailers (F=l) to specify a host for TCP connections
+ instead of forcing localhost.
+ Obey ${DESTDIR} for installation of the client mail queue and
+ submit.cf. Patch from Peter 'Luna' Runestig.
+ Re-enable support for -M option which was broken in 8.12.1. Problem
+ noted by Neil Rickert of Northern Illinois University.
+ If a remote server violates the SMTP standard by unexpectedly
+ dropping the connection during an SMTP transaction, stop
+ sending commands. This prevents bogus "Bad file number"
+ recipient status. Problem noted by Allan E Johannesen of
+ Worcester Polytechnic Institute.
+ Do not use a size estimate of 100 for postmaster bounces, it's
+ almost always too small; do not guess the size at all.
+ New VENDOR_DEC for Compaq/DEC. Requested by James Seagraves of
+ Compaq Computer Corp.
+ Fix DaemonPortOptions IPv6 address parsing such that ::1 works
+ properly. Problem noted by Valdis Kletnieks of Virginia
+ Tech.
+ Portability:
+ Fix IPv6 network interface probing on HP-UX 11.X. Based on
+ patch provided by HP.
+ Mac OS X (aka Darwin) has a broken setreuid() call, but a
+ working seteuid() call. From Daniel J. Luke.
+ Use proper type for a 32-bit integer on SINIX. From Ganu
+ Sachin of Siemens.
+ Set SM_IO_MIN_BUF (4K) and SM_IO_MAX_BUF (8K) for HP-UX.
+ Reduce optimization from +O3 to +O2 on HP-UX 11. This
+ fixes a problem that caused additional bogus
+ characters to be written to the qf file. Problem
+ noted by Tapani Tarvainen.
+ Set LDA_USE_LOCKF by default for UnixWare. Problem noted
+ by Boyd Lynn Gerber.
+ Add support for HP MPE/iX. See sendmail/README for port
+ information. From Mark Bixby of Hewlett-Packard.
+ New portability defines HASNICE, HASRRESVPORT, USE_ENVIRON,
+ USE_DOUBLE_FORK, and NEEDLINK. See sendmail/README
+ for more information. From Mark Bixby of
+ Hewlett-Packard.
+ If an OS doesn't have a method of finding free disk space
+ (SFS_NONE), lie and say there is plenty of space.
+ From Mark Bixby of Hewlett-Packard.
+ Add support for AIX 5.1. From Valdis Kletnieks of
+ Virginia Tech.
+ Fix man page location for NeXTSTEP. From Hisanori Gogota
+ of the NTT/InterCommunication Center.
+ Do not assume that strerror() always returns a string.
+ Problem noted by John Beck of Sun Microsystems.
+ CONFIG: Add OSTYPE(freebsd5) for FreeBSD 5.X, which has removed
+ UUCP from the base operating system. From Mark Murray of
+ FreeBSD Services, Ltd.
+ CONFIG: Add OSTYPE(mpeix) and a generic .mc file for HP MPE/iX
+ systems. From Mark Bixby of Hewlett-Packard.
+ CONFIG: Add support for selecting a queue group for all mailers.
+ Based on proposal by Stephen L. Ulmer of the University of
+ Florida.
+ CONFIG: Fix error reporting for compat_check.m4. Problem noted by
+ Altin Waldmann.
+ CONFIG: Do not override user selections for confRUN_AS_USER and
+ confTRUSTED_USER in FEATURE(msp). From Mark Bixby of
+ Hewlett-Packard.
+ LIBMILTER: Fix bug that prevented the removal of a socket after
+ libmilter terminated. Problem reported by Andrey V. Pevnev
+ of MSFU.
+ LIBMILTER: Fix configuration error that required libsm for linking.
+ Problem noted by Kari Hurtta of the Finnish Meteorological
+ Institute.
+ LIBMILTER: Portability fix for OpenUNIX. Patch from Larry Rosenman.
+ LIBMILTER: Fix a theoretical memory leak and a possible attempt
+ to free memory twice.
+ LIBSM: Fix a potential segmentation violation in the I/O library.
+ Problem found and analyzed by John Beck and Tim Haley
+ of Sun Microsystems.
+ LIBSM: Do not clear the LDAP configuration information when
+ terminating the mailbox database connection in the LDAP
+ example code. Problem noted by Nikos Voutsinas of the
+ University of Athens.
+ New Files:
+ cf/cf/generic-mpeix.cf
+ cf/cf/generic-mpeix.mc
+ cf/ostype/freebsd5.m4
+ cf/ostype/mpeix.m4
+ devtools/OS/AIX.5.1
+ devtools/OS/MPE-iX
+ include/sm/os/sm_os_mpeix.h
+ libsm/mpeix.c
+
+8.12.1/8.12.1 2001/10/01
+ SECURITY: Check whether dropping group privileges actually succeeded
+ to avoid possible compromises of the mail system by
+ supplying bogus data. Add configuration options for
+ different set*gid() calls to reset saved gid. Problem
+ found by Michal Zalewski.
+ PRIVACY: Prevent information leakage when sendmail has extra
+ privileges by disabling debugging (command line -d flag)
+ during queue runs and disabling ETRN when sendmail -bs is
+ used. Suggested by Michal Zalewski.
+ Avoid memory corruption problems resulting from bogus .cf files.
+ Problem found by Michal Zalewski.
+ Set the ${server_addr} macro to name of mailer when doing LMTP
+ delivery. LMTP systems may offer SMTP Authentication or
+ STARTTLS causing sendmail to use this macro in rulesets.
+ If debugging is turned on (-d0.10) print not just the default
+ values for configuration file and pid file but also the
+ selected values. Problem noted by Brad Chapman.
+ Continue dealing with broken nameservers by ignoring SERVFAIL
+ errors returned on T_AAAA (IPv6) lookups at delivery time
+ if ResolverOptions=WorkAroundBrokenAAAA is set. Previously
+ this only applied to hostname canonification. Problem
+ noted by Bill Fenner of AT&T Research.
+ Ignore comments in NIS host records when trying to find the
+ canonical name for a host.
+ When sendmail has extra privileges, limit mail submission command
+ line flags (i.e., -G, -h, -F, etc.) to mail submission
+ operating modes (i.e., -bm, -bs, -bv, etc.). Idea based on
+ suggestion from Michal Zalewski.
+ Portability:
+ AIX: Use `oslevel` if available to determine OS version.
+ `uname` does not given complete information.
+ Problem noted by Keith Neufeld of the Cessna
+ Aircraft Company.
+ OpenUNIX: Use lockf() for LDA delivery (affects mail.local).
+ Problem noticed by Boyd Lynn Gerber of ZENEX.
+ Avoid compiler warnings by not using pointers to pass
+ integers. Problem noted by Todd C. Miller of
+ Courtesan Consulting.
+ CONFIG: Add restrictqrun to PrivacyOptions for the MSP to minimize
+ problems with potential misconfigurations.
+ CONFIG: Fix comment showing default value of MaxHopCount. Problem
+ noted by Greg Robinson of the Defence Science and
+ Technology Organisation of Australia.
+ CONFIG: dnsbl: If an argument specifies an error message in case
+ of temporary lookup failures for DNS based blacklists
+ then use it.
+ LIBMILTER: Install mfdef.h, required by mfapi.h. Problem noted by
+ Richard A. Nelson of Debian.
+ LIBMILTER: Add __P definition for OS that lack it. Problem noted
+ by Chris Adams from HiWAAY Informations Services.
+ LIBSMDB: Fix a lock race condition that affects makemap, praliases,
+ and vacation.
+ MAKEMAP: Avoid going beyond the end of an input line if it does
+ not contain a value for a key. Based on patch from
+ Mark Bixby from Hewlett-Packard.
+ New Files:
+ test/Build
+ test/Makefile
+ test/Makefile.m4
+ test/README
+ test/t_dropgid.c
+ test/t_setgid.c
+ Deleted Files:
+ include/sm/stdio.h
+ include/sm/sysstat.h
+
+8.12.0/8.12.0 2001/09/08
+ *NOTICE*: The default installation of sendmail does not use
+ set-user-ID root anymore. You need to create a new user and
+ a new group before installing sendmail (both called smmsp by
+ default). The installation process tries to install
+ /etc/mail/submit.cf and creates /var/spool/clientmqueue by
+ default. Please see sendmail/SECURITY for details.
+ SECURITY: Check for group and world writable forward and :include:
+ files. These checks can be turned off if absolutely
+ necessary using the DontBlameSendmail option and the new
+ flags:
+ GroupWritableForwardFile
+ WorldWritableForwardFile
+ GroupWritableIncludeFile
+ WorldWritableIncludeFile
+ Problem noted by Slawek Zak of Politechnika Warszawska,
+ SECURITY: Drop privileges when using address test mode. Suggested
+ by Michal Zalewski of the "Internet for Schools" project
+ (IdS).
+ Fixed problem of a global variable being used for a timeout jump
+ point where the variable could become overused for more than
+ one timeout concurrently. This erroneous behavior resulted in
+ a corrupted stack causing a core dump. The timeout is now
+ handled via libsm. Problem noted by Michael Shapiro,
+ John Beck, and Carl Smith of Sun Microsystems.
+ If sendmail is set-group-ID then that group ID is used for permission
+ checks (group ID of RunAsUser). This allows use of a
+ set-group-ID sendmail binary for initial message submission
+ and no set-user-ID root sendmail is needed. For details
+ see sendmail/SECURITY.
+ Log a warning if a non-trusted user changes the syslog label.
+ Based on notice from Bryan Costales of SL3D, Inc.
+ If sendmail is called for initial delivery, try to use submit.cf
+ with a fallback of sendmail.cf as configuration file. See
+ sendmail/SECURITY.
+ New configuration file option UseMSP to allow group writable queue
+ files if the group is the same as that of a set-group-ID
+ sendmail binary. See sendmail/SECURITY.
+ The .cf file is chosen based on the operation mode. For -bm (default),
+ -bs, and -t it is submit.cf if it exists for all others it
+ is sendmail.cf (to be backward compatible). This selection
+ can be changed by the new option -Ac or -Am (alternative .cf
+ file: client or mta). See sendmail/SECURITY.
+ The SMTP server no longer forks on each MAIL command. The ONEX
+ command has been removed.
+ Implement SMTP PIPELINING per RFC 2920. It can be turned off
+ at compile time or per host (ruleset).
+ New option MailboxDatabase specifies the type of mailbox database
+ used to look up local mail recipients; the default value
+ is "pw", which means to use getpwnam(). New mailbox database
+ types can be added by adding custom code to libsm/mbdb.c.
+ Queue file names are now 15 characters long, rather than 14 characters
+ long, to accomodate envelope splitting. File systems with
+ a 14 character file name length limit are no longer
+ supported.
+ Recipient list used for delivery now gets internally ordered by
+ hostsignature (character string version of MX RR). This orders
+ recipients for the same MX RR's together meaning smaller
+ portions of the list need to be scanned (instead of the whole
+ list) each delivery() pass to determine piggybacking. The
+ significance of the change is better the larger the recipient
+ list. Hostsignature is now created during recipient list
+ creation rather than just before delivery.
+ Enhancements for more opportunistic piggybacking. Previous
+ piggybacking (called coincidental) extended to coattail
+ piggybacking. Rather than complete MX RR matching
+ (coincidental) piggybacking is done if just the lowest value
+ preference matches (coattail).
+ If sendmail receives a temporary error on a RCPT TO: command, it will
+ try other MX hosts if available.
+ DefaultAuthInfo can contain a list of mechanisms to be used for
+ outgoing (client-side) SMTP Authentication.
+ New modifier 'A' for DaemonPortOptions/ClientPortOptions to disable
+ AUTH (overrides 'a' modifier in DaemonPortOptions). Based
+ on patch from Lyndon Nerenberg of Messaging Direct.
+ Enable AUTH mechanism EXTERNAL if STARTTLS is used.
+ A new ruleset authinfo can be used to return client side
+ authentication information for AUTH instead of DefaultAuthInfo.
+ Therefore the DefaultAuthInfo option is deprecated and will be
+ removed in future versions.
+ Accept any SMTP continuation code 3xy for AUTH even though RFC 2554
+ requires 334. Mercury 1.48 is a known offender.
+ Add new option AuthMaxBits to limit the overall encryption strength
+ for the security layer in SMTP AUTH (SASL). See
+ doc/op/op.me for details.
+ Introduce new STARTTLS related macros {cn_issuer}, {cn_subject},
+ {cert_md5} which hold the CN (common name) of the CA that
+ signed the presented certificate, the CN and the MD5 hash
+ of the presented certificate, respectively.
+ New ruleset try_tls to decide whether to try (as client) STARTTLS.
+ New ruleset srv_features to enable/disable certain features in the
+ server per connection. See doc/op/op.me for details.
+ New ruleset tls_rcpt to decide whether to send e-mail to a particular
+ recipient; useful to decide whether a conection is secure
+ enough on a per recipient basis.
+ New option TLSSrvOptions to modify some aspects of the server
+ for STARTTLS.
+ If no certificate has been requested, the macro {verify} has the
+ value "NOT".
+ New M=S modifier for ClientPortOptions/DaemonPortOptions to turn off
+ using/offering STARTTLS when delivering/receiving e-mail.
+ Macro expand filenames/directories for certs and keys in the .cf file.
+ Proposed by Neil Rickert of Northern Illinois University.
+ Generate an ephemeral RSA key for a STARTTLS connection only if
+ really required. This change results in a noticable
+ performance gains on most machines. Moreover, if shared
+ memory is in use, reuse the key several times.
+ Add queue groups which can be used to group queue directories with
+ the same behavior together. See doc/op/op.me for details.
+ If the new option FastSplit (defaults to one) has a value greater
+ than zero, it suppresses the MX lookups on addresses when they
+ are initially sorted which may result in faster envelope
+ splitting. If the mail is submitted directly from the
+ command line, then the value also limits the number of
+ processes to deliver the envelopes; if more envelopes are
+ created they are only queued up and must be taken care of
+ by a queue run.
+ The check for 'enough disk space' now pays attention to which file
+ system each queue directory resides in.
+ All queue runners can be cleanly terminated via SIGTERM to parent.
+ New option QueueFileMode for the default permissions of queue files.
+ Add parallel queue runner code. Allows multiple queue runners per work
+ group (one or more queues in a multi-queue environment
+ collected together) to process the same work list at the
+ same time.
+ Option MaxQueueChildren added to limit the number of concurrently
+ active queue runner processes.
+ New option MaxRunnersPerQueue to specify the maximum number of queue
+ runners per queue group.
+ Queue member selection by substring pattern matching now allows
+ the pattern to be negated. For -qI, -qR and -qS it is
+ permissible for -q!I, -q!R and -q!S to mean remove members
+ of the queue that match during processing.
+ New -qp[time] option is similar to -qtime, except that instead of
+ periodically forking a child to process the queue, a single
+ child is forked for each queue that sleeps between queue
+ runs. A SIGHUP signal can be sent to restart this
+ persistent queue runner.
+ The SIGHUP signal now restarts a timed queue run process (i.e., a
+ sendmail process which only runs the queue at an interval:
+ sendmail -q15m).
+ New option NiceQueueRun to set the priority of queue runners.
+ Proposed by Thom O'Connor.
+ sendmail will run the queue(s) in the background when invoked with -q
+ unless the new -qf option or -v is used.
+ QueueSortOrder=Random sorts the queue randomly, which is useful if
+ several queue runners are started by hand to avoid contention.
+ QueueSortOrder=Modification sorts the queue by the modification time
+ of the qf file (older entries first).
+ Support Deliver By SMTP Service Extension (RFC 2852) which allows
+ a client to specify an amount of time within which an e-mail
+ should be delivered. New option DeliverByMin added to set the
+ minimum amount of time or disable the extension.
+ Non-printable characters (ASCII: 0-31, 127) in mailbox addresses are
+ not allowed unless escaped or quoted.
+ Add support for a generic DNS map. Based on a patch contributed
+ by Leif Johansson of Stockholm University, which was based on
+ work by Assar Westerlund of Swedish Institute of Computer
+ Science, Kista, and Johan Danielsson of Royal Institute of
+ Technology, Stockholm, Sweden.
+ MX records will be looked up for FallBackMXhost. To use the old
+ behavior (no MX lookups), put the name in square brackets.
+ Proposed by Thom O'Connor.
+ Use shared memory to store free space of filesystems that are used
+ for queues, if shared memory is available and if a key is set
+ via SharedMemoryKey. This minimizes the number of system
+ calls to check the available space. See doc/op/op.me for
+ details.
+ If shared memory is compiled in the option -bP can be used to print
+ the number of entries in the queue(s).
+ Enable generic mail filter API (milter). See libmilter/README
+ and the usual documentation for details.
+ Remove AutoRebuildAliases option, deprecated since 8.10.
+ Remove '-U' (initial user submission) command line option as
+ announced in 8.10.
+ Remove support for non-standard SMTP command XUSR. Use an MSA instead.
+ New macro {addr_type} which contains whether the current address is
+ an envelope sender or recipient address. Suggested by
+ Neil Rickert of Northern Illinois University.
+ Two new options for host maps: -d (retransmission timeout),
+ -r (number of retries).
+ New option for LDAP maps: the -V<sep> allows you to specify a
+ separator such that a lookup can return both an attribute
+ and value separated by the given separator.
+ Add new operators '%', '|', '&' (modulo, binary or, binary and)
+ to map class arith.
+ If DoubleBounceAddress expands to an empty string, ``double bounces''
+ (errors that occur when sending an error message) are dropped.
+ New DontBlameSendmail options GroupReadableSASLDBFile and
+ GroupWritableSASLDBFile to relax requirements for sasldb files.
+ New DontBlameSendmail options GroupReadableKeyFile to relax
+ requirements for files containing secret keys. This is
+ necessary for the MSP if client authentification is used.
+ Properly handle quoted filenames for class files (to allow for
+ filenames with spaces).
+ Honor the resolver option RES_NOALIASES when canonifying hostnames.
+ Add macros to avoid the reuse of {if_addr} etc:
+ {if_name_out} hostname of interface of outgoing connection.
+ {if_addr_out} address of interface of outgoing connection.
+ {if_family_out} family of interface of outgoing connection.
+ The latter two are only set if the interface does not belong
+ to the loopback net.
+ Add macro {nrcpts} which holds the number of (validated) recipients.
+ DialDelay option applies only to mailers with flag 'Z'. Patch from
+ Juergen Georgi of RUS University of Stuttgart.
+ New Timeout.lhlo,auth,starttls options to limit the time waiting for
+ an answer to the LMTP LHLO, SMTP AUTH or STARTTLS command.
+ New Timeout.aconnect option to limit the overall waiting time for
+ all connections for a single delivery attempt to succeed.
+ Limit the rate recipients in the SMTP envelope are accepted once
+ a threshold number of recipients has been rejected (option
+ BadRcptThrottle). From Gregory A Lundberg of the WU-FTPD
+ Development Group.
+ New option DelayLA to delay connections if the load averages
+ exceeds the specified value. The default of 0 does not
+ change the previous behavior. A value greater than 0
+ will cause sendmail to sleep for one second on most
+ SMTP commands and before accepting connections if that
+ load average is exceeded.
+ Use a dynamic (instead of fixed-size) buffer for the list of
+ recipients that are sent during a connection to a mailer.
+ This also introduces a new mailer field 'r' which defines
+ the maximum number of recipients (defaults to 100).
+ Based on patch by Motonori Nakamura of Kyoto University.
+ Add new F=1 mailer flag to disable sending of null characters ('\0').
+ Add new F=2 mailer flag to disable use of ESMTP, using SMTP instead.
+ The deprecated [TCP] builtin mailer pathname (P=) is gone. Use [IPC]
+ instead.
+ IPC is no longer available as first mailer argument (A=) for [IPC]
+ builtin mailer pathnames. Use TCP instead.
+ PH map code updated to use the new libphclient API instead of the
+ old libqiapi library. Contributed by Mark Roth of the
+ University of Illinois at Urbana-Champaign.
+ New option DirectSubmissionModifiers to define {daemon_flags}
+ for direct (command line) submissions.
+ New M=O modifier for DaemonPortOptions to ignore the socket in
+ case of failures. Based on patch by Jun-ichiro itojun
+ Hagino of the KAME Project.
+ Add Disposition-Notification-To: (RFC 2298) to the list of headers
+ whose content is rewritten similar to Reply-To:.
+ Proposed by Andrzej Filip.
+ Use STARTTLS/AUTH=server/client for logging incoming/outgoing
+ STARTTLS/AUTH connections; log incoming connections at level
+ 9 or higher. Use AUTH/STARTTLS instead of SASL/TLS for SMTP
+ AUTH/STARTTLS related logfile entries.
+ Convert unprintable characters (and backslash) into octal or C format
+ before logging.
+ Log recipients if no message is transferred but QUIT/RSET is given
+ (at LogLevel 9/10 or higher).
+ Log discarded recipients at LogLevel 10 or higher.
+ Do not log "did not issue MAIL/EXPN/VRFY/ETRN" for connections
+ in which most commands are rejected due to check_relay or
+ TCP Wrappers if the host tries one of those commands anyway.
+ Change logging format for cloned envelopes to be similar to that for
+ DSNs ("old id: new id: clone"). Suggested by Ulrich Windl
+ of the Universitat Regensburg.
+ Added libsm, a C library of general purpose abstractions including
+ assertions, tracing and debugging with named debug categories,
+ exception handling, malloc debugging, resource pools,
+ portability abstractions, and an extensible buffered I/O
+ package. It will at some point replace libsmutil.
+ See libsm/index.html for details.
+ Fixed most memory leaks in sendmail which were previously taken
+ care of by fork() and exit().
+ Use new sm_io*() functions in place of stdio calls. Allows for
+ more consistent portablity amongst different platforms
+ new and old (from new libsm).
+ Common I/O pkg means just one buffering method needed instead of two
+ ('bf_portable' and 'bf_torek' now just 'bf').
+ Sfio no longer needed as SASL/TLS code uses sm_io*() API's.
+ New possible value 'interactive' for SuperSafe which can be used
+ together with DeliveryMode=interactive is to avoid some disk
+ synchronizations calls.
+ Add per-recipient status information to mailq -v output.
+ T_ANY queries are no longer used by sendmail.
+ When compiling with "gcc -O -Wall" specify "-DSM_OMIT_BOGUS_WARNINGS"
+ too (see include/sm/cdefs.h for more info).
+ sendmail -d now has general support for named debug categories.
+ See libsm/debug.html and section 3.4 of doc/op/op.me
+ for details.
+ Eliminate the "postmaster warning" DSNs on address parsing errors
+ such as unbalanced angle brackets or parentheses. The DSNs
+ generated by this condition were illegal (not RFC conform).
+ Problem noted by Ulrich Windl of the Universitaet Regensburg.
+ Do not issue a DSN if the ruleset localaddr resolves to the $#error
+ mailer and the recipient has hence been rejected during the
+ SMTP dialogue. Problem reported by Larry Greenfield of CMU.
+ Deal with a case of multiple deliveries on misconfigured systems
+ that do not have postmaster defined. If an email was sent
+ from an address to which a DSN cannot be returned and
+ in which at least one recipient address is non-deliverable,
+ then that email had been delivered in each queue run.
+ Problem reported by Matteo HCE Valsasna of Universita
+ degli Studi dell'Insubria.
+ The compilation options SMTP, DAEMON, and QUEUE have been removed,
+ i.e., the corresponding code is always compiled in now.
+ Log the command line in daemon/queue-run mode at LogLevel 10 and
+ higher. Suggested by Robert Harker of Harker Systems.
+ New ResolverOptions setting: WorkAroundBrokenAAAA. When
+ attempting to canonify a hostname, some broken nameservers
+ will return SERVFAIL (a temporary failure) on T_AAAA (IPv6)
+ lookups. If you want to excuse this behavior, use this new
+ flag. Suggested by Chris Foote of SE Network Access and
+ Mark Roth of the University of Illinois at
+ Urbana-Champaign.
+ Free the memory allocated by getipnodeby{addr,name}(). Problem
+ noted by Joy Latten of IBM.
+ ConnectionRateThrottle limits the number of connections per second
+ to each daemon individually, not the overall number of
+ connections.
+ Specifying only "ldap:" as an AliasFile specification will force
+ sendmail to use a default alias schema as outlined in the
+ ``USING LDAP FOR ALIASES, MAPS, and CLASSES'' section of
+ cf/README.
+ Add a new syntax for the 'F' (file class) sendmail.cf command. If
+ the first character after the class name is not a '/' or a
+ '|' and it contains an '@' (e.g., F{X}key@class:spec), the
+ rest of the line will be parsed as a map lookup. This
+ allows classes to be filled via a map lookup. See op.me
+ for more syntax information. Specifically, this can be
+ used for commands such as VIRTUSER_DOMAIN_FILE() to read
+ the list of domains via LDAP (see the ``USING LDAP FOR
+ ALIASES, MAPS, and CLASSES'' section of cf/README for an
+ example).
+ The new macro ${sendmailMTACluster} determines the LDAP cluster for
+ the default schema used in the above two items.
+ Unless DontBlameSendmail=RunProgramInUnsafeDirPath is set, log a
+ warning if a program being run from a mailer or file class
+ (e.g., F|/path/to/prog) is in an unsafe directory path.
+ Unless DontBlameSendmail=RunWritableProgram is set, log a warning
+ if a program being run from a mailer or file class
+ (e.g., F|/path/to/prog) is group or world writable.
+ Loopback interfaces (e.g., "lo0") are now probed for class {w}
+ hostnames. Setting DontProbeInterfaces to "loopback"
+ (without quotes) will disable this and return to the
+ pre-8.12 behavior of only probing non-loopback interfaces.
+ Suggested by Bryan Stansell of GNAC.
+ In accordance with RFC 2821 section 4.1.4, accept multiple
+ HELO/EHLO commands.
+ Multiple ClientPortOptions settings are now allowed, one for each
+ possible protocol family which may be used for outgoing
+ connections. Restrictions placed on one family only affect
+ outgoing connections on that particular family. Because of
+ this change, the ${client_flags} macro is not set until the
+ connection is established. Based on patch from Motonori
+ Nakamura of Kyoto University.
+ PrivacyOptions=restrictexpand instructs sendmail to drop privileges
+ when the -bv option is given by users who are neither root
+ nor the TrustedUser so users can not read private aliases,
+ forwards, or :include: files. It also will override the -v
+ (verbose) command line option.
+ If the M=b modifier is set in DaemonPortOptions and the interface
+ address can't be used for the outgoing connection, fall
+ back to the settings in ClientPortOptions (if set).
+ Problem noted by John Beck of Sun Microsystems.
+ New named config file rule check_data for DATA command (input:
+ number of recipients). Based on patch from Mark Roth of
+ the University of Illinois at Urbana-Champaign.
+ Add support for ETRN queue selection per RFC 1985. The queue group
+ can be specified using the '#' option character. For
+ example, 'ETRN #queuegroup'.
+ If an LDAP server times out or becomes unavailable, close the
+ current connection and reopen to get to one of the fallback
+ servers. Patch from Paul Hilchey of the University of
+ British Columbia.
+ Make default error number on $#error messages 550 instead of 501
+ because 501 is not allowed on all commands.
+ The .cf file option UnsafeGroupWrites is deprecated, it should be
+ replaced with the settings GroupWritableForwardFileSafe
+ and GroupWritableIncludeFileSafe in DontBlameSendmail
+ if required.
+ The deprecated ldapx map class has been removed. Use the ldap map
+ class instead.
+ Any IPv6 addresses used in configuration should be prefixed by the
+ "IPv6:" tag to identify the address properly. For example,
+ if you want to add the IPv6 address [2002:c0a8:51d2::23f4] to
+ class {w}, you would need to add [IPv6:2002:c0a8:51d2::23f4].
+ Change the $&{opMode} macro if the operation mode changes while the
+ MTA is running. For example, during a queue run.
+ Add "use_inet6" as a new ResolverOptions flag to control the
+ RES_USE_INET6 resolver option. Based on patch from Rick
+ Nelson of IBM.
+ The maximum number of commands before the MTA slows down when too
+ many "light weight" commands have been received are now
+ configurable during compile time. The current values and
+ their defaults are:
+ MAXBADCOMMANDS 25 unknown commands
+ MAXNOOPCOMMANDS 20 NOOP, VERB, ONEX, XUSR
+ MAXHELOCOMMANDS 3 HELO, EHLO
+ MAXVRFYCOMMANDS 6 VRFY, EXPN
+ MAXETRNCOMMANDS 8 ETRN
+ Setting a value to 0 disables the check. Patch from Bryan
+ Costales of SL3D, Inc.
+ The header syntax H?${MyMacro}?X-My-Header: now not only checks if
+ ${MyMacro} is defined but also that it is not empty.
+ Properly quote usernames with special characters if they are used
+ in headers. Problem noted by Kari Hurtta of the Finnish
+ Meteorological Institute.
+ Be sure to include the proper Final-Recipient: DSN header in bounce
+ messages for messages for mailing list expanded addresses
+ which are not delivered on the initial attempt.
+ Do not treat errors as sticky when doing delivery via LMTP after
+ the final dot has been sent to avoid affecting future
+ deliveries. Problem reported by Larry Greenfield of CMU.
+ New compile time flag REQUIRES_DIR_FSYNC which turns on support for
+ file systems that require to call fsync() for a directory
+ if the meta-data in it has been changed. This should be
+ set at least for ReiserFS; it is enabled by default for Linux.
+ See sendmail/README for further information.
+ Avoid file locking deadlock when updating the statistics file if
+ sendmail is signaled to terminate. Problem noted by
+ Christophe Wolfhugel of France Telecom.
+ Set the $c macro (hop count) as it is being set instead of when the
+ envelope is initialized. Problem noted by Kari Hurtta of
+ the Finnish Meteorological Institute.
+ Properly count recipients for DeliveryMode defer and queue. Fix
+ from Peter A. Friend of EarthLink.
+ Treat invalid hesiod lookups as permanent errors instead of
+ temporary errors. Problem noted by Russell McOrmond of
+ flora.ca.
+ Portability:
+ Remove support for AIX 2, which supports only 14 character
+ filenames and is outdated anyway. Suggested by
+ Valdis Kletnieks of Virginia Tech.
+ Change several settings for Irix 6: remove confSBINDIR,
+ i.e., use default /usr/sbin, change owner/group
+ of man pages and user-executable to root/sys, set
+ optimization limit to 0 (unlimited). Based on patch
+ from Ayamura Kikuchi, M.D, and proposal from Kari
+ Hurtta of the Finnish Meteorological Institute.
+ Do not assume LDAP support is installed by default under
+ Solaris 8 and later.
+ Add support for OpenUNIX.
+ CONFIG: Increment version number of config file to 10.
+ CONFIG: Add an install target and a README file in cf/cf.
+ CONFIG: Don't accept addresses of the form a@b@, a@b@c, a@[b]c, etc.
+ CONFIG: Reject empty recipient addresses (in check_rcpt).
+ CONFIG: The access map uses an option of -T<TMPF> to deal with
+ temporary lookup failures.
+ CONFIG: New value for access map: SKIP, which causes the default
+ action to be taken by aborting the search for domain names
+ or IP nets.
+ CONFIG: check_rcpt can deal with TEMPFAIL for either recipient or
+ relay address as long as the other part allows the email
+ to get through.
+ CONFIG: Entries for virtusertable can make use of a third parameter
+ "%3" which contains "+detail" of a wildcard match, i.e., an
+ entry like user+*@domain. This allows handling of details by
+ using %1%3 as the RHS. Additionally, a "+" wildcard has been
+ introduced to match only non-empty details of addresses.
+ CONFIG: Numbers for rulesets used by MAILERs have been removed
+ and hence there is no required order within the MAILER
+ section anymore except for MAILER(`uucp') which must come
+ after MAILER(`smtp') if uucp-dom and uucp-uudom are used.
+ CONFIG: Hosts listed in the generics domain class {G}
+ (GENERICS_DOMAIN() and GENERICS_DOMAIN_FILE()) are treated
+ as canonical. Suggested by Per Hedeland of Ericsson.
+ CONFIG: If FEATURE(`delay_checks') is used, make sure that a lookup
+ in the access map which returns OK or RELAY actually
+ terminates check_* ruleset checking.
+ CONFIG: New tag TLS_Rcpt: for access map to be used by ruleset
+ tls_rcpt, see cf/README for details.
+ CONFIG: Change format of Received: header line which reveals whether
+ STARTTLS has been used to "(version=${tls_version}
+ cipher=${cipher} bits=${cipher_bits} verify=${verify})".
+ CONFIG: Use "Spam:" as tag for lookups for FEATURE(`delay_checks')
+ options friends/haters instead of "To:" and enable
+ specification of whole domains instead of just users.
+ Notice: this change is not backward compatible.
+ Suggested by Chris Adams from HiWAAY Informations Services.
+ CONFIG: Allow for local extensions for most new rulesets, see
+ cf/README for details.
+ CONFIG: New FEATURE(`lookupdotdomain') to lookup also .domain in
+ the access map. Proposed by Randall Winchester of the
+ University of Maryland.
+ CONFIG: New FEATURE(`local_no_masquerade') to avoid masquerading for
+ the local mailer. Proposed by Ingo Brueckl of Wupper Online.
+ CONFIG: confRELAY_MSG/confREJECT_MSG can override the default
+ messages for an unauthorized relaying attempt/for access
+ map entries with RHS REJECT, respectively.
+ CONFIG: FEATURE(`always_add_domain') takes an optional argument
+ to specify another domain to be added instead of the local one.
+ Suggested by Richard H. Gumpertz of Computer Problem
+ Solving.
+ CONFIG: confAUTH_OPTIONS allows setting of Cyrus-SASL specific
+ options, see doc/op/op.me for details.
+ CONFIG: confAUTH_MAX_BITS sets the maximum encryption strength for
+ the security layer in SMTP AUTH (SASL).
+ CONFIG: If Local_localaddr resolves to $#ok, localaddr is terminated
+ immediately.
+ CONFIG: FEATURE(`enhdnsbl') is an enhanced version of dnsbl which
+ allows checking of the return values of the DNS lookups.
+ See cf/README for details.
+ CONFIG: FEATURE(`dnsbl') allows now to specify the behavior for
+ temporary lookup failures.
+ CONFIG: New option confDELIVER_BY_MIN to specify minimum time for
+ Deliver By (RFC 2852) or to turn off the extension.
+ CONFIG: New option confSHARED_MEMORY_KEY to set the key for shared
+ memory use.
+ CONFIG: New FEATURE(`compat_check') to look up a key consisting
+ of the sender and the recipient address delimited by the
+ string "<@>", e.g., sender@sdomain<@>recipient@rdomain,
+ in the access map. Based on code contributed by Mathias
+ Koerber of Singapore Telecommunications Ltd.
+ CONFIG: Add EXPOSED_USER_FILE() command to allow an exposed user
+ file. Suggested by John Beck of Sun Microsystems.
+ CONFIG: Don't use MAILER-DAEMON for error messages delivered
+ via LMTP. Problem reported by Larry Greenfield of CMU.
+ CONFIG: New FEATURE(`preserve_luser_host') to preserve the name of
+ the recipient host if LUSER_RELAY is used.
+ CONFIG: New FEATURE(`preserve_local_plus_detail') to preserve the
+ +detail portion of the address when passing address to
+ local delivery agent. Disables alias and .forward +detail
+ stripping. Only use if LDA supports this.
+ CONFIG: Removed deprecated FEATURE(`rbl').
+ CONFIG: Add LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE()
+ which allow you to specify 'equivalent' hosts for LDAP
+ Routing lookups. Equivalent hostnames are replaced by the
+ masquerade domain name for lookups. See cf/README for
+ additional details.
+ CONFIG: Add a fourth argument to FEATURE(`ldap_routing') which
+ instructs the rulesets on what to do if the address being
+ looked up has +detail information. See cf/README for more
+ information.
+ CONFIG: When chosing a new destination via LDAP Routing, also look
+ up the new routing address/host in the mailertable. Based
+ on patch from Don Badrak of the United States Census Bureau.
+ CONFIG: Do not reject the SMTP Mail from: command if LDAP Routing
+ is in use and the bounce option is enabled. Only reject
+ recipients as user unknown.
+ CONFIG: Provide LDAP support for the remaining database map
+ features. See the ``USING LDAP FOR ALIASES AND MAPS''
+ section of cf/README for more information.
+ CONFIG: Add confLDAP_CLUSTER which defines the ${sendmailMTACluster}
+ macro used for LDAP searches as described above in ``USING
+ LDAP FOR ALIASES, MAPS, AND CLASSES''.
+ CONFIG: confCLIENT_OPTIONS has been replaced by CLIENT_OPTIONS(),
+ which takes the options as argument and can be used
+ multiple times; see cf/README for details.
+ CONFIG: Add configuration macros for new options:
+ confBAD_RCPT_THROTTLE BadRcptThrottle
+ confDIRECT_SUBMISSION_MODIFIERS DirectSubmissionModifiers
+ confMAILBOX_DATABASE MailboxDatabase
+ confMAX_QUEUE_CHILDREN MaxQueueChildren
+ confMAX_RUNNERS_PER_QUEUE MaxRunnersPerQueue
+ confNICE_QUEUE_RUN NiceQueueRun
+ confQUEUE_FILE_MODE QueueFileMode
+ confFAST_SPLIT FastSplit
+ confTLS_SRV_OPTIONS TLSSrvOptions
+ See above (and related documentation) for further information.
+ CONFIG: Add configuration variables for new timeout options:
+ confTO_ACONNECT Timeout.aconnect
+ confTO_AUTH Timeout.auth
+ confTO_LHLO Timeout.lhlo
+ confTO_STARTTLS Timeout.starttls
+ CONFIG: Add configuration macros for mail filter API:
+ confINPUT_MAIL_FILTERS InputMailFilters
+ confMILTER_LOG_LEVEL Milter.LogLevel
+ confMILTER_MACROS_CONNECT Milter.macros.connect
+ confMILTER_MACROS_HELO Milter.macros.helo
+ confMILTER_MACROS_ENVFROM Milter.macros.envfrom
+ confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt
+ Mail filters can be defined via INPUT_MAIL_FILTER() and
+ MAIL_FILTER(). See libmilter/README, cf/README, and
+ doc/op/op.me for details.
+ CONFIG: Add support for accepting temporarily unresolvable domains.
+ See cf/README for details. Based on patch by Motonori
+ Nakamura of Kyoto University.
+ CONFIG: confDEQUOTE_OPTS can be used to specify options for the
+ dequote map.
+ CONFIG: New macro QUEUE_GROUP() to define queue groups.
+ CONFIG: New FEATURE(`queuegroup') to select a queue group based
+ on the full e-mail address or the domain of the recipient.
+ CONFIG: Any IPv6 addresses used in configuration should be prefixed
+ by the "IPv6:" tag to identify the address properly. For
+ example, if you want to use the IPv6 address
+ 2002:c0a8:51d2::23f4 in the access database, you would need
+ to use IPv6:2002:c0a8:51d2::23f4 on the left hand side.
+ This affects the access database as well as the
+ relay-domains and local-host-names files.
+ CONFIG: OSTYPE(aux) has been renamed to OSTYPE(a-ux).
+ CONFIG: Avoid expansion of m4 keywords in SMART_HOST.
+ CONFIG: Add MASQUERADE_EXCEPTION_FILE() for reading masquerading
+ exceptions from a file. Suggested by Trey Breckenridge of
+ Mississippi State University.
+ CONFIG: Add LOCAL_USER_FILE() for reading local users
+ (LOCAL_USER() -- $={L}) entries from a file.
+ CONTRIB: dnsblaccess.m4 is a further enhanced version of enhdnsbl.m4
+ which allows to lookup error codes in the access map.
+ Contributed by Neil Rickert of Northern Illinois University.
+ DEVTOOLS: Add new options for installation of include and library
+ files: confINCGRP, confINCMODE, confINCOWN, confLIBGRP,
+ confLIBMODE, confLIBOWN.
+ DEVTOOLS: Add new option confDONT_INSTALL_CATMAN to turn off
+ installation of the the formatted man pages on operating
+ systems which don't include cat directories.
+ EDITMAP: New program for editing maps as supplement to makemap.
+ MAIL.LOCAL: Mail.local now uses the libsm mbdb package to look up
+ local mail recipients. New option -D mbdb specifies the
+ mailbox database type.
+ MAIL.LOCAL: New option "-h filename" which instructs mail.local to
+ deliver the mail to the named file in the user's home
+ directory instead of the system mail spool area. Based on
+ patch from Doug Hardie of the Los Angeles Free-Net.
+ MAILSTATS: New command line option -P which acts the same as -p but
+ doesn't truncate the statistics file.
+ MAKEMAP: Add new option -t to specify a different delimiter
+ instead of white space.
+ RMAIL: Invoke sendmail with '-G' to indicate this is a gateway
+ submission. Problem noted by Kari Hurtta of the Finnish
+ Meteorological Institute.
+ SMRSH: Use the vendor supplied directory on FreeBSD 3.3 and later.
+ VACATION: Change Auto-Submitted: header value from auto-generated to
+ auto-replied. From Kenneth Murchison of Oceana Matrix Ltd.
+ VACATION: New option -d to send error/debug messages to stdout
+ instead of syslog.
+ VACATION: New option -U which prevents the attempt to lookup login
+ in the password file. The -f and -m options must be used
+ to specify the database and message file since there is no
+ home directory for the default settings for these options.
+ VACATION: Vacation now uses the libsm mbdb package to look up
+ local mail recipients; it reads the MailboxDatabase option
+ from the sendmail.cf file. New option -C cffile which
+ specifies the path of the sendmail.cf file.
+ New Directories:
+ libmilter/docs
+ New Files:
+ cf/cf/README
+ cf/cf/submit.cf
+ cf/cf/submit.mc
+ cf/feature/authinfo.m4
+ cf/feature/compat_check.m4
+ cf/feature/enhdnsbl.m4
+ cf/feature/msp.m4
+ cf/feature/local_no_masquerade.m4
+ cf/feature/lookupdotdomain.m4
+ cf/feature/preserve_luser_host.m4
+ cf/feature/preserve_local_plus_detail.m4
+ cf/feature/queuegroup.m4
+ cf/sendmail.schema
+ contrib/dnsblaccess.m4
+ devtools/M4/UNIX/sm-test.m4
+ devtools/OS/OpenUNIX.5.i386
+ editmap/*
+ include/sm/*
+ libsm/*
+ libsmutil/cf.c
+ libsmutil/err.c
+ sendmail/SECURITY
+ sendmail/TUNING
+ sendmail/bf.c
+ sendmail/bf.h
+ sendmail/sasl.c
+ sendmail/sm_resolve.c
+ sendmail/sm_resolve.h
+ sendmail/tls.c
+ Deleted Files:
+ cf/feature/rbl.m4
+ cf/ostype/aix2.m4
+ devtools/OS/AIX.2
+ include/sendmail/cdefs.h
+ include/sendmail/errstring.h
+ include/sendmail/useful.h
+ libsmutil/errstring.c
+ sendmail/bf_portable.c
+ sendmail/bf_portable.h
+ sendmail/bf_torek.c
+ sendmail/bf_torek.h
+ sendmail/clock.c
+ Renamed Files:
+ cf/cf/generic-solaris2.mc => cf/cf/generic-solaris.mc
+ cf/cf/generic-solaris2.cf => cf/cf/generic-solaris.cf
+ cf/ostype/aux.m4 => cf/ostype/a-ux.m4
+
8.11.6/8.11.6 2001/08/20
SECURITY: Fix a possible memory access violation when specifying
out-of-bounds debug parameters. Problem detected by
@@ -1643,7 +2539,7 @@ summary of the changes in that release.
CONFIG: OSTYPE(`bsdi1.0') and OSTYPE(`bsdi2.0') have been
deprecated and may be removed from a future release.
BSD/OS users should begin using OSTYPE(`bsdi').
- CONFIG: OpenBSD 2.4 installs mail.local non-set-user-id root. This
+ CONFIG: OpenBSD 2.4 installs mail.local non-set-user-ID root. This
requires a new OSTYPE(`openbsd'). From Todd C. Miller of
Courtesan Consulting.
CONFIG: New OSTYPE(`hpux11') for HP/UX 11.X.
@@ -1903,7 +2799,7 @@ summary of the changes in that release.
the others (if it exists).
DEVTOOLS: Change order of LIBS: first product specific libraries
then the default ones.
- MAIL.LOCAL: Will not be installed set-user-id root. To use mail.local
+ MAIL.LOCAL: Will not be installed set-user-ID root. To use mail.local
as local delivery agent without LMTP mode, use
MODIFY_MAILER_FLAGS(`LOCAL', `+S')
to set the S flag.
@@ -2458,7 +3354,7 @@ summary of the changes in that release.
uid and gid for user bin instead of daemon. If DefaultUser
is set in the configuration file, that value overrides this
default.
- SECURITY: Since 8.8.7, the check for non-set-user-id binaries
+ SECURITY: Since 8.8.7, the check for non-set-user-ID binaries
interfered with setting an alternate group id for the
RunAsUser option. Problem noted by Randall Winchester of
the University of Maryland.
@@ -3126,7 +4022,7 @@ summary of the changes in that release.
In some cases, errors during an SMTP session could leave files
open or locked.
Better handling of missing file descriptors (0, 1, 2) on startup.
- Better handling of non-set-user-id binaries -- avoids certain obnoxious
+ Better handling of non-set-user-ID binaries -- avoids certain obnoxious
errors during testing.
Errors in file locking of NEWDB maps had the incorrect file name
printed in the error message.
@@ -3518,7 +4414,7 @@ summary of the changes in that release.
change to the sendmail map code was made in 8.8.3. Problem
noted by Gregory Neil Shapiro.
MAKEMAP: Give warnings on file problems such as map files that are
- symbolic links; although makemap is not set-user-id root, it is
+ symbolic links; although makemap is not set-user-ID root, it is
often run as root and hence has the potential for the same
sorts of problems as alias rebuilds.
MAKEMAP: Change compilation so that it will link properly on
@@ -4304,7 +5200,7 @@ summary of the changes in that release.
Fix problem finding network interface addresses. Patch from
Motonori Nakamura.
Don't reject qf entries that are not owned by your effective uid if
- you are not running set-user-id; this makes management of
+ you are not running set-user-ID; this makes management of
certain kinds of firewall setups difficult. Patch
suggested by Eamonn Coleman of Qualcomm.
Add persistent host status. This keeps the information normally
@@ -4674,7 +5570,7 @@ summary of the changes in that release.
failure in the hosts.files map. This error caused hard
bounces when it should have requeued.
Aliases to files such as /users/bar/foo/inbox, with /users/bar/foo
- owned by bar mode 700 and inbox being set-user-id bar stopped
+ owned by bar mode 700 and inbox being set-user-ID bar stopped
working properly due to excessive paranoia. Pointed out by
John Hawkinson of Panix.
An SMTP RCPT command referencing a host that gave a nameserver
@@ -5348,7 +6244,7 @@ summary of the changes in that release.
the aliases file: use the default uid/gid instead of the
real uid/gid. This allows you to create a file owned by
and writable only by the default uid/gid that will work
- all the time (without having the set-user-id bit set). Change
+ all the time (without having the set-user-ID bit set). Change
suggested by Shau-Ping Lo and Andrew Cheng of Sun
Microsystems.
Add "DialDelay" option (no short name) to provide an "extra"
diff --git a/contrib/sendmail/cf/README b/contrib/sendmail/cf/README
index 820c60937de9..d8d4fa244636 100644
--- a/contrib/sendmail/cf/README
+++ b/contrib/sendmail/cf/README
@@ -1,28 +1,50 @@
SENDMAIL CONFIGURATION FILES
-This document describes the sendmail configuration files. This package
-requires a post-V7 version of m4; if you are running the 4.2bsd, SysV.2, or
-7th Edition version. SunOS's /usr/5bin/m4 or BSD-Net/2's m4 both work.
-GNU m4 version 1.1 or later also works. Unfortunately, the M4 on BSDI 1.0
-doesn't work -- you'll have to use a Net/2 or GNU version. GNU m4 is
-available from ftp://ftp.gnu.org/pub/gnu/m4/m4-1.4.tar.gz (check for the
-latest version). EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken (3.x
-is fine). Use GNU m4 on this platform.
-
-To get started, you may want to look at tcpproto.mc (for TCP-only sites),
-uucpproto.mc (for UUCP-only sites), and clientproto.mc (for clusters of
-clients using a single mail host). Others are versions previously used at
-Berkeley. For example, ucbvax has gone away, but ucbvax.mc demonstrates
-some interesting techniques.
-
-*******************************************************************
-*** BE SURE YOU CUSTOMIZE THESE FILES! They have some ***
-*** Berkeley-specific assumptions built in, such as the name ***
-*** of their UUCP-relay. You'll want to create your own ***
-*** domain description, and use that in place of ***
-*** domain/Berkeley.EDU.m4. ***
-*******************************************************************
+This document describes the sendmail configuration files. It
+explains how to create a sendmail.cf file for use with sendmail.
+It also describes how to set options for sendmail which are explained
+in the Sendmail Installation and Operation guide (doc/op/op.me).
+
+To get started, you may want to look at tcpproto.mc (for TCP-only
+sites) and clientproto.mc (for clusters of clients using a single
+mail host), or the generic-*.mc files as operating system-specific
+examples.
+
+Table of Content:
+
+INTRODUCTION AND EXAMPLE
+A BRIEF INTRODUCTION TO M4
+FILE LOCATIONS
+OSTYPE
+DOMAINS
+MAILERS
+FEATURES
+HACKS
+SITE CONFIGURATION
+USING UUCP MAILERS
+TWEAKING RULESETS
+MASQUERADING AND RELAYING
+USING LDAP FOR ALIASES, MAPS, AND CLASSES
+LDAP ROUTING
+ANTI-SPAM CONFIGURATION CONTROL
+STARTTLS
+SMTP AUTHENTICATION
+ADDING NEW MAILERS OR RULESETS
+ADDING NEW MAIL FILTERS
+QUEUE GROUP DEFINITIONS
+NON-SMTP BASED CONFIGURATIONS
+WHO AM I?
+ACCEPTING MAIL FOR MULTIPLE NAMES
+USING MAILERTABLES
+USING USERDB TO MAP FULL NAMES
+MISCELLANEOUS SPECIAL FEATURES
+SECURITY NOTES
+TWEAKING CONFIGURATION OPTIONS
+MESSAGE SUBMISSION PROGRAM
+FORMAT OF FILES AND MAPS
+DIRECTORY LAYOUT
+ADMINISTRATIVE DETAILS
+--------------------------+
@@ -54,7 +76,7 @@ Let's examine a typical .mc file:
divert(-1)
#
- # Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers.
+ # Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
@@ -106,11 +128,10 @@ definition appropriate for your environment.
MAILER(`local')
MAILER(`smtp')
-These describe the mailers used at the default CS site. The
-local mailer is always included automatically. Beware: MAILER
-declarations should always be at the end of the configuration file,
-and MAILER(`smtp') should always precede MAILER(`procmail'), and
-MAILER(`uucp'). The general rules are that the order should be:
+These describe the mailers used at the default CS site. The local
+mailer is always included automatically. Beware: MAILER declarations
+should always be at the end of the configuration file. The general
+rules are that the order should be:
VERSIONID
OSTYPE
@@ -118,6 +139,7 @@ MAILER(`uucp'). The general rules are that the order should be:
FEATURE
local macro definitions
MAILER
+ LOCAL_CONFIG
LOCAL_RULE_*
LOCAL_RULESETS
@@ -126,6 +148,14 @@ influence a FEATURE() should be done before that feature. For example,
a define(`PROCMAIL_MAILER_PATH', ...) should be done before
FEATURE(`local_procmail').
+*******************************************************************
+*** BE SURE YOU CUSTOMIZE THESE FILES! They have some ***
+*** Berkeley-specific assumptions built in, such as the name ***
+*** of their UUCP-relay. You'll want to create your own ***
+*** domain description, and use that in place of ***
+*** domain/Berkeley.EDU.m4. ***
+*******************************************************************
+
+----------------------------+
| A BRIEF INTRODUCTION TO M4 |
@@ -159,6 +189,20 @@ expanded. This also applies to
because ``define'' is an M4 keyword. If you want to use them, surround
them with directed quotes, `like this'.
+
+Notice:
+-------
+
+This package requires a post-V7 version of m4; if you are running the
+4.2bsd, SysV.2, or 7th Edition version. SunOS's /usr/5bin/m4 or
+BSD-Net/2's m4 both work. GNU m4 version 1.1 or later also works.
+Unfortunately, the M4 on BSDI 1.0 doesn't work -- you'll have to use a
+Net/2 or GNU version. GNU m4 is available from
+ftp://ftp.gnu.org/pub/gnu/m4/m4-1.4.tar.gz (check for the latest version).
+EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken (3.x is fine). Use GNU
+m4 on this platform.
+
+
+----------------+
| FILE LOCATIONS |
+----------------+
@@ -265,7 +309,10 @@ QUEUE_DIR [/var/spool/mqueue] The directory containing
directories. The names 'qf', 'df', and 'xf' are
reserved as specific subdirectories for the
corresponding queue file types as explained in
- doc/op/op.me.
+ doc/op/op.me. See also QUEUE GROUP DEFINITIONS.
+MSP_QUEUE_DIR [/var/spool/clientmqueue] The directory containing
+ queue files for the MSP (Mail Submission Program,
+ see sendmail/SECURITY).
STATUS_FILE [/etc/mail/statistics] The file containing status
information.
LOCAL_MAILER_PATH [/bin/mail] The program used to deliver local mail.
@@ -294,13 +341,18 @@ LOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog"
mail.
LOCAL_SHELL_DIR [$z:/] The directory search path in which the
shell should run.
+LOCAL_MAILER_QGRP [undefined] The queue group for the local mailer.
USENET_MAILER_PATH [/usr/lib/news/inews] The name of the program
used to submit news.
USENET_MAILER_FLAGS [rsDFMmn] The mailer flags for the usenet mailer.
USENET_MAILER_ARGS [-m -h -n] The command line arguments for the
- usenet mailer.
+ usenet mailer. NOTE: Some versions of inews
+ (such as those shipped with newer versions of INN)
+ use different flags. Double check the defaults
+ against the inews man page.
USENET_MAILER_MAX [100000] The maximum size of messages that will
be accepted by the usenet mailer.
+USENET_MAILER_QGRP [undefined] The queue group for the usenet mailer.
SMTP_MAILER_FLAGS [undefined] Flags added to SMTP mailer. Default
flags are `mDFMuX' for all SMTP-based mailers; the
"esmtp" mailer adds `a'; "smtp8" adds `8'; and
@@ -322,6 +374,11 @@ ESMTP_MAILER_ARGS [TCP $h] The arguments passed to the esmtp mailer.
SMTP8_MAILER_ARGS [TCP $h] The arguments passed to the smtp8 mailer.
DSMTP_MAILER_ARGS [TCP $h] The arguments passed to the dsmtp mailer.
RELAY_MAILER_ARGS [TCP $h] The arguments passed to the relay mailer.
+SMTP_MAILER_QGRP [undefined] The queue group for the smtp mailer.
+ESMTP_MAILER_QGRP [undefined] The queue group for the esmtp mailer.
+SMTP8_MAILER_QGRP [undefined] The queue group for the smtp8 mailer.
+DSMTP_MAILER_QGRP [undefined] The queue group for the dsmtp mailer.
+RELAY_MAILER_QGRP [undefined] The queue group for the relay mailer.
RELAY_MAILER_MAXMSGS [undefined] If defined, the maximum number of
messages to deliver in a single connection for the
relay mailer.
@@ -341,6 +398,7 @@ UUCP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
that ARRIVE from an address that resolves to one of
the UUCP mailers and which are converted to MIME will
be labeled with this character set.
+UUCP_MAILER_QGRP [undefined] The queue group for the UUCP mailers.
FAX_MAILER_PATH [/usr/local/lib/fax/mailfax] The program used to
submit FAX messages.
FAX_MAILER_ARGS [mailfax $u $h $f] The arguments passed to the FAX
@@ -351,6 +409,7 @@ POP_MAILER_PATH [/usr/lib/mh/spop] The pathname of the POP mailer.
POP_MAILER_FLAGS [Penu] Flags added to POP mailer. Flags lsDFMq
are always added.
POP_MAILER_ARGS [pop $u] The arguments passed to the POP mailer.
+POP_MAILER_QGRP [undefined] The queue group for the pop mailer.
PROCMAIL_MAILER_PATH [/usr/local/bin/procmail] The path to the procmail
program. This is also used by
FEATURE(`local_procmail').
@@ -364,15 +423,18 @@ PROCMAIL_MAILER_ARGS [procmail -Y -m $h $f $u] The arguments passed to
instead.
PROCMAIL_MAILER_MAX [undefined] If set, the maximum size message that
will be accepted by the procmail mailer.
+PROCMAIL_MAILER_QGRP [undefined] The queue group for the procmail mailer.
MAIL11_MAILER_PATH [/usr/etc/mail11] The path to the mail11 mailer.
MAIL11_MAILER_FLAGS [nsFx] Flags for the mail11 mailer.
MAIL11_MAILER_ARGS [mail11 $g $x $h $u] Arguments passed to the mail11
mailer.
+MAIL11_MAILER_QGRP [undefined] The queue group for the mail11 mailer.
PH_MAILER_PATH [/usr/local/etc/phquery] The path to the phquery
program.
PH_MAILER_FLAGS [ehmu] Flags for the phquery mailer. Flags nrDFM
are always set.
PH_MAILER_ARGS [phquery -- $u] -- arguments to the phquery mailer.
+PH_MAILER_QGRP [undefined] The queue group for the ph mailer.
CYRUS_MAILER_FLAGS [Ah5@/:|] The flags used by the cyrus mailer. The
flags lsDFMnPq are always included.
CYRUS_MAILER_PATH [/usr/cyrus/bin/deliver] The program used to deliver
@@ -383,6 +445,7 @@ CYRUS_MAILER_MAX [undefined] If set, the maximum size message that
will be accepted by the cyrus mailer.
CYRUS_MAILER_USER [cyrus:mail] The user and group to become when
running the cyrus mailer.
+CYRUS_MAILER_QGRP [undefined] The queue group for the cyrus mailer.
CYRUS_BB_MAILER_FLAGS [u] The flags used by the cyrusbb mailer.
The flags lsDFMnP are always included.
CYRUS_BB_MAILER_ARGS [deliver -e -m $u] The arguments passed
@@ -397,6 +460,8 @@ QPAGE_MAILER_ARGS [qpage -l0 -m -P$u] The arguments passed
to deliver qpage mail.
QPAGE_MAILER_MAX [4096] If set, the maximum size message that
will be accepted by the qpage mailer.
+QPAGE_MAILER_QGRP [undefined] The queue group for the qpage mailer.
+LOCAL_PROG_QGRP [undefined] The queue group for the prog mailer.
Note: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS:
MODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part of
@@ -407,7 +472,9 @@ the default value. Example:
MODIFY_MAILER_FLAGS(`LOCAL', `+e')
-will add the flag `e' to LOCAL_MAILER_FLAGS.
+will add the flag `e' to LOCAL_MAILER_FLAGS. Notice: there are
+several smtp mailers all of which are manipulated individually.
+See the section MAILERS for the available mailer names.
WARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS
unconditionally, i.e., without respecting any definitions in an
OSTYPE setting.
@@ -436,7 +503,7 @@ LOCAL_RELAY The site that will handle unqualified names -- that
is, names without an @domain extension.
Normally MAIL_HUB is preferred for this function.
LOCAL_RELAY is mostly useful in conjunction with
- FEATURE(stickyhost) -- see the discussion of
+ FEATURE(`stickyhost') -- see the discussion of
stickyhost below. If not set, they are assumed to
belong on this machine. This allows you to have a
central site to store a company- or department-wide
@@ -466,18 +533,14 @@ single machine sitting off somewhere, it is probably more work than
it's worth. This is just a mechanism for combining "domain dependent
knowledge" into one place.
+
+---------+
| MAILERS |
+---------+
There are fewer mailers supported in this version than the previous
version, owing mostly to a simpler world. As a general rule, put the
-MAILER definitions last in your .mc file, and always put MAILER(`smtp')
-before MAILER(`uucp') and MAILER(`procmail') -- several features and
-definitions will modify the definition of mailers, and the smtp mailer
-modifies the UUCP mailer. Moreover, MAILER(`cyrus'), MAILER(`pop'),
-MAILER(`phquery'), and MAILER(`usenet') must be defined after
-MAILER(`local').
+MAILER definitions last in your .mc file.
local The local and prog mailers. You will almost always
need these; the only exception is if you relay ALL
@@ -502,9 +565,9 @@ uucp The UNIX-to-UNIX Copy Program mailer. Actually, this
"uucp-new" (a.k.a. "suucp"). The latter is for when you
know that the UUCP mailer at the other end can handle
multiple recipients in one transfer. If the smtp mailer
- is also included in your configuration, two other mailers
- ("uucp-dom" and "uucp-uudom") are also defined [warning:
- you MUST specify MAILER(smtp) before MAILER(uucp)]. When you
+ is included in your configuration, two other mailers
+ ("uucp-dom" and "uucp-uudom") are also defined [warning: you
+ MUST specify MAILER(`smtp') before MAILER(`uucp')]. When you
include the uucp mailer, sendmail looks for all names in
class {U} and sends them to the uucp-old mailer; all
names in class {Y} are sent to uucp-new; and all
@@ -545,6 +608,9 @@ procmail An interface to procmail (does not come with sendmail).
If you use this with FEATURE(`local_procmail'), the FEATURE
should be listed first.
+ Of course there are other ways to solve this particular
+ problem, e.g., a catch-all entry in a virtusertable.
+
mail11 The DECnet mail11 mailer, useful only if you have the mail11
program from gatekeeper.dec.com:/pub/DEC/gwtools (and
DECnet, of course). This is for Phase IV DECnet support;
@@ -558,11 +624,12 @@ phquery The phquery program. This is somewhat counterintuitively
cyrus The cyrus and cyrusbb mailers. The cyrus mailer delivers to
a local cyrus user. this mailer can make use of the
- "user+detail@local.host" syntax; it will deliver the mail to
- the user's "detail" mailbox if the mailbox's ACL permits.
- The cyrusbb mailer delivers to a system-wide cyrus mailbox
- if the mailbox's ACL permits. The cyrus mailer must be
- defined after the local mailer.
+ "user+detail@local.host" syntax (see
+ FEATURE(`preserve_local_plus_detail')); it will deliver the
+ mail to the user's "detail" mailbox if the mailbox's ACL
+ permits. The cyrusbb mailer delivers to a system-wide
+ cyrus mailbox if the mailbox's ACL permits. The cyrus
+ mailer must be defined after the local mailer.
qpage A mailer for QuickPage, a pager interface. See
http://www.qpage.org/ for further information.
@@ -585,7 +652,7 @@ example, the .mc line:
FEATURE(`use_cw_file')
tells sendmail that you want to have it read an /etc/mail/local-host-names
-file to get values for class {w}. The FEATURE may contain up to 9
+file to get values for class {w}. A FEATURE may contain up to 9
optional parameters -- for example:
FEATURE(`mailertable', `dbm /usr/lib/mailertable')
@@ -600,6 +667,11 @@ if you specify an argument to a FEATURE. DATABASE_MAP_TYPE is only used
if no argument is given for the FEATURE. It must be specified before any
feature that uses a map.
+Also, features which can take a map definition as an argument can also take
+the special keyword `LDAP'. If that keyword is used, the map will use the
+LDAP definition described in the ``USING LDAP FOR ALIASES, MAPS, AND
+CLASSES'' section below.
+
Available features are:
use_cw_file Read the file /etc/mail/local-host-names file to get
@@ -627,7 +699,7 @@ nouucp Don't route UUCP addresses. This feature takes one
part unless it originates from a system
that is allowed to relay.
`nospecial': don't do anything special with "!".
- Warnings: 1. See the NOTICE in the ANTI-SPAM section.
+ Warnings: 1. See the notice in the anti-spam section.
2. don't remove "!" from OperatorChars if `reject' is
given as parameter.
@@ -752,7 +824,8 @@ always_add_domain
mail. Normally it is not added on unqualified names.
However, if you use a shared message store but do not use
the same user name space everywhere, you may need the host
- name on local names.
+ name on local names. An optional argument specifies
+ another domain to be added than the local.
allmasquerade If masquerading is enabled (using MASQUERADE_AS), this
feature will cause recipient addresses to also masquerade
@@ -793,18 +866,26 @@ masquerade_entire_domain
NOTE: only domains within your jurisdiction and
current hierarchy should be masqueraded using this.
+local_no_masquerade
+ This feature prevents the local mailer from masquerading even
+ if MASQUERADE_AS is used. MASQUERADE_AS will only have effect
+ on addresses of mail going outside the local domain.
+
genericstable This feature will cause unqualified addresses (i.e., without
a domain) and addresses with a domain listed in class {G}
to be looked up in a map and turned into another ("generic")
form, which can change both the domain name and the user name.
- This is similar to the userdb functionality. The same types of
- addresses as for masquerading are looked up, i.e., only header
- sender addresses unless the allmasquerade and/or
- masquerade_envelope features are given. Qualified addresses
- must have the domain part in class {G}; entries can
- be added to this class by the macros GENERICS_DOMAIN or
- GENERICS_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
- MASQUERADE_DOMAIN_FILE, see below).
+ Notice: if you use an MSP (as it is default starting with
+ 8.12), the MTA will only receive qualified addresses from the
+ MSP (as required by the RFCs). Hence you need to add your
+ domain to class {G}. This feature is similar to the userdb
+ functionality. The same types of addresses as for
+ masquerading are looked up, i.e., only header sender
+ addresses unless the allmasquerade and/or masquerade_envelope
+ features are given. Qualified addresses must have the domain
+ part in class {G}; entries can be added to this class by the
+ macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE (analogously
+ to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below).
The argument of FEATURE(`genericstable') may be the map
definition; the default map definition is:
@@ -839,8 +920,8 @@ virtusertable A domain-specific form of aliasing, allowing multiple
info@foo.com foo-info
info@bar.com bar-info
- joe@bar.com error:nouser No such user here
- jax@bar.com error:D.S.N:unavailable Address invalid
+ joe@bar.com error:nouser 550 No such user here
+ jax@bar.com error:5.7.0:550 Address invalid
@baz.org jane@example.net
then mail addressed to info@foo.com will be sent to the
@@ -849,7 +930,7 @@ virtusertable A domain-specific form of aliasing, allowing multiple
will be sent to jane@example.net, mail to joe@bar.com will
be rejected with the specified error message, and mail to
jax@bar.com will also have a RFC 1893 compliant error code
- D.S.N.
+ 5.7.0.
The username from the original address is passed
as %1 allowing:
@@ -858,19 +939,24 @@ virtusertable A domain-specific form of aliasing, allowing multiple
meaning someone@foo.org will be sent to someone@example.com.
Additionally, if the local part consists of "user+detail"
- then "detail" is passed as %2 when a match against user+*
- is attempted, so entries like
+ then "detail" is passed as %2 and "+detail" is passed as %3
+ when a match against user+* is attempted, so entries like
old+*@foo.org new+%2@example.com
gen+*@foo.org %2@example.com
- +*@foo.org %1+%2@example.com
+ +*@foo.org %1%3@example.com
+ X++@foo.org Z%3@example.com
+ @bar.org %1%3
and other forms are possible. Note: to preserve "+detail"
- for a default case (@domain) +*@domain must be used as
- exemplified above.
+ for a default case (@domain) %1%3 must be used as RHS.
+ There are two wildcards after "+": "+" matches only a non-empty
+ detail, "*" matches also empty details, e.g., user+@foo.org
+ matches +*@foo.org but not ++@foo.org. This can be used
+ to ensure that the parameters %2 and %3 are not empty.
All the host names on the left hand side (foo.com, bar.com,
- and baz.org) must be in class {w} or class {VirtHost}, the
+ and baz.org) must be in class {w} or class {VirtHost}. The
latter can be defined by the macros VIRTUSER_DOMAIN or
VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
MASQUERADE_DOMAIN_FILE, see below). If VIRTUSER_DOMAIN or
@@ -1025,13 +1111,13 @@ relay_based_on_MX
relay_mail_from
Allows relaying if the mail sender is listed as RELAY in
the access map. If an optional argument `domain' is given,
- the domain portion of the mail sender is checked too.
- This should only be used if absolutely necessary as the
- sender address can be easily forged. Use of this feature
- requires the "From:" tag be prepended to the key in the
- access map; see the discussion of tags and
- FEATURE(`relay_mail_from') in the section on ANTI-SPAM
- CONFIGURATION CONTROL.
+ relaying can be allowed just based on the domain portion
+ of the sender address. This feature should only be used if
+ absolutely necessary as the sender address can be easily
+ forged. Use of this feature requires the "From:" tag be
+ prepended to the key in the access map; see the discussion
+ of tags and FEATURE(`relay_mail_from') in the section on
+ anti-spam configuration control.
relay_local_from
Allows relaying if the domain portion of the mail sender
@@ -1066,13 +1152,15 @@ accept_unresolvable_domains
access_db Turns on the access database feature. The access db gives
you the ability to allow or refuse to accept mail from
- specified domains for administrative reasons. By default,
- the access database specification is:
+ specified domains for administrative reasons. Moreover,
+ it can control the behavior of sendmail in various situations.
+ By default, the access database specification is:
- hash /etc/mail/access
+ hash -T<TMPF> /etc/mail/access
- The format of the database is described in the anti-spam
- configuration control section later in this document.
+ See the anti-spam configuration control section for further
+ important information about this feature. Notice:
+ "-T<TMPF>" is meant literal, do not replace it by anything.
blacklist_recipients
Turns on the ability to block incoming mail for certain
@@ -1087,25 +1175,27 @@ delay_checks The rulesets check_mail and check_relay will not be called
when a client connects or issues a MAIL command, respectively.
Instead, those rulesets will be called by the check_rcpt
ruleset; they will be skipped under certain circumstances.
- See "Delay all checks" in "ANTI-SPAM CONFIGURATION CONTROL".
-
-rbl This feature is deprecated! Please use dnsbl instead.
- Turns on rejection of hosts found in the Realtime Blackhole
- List. If an argument is provided it is used as the domain
- in which blocked hosts are listed; otherwise, the main RBL
- domain rbl.maps.vix.com is used (see NOTE below). For
- details, see http://maps.vix.com/rbl/.
+ See "Delay all checks" in the anti-spam configuration control
+ section. Note: this feature is incompatible to the versions
+ in 8.10 and 8.11.
dnsbl Turns on rejection of hosts found in an DNS based rejection
list. If an argument is provided it is used as the domain
in which blocked hosts are listed; otherwise it defaults to
blackholes.mail-abuse.org. An explanation for an DNS based
- rejection list can be found http://mail-abuse.org/rbl/. A
- second argument can be used to change the default error
- message of Mail from $&{client_addr} refused by blackhole site
- SERVER where SERVER is replaced by the first argument. This
- feature can be included several times to query different DNS
- based rejection lists.
+ rejection list can be found at http://mail-abuse.org/rbl/.
+ A second argument can be used to change the default error
+ message. Without that second argument, the error message
+ will be
+ Mail from IP-ADDRESS refused by blackhole site SERVER
+ where IP-ADDRESS and SERVER are replaced by the appropriate
+ information. By default, temporary lookup failures are
+ ignored. This behavior can be changed by specifying a
+ third argument, which must be either `t' or a full error
+ message. See the anti-spam configuration control section for
+ an example. The dnsbl feature can be included several times
+ to query different DNS based rejection lists. See also
+ enhdnsbl for an enhanced version.
NOTE: The default DNS blacklist, blackholes.mail-abuse.org,
is a service offered by the Mail Abuse Prevention System
@@ -1114,6 +1204,30 @@ dnsbl Turns on rejection of hosts found in an DNS based rejection
haven't subscribed. Contact MAPS to subscribe
(http://mail-abuse.org/).
+enhdnsbl Enhanced version of dnsbl (see above). Further arguments
+ (up to 5) can be used to specify specific return values
+ from lookups. Temporary lookup failures are ignored unless
+ a third argument is given, which must be either `t' or a full
+ error message. By default, any successful lookup will
+ generate an error. Otherwise the result of the lookup is
+ compared with the supplied argument(s), and only if a match
+ occurs an error is generated. For example,
+
+ FEATURE(`enhdnsbl', `dnsbl.example.com', `', `t', `127.0.0.2.')
+
+ will reject the e-mail if the lookup returns the value
+ ``127.0.0.2.'', or generate a 451 response if the lookup
+ temporarily failed. The arguments can contain metasymbols
+ as they are allowed in the LHS of rules. As the example
+ shows, the default values are also used if an empty argument,
+ i.e., `', is specified. This feature requires that sendmail
+ has been compiled with the flag DNSMAP (see sendmail/README).
+
+lookupdotdomain Look up also .domain in the access map. This allows to
+ match only subdomains. It does not work well with
+ FEATURE(`relay_hosts_only'), because most lookups for
+ subdomains are suppressed by the latter feature.
+
loose_relay_check
Normally, if % addressing is used for a recipient, e.g.
user%site@othersite, and othersite is in class {R}, the
@@ -1121,11 +1235,69 @@ loose_relay_check
user@site for relaying. This feature changes that
behavior. It should not be needed for most installations.
+authinfo Provide a separate map for client side authentication
+ information. See SMTP AUTHENTICATION for details.
+ By default, the authinfo database specification is:
+
+ hash /etc/mail/authinfo
+
+preserve_luser_host
+ Preserve the name of the recipient host if LUSER_RELAY is
+ used. Without this option, the domain part of the
+ recipient address will be replaced by the host specified as
+ LUSER_RELAY. This feature only works if the hostname is
+ passed to the mailer (see mailer triple in op.me). Note
+ that in the default configuration the local mailer does not
+ receive the hostname, i.e., the mailer triple has an empty
+ hostname.
+
+preserve_local_plus_detail
+ Preserve the +detail portion of the address when passing
+ address to local delivery agent. Disables alias and
+ .forward +detail stripping (e.g., given user+detail, only
+ that address will be looked up in the alias file; user+* and
+ user will not be looked up). Only use if the local
+ delivery agent in use supports +detail addressing.
+
+compat_check Enable ruleset check_compat to look up pairs of addresses
+ with the Compat: tag -- Compat:sender<@>recipient -- in the
+ access map. Valid values for the RHS include
+ DISCARD silently discard recipient
+ TEMP: return a temporary error
+ ERROR: return a permanent error
+ In the last two cases, a 4xy/5xy SMTP reply code should
+ follow the colon.
+
no_default_msa Don't generate the default MSA daemon, i.e.,
DAEMON_OPTIONS(`Port=587,Name=MSA,M=E')
To define a MSA daemon with other parameters, use this
FEATURE and introduce new settings via DAEMON_OPTIONS().
+msp Defines config file for Message Submission Program.
+ See sendmail/SECURITY for details and cf/cf/submit.mc
+ how to use it. An optional argument can be used to
+ override the default of `localhost' to use as host to send
+ all e-mails to. If `MSA' is specified as second argument
+ then port 587 is used to contact the server. Example:
+
+ FEATURE(`msp', `', `MSA')
+
+ Some more hints about possible changes can be found below
+ in the section MESSAGE SUBMISSION PROGRAM.
+
+queuegroup A simple example how to select a queue group based
+ on the full e-mail address or the domain of the
+ recipient. Selection is done via entries in the
+ access map using the tag QGRP:, for example:
+
+ QGRP:example.com main
+ QGRP:friend@some.org others
+ QGRP:my.domain local
+
+ where "main", "others", and "local" are names of
+ queue groups. If an argument is specified, it is used
+ as default queue group.
+
+-------+
| HACKS |
+-------+
@@ -1146,7 +1318,7 @@ subdomains.
*****************************************************
* This section is really obsolete, and is preserved *
* only for back compatibility. You should plan on *
- * using mailertables for new installations. In *
+ * using mailertables for new installations. In *
* particular, it doesn't work for the newer forms *
* of UUCP mailers, such as uucp-uudom. *
*****************************************************
@@ -1237,7 +1409,8 @@ The four mailers are:
uucp-dom
This UUCP mailer keeps everything as domain addresses.
Basically, it uses the SMTP mailer rewriting rules. This mailer
- is only included if MAILER(`smtp') is also specified.
+ is only included if MAILER(`smtp') is specified before
+ MAILER(`uucp').
Unfortunately, a lot of UUCP mailer transport agents require
bangified addresses in the envelope, although you can use
@@ -1252,7 +1425,7 @@ The four mailers are:
at all (e.g., "wolf") or the host component is a UUCP host name
instead of a domain name ("somehost!wolf" instead of
"some.dom.ain!wolf"). This is also included only if MAILER(`smtp')
- is also specified.
+ is also specified earlier.
Examples:
@@ -1378,7 +1551,10 @@ To exempt hosts or subdomains from being masqueraded, you can use
MASQUERADE_EXCEPTION(`host.domain')
This can come handy if you want to masquerade a whole domain
-except for one (or a few) host(s).
+except for one (or a few) host(s). If these names are in a file,
+you can use
+
+ MASQUERADE_EXCEPTION_FILE(`filename')
Normally only header addresses are masqueraded. If you want to
masquerade the envelope as well, use
@@ -1392,9 +1568,9 @@ You can add users to this list using
EXPOSED_USER(`usernames')
-This adds users to class {E}; you could also use something like
+This adds users to class {E}; you could also use
- FE/etc/mail/exposed-users
+ EXPOSED_USER_FILE(`filename')
You can also arrange to relay all unqualified names (that is, names
without @host) to a relay host. For example, if you have a central
@@ -1410,9 +1586,9 @@ locally aliased. You can add entries to this list using
LOCAL_USER(`usernames')
-This adds users to class {L}; you could also use something like
+This adds users to class {L}; you could also use
- FL/etc/mail/local-users
+ LOCAL_USER_FILE(`filename')
If you want all incoming mail sent to a centralized hub, as for a
shared /var/spool/mail scheme, use
@@ -1468,6 +1644,290 @@ specified with a terminal dot:
note the trailing dot ---^
++-------------------------------------------+
+| USING LDAP FOR ALIASES, MAPS, AND CLASSES |
++-------------------------------------------+
+
+LDAP can be used for aliases, maps, and classes by either specifying your
+own LDAP map specification or using the built-in default LDAP map
+specification. The built-in default specifications all provide lookups
+which match against either the machine's fully qualified hostname (${j}) or
+a "cluster". The cluster allows you to share LDAP entries among a large
+number of machines without having to enter each of the machine names into
+each LDAP entry. To set the LDAP cluster name to use for a particular
+machine or set of machines, set the confLDAP_CLUSTER m4 variable to a
+unique name. For example:
+
+ define(`confLDAP_CLUSTER', `Servers')
+
+Here, the word `Servers' will be the cluster name. As an example, assume
+that smtp.sendmail.org, etrn.sendmail.org, and mx.sendmail.org all belong
+to the Servers cluster.
+
+Some of the LDAP LDIF examples below show use of the Servers cluster.
+Every entry must have either a sendmailMTAHost or sendmailMTACluster
+attribute or it will be ignored. Be careful as mixing clusters and
+individual host records can have surprising results (see the CAUTION
+sections below).
+
+See the file cf/sendmail.schema for the actual LDAP schemas. Note that
+this schema (and therefore the lookups and examples below) is experimental
+at this point as it has had little public review. Therefore, it may change
+in future versions. Feedback via sendmail@sendmail.org is encouraged.
+
+-------
+Aliases
+-------
+
+The ALIAS_FILE (O AliasFile) option can be set to use LDAP for alias
+lookups. To use the default schema, simply use:
+
+ define(`ALIAS_FILE', `ldap:')
+
+By doing so, you will use the default schema which expands to a map
+declared as follows:
+
+ ldap -k (&(objectClass=sendmailMTAAliasObject)
+ (sendmailMTAAliasGrouping=aliases)
+ (|(sendmailMTACluster=${sendmailMTACluster})
+ (sendmailMTAHost=$j))
+ (sendmailMTAKey=%0))
+ -v sendmailMTAAliasValue
+
+NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
+used when the binary expands the `ldap:' token as the AliasFile option is
+not actually macro-expanded when read from the sendmail.cf file.
+
+Example LDAP LDIF entries might be:
+
+ dn: sendmailMTAKey=sendmail-list, dc=sendmail, dc=org
+ objectClass: sendmailMTA
+ objectClass: sendmailMTAAlias
+ objectClass: sendmailMTAAliasObject
+ sendmailMTAAliasGrouping: aliases
+ sendmailMTAHost: etrn.sendmail.org
+ sendmailMTAKey: sendmail-list
+ sendmailMTAAliasValue: ca@example.org
+ sendmailMTAAliasValue: eric
+ sendmailMTAAliasValue: gshapiro@example.com
+
+ dn: sendmailMTAKey=owner-sendmail-list, dc=sendmail, dc=org
+ objectClass: sendmailMTA
+ objectClass: sendmailMTAAlias
+ objectClass: sendmailMTAAliasObject
+ sendmailMTAAliasGrouping: aliases
+ sendmailMTAHost: etrn.sendmail.org
+ sendmailMTAKey: owner-sendmail-list
+ sendmailMTAAliasValue: eric
+
+ dn: sendmailMTAKey=postmaster, dc=sendmail, dc=org
+ objectClass: sendmailMTA
+ objectClass: sendmailMTAAlias
+ objectClass: sendmailMTAAliasObject
+ sendmailMTAAliasGrouping: aliases
+ sendmailMTACluster: Servers
+ sendmailMTAKey: postmaster
+ sendmailMTAAliasValue: eric
+
+Here, the aliases sendmail-list and owner-sendmail-list will be available
+only on etrn.sendmail.org but the postmaster alias will be available on
+every machine in the Servers cluster (including etrn.sendmail.org).
+
+CAUTION: aliases are additive so that entries like these:
+
+ dn: sendmailMTAKey=bob, dc=sendmail, dc=org
+ objectClass: sendmailMTA
+ objectClass: sendmailMTAAlias
+ objectClass: sendmailMTAAliasObject
+ sendmailMTAAliasGrouping: aliases
+ sendmailMTACluster: Servers
+ sendmailMTAKey: bob
+ sendmailMTAAliasValue: eric
+
+ dn: sendmailMTAKey=bob, dc=sendmail, dc=org
+ objectClass: sendmailMTA
+ objectClass: sendmailMTAAlias
+ objectClass: sendmailMTAAliasObject
+ sendmailMTAAliasGrouping: aliases
+ sendmailMTAHost: etrn.sendmail.org
+ sendmailMTAKey: bob
+ sendmailMTAAliasValue: gshapiro
+
+would mean that on all of the hosts in the cluster, mail to bob would go to
+eric EXCEPT on etrn.sendmail.org in which case it would go to BOTH eric and
+gshapiro.
+
+If you prefer not to use the default LDAP schema for your aliases, you can
+specify the map parameters when setting ALIAS_FILE. For example:
+
+ define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailGroup)(mail=%0)) -v mgrpRFC822MailMember')
+
+----
+Maps
+----
+
+FEATURE()'s which take an optional map definition argument (e.g., access,
+mailertable, virtusertable, etc.) can instead take the special keyword
+`LDAP', e.g.:
+
+ FEATURE(`access_db', `LDAP')
+ FEATURE(`virtusertable', `LDAP')
+
+When this keyword is given, that map will use LDAP lookups consisting of
+the objectClass sendmailMTAClassObject, the attribute sendmailMTAMapName
+with the map name, a search attribute of sendmailMTAKey, and the value
+attribute sendmailMTAMapValue.
+
+The values for sendmailMTAMapName are:
+
+ FEATURE() sendmailMTAMapName
+ --------- ------------------
+ access_db access
+ authinfo authinfo
+ bitdomain bitdomain
+ domaintable domain
+ genericstable generics
+ mailertable mailer
+ uucpdomain uucpdomain
+ virtusertable virtuser
+
+For example, FEATURE(`mailertable', `LDAP') would use the map definition:
+
+ Kmailertable ldap -k (&(objectClass=sendmailMTAMapObject)
+ (sendmailMTAMapName=mailer)
+ (|(sendmailMTACluster=${sendmailMTACluster})
+ (sendmailMTAHost=$j))
+ (sendmailMTAKey=%0))
+ -1 -v sendmailMTAMapValue
+
+An example LDAP LDIF entry using this map might be:
+
+ dn: sendmailMTAMapName=mailer, dc=sendmail, dc=org
+ objectClass: sendmailMTA
+ objectClass: sendmailMTAMap
+ sendmailMTACluster: Servers
+ sendmailMTAMapName: mailer
+
+ dn: sendmailMTAKey=example.com, sendmailMTAMapName=mailer, dc=sendmail, dc=org
+ objectClass: sendmailMTA
+ objectClass: sendmailMTAMap
+ objectClass: sendmailMTAMapObject
+ sendmailMTAMapName: mailer
+ sendmailMTACluster: Servers
+ sendmailMTAKey: example.com
+ sendmailMTAMapValue: relay:[smtp.example.com]
+
+CAUTION: If your LDAP database contains the record above and *ALSO* a host
+specific record such as:
+
+ dn: sendmailMTAKey=example.com@etrn, sendmailMTAMapName=mailer, dc=sendmail, dc=org
+ objectClass: sendmailMTA
+ objectClass: sendmailMTAMap
+ objectClass: sendmailMTAMapObject
+ sendmailMTAMapName: mailer
+ sendmailMTAHost: etrn.sendmail.org
+ sendmailMTAKey: example.com
+ sendmailMTAMapValue: relay:[mx.example.com]
+
+then these entries will give unexpected results. When the lookup is done
+on etrn.sendmail.org, the effect is that there is *NO* match at all as maps
+require a single match. Since the host etrn.sendmail.org is also in the
+Servers cluster, LDAP would return two answers for the example.com map key
+in which case sendmail would treat this as no match at all.
+
+If you prefer not to use the default LDAP schema for your maps, you can
+specify the map parameters when using the FEATURE(). For example:
+
+ FEATURE(`access_db', `ldap:-1 -k (&(objectClass=mapDatabase)(key=%0)) -v value')
+
+-------
+Classes
+-------
+
+Normally, classes can be filled via files or programs. As of 8.12, they
+can also be filled via map lookups using a new syntax:
+
+ F{ClassName}mapkey@mapclass:mapspec
+
+mapkey is optional and if not provided the map key will be empty. This can
+be used with LDAP to read classes from LDAP. Note that the lookup is only
+done when sendmail is initially started. Use the special value `@LDAP' to
+use the default LDAP schema. For example:
+
+ RELAY_DOMAIN_FILE(`@LDAP')
+
+would put all of the attribute sendmailMTAClassValue values of LDAP records
+with objectClass sendmailMTAClass and an attribute sendmailMTAClassName of
+'R' into class $={R}. In other words, it is equivalent to the LDAP map
+specification:
+
+ F{R}@ldap:-k (&(objectClass=sendmailMTAClass)
+ (sendmailMTAClassName=R)
+ (|(sendmailMTACluster=${sendmailMTACluster})
+ (sendmailMTAHost=$j)))
+ -v sendmailMTAClassValue
+
+NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
+used when the binary expands the `@LDAP' token as class declarations are
+not actually macro-expanded when read from the sendmail.cf file.
+
+This can be used with class related commands such as RELAY_DOMAIN_FILE(),
+MASQUERADE_DOMAIN_FILE(), etc:
+
+ Command sendmailMTAClassName
+ ------- --------------------
+ CANONIFY_DOMAIN_FILE() Canonify
+ EXPOSED_USER_FILE() E
+ GENERICS_DOMAIN_FILE() G
+ LDAPROUTE_DOMAIN_FILE() LDAPRoute
+ LDAPROUTE_EQUIVALENT_FILE() LDAPRouteEquiv
+ LOCAL_USER_FILE() L
+ MASQUERADE_DOMAIN_FILE() M
+ MASQUERADE_EXCEPTION_FILE() N
+ RELAY_DOMAIN_FILE() R
+ VIRTUSER_DOMAIN_FILE() VirtHost
+
+You can also add your own as any 'F'ile class of the form:
+
+ F{ClassName}@LDAP
+ ^^^^^^^^^
+will use "ClassName" for the sendmailMTAClassName.
+
+An example LDAP LDIF entry would look like:
+
+ dn: sendmailMTAClassName=R, dc=sendmail, dc=org
+ objectClass: sendmailMTA
+ objectClass: sendmailMTAClass
+ sendmailMTACluster: Servers
+ sendmailMTAClassName: R
+ sendmailMTAClassValue: sendmail.org
+ sendmailMTAClassValue: example.com
+ sendmailMTAClassValue: 10.56.23
+
+CAUTION: If your LDAP database contains the record above and *ALSO* a host
+specific record such as:
+
+ dn: sendmailMTAClassName=R@etrn.sendmail.org, dc=sendmail, dc=org
+ objectClass: sendmailMTA
+ objectClass: sendmailMTAClass
+ sendmailMTAHost: etrn.sendmail.org
+ sendmailMTAClassName: R
+ sendmailMTAClassValue: example.com
+
+the result will be similar to the aliases caution above. When the lookup
+is done on etrn.sendmail.org, $={R} would contain all of the entries (from
+both the cluster match and the host match). In other words, the effective
+is additive.
+
+If you prefer not to use the default LDAP schema for your classes, you can
+specify the map parameters when using the class command. For example:
+
+ VIRTUSER_DOMAIN_FILE(`@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host')
+
+Remember, macros can not be used in a class declaration as the binary does
+not expand them.
+
+
+--------------+
| LDAP ROUTING |
+--------------+
@@ -1483,19 +1943,33 @@ LDAPROUTE_DOMAIN(), e.g.:
LDAPROUTE_DOMAIN(`example.com')
+Additionally, you can specify equivalent domains for LDAP routing using
+LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE(). 'Equivalent'
+hostnames are mapped to $M (the masqueraded hostname for the server) before
+the LDAP query. For example, if the mail is addressed to
+user@host1.example.com, normally the LDAP lookup would only be done for
+'user@host1.example.com' and '@host1.example.com'. However, if
+LDAPROUTE_EQUIVALENT(`host1.example.com') is used, the lookups would also be
+done on 'user@example.com' and '@example.com' after attempting the
+host1.example.com lookups.
+
By default, the feature will use the schemas as specified in the draft
and will not reject addresses not found by the LDAP lookup. However,
this behavior can be changed by giving additional arguments to the FEATURE()
command:
- FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>)
+ FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>, <detail>)
where <mailHost> is a map definition describing how to lookup an alternative
mail host for a particular address; <mailRoutingAddress> is a map definition
-describing how to lookup an alternative address for a particular address; and
+describing how to lookup an alternative address for a particular address;
the <bounce> argument, if present and not the word "passthru", dictates
that mail should be bounced if neither a mailHost nor mailRoutingAddress
-is found.
+is found; and <detail> indicates what actions to take if the address
+contains +detail information -- `strip' tries the lookup with the +detail
+and if no matches are found, strips the +detail and tries the lookup again;
+`preserve', does the same as `strip' but if a mailRoutingAddress match is
+found, the +detail information is copied to the new address.
The default <mailHost> map definition is:
@@ -1537,7 +2011,10 @@ address:
original address *OR*
bounced as unknown user
-The term "local" host above means the host specified is in class {w}.
+The term "local" host above means the host specified is in class {w}. If
+the result would mean sending the mail to a different host, that host is
+looked up in the mailertable before delivery.
+
Note that the last case depends on whether the third argument is given
to the FEATURE() command. The default is to deliver the message to the
original address.
@@ -1547,7 +2024,7 @@ inetLocalMailRecipient and the address be listed in a mailLocalAddress
attribute. If present, there must be only one mailHost attribute and it
must contain a fully qualified host name as its value. Similarly, if
present, there must be only one mailRoutingAddress attribute and it must
-contain an RFC 822 compliant address. Some example LDAP records (in ldif
+contain an RFC 822 compliant address. Some example LDAP records (in LDIF
format):
dn: uid=tom, o=example.com, c=US
@@ -1563,7 +2040,8 @@ This would deliver mail for tom@example.com to thomas@mailhost.example.com.
mailHost: eng.example.com
This would relay mail for dick@example.com to the same address but redirect
-the mail to MX records listed for the host eng.example.com.
+the mail to MX records listed for the host eng.example.com (unless the
+mailertable overrides).
dn: uid=harry, o=example.com, c=US
objectClass: inetLocalMailRecipient
@@ -1604,13 +2082,22 @@ If you really want to revert to the old behaviour, you will need to use
FEATURE(`promiscuous_relay'). You can allow certain domains to relay
through your server by adding their domain name or IP address to class
{R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database
-(described below). The file consists (like any other file based class)
-of entries listed on separate lines, e.g.,
+(described below). Note that IPv6 addresses must be prefaced with "IPv6:".
+The file consists (like any other file based class) of entries listed on
+separate lines, e.g.,
sendmail.org
128.32
- 1:2:3:4:5:6:7
+ IPv6:2002:c0a8:02c7
+ IPv6:2002:c0a8:51d2::23f4
host.mydomain.com
+ [UNIX:localhost]
+
+Notice: the last entry allows relaying for connections via a UNIX
+socket to the MTA/MSP. This might be necessary if your configuration
+doesn't allow relaying by other means in that case, e.g., by having
+localhost.$m in class {R} (make sure $m is not just a top level
+domain).
If you use
@@ -1627,16 +2114,20 @@ portion of an incoming recipient address by using
For example, if your server receives a recipient of user@domain.com
and domain.com lists your server in its MX records, the mail will be
-accepted for relay to domain.com. Note that this will stop spammers
-from using your host to relay spam but it will not stop outsiders from
-using your server as a relay for their site (that is, they set up an
-MX record pointing to your mail server, and you will relay mail addressed
-to them without any prior arrangement). Along the same lines,
+accepted for relay to domain.com. This feature may cause problems
+if MX lookups for the recipient domain are slow or time out. In that
+case, mail will be temporarily rejected. It is usually better to
+maintain a list of hosts/domains for which the server acts as relay.
+Note also that this feature will stop spammers from using your host
+to relay spam but it will not stop outsiders from using your server
+as a relay for their site (that is, they set up an MX record pointing
+to your mail server, and you will relay mail addressed to them
+without any prior arrangement). Along the same lines,
FEATURE(`relay_local_from')
will allow relaying if the sender specifies a return path (i.e.
-MAIL FROM: <user@domain>) domain which is a local domain. This a
+MAIL FROM: <user@domain>) domain which is a local domain. This is a
dangerous feature as it will allow spammers to spam using your mail
server by simply specifying a return address of user@your.domain.com.
It should not be used unless absolutely necessary.
@@ -1648,10 +2139,15 @@ which allows relaying if the mail sender is listed as RELAY in the
access map. If an optional argument `domain' is given, the domain
portion of the mail sender is also checked to allowing relaying.
This option only works together with the tag From: for the LHS of
-the access map entries (see below: Finer control...).
+the access map entries (see below: Finer control...). This feature
+allows spammers to abuse your mail server by specifying a return
+address that you enabled in your access file. This may be harder
+to figure out for spammers, but it should not be used unless
+necessary. Instead use SMTP AUTH or STARTTLS to allow relaying
+for roaming users.
-If source routing is used in the recipient address (i.e.
+If source routing is used in the recipient address (e.g.,
RCPT TO: <user%site.com@othersite.com>), sendmail will check
user@site.com for relaying if othersite.com is an allowed relay host
in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used,
@@ -1679,14 +2175,30 @@ or reject those addresses.
As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has
an unresolvable domain (i.e., one that DNS, your local name service,
-or special case rules in ruleset 3 cannot locate). If you want to
-continue to accept such domains, e.g., because you are inside a
-firewall that has only a limited view of the Internet host name space
-(note that you will not be able to return mail to them unless you have
-some "smart host" forwarder), use
+or special case rules in ruleset 3 cannot locate). This also applies
+to addresses that use domain literals, e.g., <user@[1.2.3.4]>, if the
+IP address can't be mapped to a host name. If you want to continue
+to accept such domains, e.g., because you are inside a firewall that
+has only a limited view of the Internet host name space (note that you
+will not be able to return mail to them unless you have some "smart
+host" forwarder), use
FEATURE(`accept_unresolvable_domains')
+Alternatively, you can allow specific addresses by adding them to
+the access map, e.g.,
+
+ From:unresolvable.domain OK
+ From:[1.2.3.4] OK
+ From:[1.2.4] OK
+
+Notice: domains which are temporarily unresolvable are (temporarily)
+rejected with a 451 reply code. If those domains should be accepted
+(which is discouraged) then you can use
+
+ LOCAL_CONFIG
+ C{ResOk}TEMP
+
sendmail will also refuse mail if the MAIL FROM: parameter is not
fully qualified (i.e., contains a domain as well as a user). If you
want to continue to accept such senders, use
@@ -1696,7 +2208,7 @@ want to continue to accept such senders, use
Setting the DaemonPortOptions modifier 'u' overrides the default behavior,
i.e., unqualified addresses are accepted even without this FEATURE. If
this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used
-to enforce fully qualified addresses.
+to enforce fully qualified domain names.
An ``access'' database can be created to accept or reject mail from
selected domains. For example, you may choose to reject all mail
@@ -1704,10 +2216,19 @@ originating from known spammers. To enable such a database, use
FEATURE(`access_db')
-The FEATURE macro can accept a second parameter giving the key file
+Notice: the access database is applied to the envelope addresses
+and the connection information, not to the header.
+
+The FEATURE macro can accept as second parameter the key file
definition for the database; for example
- FEATURE(`access_db', `hash /etc/mail/access')
+ FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access_map')
+
+Notice: If a second argument is specified it must contain the option
+`-T<TMPF>' as shown above. The optional third and fourth parameters
+may be `skip' or `lookupdotdomain'. The former enables SKIP as
+value part (see below), the latter is another way to enable the
+feature of the same name (see above).
Remember, since /etc/mail/access is a database, after creating the text
file as described below, you must use makemap to create the database
@@ -1716,21 +2237,27 @@ map. For example:
makemap hash /etc/mail/access < /etc/mail/access
The table itself uses e-mail addresses, domain names, and network
-numbers as keys. For example,
+numbers as keys. Note that IPv6 addresses must be prefaced with "IPv6:".
+For example,
- spammer@aol.com REJECT
- cyberspammer.com REJECT
- 192.168.212 REJECT
+ spammer@aol.com REJECT
+ cyberspammer.com REJECT
+ 192.168.212 REJECT
+ IPv6:2002:c0a8:02c7 RELAY
+ IPv6:2002:c0a8:51d2::23f4 REJECT
would refuse mail from spammer@aol.com, any user from cyberspammer.com
-(or any host within the cyberspammer.com domain), and any host on the
-192.168.212.* network.
+(or any host within the cyberspammer.com domain), any host on the
+192.168.212.* network, and the IPv6 address 2002:c0a8:51d2::23f4. It would
+allow relay for the IPv6 network 2002:c0a8:02c7::/48.
The value part of the map can contain:
- OK Accept mail even if other rules in the
- running ruleset would reject it, for example,
- if the domain name is unresolvable.
+ OK Accept mail even if other rules in the running
+ ruleset would reject it, for example, if the domain
+ name is unresolvable. "Accept" does not mean
+ "relay", but at most acceptance for local
+ recipients. That is, OK allows less than RELAY.
RELAY Accept mail addressed to the indicated domain or
received from the indicated domain for relaying
through your SMTP server. RELAY also serves as
@@ -1742,10 +2269,16 @@ The value part of the map can contain:
it affects only the designated recipient, not
the whole message as it does in all other cases.
This should only be used if really necessary.
+ SKIP This can only be used for host/domain names
+ and IP addresses/nets. It will abort the current
+ search for this entry without accepting or rejecting
+ it but causing the default action.
### any text where ### is an RFC 821 compliant error code and
"any text" is a message to return for the command.
The string should be quoted to avoid surprises,
e.g., sendmail may remove spaces otherwise.
+ This type is deprecated, use one the two
+ ERROR: entries below instead.
ERROR:### any text
as above, but useful to mark error messages as such.
ERROR:D.S.N:### any text
@@ -1754,13 +2287,13 @@ The value part of the map can contain:
For example:
- cyberspammer.com ERROR:"550 We don't accept mail from spammers"
+ cyberspammer.com ERROR:550 "We don't accept mail from spammers"
okay.cyberspammer.com OK
sendmail.org RELAY
128.32 RELAY
- 1:2:3:4:5:6:7 RELAY
+ IPv6:1:2:3:4:5:6:7 RELAY
[127.0.0.3] OK
- [1:2:3:4:5:6:7:8] OK
+ [IPv6:1:2:3:4:5:6:7:8] OK
would accept mail from okay.cyberspammer.com, but would reject mail from
all other hosts at cyberspammer.com with the indicated message. It would
@@ -1768,20 +2301,22 @@ allow relaying mail from and to any hosts in the sendmail.org domain, and
allow relaying from the 128.32.*.* network and the IPv6 1:2:3:4:5:6:7:*
network. The latter two entries are for checks against ${client_name} if
the IP address doesn't resolve to a hostname (or is considered as "may be
-forged").
+forged"). That is, using square brackets means these are host names,
+not network numbers.
Warning: if you change the RFC 821 compliant error code from the default
value of 550, then you should probably also change the RFC 1893 compliant
error code to match it. For example, if you use
- user@example.com 450 mailbox full
+ user@example.com ERROR:450 mailbox full
-the error returned would be "450 4.0.0 mailbox full" which is wrong.
-Use "450 4.2.2 mailbox full" or "ERROR:4.2.2:450 mailbox full"
-instead.
+the error returned would be "450 5.0.0 mailbox full" which is wrong.
+Use "ERROR:4.2.2:450 mailbox full" instead.
Note, UUCP users may need to add hostname.UUCP to the access database
-or class {R}. If you also use:
+or class {R}.
+
+If you also use:
FEATURE(`relay_hosts_only')
@@ -1824,13 +2359,14 @@ the example from above:
Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com.
-There is also a ``Realtime Blackhole List'' run by the MAPS project
-at http://maps.vix.com/. This is a database maintained in DNS of
-spammers. To use this database, use
+There are several DNS based blacklists, the first of which was
+the RBL (``Realtime Blackhole List'') run by the MAPS project,
+see http://mail-abuse.org/. These are databases of spammers
+maintained in DNS. To use such a database, specify
FEATURE(`dnsbl')
-This will cause sendmail to reject mail from any site in the
+This will cause sendmail to reject mail from any site in the original
Realtime Blackhole List database. This default DNS blacklist,
blackholes.mail-abuse.org, is a service offered by the Mail Abuse
Prevention System (MAPS). As of July 31, 2001, MAPS is a subscription
@@ -1840,22 +2376,46 @@ subscribed. Contact MAPS to subscribe (http://mail-abuse.org/).
You can specify an alternative RBL server to check by specifying an
argument to the FEATURE. The default error message is
-You can specify an alternative RBL domain to check by specifying an
-argument to the FEATURE. The default error message is
+ Mail from IP-ADDRESS refused by blackhole site SERVER
+
+where IP-ADDRESS and SERVER are replaced by the appropriate
+information. A second argument can be used to specify a different
+text. By default, temporary lookup failures are ignored and hence
+cause the connection not to be rejected by the DNS based rejection
+list. This behavior can be changed by specifying a third argument,
+which must be either `t' or a full error message. For example:
+
+ FEATURE(`dnsbl', `dnsbl.example.com', `',
+ `"451 Temporary lookup failure for " $&{client_addr} " in dnsbl.example.com"')
+
+If `t' is used, the error message is:
- Mail from $&{client_addr} refused by blackhole site DOMAIN
+ 451 Temporary lookup failure of IP-ADDRESS at SERVER
+
+where IP-ADDRESS and SERVER are replaced by the appropriate
+information.
+
+This FEATURE can be included several times to query different
+DNS based rejection lists, e.g., the dial-up user list (see
+http://mail-abuse.org/dul/).
+
+Notice: to avoid checking your own local domains against those
+blacklists, use the access_db feature and add:
+
+ Connect:10.1 OK
+ Connect:127.0.0.1 RELAY
+
+to the access map, where 10.1 is your local network. You may
+want to use "RELAY" instead of "OK" to allow also relaying
+instead of just disabling the DNS lookups in the backlists.
-where DOMAIN is the first argument of the feature. A second argument
-can be used to specify a different text. This FEATURE can be
-included several times to query different DNS based rejection lists,
-e.g., the dial-up user list (see http://maps.vix.com/dul/).
The features described above make use of the check_relay, check_mail,
and check_rcpt rulesets. If you wish to include your own checks,
you can put your checks in the rulesets Local_check_relay,
Local_check_mail, and Local_check_rcpt. For example if you wanted to
block senders with all numeric usernames (i.e. 2312343@bigisp.com),
-you would use Local_check_mail and the new regex map:
+you would use Local_check_mail and the regex map:
LOCAL_CONFIG
Kallnumbers regex -a@MATCH ^[0-9]+$
@@ -1875,6 +2435,7 @@ appropriate action is taken. Otherwise, the results of the local
rewriting are ignored.
Finer control by using tags for the LHS of the access map
+---------------------------------------------------------
Read this section only if the options listed so far are not sufficient
for your purposes. There is now the option to tag entries in the
@@ -1886,7 +2447,8 @@ access map according to their type. Three tags are available:
If the required item is looked up in a map, it will be tried first
with the corresponding tag in front, then (as fallback to enable
-backward compatibility) without any tag. For example,
+backward compatibility) without any tag, unless the specific feature
+requires a tag. For example,
From:spammer@some.dom REJECT
To:friend.domain RELAY
@@ -1909,6 +2471,7 @@ reject mail from all other addresses with another.dom as domain
part.
Delay all checks
+----------------
By using FEATURE(`delay_checks') the rulesets check_mail and check_relay
will not be called when a client connects or issues a MAIL command,
@@ -1943,24 +2506,33 @@ FEATURE(`delay_checks') can take an optional argument:
enables spamhater test
If such an argument is given, the recipient will be looked up in the access
-map (using the tag To:). If the argument is `friend', then the other
+map (using the tag Spam:). If the argument is `friend', then the other
rulesets will be skipped if the recipient address is found and has RHS
-spamfriend. If the argument is `hater', then the other rulesets will be
-applied if the recipient address is found and has RHS spamhater.
+friend. If the argument is `hater', then the other rulesets will be
+applied if the recipient address is found and has RHS hater.
This allows for simple exceptions from the tests, e.g., by activating
-the spamfriend option and having
+the friend option and having
- To:abuse@ SPAMFRIEND
+ Spam:abuse@ FRIEND
in the access map, mail to abuse@localdomain will get through. It is
also possible to specify a full address or an address with +detail:
- To:abuse@abuse.my.domain SPAMFRIEND
- To:me+abuse@ SPAMFRIEND
+ Spam:abuse@my.domain FRIEND
+ Spam:me+abuse@ FRIEND
+ Spam:spam.domain FRIEND
+Note: The required tag has been changed in 8.12 from To: to Spam:.
+This change is incompatible to previous versions. However, you can
+(for now) simply add the new entries to the access map, the old
+ones will be ignored. As soon as you removed the old entries from
+the access map, specify a third parameter (`n') to this feature and
+the backward compatibility rules will not be in the generated .cf
+file.
Header Checks
+-------------
You can also reject mail on the basis of the contents of headers.
This is done by adding a ruleset call to the 'H' header definition command
@@ -1987,10 +2559,14 @@ defined for them can be given by:
H*: $>CheckHdr
-Notice: All rules act on tokens as explained in doc/op/op.{me,ps,txt}.
+Notice:
+1. All rules act on tokens as explained in doc/op/op.{me,ps,txt}.
That may cause problems with simple header checks due to the
-tokenization. It might be simpler to use a regex map and apply it
+tokenization. It might be simpler to use a regex map and apply it
to $&{currHeader}.
+2. There are no default rulesets coming with this distribution of
+sendmail. You can either write your own or you can search the
+WWW for examples, e.g., http://www.digitalanswers.org/check_local/
After all of the headers are read, the check_eoh ruleset will be called for
any final header-related checks. The ruleset is called with the number of
@@ -2031,7 +2607,8 @@ probably not be used in production.
+----------+
In this text, cert will be used as an abreviation for X.509 certificate,
-DN is the distinguished name of a cert, and CA is a certification authority.
+DN (CN) is the distinguished (common) name of a cert, and CA is a
+certification authority, which signs (issues) certs.
For STARTTLS to be offered by sendmail you need to set at least
this variables (the file names and paths are just examples):
@@ -2044,53 +2621,57 @@ this variables (the file names and paths are just examples):
On systems which do not have the compile flag HASURANDOM set (see
sendmail/README) you also must set confRAND_FILE.
-See doc/op/op.{me,ps} for more information about these options,
-esp. the sections ``Certificates for STARTTLS'' and ``PRNG for
+See doc/op/op.{me,ps,txt} for more information about these options,
+especially the sections ``Certificates for STARTTLS'' and ``PRNG for
STARTTLS''.
Macros related to STARTTLS are:
${cert_issuer} holds the DN of the CA (the cert issuer).
${cert_subject} holds the DN of the cert (called the cert subject).
+${cn_issuer} holds the CN of the CA (the cert issuer).
+${cn_subject} holds the CN of the cert (called the cert subject).
${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1,
- SSLv3, SSLv2.
+ TLSv1/SSLv3, SSLv3, SSLv2.
${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA.
${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm
used for the connection.
-${verify} holds the result of the verification of the presented cert. Possible
- values are:
- OK verification succeeded.
- NO no cert presented.
- FAIL cert presented but could not be verified, e.g., the signing
- CA is missing.
- NONE STARTTLS has not been performed.
- TEMP temporary error occurred.
- PROTOCOL some protocol error occurred.
+${verify} holds the result of the verification of the presented cert.
+ Possible values are:
+ OK verification succeeded.
+ NO no cert presented.
+ NOT no cert requested.
+ FAIL cert presented but could not be verified,
+ e.g., the cert of the signing CA is missing.
+ NONE STARTTLS has not been performed.
+ TEMP temporary error occurred.
+ PROTOCOL protocol error occurred (SMTP level).
SOFTWARE STARTTLS handshake failed.
-${server_name} the name of the server of the current outgoing SMTP
+${server_name} the name of the server of the current outgoing SMTP
connection.
-${server_addr} the address of the server of the current outgoing SMTP
+${server_addr} the address of the server of the current outgoing SMTP
connection.
Relaying
+--------
SMTP STARTTLS can allow relaying for senders who have successfully
-authenticated themselves. This is done in the ruleset RelayAuth. If the
+authenticated themselves. This is done in the ruleset RelayAuth. If the
verification of the cert failed (${verify} != OK), relaying is subject to
-the usual rules. Otherwise the DN of the issuer is looked up in the access
-map using the tag CERTISSUER. If the resulting value is RELAY, relaying is
-allowed. If it is SUBJECT, the DN of the cert subject is looked up next in
-the access map. using the tag CERTSUBJECT. If the value is RELAY, relaying
+the usual rules. Otherwise the DN of the issuer is looked up in the access
+map using the tag CERTISSUER. If the resulting value is RELAY, relaying is
+allowed. If it is SUBJECT, the DN of the cert subject is looked up next in
+the access map using the tag CERTSUBJECT. If the value is RELAY, relaying
is allowed.
To make things a bit more flexible (or complicated), the values for
${cert_issuer} and ${cert_subject} can be optionally modified by regular
expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and
-_CERT_REGEX_SUBJECT_, respectively. To avoid problems with those macros in
+_CERT_REGEX_SUBJECT_, respectively. To avoid problems with those macros in
rulesets and map lookups, they are modified as follows: each non-printable
character and the characters '<', '>', '(', ')', '"', '+' are replaced by
-their HEX value with a leading '+'. For example:
+their HEX value with a leading '+'. For example:
/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email=
darth+cert@endmail.org
@@ -2102,7 +2683,34 @@ Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
(line breaks have been inserted for readability).
-Of course it is also possible to write a simple rulesets that allows
+Examples:
+
+To allow relaying for everyone who can present a cert signed by
+
+/C=US/ST=California/O=endmail.org/OU=private/CN=
+Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
+
+simply use:
+
+CERTIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
+Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org RELAY
+
+To allow relaying only for a subset of machines that have a cert signed by
+
+/C=US/ST=California/O=endmail.org/OU=private/CN=
+Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
+
+use:
+
+CERTIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
+Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org SUBJECT
+CERTSubject:/C=US/ST=California/O=endmail.org/OU=private/CN=
+DeathStar/Email=deathstar@endmail.org RELAY
+
+Note: line breaks have been inserted after "CN=" for readability,
+each tagged entry must be one (long) line in the access map.
+
+Of course it is also possible to write a simple ruleset that allows
relaying for everyone who can present a cert that can be verified, e.g.,
LOCAL_RULESETS
@@ -2111,29 +2719,49 @@ R$* $: $&{verify}
ROK $# OK
Allowing Connections
+--------------------
-The rulesets tls_server and tls_client are used to decide whether an SMTP
-connection is accepted (or should continue).
+The rulesets tls_server, tls_client, and tls_rcpt are used to decide whether
+an SMTP connection is accepted (or should continue).
tls_server is called when sendmail acts as client after a STARTTLS command
-(should) have been issued. The parameter is the value of ${verify}.
+(should) have been issued. The parameter is the value of ${verify}.
tls_client is called when sendmail acts as server, after a STARTTLS command
-has been issued, and from check_mail. The parameter is the value of
+has been issued, and from check_mail. The parameter is the value of
${verify} and STARTTLS or MAIL, respectively.
-Both rulesets behave the same. If no access map is in use, the connection
+Both rulesets behave the same. If no access map is in use, the connection
will be accepted unless ${verify} is SOFTWARE, in which case the connection
-is always aborted. Otherwise, ${client_name} (${server_name}) is looked
-up in the access map using the tag TLS_Srv (or TLS_Clt), which is done
-with the ruleset LookUpDomain. If no entry is found, ${client_addr}
+is always aborted. For tls_server/tls_client, ${client_name}/${server_name}
+is looked up in the access map using the tag TLS_Srv/TLS_Clt, which is done
+with the ruleset LookUpDomain. If no entry is found, ${client_addr}
(${server_addr}) is looked up in the access map (same tag, ruleset
-LookUpAddr). If this doesn't result in an entry either, just the tag is
-looked up in the access map (included the trailing :). The result of the
-lookups is then used to call the ruleset tls_connection, which checks the
-requirement specified by the RHS in the access map against the actual
-parameters of the current TLS connection, esp. ${verify} and
-${cipher_bits}. Legal RHSs in the access map are:
+LookUpAddr). If this doesn't result in an entry either, just the tag is
+looked up in the access map (included the trailing colon). Notice:
+requiring that e-mail is sent to a server only encrypted, e.g., via
+
+TLS_Srv:secure.domain ENCR:112
+
+doesn't necessarily mean that e-mail sent to that domain is encrypted.
+If the domain has multiple MX servers, e.g.,
+
+secure.domain. IN MX 10 mail.secure.domain.
+secure.domain. IN MX 50 mail.other.domain.
+
+then mail to user@secure.domain may go unencrypted to mail.other.domain.
+tls_rcpt can be used to address this problem.
+
+tls_rcpt is called before a RCPT TO: command is sent. The parameter is the
+current recipient. This ruleset is only defined if FEATURE(`access_db')
+is selected. A recipient address user@domain is looked up in the access
+map in four formats: TLS_Rcpt:user@domain, TLS_Rcpt:user@, TLS_Rcpt:domain,
+and TLS_Rcpt:; the first match is taken.
+
+The result of the lookups is then used to call the ruleset TLS_connection,
+which checks the requirement specified by the RHS in the access map against
+the actual parameters of the current TLS connection, esp. ${verify} and
+${cipher_bits}. Legal RHSs in the access map are:
VERIFY verification must have succeeded
VERIFY:bits verification must have succeeded and ${cipher_bits} must
@@ -2141,39 +2769,64 @@ VERIFY:bits verification must have succeeded and ${cipher_bits} must
ENCR:bits ${cipher_bits} must be greater than or equal bits.
The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary
-or permanent error. The default is a temporary error code (403 4.7.0)
+or permanent error. The default is a temporary error code (403 4.7.0)
unless the macro TLS_PERM_ERR is set during generation of the .cf file.
If a certain level of encryption is required, then it might also be
possible that this level is provided by the security layer from a SASL
algorithm, e.g., DIGEST-MD5.
+Furthermore, there can be a list of extensions added. Such a list
+starts with '+' and the items are separated by '++'. Allowed
+extensions are:
+
+CN:name name must match ${cn_subject}
+CN ${server_name} must match ${cn_subject}
+CS:name name must match ${cert_subject}
+CI:name name must match ${cert_issuer}
+
Example: e-mail sent to secure.example.com should only use an encrypted
-connection. e-mail received from hosts within the laptop.example.com domain
-should only be accepted if they have been authenticated.
+connection. E-mail received from hosts within the laptop.example.com domain
+should only be accepted if they have been authenticated. The host which
+receives e-mail for darth@endmail.org must present a cert that uses the
+CN smtp.endmail.org.
+
TLS_Srv:secure.example.com ENCR:112
TLS_Clt:laptop.example.com PERM+VERIFY:112
+TLS_Rcpt:darth@endmail.org ENCR:112+CN:smtp.endmail.org
-Notice: requiring that e-mail is sent to a server only encrypted,
-e.g., via
-TLS_Srv:secure.domain ENCR:112
+Disabling STARTTLS And Setting SMTP Server Features
+---------------------------------------------------
-doesn't necessarily mean that e-mail sent to that domain is encrypted.
-If the domain has multiple MX servers, e.g.,
+By default STARTTLS is used whenever possible. However, there are
+some broken MTAs that don't properly implement STARTTLS. To be able
+to send to (or receive from) those MTAs, the ruleset try_tls
+(srv_features) can be used that work together with the access map.
+Entries for the access map must be tagged with Try_TLS (Srv_Features)
+and refer to the hostname or IP address of the connecting system.
+A default case can be specified by using just the tag. For example,
+the following entries in the access map:
-secure.domain. IN MX 10 mail.secure.domain.
-secure.domain. IN MX 50 mail.other.domain.
+ Try_TLS:broken.server NO
+ Srv_Features:my.domain v
+ Srv_Features: V
-then mail to user@secure.domain may go unencrypted to mail.other.domain.
+will turn off STARTTLS when sending to broken.server (or any host
+in that domain), and request a client certificate during the TLS
+handshake only for hosts in my.domain. The valid entries on the RHS
+for Srv_Features are listed in the Sendmail Installation and
+Operations Guide.
Received: Header
+----------------
-The Received: header reveals whether STARTTLS has been used. It contains an
+The Received: header reveals whether STARTTLS has been used. It contains an
extra line:
-(using ${tls_version} with cipher ${cipher} (${cipher_bits} bits) verified ${verify})
+(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})
+
+---------------------+
| SMTP AUTHENTICATION |
@@ -2198,7 +2851,7 @@ RDIGEST-MD5 $| $+@$=w $# OK
to allow relaying for users that authenticated using DIGEST-MD5
and have an identity in the local domains.
-The ruleset Strust_auth is used to determine whether a given AUTH=
+The ruleset trust_auth is used to determine whether a given AUTH=
parameter (that is passed to this ruleset) should be trusted. This
ruleset may make use of the other ${auth_*} macros. Only if the
ruleset resolves to the error mailer, the AUTH= parameter is not
@@ -2216,6 +2869,48 @@ If the selected mechanism provides a security layer the number of
bits used for the key of the symmetric cipher is stored in the
macro ${auth_ssf}.
+If sendmail acts as client, it needs some information how to
+authenticate against another MTA. This information can be provided
+by the ruleset authinfo or by the option DefaultAuthInfo. The
+authinfo ruleset looks up {server_name} using the tag AuthInfo: in
+the access map. If no entry is found, {server_addr} is looked up
+in the same way and finally just the tag AuthInfo: to provide
+default values.
+
+Notice: the default configuration file causes the option DefaultAuthInfo
+to fail since the ruleset authinfo is in the .cf file. If you really
+want to use DefaultAuthInfo (it is deprecated) then you have to
+remove the ruleset.
+
+The RHS for an AuthInfo: entry in the access map should consists of a
+list of tokens, each of which has the form: "TDstring" (including
+the quotes). T is a tag which describes the item, D is a delimiter,
+either ':' for simple text or '=' for a base64 encoded string.
+Valid values for the tag are:
+
+ U user (authorization) id
+ I authentication id
+ P password
+ R realm
+ M list of mechanisms delimited by spaces
+
+Example entries are:
+
+AuthInfo:other.dom "U:user" "I:user" "P:secret" "R:other.dom" "M:DIGEST-MD5"
+AuthInfo:more.dom "U:user" "P=c2VjcmV0"
+
+User or authentication id must exist as well as the password. All
+other entries have default values. If one of user or authentication
+id is missing, the existing value is used for the missing item.
+If "R:" is not specified, realm defaults to $j. The list of mechanisms
+defaults to those specified by AuthMechanisms.
+
+Since this map contains sensitive information, either the access
+map must be unreadable by everyone but root (or the trusted user)
+or FEATURE(`authinfo') must be used which provides a separate map.
+Notice: It is not checked whether the map is actually
+group/world-unreadable, this is left to the user.
+
+--------------------------------+
| ADDING NEW MAILERS OR RULESETS |
+--------------------------------+
@@ -2232,8 +2927,19 @@ LOCAL_RULESETS respectively. For example:
Smyruleset
...
+Local additions for the rulesets srv_features, try_tls, tls_rcpt,
+tls_client, and tls_server can be made using LOCAL_SRV_FEATURES,
+LOCAL_TRY_TLS, LOCAL_TLS_RCPT, LOCAL_TLS_CLIENT, and LOCAL_TLS_SERVER,
+respectively. For example, to add a local ruleset that decides
+whether to try STARTTLS in a sendmail client, use:
+
+ LOCAL_TRY_TLS
+ R...
+
+Note: you don't need to add a name for the ruleset, it is implicitly
+defined by using the appropriate macro.
+
-#if _FFR_MILTER
+-------------------------+
| ADDING NEW MAIL FILTERS |
+-------------------------+
@@ -2275,9 +2981,21 @@ more filters than you want to use for `confINPUT_MAIL_FILTERS'.
Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER()
commands will clear the list created by the prior INPUT_MAIL_FILTER()
commands.
-#endif /* _FFR_MILTER */
++-------------------------+
+| QUEUE GROUP DEFINITIONS |
++-------------------------+
+
+In addition to the queue directory (which is the default queue group
+called "mqueue"), sendmail can deal with multiple queue groups, which
+are collections of queue directories with the same behaviour. Queue
+groups can be defined using the command:
+
+ QUEUE_GROUP(`name', `equates')
+
+For details about queue groups, please see doc/op/op.{me,ps,txt}.
+
+-------------------------------+
| NON-SMTP BASED CONFIGURATIONS |
+-------------------------------+
@@ -2391,7 +3109,7 @@ something like:
my.domain esmtp:host.my.domain
The RHS should always be a "mailer:host" pair. The mailer is the
-configuration name of a mailer (that is, an {M} line in the
+configuration name of a mailer (that is, an M line in the
sendmail.cf file). The "host" will be the hostname passed to
that mailer. In domain-based matches (that is, those with leading
dots) the "%1" may be used to interpolate the wildcarded part of
@@ -2537,6 +3255,11 @@ confDOMAIN_NAME $j macro If defined, sets $j. This should
domain name.
confCF_VERSION $Z macro If defined, this is appended to the
configuration version name.
+confLDAP_CLUSTER ${sendmailMTACluster} macro
+ If defined, this is the LDAP
+ cluster to use for LDAP searches
+ as described above in ``USING LDAP
+ FOR ALIASES, MAPS, AND CLASSES''.
confFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an
internally generated From: address.
confRECEIVED_HEADER Received:
@@ -2607,13 +3330,6 @@ confCHECKPOINT_INTERVAL CheckpointInterval
[10] Checkpoint queue files every N
recipients.
confDELIVERY_MODE DeliveryMode [background] Default delivery mode.
-confAUTO_REBUILD AutoRebuildAliases
- [False] Automatically rebuild alias
- file if needed.
- There is a potential for a denial
- of service attack if this is set.
- This option is deprecated and will
- be removed from a future version.
confERROR_MODE ErrorMode [print] Error message mode.
confERROR_MESSAGE ErrorHeader [undefined] Error message header/file.
confSAVE_FROM_LINES SaveFromLine Save extra leading From_ lines.
@@ -2671,13 +3387,15 @@ confCHECK_ALIASES CheckAliases [False] Check RHS of aliases when
considerably on large alias files.
confOLD_STYLE_HEADERS* OldStyleHeaders [True] Assume that headers without
special chars are old style.
-confCLIENT_OPTIONS ClientPortOptions
- [none] Options for outgoing SMTP client
- connections.
confPRIVACY_FLAGS PrivacyOptions [authwarnings] Privacy flags.
confCOPY_ERRORS_TO PostmasterCopy [undefined] Address for additional
copies of all error messages.
confQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function.
+confQUEUE_FILE_MODE QueueFileMode [undefined] Default permissions for
+ queue files (octal). If not set,
+ sendmail uses 0600 unless its real
+ and effective uid are different in
+ which case it uses 0644.
confDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr
syntax addresses to the minimum
possible.
@@ -2697,6 +3415,11 @@ confTO_ICONNECT Timeout.iconnect
This allows a single very fast pass
followed by more careful delivery
attempts in the future.
+confTO_ACONNECT Timeout.aconnect
+ [0] The overall timeout waiting for
+ all connection for a single delivery
+ attempt to succeed. If 0, no overall
+ limit is applied.
confTO_HELO Timeout.helo [5m] The timeout waiting for a response
to a HELO or EHLO command.
confTO_MAIL Timeout.mail [10m] The timeout waiting for a
@@ -2726,6 +3449,13 @@ confTO_IDENT Timeout.ident [5s] The timeout waiting for a
confTO_FILEOPEN Timeout.fileopen
[60s] The timeout waiting for a file
(e.g., :include: file) to be opened.
+confTO_LHLO Timeout.lhlo [2m] The timeout waiting for a response
+ to an LMTP LHLO command.
+confTO_AUTH Timeout.auth [10m] The timeout waiting for a
+ response in an AUTH dialogue.
+confTO_STARTTLS Timeout.starttls
+ [1h] The timeout waiting for a
+ response to an SMTP STARTTLS command.
confTO_CONTROL Timeout.control
[2m] The timeout for a complete
control socket transaction to complete.
@@ -2824,6 +3554,10 @@ confREFUSE_LA RefuseLA [varies] Load average at which
numproc) where numproc is the
number of processors online (if
that can be determined).
+confDELAY_LA DelayLA [0] Load average at which sendmail
+ will sleep for one second on most
+ SMTP commands and before accepting
+ connections. 0 means no limit.
confMAX_ALIAS_RECURSION MaxAliasRecursion
[10] Maximum depth of alias recursion.
confMAX_DAEMON_CHILDREN MaxDaemonChildren
@@ -2840,11 +3574,11 @@ confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength
certain MIME header field values.
confCONNECTION_RATE_THROTTLE ConnectionRateThrottle
[undefined] The maximum number of
- connections permitted per second.
- After this many connections are
- accepted, further connections will be
- delayed. If not set or <= 0, there is
- no limit.
+ connections permitted per second per
+ daemon. After this many connections
+ are accepted, further connections
+ will be delayed. If not set or <= 0,
+ there is no limit.
confWORK_RECIPIENT_FACTOR
RecipientFactor [30000] Cost of each recipient.
confSEPARATE_PROC ForkEachJob [False] Run all deliveries in a
@@ -2852,7 +3586,8 @@ confSEPARATE_PROC ForkEachJob [False] Run all deliveries in a
confWORK_CLASS_FACTOR ClassFactor [1800] Priority multiplier for class.
confWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt.
confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm:
- Priority, Host, Filename, or Time.
+ Priority, Host, Filename, Random,
+ Modification, or Time.
confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job
must sit in the queue between queue
runs. This allows you to set the
@@ -2884,9 +3619,11 @@ confNO_RCPT_ACTION NoRecipientAction
known recipients (which may expose
blind recipients), "add-apparently-to"
to do the same but use Apparently-To:
- instead of To:, "add-bcc" to add an
- empty Bcc: header, or
- "add-to-undisclosed" to add the header
+ instead of To: (strongly discouraged
+ in accordance with IETF standards),
+ "add-bcc" to add an empty Bcc:
+ header, or "add-to-undisclosed" to
+ add the header
``To: undisclosed-recipients:;''.
confSAFE_FILE_ENV SafeFileEnvironment
[undefined] If set, sendmail will do a
@@ -2909,6 +3646,18 @@ confMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of
so this should be as large as your
system can tolerate. If not set, there
is no limit.
+confMAX_QUEUE_CHILDREN MaxQueueChildren
+ [undefined] Limits the maximum number
+ of concurrent queue runners active.
+ This is to keep system resources used
+ within a reasonable limit. Relates to
+ Queue Groups and ForkAllJobs.
+confMAX_RUNNERS_PER_QUEUE MaxRunnersPerQueue
+ [1] Only active when MaxQueueChildren
+ defined. Controls the maximum number
+ of queue runners (aka queue children)
+ active at the same time in a work
+ group. See also MaxQueueChildren.
confDONT_EXPAND_CNAMES DontExpandCnames
[False] If set, $[ ... $] lookups that
do DNS based lookups do not expand
@@ -2969,7 +3718,8 @@ confDOUBLE_BOUNCE_ADDRESS DoubleBounceAddress
[postmaster] If an error occurs when
sending an error message, send that
"double bounce" error message to this
- address.
+ address. If it expands to an empty
+ string, double bounces are dropped.
confDEAD_LETTER_DROP DeadLetterDrop [undefined] Filename to save bounce
messages which could not be returned
to the user or sent to postmaster.
@@ -2993,6 +3743,11 @@ confMAX_RCPTS_PER_MESSAGE MaxRecipientsPerMessage
receive a 452 error code (i.e., they
are deferred for the next delivery
attempt).
+confBAD_RCPT_THROTTLE BadRcptThrottle [infinite] If set and more than the
+ specified number of recipients in an
+ envelope are rejected, sleep for one
+ second after each rejected RCPT
+ command.
confDONT_PROBE_INTERFACES DontProbeInterfaces
[False] If set, sendmail will _not_
insert the names and addresses of any
@@ -3003,6 +3758,9 @@ confDONT_PROBE_INTERFACES DontProbeInterfaces
in a mailertable entry) -- otherwise,
mail to addresses in this list will
bounce with a configuration error.
+ If set to "loopback" (without
+ quotes), sendmail will skip
+ loopback interfaces (e.g., "lo0").
confPID_FILE PidFile [system dependent] Location of pid
file.
confPROCESS_TITLE_PREFIX ProcessTitlePrefix
@@ -3017,6 +3775,9 @@ confDONT_BLAME_SENDMAIL DontBlameSendmail
confREJECT_MSG - [550 Access denied] The message
given if the access database contains
REJECT in the value portion.
+confRELAY_MSG - [550 Relaying denied] The message
+ given if an unauthorized relaying
+ attempt is rejected.
confDF_BUFFER_SIZE DataFileBufferSize
[4096] The maximum size of a
memory-buffered data (df) file
@@ -3036,36 +3797,40 @@ confAUTH_MECHANISMS AuthMechanisms [GSSAPI KERBEROS_V4 DIGEST-MD5
by the CYRUS SASL library.
confDEF_AUTH_INFO DefaultAuthInfo [undefined] Name of file that contains
authentication information for
- outgoing connections. This file
- must contain the user id, the
- authorization id, the password
- (plain text), and the realm to use,
- each on a separate line and must be
- readable by root (or the trusted
- user) only. If no realm is
- specified, $j is used.
-
- NOTE: Currently, AuthMechanisms is
- used to determine the list of
- mechanisms to use on an outgoing
- connection. Sites which require a
- different list of mechanisms for
- incoming connections and outgoing
- connections will have the ability
- to do this in 8.11 by specifying a
- list of mechanisms as the fifth
- line of the DefaultAuthInfo file.
- If no mechanisms are given in the
- file, AuthMechanisms is used. The
- code for doing so is included as
- in the sendmail source code but
- disabled. It can be enabled by
- recompiling sendmail with:
- -D_FFR_DEFAUTHINFO_MECHS
-confAUTH_OPTIONS AuthOptions [undefined] If this options is 'A'
+ outgoing connections. This file must
+ contain the user id, the authorization
+ id, the password (plain text), the
+ realm to use, and the list of
+ mechanisms to try, each on a separate
+ line and must be readable by root (or
+ the trusted user) only. If no realm
+ is specified, $j is used. If no
+ mechanisms are given in the file,
+ AuthMechanisms is used. Notice: this
+ option is deprecated and will be
+ removed in future versions; it doesn't
+ work for the MSP since it can't read
+ the file. Use the authinfo ruleset
+ instead. See also the section SMTP
+ AUTHENTICATION.
+confAUTH_OPTIONS AuthOptions [undefined] If this option is 'A'
then the AUTH= parameter for the
MAIL FROM command is only issued
when authentication succeeded.
+ Other values (which should be listed
+ one after the other without any
+ intervening characters except for
+ space or comma) are a, c, d, f, p,
+ and y. See doc/op/op.me for
+ details.
+confAUTH_MAX_BITS AuthMaxBits [INT_MAX] Limit the maximum encryption
+ strength for the security layer in
+ SMTP AUTH (SASL). Default is
+ essentially unlimited.
+confTLS_SRV_OPTIONS TLSSrvOptions If this option is 'V' no client
+ verification is performed, i.e.,
+ the server doesn't ask for a
+ certificate.
confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map
specification for LDAP maps. The
value should only contain LDAP
@@ -3102,15 +3867,68 @@ confRAND_FILE RandFile [undefined] File containing random
requires this option if the compile
flag HASURANDOM is not set (see
sendmail/README).
+confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of
+ queue runners is set the given value
+ (nice(3)).
+confDIRECT_SUBMISSION_MODIFIERS DirectSubmissionModifiers
+ [undefined] Defines {daemon_flags}
+ for direct submissions.
+confUSE_MSP UseMSP [false] Use as mail submission
+ program, see sendmail/SECURITY.
+confDELIVER_BY_MIN DeliverByMin [0] Minimum time for Deliver By
+ SMTP Service Extension (RFC 2852).
+confSHARED_MEMORY_KEY SharedMemoryKey [0] Key for shared memory.
+confFAST_SPLIT FastSplit [1] If set to a value greater than
+ zero, the initial MX lookups on
+ addresses is suppressed when they
+ are sorted which may result in
+ faster envelope splitting. If the
+ mail is submitted directly from the
+ command line, then the value also
+ limits the number of processes to
+ deliver the envelopes.
+confMAILBOX_DATABASE MailboxDatabase [pw] Type of lookup to find
+ information about local mailboxes.
+confDEQUOTE_OPTS - [empty] Additional options for the
+ dequote map.
+confINPUT_MAIL_FILTERS InputMailFilters
+ A comma separated list of filters
+ which determines which filters and
+ the invocation sequence are
+ contacted for incoming SMTP
+ messages. If none are set, no
+ filters will be contacted.
+confMILTER_LOG_LEVEL Milter.LogLevel [9] Log level for input mail filter
+ actions, defaults to LogLevel.
+confMILTER_MACROS_CONNECT Milter.macros.connect
+ [empty] Macros to transmit to milters
+ when a session connection starts.
+confMILTER_MACROS_HELO Milter.macros.helo
+ [empty] Macros to transmit to milters
+ after HELO command.
+confMILTER_MACROS_ENVFROM Milter.macros.envfrom
+ [empty] Macros to transmit to milters
+ after MAIL FROM command.
+confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt
+ [empty] Macros to transmit to milters
+ after RCPT TO command.
+
See also the description of OSTYPE for some parameters that can be
tweaked (generally pathnames to mailers).
-DaemonPortOptions are a special case since multiple daemons can be
-defined. This can be done via
+ClientPortOptions and DaemonPortOptions are special cases since multiple
+clients/daemons can be defined. This can be done via
+ CLIENT_OPTIONS(`field1=value1,field2=value2,...')
DAEMON_OPTIONS(`field1=value1,field2=value2,...')
+Note that multiple CLIENT_OPTIONS() commands (and therefore multiple
+ClientPortOptions settings) are allowed in order to give settings for each
+protocol family (e.g., one for Family=inet and one for Family=inet6). A
+restriction placed on one family only affects outgoing connections on that
+particular family.
+
If DAEMON_OPTIONS is not used, then the default is
DAEMON_OPTIONS(`Port=smtp, Name=MTA')
@@ -3152,10 +3970,117 @@ Notice: Do NOT use the 'a' modifier on a public accessible MTA!
Finally, the M=E modifier shown above disables ETRN as required by RFC
2476.
+Mail filters can be defined using the INPUT_MAIL_FILTER() and MAIL_FILTER()
+commands:
-+-----------+
-| HIERARCHY |
-+-----------+
+ INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock')
+ MAIL_FILTER(`myfilter', `S=inet:3333@localhost')
+
+The INPUT_MAIL_FILTER() command causes the filter(s) to be called in the
+same order they were specified by also setting confINPUT_MAIL_FILTERS. A
+filter can be defined without adding it to the input filter list by using
+MAIL_FILTER() instead of INPUT_MAIL_FILTER() in your .mc file.
+Alternatively, you can reset the list of filters and their order by setting
+confINPUT_MAIL_FILTERS option after all INPUT_MAIL_FILTER() commands in
+your .mc file.
+
+
++----------------------------+
+| MESSAGE SUBMISSION PROGRAM |
++----------------------------+
+
+The purpose of the message submission program (MSP) is explained
+in sendmail/SECURITY. This section contains a list of caveats and
+a few hints how for those who want to tweak the default configuration
+for it (which is installed as submit.cf).
+
+Notice: do not add options/features to submit.mc unless you are
+absolutely sure you need them. Options you may want to change
+include:
+
+- confTIME_ZONE on OS that don't use the default, e.g., Irix.
+- confDELIVERY_MODE is set to interactive in msp.m4 instead
+ of the default background mode.
+
+Some things are not intended to work with the MSP. These include
+features that influence the delivery process (e.g., mailertable,
+aliases), or those that are only important for a SMTP server (e.g.,
+virtusertable, DaemonPortOptions, multiple queues). Moreover,
+relaxing certain restrictions (RestrictQueueRun, permissions on
+queue directory) or adding features (e.g., enabling prog/file mailer)
+can cause security problems.
+
+Other things don't work well with the MSP and require tweaking or
+workarounds. For example, to allow for client authentication it
+is not just sufficient to provide a client certificate and the
+corresponding key, but it is also necessary to make the key group
+(smmsp) readable and tell sendmail not to complain about that, i.e.,
+
+ define(`confDONT_BLAME_SENDMAIL', `GroupReadableKeyFile')
+
+If the MSP should actually use AUTH then the necessary data
+should be placed in a map as explained in SMTP AUTHENTICATION:
+
+FEATURE(`authinfo', `DATABASE_MAP_TYPE /etc/mail/msp-authinfo')
+
+/etc/mail/msp-authinfo should contain an entry like:
+
+ AuthInfo:127.0.0.1 "U:smmsp" "P:secret" "M:DIGEST-MD5"
+
+The file and the map created by makemap should be owned by smmsp,
+its group should be smmsp, and it should have mode 640. The database
+used by the MTA for AUTH must have a corresponding entry.
+Additionally the MTA must trust this authentication data so the AUTH=
+part will be relayed on to the next hop. This can be achieved by
+adding the following to your sendmail.mc file:
+
+ LOCAL_RULESETS
+ SLocal_trust_auth
+ R$* $: $&{auth_authen}
+ Rsmmsp $# OK
+
+feature/msp.m4 defines almost all settings for the MSP. Most of
+those should not be changed at all. Some of the features and options
+can be overridden if really necessary. It is a bit tricky to do
+this, because it depends on the actual way the option is defined
+in feature/msp.m4. If it is directly defined (i.e., define()) then
+the modified value must be defined after
+
+ FEATURE(`msp')
+
+If it is conditionally defined (i.e., ifdef()) then the desired
+value must be defined before the FEATURE line in the .mc file.
+To see how the options are defined read feature/msp.m4.
+
+
++--------------------------+
+| FORMAT OF FILES AND MAPS |
++--------------------------+
+
+Files that define classes, i.e., F{classname}, consist of lines
+each of which contains a single element of the class. For example,
+/etc/mail/local-host-names may have the following content:
+
+my.domain
+another.domain
+
+Maps must be created using makemap(8) , e.g.,
+
+ makemap hash MAP < MAP
+
+In general, a text file from which a map is created contains lines
+of the form
+
+key value
+
+where 'key' and 'value' are also called LHS and RHS, respectively.
+By default, the delimiter between LHS and RHS is a non-empty sequence
+of white space characters.
+
+
++------------------+
+| DIRECTORY LAYOUT |
++------------------+
Within this directory are several subdirectories, to wit:
@@ -3226,7 +4151,6 @@ RULESETS (* means built in to sendmail)
96 Bottom half of Ruleset 3 (ruleset 6 in old sendmail)
97 Hook for recursive ruleset 0 call (ruleset 7 in old sendmail)
98 Local part of ruleset 0 (ruleset 8 in old sendmail)
- 99 Guaranteed null (for debugging)
MAILERS
@@ -3313,4 +4237,4 @@ M4 DIVERSIONS
8 DNS based blacklists
9 special local rulesets (1 and 2)
-$Revision: 8.383.2.1.2.49 $, Last updated $Date: 2001/08/14 15:25:36 $
+$Revision: 8.600 $, Last updated $Date: 2002/01/10 17:43:41 $
diff --git a/contrib/sendmail/cf/cf/Makefile b/contrib/sendmail/cf/cf/Makefile
index 6bc9207dad0d..9a69a1805af0 100644
--- a/contrib/sendmail/cf/cf/Makefile
+++ b/contrib/sendmail/cf/cf/Makefile
@@ -1,7 +1,7 @@
#
# Makefile for configuration files.
#
-# $Id: Makefile,v 8.40.8.5 2001/04/12 22:39:52 gshapiro Exp $
+# $Id: Makefile,v 8.56 2001/12/13 23:56:37 gshapiro Exp $
#
#
@@ -11,11 +11,24 @@
# /usr/5bin/m4.
#
+# name of source for sendmail.cf (without extension)
+CF= sendmail
+# name of source for submit.cf (without extension)
+SUBMIT= submit
+# directory for .cf files
+MAILDIR=/etc/mail
M4= m4
CFDIR= ..
CHMOD= chmod
ROMODE= 444
RM= rm -f
+# use our own install program; should be really confINSTALL
+INSTALL=../../devtools/bin/install.sh
+# CF file ownership/permissions
+CFOWN=root
+CFGRP=bin
+CFMODE=0444
+
.SUFFIXES: .mc .cf
@@ -25,16 +38,16 @@ RM= rm -f
$(CHMOD) $(ROMODE) $@
GENERIC=generic-bsd4.4.cf generic-hpux9.cf generic-hpux10.cf \
- generic-linux.cf generic-nextstep3.3.cf \
- generic-osf1.cf generic-solaris2.cf \
+ generic-linux.cf generic-mpeix.cf generic-nextstep3.3.cf \
+ generic-osf1.cf generic-solaris.cf \
generic-sunos4.1.cf generic-ultrix4.cf
-BERKELEY=cs-hpux9.cf cs-hpux10.cf cs-osf1.cf cs-solaris2.cf \
+BERKELEY=cs-hpux9.cf cs-hpux10.cf cs-osf1.cf cs-solaris.cf \
cs-sunos4.1.cf cs-ultrix4.cf \
s2k-osf1.cf s2k-ultrix4.cf \
chez.cs.cf huginn.cs.cf mail.cs.cf mail.eecs.cf mailspool.cs.cf \
python.cs.cf ucbarpa.cf ucbvax.cf vangogh.cs.cf
OTHER= knecht.cf
-ALL= $(GENERIC) $(BERKELEY) $(OTHER)
+ALL= submit.cf $(GENERIC) $(OTHER)
all: $(ALL)
@@ -45,7 +58,30 @@ other: $(OTHER)
clean cleandir:
$(RM) $(ALL) core
-depend install:
+install:
+ @echo "Before installing the .cf files please make sure you have read the"
+ @echo "instructions in the file ../../INSTALL. You should have prepared the"
+ @echo "files \"submit.mc\" (supplied) and \"sendmail.mc\". Then you can use"
+ @echo ""
+ @echo " make install-cf"
+ @echo ""
+ @echo "If you use a different name than \"sendmail\" for your main .mc file"
+
+ @echo "then you should use"
+ @echo ""
+ @echo " make install-cf CF=config"
+ @echo ""
+ @echo "where \"config\" is the name of your main .mc file."
+
+install-cf: install-sendmail-cf install-submit-cf
+
+install-sendmail-cf: $(CF).cf
+ $(INSTALL) -c -o $(CFOWN) -g $(CFGRP) -m $(CFMODE) $(CF).cf ${DESTDIR}$(MAILDIR)/sendmail.cf
+
+install-submit-cf: $(SUBMIT).cf
+ $(INSTALL) -c -o $(CFOWN) -g $(CFGRP) -m $(CFMODE) $(SUBMIT).cf ${DESTDIR}$(MAILDIR)/submit.cf
+
+depend:
# this is overkill, but....
M4FILES=\
@@ -82,7 +118,6 @@ M4FILES=\
${CFDIR}/feature/nouucp.m4 \
${CFDIR}/feature/nullclient.m4 \
${CFDIR}/feature/promiscuous_relay.m4 \
- ${CFDIR}/feature/rbl.m4 \
${CFDIR}/feature/redirect.m4 \
${CFDIR}/feature/relay_based_on_MX.m4 \
${CFDIR}/feature/relay_entire_domain.m4 \
@@ -112,11 +147,11 @@ M4FILES=\
${CFDIR}/mailer/smtp.m4 \
${CFDIR}/mailer/usenet.m4 \
${CFDIR}/mailer/uucp.m4 \
- ${CFDIR}/ostype/aix2.m4 \
${CFDIR}/ostype/aix3.m4 \
${CFDIR}/ostype/aix4.m4 \
${CFDIR}/ostype/altos.m4 \
${CFDIR}/ostype/amdahl-uts.m4 \
+ ${CFDIR}/ostype/a-ux.m4 \
${CFDIR}/ostype/bsd4.3.m4 \
${CFDIR}/ostype/bsd4.4.m4 \
${CFDIR}/ostype/bsdi.m4 \
@@ -125,6 +160,8 @@ M4FILES=\
${CFDIR}/ostype/dgux.m4 \
${CFDIR}/ostype/domainos.m4 \
${CFDIR}/ostype/dynix3.2.m4 \
+ ${CFDIR}/ostype/freebsd4.m4 \
+ ${CFDIR}/ostype/freebsd5.m4 \
${CFDIR}/ostype/gnu.m4 \
${CFDIR}/ostype/hpux10.m4 \
${CFDIR}/ostype/hpux11.m4 \
@@ -136,6 +173,7 @@ M4FILES=\
${CFDIR}/ostype/linux.m4 \
${CFDIR}/ostype/maxion.m4 \
${CFDIR}/ostype/mklinux.m4 \
+ ${CFDIR}/ostype/mpeix.m4 \
${CFDIR}/ostype/nextstep.m4 \
${CFDIR}/ostype/openbsd.m4 \
${CFDIR}/ostype/osf1.m4 \
diff --git a/contrib/sendmail/cf/cf/README b/contrib/sendmail/cf/cf/README
new file mode 100644
index 000000000000..f3543bfcb093
--- /dev/null
+++ b/contrib/sendmail/cf/cf/README
@@ -0,0 +1,34 @@
+
+ SENDMAIL CONFIGURATION FILES INSTALLATION
+
+This document describes how to install the sendmail configuration files.
+Please see ../README about the sendmail configuration files themselves.
+
+By default you need two .mc files: sendmail.mc and submit.mc. The
+latter is a copy of msp.mc in which OSTYPE() has been filled in
+according to the host OS. For the former see ../README.
+
+Installation of these two files can be done via:
+
+ make install-cf
+
+If you use a different name than "sendmail" for your main .mc file"
+then you should use
+
+ make install-cf CF=config
+
+where "config" is the name of your main .mc file.
+
+The default installation directory is /etc/mail and can be changed
+by specifying
+
+ MAILDIR=/other/dir
+
+The name of the source file for "submit.cf" can be overridden by
+
+ SUBMIT=msp
+
+For more details see Makefile.
+
+
+$Revision: 1.1 $, Last updated $Date: 2001/04/26 15:43:20 $
diff --git a/contrib/sendmail/cf/cf/generic-hpux10.mc b/contrib/sendmail/cf/cf/generic-hpux10.mc
index d20586954860..deed5f14bcff 100644
--- a/contrib/sendmail/cf/cf/generic-hpux10.mc
+++ b/contrib/sendmail/cf/cf/generic-hpux10.mc
@@ -20,7 +20,7 @@ divert(-1)
#
divert(0)dnl
-VERSIONID(`$Id: generic-hpux10.mc,v 8.11.22.2 2001/05/29 17:30:18 ca Exp $')
+VERSIONID(`$Id: generic-hpux10.mc,v 8.13 2001/05/29 17:29:52 ca Exp $')
OSTYPE(hpux10)dnl
DOMAIN(generic)dnl
MAILER(local)dnl
diff --git a/contrib/sendmail/cf/cf/generic-mpeix.mc b/contrib/sendmail/cf/cf/generic-mpeix.mc
new file mode 100644
index 000000000000..fa5c57456afa
--- /dev/null
+++ b/contrib/sendmail/cf/cf/generic-mpeix.mc
@@ -0,0 +1,25 @@
+divert(-1)
+#
+# Copyright (c) 2001 Sendmail, Inc. and its suppliers.
+# All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+#
+# This is a generic configuration file for HP MPE/iX.
+# It has support for local and SMTP mail only. If you want to
+# customize it, copy it to a name appropriate for your environment
+# and do the modifications there.
+#
+
+divert(0)dnl
+VERSIONID(`$Id: generic-mpeix.mc,v 8.1 2001/12/13 23:56:37 gshapiro Exp $')
+OSTYPE(mpeix)dnl
+DOMAIN(generic)dnl
+define(`confFORWARD_PATH', `$z/.forward')dnl
+MAILER(local)dnl
+MAILER(smtp)dnl
diff --git a/contrib/sendmail/cf/cf/generic-solaris.mc b/contrib/sendmail/cf/cf/generic-solaris.mc
new file mode 100644
index 000000000000..5f82340e9121
--- /dev/null
+++ b/contrib/sendmail/cf/cf/generic-solaris.mc
@@ -0,0 +1,29 @@
+divert(-1)
+#
+# Copyright (c) 1998, 1999, 2001 Sendmail, Inc. and its suppliers.
+# All rights reserved.
+# Copyright (c) 1983 Eric P. Allman. All rights reserved.
+# Copyright (c) 1988, 1993
+# The Regents of the University of California. All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+#
+# This is a generic configuration file for SunOS 5.x (a.k.a. Solaris 2.x
+# and Solaris 7 through the present version).
+#
+# It has support for local and SMTP mail only. If you want to
+# customize it, copy it to a name appropriate for your environment
+# and do the modifications there.
+#
+
+divert(0)dnl
+VERSIONID(`$Id: generic-solaris.mc,v 8.13 2001/06/27 21:46:30 gshapiro Exp $')
+OSTYPE(solaris2)dnl
+DOMAIN(generic)dnl
+MAILER(local)dnl
+MAILER(smtp)dnl
diff --git a/contrib/sendmail/cf/cf/knecht.mc b/contrib/sendmail/cf/cf/knecht.mc
index 89f9c5344328..6c370fdc7fa1 100644
--- a/contrib/sendmail/cf/cf/knecht.mc
+++ b/contrib/sendmail/cf/cf/knecht.mc
@@ -1,6 +1,6 @@
divert(-1)
#
-# Copyright (c) 1998, 1999, 2001 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
@@ -15,31 +15,54 @@ divert(-1)
#
# This is specific to Eric's home machine.
#
+# Run daemon with -bd -q5m
+#
+
+divert(0)
+VERSIONID(`$Id: knecht.mc,v 8.55 2001/08/01 22:20:40 eric Exp $')
+OSTYPE(bsd4.4)
+DOMAIN(generic)
+
+define(`ALIAS_FILE', ``/etc/mail/aliases, /var/listmanager/aliases'')
+define(`confFORWARD_PATH', `$z/.forward.$w:$z/.forward+$h:$z/.forward')
+define(`confDEF_USER_ID', `mailnull')
+define(`confHOST_STATUS_DIRECTORY', `.hoststat')
+define(`confTO_ICONNECT', `10s')
+define(`confCOPY_ERRORS_TO', `Postmaster')
+define(`confTO_QUEUEWARN', `8h')
+define(`confMIN_QUEUE_AGE', `27m')
+define(`confTRUSTED_USERS', ``www listmgr'')
+define(`confPRIVACY_FLAGS', ``authwarnings,noexpn,novrfy'')
+
+define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')
+define(`confCACERT_PATH', `CERT_DIR')
+define(`confCACERT', `CERT_DIR/CAcert.pem')
+define(`confSERVER_CERT', `CERT_DIR/MYcert.pem')
+define(`confSERVER_KEY', `CERT_DIR/MYkey.pem')
+define(`confCLIENT_CERT', `CERT_DIR/MYcert.pem')
+define(`confCLIENT_KEY', `CERT_DIR/MYkey.pem')
+
+FEATURE(access_db)
+FEATURE(local_lmtp)
+FEATURE(virtusertable)
+
+FEATURE(`nocanonify', `canonify_hosts')
+CANONIFY_DOMAIN(`sendmail.org')
+CANONIFY_DOMAIN_FILE(`/etc/mail/canonify-domains')
+
+dnl # at most 10 queue runners
+define(`confMAX_QUEUE_CHILDREN', `20')
+
+define(`confMAX_RUNNERS_PER_QUEUE', `5')
+
+dnl # run at most 10 concurrent processes for initial submission
+define(`confFAST_SPLIT', `10')
-divert(0)dnl
-VERSIONID(`$Id: knecht.mc,v 8.37.16.3 2001/02/22 22:38:39 ca Exp $')
-OSTYPE(bsd4.4)dnl
-DOMAIN(generic)dnl
-define(`confFORWARD_PATH', `$z/.forward.$w:$z/.forward+$h:$z/.forward')dnl
-define(`confDEF_USER_ID', `mailnull')dnl
-define(`confHOST_STATUS_DIRECTORY', `.hoststat')dnl
-define(`confTO_ICONNECT', `10s')dnl
-define(`confCOPY_ERRORS_TO', `Postmaster')dnl
-define(`confTO_QUEUEWARN', `8h')dnl
-define(`confTRUSTED_USERS', `www')dnl
-define(`confPRIVACY_FLAGS', ``authwarnings,noexpn,novrfy'')dnl
-define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl
-define(`confCACERT_PATH', `CERT_DIR')dnl
-define(`confCACERT', `CERT_DIR/CAcert.pem')dnl
-define(`confSERVER_CERT', `CERT_DIR/MYcert.pem')dnl
-define(`confSERVER_KEY', `CERT_DIR/MYkey.pem')dnl
-define(`confCLIENT_CERT', `CERT_DIR/MYcert.pem')dnl
-define(`confCLIENT_KEY', `CERT_DIR/MYkey.pem')dnl
-FEATURE(virtusertable)dnl
-FEATURE(access_db)dnl
-FEATURE(local_lmtp)dnl
-MAILER(local)dnl
-MAILER(smtp)dnl
+dnl # 10 runners, split into at most 15 recipients per envelope
+QUEUE_GROUP(`mqueue', `P=/var/spool/mqueue, R=5, r=15, F=f')
+
+MAILER(local)
+MAILER(smtp)
LOCAL_CONFIG
#
@@ -69,9 +92,80 @@ SCheckMessageId
R< $+ @ $+ > $@ OK
R$* $#error $: "554 Header error"
+HReceived: $>CheckReceived
+
+SCheckReceived
+R$* ......................................................... $*
+ $#error $: "554 Header error"
+
+#
+# Reject certain senders
+# Regex match to catch things in quotes
+#
+HFrom: $>+CheckFrom
+KCheckFrom regex -a@MATCH
+ [^a-z]?(Net-Pa)[^a-z]
+
+SCheckFrom
+R$* $: $( CheckFrom $1 $)
+R@MATCH $#error $: "553 Header error"
+
LOCAL_RULESETS
SLocal_check_mail
# check address against various regex checks
R$* $: $>Parse0 $>3 $1
R$+ $: $(checkaddress $1 $)
R@MATCH $#error $: "553 Header error"
+
+#
+# Following code from Anthony Howe <achowe@snert.com>. The check
+# for the Outlook Express marker may hit some legal messages, but
+# the Content-Disposition is clearly illegal.
+#
+
+#########################################################################
+#
+# w32.sircam.worm@mm
+#
+# There are serveral patterns that appear common ONLY to SirCam worm and
+# not to Outlook Express, which claims to have sent the worm. There are
+# four headers that always appear together and in this order:
+#
+# X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
+# X-Mailer: Microsoft Outlook Express 5.50.4133.2400
+# Content-Type: multipart/mixed; boundary="----27AA9124_Outlook_Express_message_boundary"
+# Content-Disposition: Multipart message
+#
+# Empirical study of the worm message headers vs. true Outlook Express
+# (5.50.4133.2400 & 5.50.4522.1200) messages with multipart/mixed attachments
+# shows Outlook Express does:
+#
+# a) NOT supply a Content-Disposition header for multipart/mixed messages.
+# b) NOT specify the header X-MimeOLE header name in all-caps
+# c) NOT specify boundary tag with the expression "_Outlook_Express_message_boundary"
+#
+# The solution below catches any one of this three issues. This is not an ideal
+# solution, but a temporary measure. A correct solution would be to check for
+# the presence of ALL three header attributes. Also the solution is incomplete
+# since Outlook Express 5.0 and 4.0 were not compared.
+#
+# NOTE regex keys are first dequoted and spaces removed before matching.
+# This caused me no end of grief.
+#
+#########################################################################
+
+LOCAL_RULESETS
+
+KSirCamWormMarker regex -f -aSUSPECT multipart/mixed;boundary=----.+_Outlook_Express_message_boundary
+HContent-Type: $>CheckContentType
+
+SCheckContentType
+R$+ $: $(SirCamWormMarker $1 $)
+RSUSPECT $#error $: "553 Possible virus, see http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html"
+
+HContent-Disposition: $>CheckContentDisposition
+
+SCheckContentDisposition
+R$- $@ OK
+R$- ; $+ $@ OK
+R$* $#error $: "553 Illegal Content-Disposition"
diff --git a/contrib/sendmail/cf/cf/submit.cf b/contrib/sendmail/cf/cf/submit.cf
new file mode 100644
index 000000000000..8897b20ba96d
--- /dev/null
+++ b/contrib/sendmail/cf/cf/submit.cf
@@ -0,0 +1,1369 @@
+#
+# Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers.
+# All rights reserved.
+# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
+# Copyright (c) 1988, 1993
+# The Regents of the University of California. All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+######################################################################
+######################################################################
+#####
+##### SENDMAIL CONFIGURATION FILE
+#####
+#####
+######################################################################
+#####
+##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
+#####
+######################################################################
+######################################################################
+
+##### $Id: cfhead.m4,v 8.107 2001/07/22 03:25:37 ca Exp $ #####
+##### $Id: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $ #####
+##### $Id: submit.mc,v 8.5 2001/09/08 01:20:53 gshapiro Exp $ #####
+##### $Id: msp.m4,v 1.29 2001/12/13 23:56:38 gshapiro Exp $ #####
+
+##### $Id: no_default_msa.m4,v 8.2 2001/02/14 05:03:22 gshapiro Exp $ #####
+
+
+##### $Id: proto.m4,v 8.628 2001/12/28 19:02:40 ca Exp $ #####
+
+# level 10 config file format
+V10/Berkeley
+
+# override file safeties - setting this option compromises system security,
+# addressing the actual file configuration problem is preferred
+# need to set this before any file actions are encountered in the cf file
+#O DontBlameSendmail=safe
+
+# default LDAP map specification
+# need to set this now before any LDAP maps are defined
+#O LDAPDefaultSpec=-h localhost
+
+##################
+# local info #
+##################
+
+# my LDAP cluster
+# need to set this before any LDAP lookups are done (including classes)
+#D{sendmailMTACluster}$m
+
+Cwlocalhost
+
+# my official domain name
+# ... define this only if sendmail cannot automatically determine your domain
+#Dj$w.Foo.COM
+
+CP.
+
+# "Smart" relay host (may be null)
+DS
+
+
+# operators that cannot be in local usernames (i.e., network indicators)
+CO @ % !
+
+# a class with just dot (for identifying canonical names)
+C..
+
+# a class with just a left bracket (for identifying domain literals)
+C[[
+
+
+# Resolve map (to check if a host exists in check_mail)
+Kresolve host -a<OKR> -T<TEMP>
+C{ResOk}OKR
+
+
+# Hosts for which relaying is permitted ($=R)
+FR-o /etc/mail/relay-domains
+
+# arithmetic map
+Karith arith
+
+
+
+
+
+# dequoting map
+Kdequote dequote
+
+# class E: names that should be exposed as from this host, even if we masquerade
+# class L: names that should be delivered locally, even if we have a relay
+# class M: domains that should be converted to $M
+# class N: domains that should not be converted to $M
+#CL root
+
+
+
+# my name for error messages
+DnMAILER-DAEMON
+
+
+D{MTAHost}localhost
+
+
+# Configuration version number
+DZ8.12.2/Submit
+
+
+###############
+# Options #
+###############
+
+# strip message body to 7 bits on input?
+O SevenBitInput=False
+
+# 8-bit data handling
+#O EightBitMode=pass8
+
+# wait for alias file rebuild (default units: minutes)
+O AliasWait=10
+
+# location of alias file
+O AliasFile
+
+# minimum number of free blocks on filesystem
+O MinFreeBlocks=100
+
+# maximum message size
+#O MaxMessageSize=1000000
+
+# substitution for space (blank) characters
+O BlankSub=.
+
+# avoid connecting to "expensive" mailers on initial submission?
+O HoldExpensive=False
+
+# checkpoint queue runs after every N successful deliveries
+#O CheckpointInterval=10
+
+# default delivery mode
+O DeliveryMode=i
+
+# error message header/file
+#O ErrorHeader=/etc/mail/error-header
+
+# error mode
+#O ErrorMode=print
+
+# save Unix-style "From_" lines at top of header?
+#O SaveFromLine=False
+
+# queue file mode (qf files)
+O QueueFileMode=0660
+
+# temporary file mode
+O TempFileMode=0600
+
+# match recipients against GECOS field?
+#O MatchGECOS=False
+
+# maximum hop count
+#O MaxHopCount=25
+
+# location of help file
+O HelpFile=/etc/mail/helpfile
+
+# ignore dots as terminators in incoming messages?
+#O IgnoreDots=False
+
+# name resolver options
+#O ResolverOptions=+AAONLY
+
+# deliver MIME-encapsulated error messages?
+O SendMimeErrors=True
+
+# Forward file search path
+O ForwardPath
+
+# open connection cache size
+O ConnectionCacheSize=2
+
+# open connection cache timeout
+O ConnectionCacheTimeout=5m
+
+# persistent host status directory
+#O HostStatusDirectory=.hoststat
+
+# single thread deliveries (requires HostStatusDirectory)?
+#O SingleThreadDelivery=False
+
+# use Errors-To: header?
+O UseErrorsTo=False
+
+# log level
+O LogLevel=9
+
+# send to me too, even in an alias expansion?
+#O MeToo=True
+
+# verify RHS in newaliases?
+O CheckAliases=False
+
+# default messages to old style headers if no special punctuation?
+O OldStyleHeaders=True
+
+# SMTP daemon options
+
+O DaemonPortOptions=Name=NoMTA, Addr=127.0.0.1, M=E
+
+# SMTP client options
+#O ClientPortOptions=Family=inet, Address=0.0.0.0
+
+# Modifiers to define {daemon_flags} for direct submissions
+#O DirectSubmissionModifiers
+
+# Use as mail submission program? See sendmail/SECURITY
+O UseMSP=True
+
+# privacy flags
+O PrivacyOptions=goaway,noetrn,restrictqrun
+
+# who (if anyone) should get extra copies of error messages
+#O PostmasterCopy=Postmaster
+
+# slope of queue-only function
+#O QueueFactor=600000
+
+# limit on number of concurrent queue runners
+#O MaxQueueChildren
+
+# maximum number of queue-runners per queue-grouping with multiple queues
+#O MaxRunnersPerQueue=1
+
+# priority of queue runners (nice(3))
+#O NiceQueueRun
+
+# shall we sort the queue by hostname first?
+#O QueueSortOrder=priority
+
+# minimum time in queue before retry
+#O MinQueueAge=30m
+
+# how many jobs can you process in the queue?
+#O MaxQueueRunSize=10000
+
+# perform initial split of envelope without checking MX records
+#O FastSplit=1
+
+# queue directory
+O QueueDirectory=/var/spool/clientmqueue
+
+# key for shared memory; 0 to turn off
+#O SharedMemoryKey=0
+
+# timeouts (many of these)
+#O Timeout.initial=5m
+#O Timeout.connect=5m
+#O Timeout.aconnect=0s
+#O Timeout.iconnect=5m
+#O Timeout.helo=5m
+#O Timeout.mail=10m
+#O Timeout.rcpt=1h
+#O Timeout.datainit=5m
+#O Timeout.datablock=1h
+#O Timeout.datafinal=1h
+#O Timeout.rset=5m
+#O Timeout.quit=2m
+#O Timeout.misc=2m
+#O Timeout.command=1h
+#O Timeout.ident=5s
+#O Timeout.fileopen=60s
+#O Timeout.control=2m
+O Timeout.queuereturn=5d
+#O Timeout.queuereturn.normal=5d
+#O Timeout.queuereturn.urgent=2d
+#O Timeout.queuereturn.non-urgent=7d
+O Timeout.queuewarn=4h
+#O Timeout.queuewarn.normal=4h
+#O Timeout.queuewarn.urgent=1h
+#O Timeout.queuewarn.non-urgent=12h
+#O Timeout.hoststatus=30m
+#O Timeout.resolver.retrans=5s
+#O Timeout.resolver.retrans.first=5s
+#O Timeout.resolver.retrans.normal=5s
+#O Timeout.resolver.retry=4
+#O Timeout.resolver.retry.first=4
+#O Timeout.resolver.retry.normal=4
+#O Timeout.lhlo=2m
+#O Timeout.auth=10m
+#O Timeout.starttls=1h
+
+# time for DeliverBy; extension disabled if less than 0
+#O DeliverByMin=0
+
+# should we not prune routes in route-addr syntax addresses?
+#O DontPruneRoutes=False
+
+# queue up everything before forking?
+O SuperSafe=True
+
+# status file
+O StatusFile=/var/spool/clientmqueue/sm-client.st
+
+# time zone handling:
+# if undefined, use system default
+# if defined but null, use TZ envariable passed in
+# if defined and non-null, use that info
+#O TimeZoneSpec=
+
+# default UID (can be username or userid:groupid)
+#O DefaultUser=mailnull
+
+# list of locations of user database file (null means no lookup)
+#O UserDatabaseSpec=/etc/mail/userdb
+
+# fallback MX host
+#O FallbackMXhost=fall.back.host.net
+
+# if we are the best MX host for a site, try it directly instead of config err
+#O TryNullMXList=False
+
+# load average at which we just queue messages
+#O QueueLA=8
+
+# load average at which we refuse connections
+#O RefuseLA=12
+
+# load average at which we delay connections; 0 means no limit
+#O DelayLA=0
+
+# maximum number of children we allow at one time
+#O MaxDaemonChildren=12
+
+# maximum number of new connections per second
+#O ConnectionRateThrottle=0
+
+# work recipient factor
+#O RecipientFactor=30000
+
+# deliver each queued job in a separate process?
+#O ForkEachJob=False
+
+# work class factor
+#O ClassFactor=1800
+
+# work time factor
+#O RetryFactor=90000
+
+# default character set
+#O DefaultCharSet=iso-8859-1
+
+# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
+#O ServiceSwitchFile=/etc/mail/service.switch
+
+# hosts file (normally /etc/hosts)
+#O HostsFile=/etc/hosts
+
+# dialup line delay on connection failure
+#O DialDelay=10s
+
+# action to take if there are no recipients in the message
+#O NoRecipientAction=add-to-undisclosed
+
+# chrooted environment for writing to files
+#O SafeFileEnvironment=/arch
+
+# are colons OK in addresses?
+#O ColonOkInAddr=True
+
+# shall I avoid expanding CNAMEs (violates protocols)?
+#O DontExpandCnames=False
+
+# SMTP initial login message (old $e macro)
+O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
+
+# UNIX initial From header format (old $l macro)
+O UnixFromLine=From $g $d
+
+# From: lines that have embedded newlines are unwrapped onto one line
+#O SingleLineFromHeader=False
+
+# Allow HELO SMTP command that does not include a host name
+#O AllowBogusHELO=False
+
+# Characters to be quoted in a full name phrase (@,;:\()[] are automatic)
+#O MustQuoteChars=.
+
+# delimiter (operator) characters (old $o macro)
+O OperatorChars=.:%@!^/[]+
+
+# shall I avoid calling initgroups(3) because of high NIS costs?
+#O DontInitGroups=False
+
+# are group-writable :include: and .forward files (un)trustworthy?
+# True (the default) means they are not trustworthy.
+#O UnsafeGroupWrites=True
+
+
+# where do errors that occur when sending errors get sent?
+#O DoubleBounceAddress=postmaster
+
+# where to save bounces if all else fails
+#O DeadLetterDrop=/var/tmp/dead.letter
+
+# what user id do we assume for the majority of the processing?
+O RunAsUser=smmsp
+
+# maximum number of recipients per SMTP envelope
+#O MaxRecipientsPerMessage=100
+
+# limit the rate recipients per SMTP envelope are accepted
+# once the threshold number of recipients have been rejected
+#O BadRcptThrottle=20
+
+# shall we get local names from our installed interfaces?
+O DontProbeInterfaces=True
+
+# Return-Receipt-To: header implies DSN request
+#O RrtImpliesDsn=False
+
+# override connection address (for testing)
+#O ConnectOnlyTo=0.0.0.0
+
+# Trusted user for file ownership and starting the daemon
+O TrustedUser=smmsp
+
+# Control socket for daemon management
+#O ControlSocketName=/var/spool/mqueue/.control
+
+# Maximum MIME header length to protect MUAs
+#O MaxMimeHeaderLength=0/0
+
+# Maximum length of the sum of all headers
+#O MaxHeadersLength=32768
+
+# Maximum depth of alias recursion
+#O MaxAliasRecursion=10
+
+# location of pid file
+O PidFile=/var/spool/clientmqueue/sm-client.pid
+
+# Prefix string for the process title shown on 'ps' listings
+#O ProcessTitlePrefix=prefix
+
+# Data file (df) memory-buffer file maximum size
+#O DataFileBufferSize=4096
+
+# Transcript file (xf) memory-buffer file maximum size
+#O XscriptFileBufferSize=4096
+
+# lookup type to find information about local mailboxes
+#O MailboxDatabase=pw
+
+# list of authentication mechanisms
+#O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
+
+# default authentication information for outgoing connections
+#O DefaultAuthInfo=/etc/mail/default-auth-info
+
+# SMTP AUTH flags
+#O AuthOptions
+
+# SMTP AUTH maximum encryption strength
+#O AuthMaxBits
+
+# SMTP STARTTLS server options
+#O TLSSrvOptions
+
+# Input mail filters
+#O InputMailFilters
+
+
+
+# CA directory
+#O CACERTPath
+# CA file
+#O CACERTFile
+# Server Cert
+#O ServerCertFile
+# Server private key
+#O ServerKeyFile
+# Client Cert
+#O ClientCertFile
+# Client private key
+#O ClientKeyFile
+# DHParameters (only required if DSA/DH is used)
+#O DHParameters
+# Random data source (required for systems without /dev/urandom under OpenSSL)
+#O RandFile
+
+############################
+# QUEUE GROUP DEFINITIONS #
+############################
+
+
+###########################
+# Message precedences #
+###########################
+
+Pfirst-class=0
+Pspecial-delivery=100
+Plist=-30
+Pbulk=-60
+Pjunk=-100
+
+#####################
+# Trusted users #
+#####################
+
+# this is equivalent to setting class "t"
+#Ft/etc/mail/trusted-users
+Troot
+Tdaemon
+Tuucp
+
+#########################
+# Format of headers #
+#########################
+
+H?P?Return-Path: <$g>
+HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
+ $.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
+ $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
+ (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
+ for $u; $|;
+ $.$b
+H?D?Resent-Date: $a
+H?D?Date: $a
+H?F?Resent-From: $?x$x <$g>$|$g$.
+H?F?From: $?x$x <$g>$|$g$.
+H?x?Full-Name: $x
+# HPosted-Date: $a
+# H?l?Received-Date: $b
+H?M?Resent-Message-Id: <$t.$i@$j>
+H?M?Message-Id: <$t.$i@$j>
+
+#
+######################################################################
+######################################################################
+#####
+##### REWRITING RULES
+#####
+######################################################################
+######################################################################
+
+############################################
+### Ruleset 3 -- Name Canonicalization ###
+############################################
+Scanonify=3
+
+# handle null input (translate to <@> special case)
+R$@ $@ <@>
+
+# strip group: syntax (not inside angle brackets!) and trailing semicolon
+R$* $: $1 <@> mark addresses
+R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr>
+R@ $* <@> $: @ $1 unmark @host:...
+R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
+R$* :: $* <@> $: $1 :: $2 unmark node::addr
+R:include: $* <@> $: :include: $1 unmark :include:...
+R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
+R$* : $* <@> $: $2 strip colon if marked
+R$* <@> $: $1 unmark
+R$* ; $1 strip trailing semi
+R$* < $+ :; > $* $@ $2 :; <@> catch <list:;>
+R$* < $* ; > $1 < $2 > bogus bracketed semi
+
+# null input now results from list:; syntax
+R$@ $@ :; <@>
+
+# strip angle brackets -- note RFC733 heuristic to get innermost item
+R$* $: < $1 > housekeeping <>
+R$+ < $* > < $2 > strip excess on left
+R< $* > $+ < $1 > strip excess on right
+R<> $@ < @ > MAIL FROM:<> case
+R< $+ > $: $1 remove housekeeping <>
+
+# strip route address <@a,@b,@c:user@d> -> <user@d>
+R@ $+ , $+ $2
+R@ [ $* ] : $+ $2
+R@ $+ : $+ $2
+
+# find focus for list syntax
+R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax
+R $+ : $* ; $@ $1 : $2; list syntax
+
+# find focus for @ syntax addresses
+R$+ @ $+ $: $1 < @ $2 > focus on domain
+R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
+R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical
+
+
+# convert old-style addresses to a domain-based address
+R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names
+R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps
+R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains
+
+# convert node::user addresses into a domain-based address
+R$- :: $+ $@ $>Canonify2 $2 < @ $1 .DECNET > resolve DECnet names
+R$- . $- :: $+ $@ $>Canonify2 $3 < @ $1.$2 .DECNET > numeric DECnet addr
+
+# if we have % signs, take the rightmost one
+R$* % $* $1 @ $2 First make them all @s.
+R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
+R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
+
+# else we must be a local name
+R$* $@ $>Canonify2 $1
+
+
+################################################
+### Ruleset 96 -- bottom half of ruleset 3 ###
+################################################
+
+SCanonify2=96
+
+# handle special cases for local names
+R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all
+R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
+R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain
+
+# check for IPv4/IPv6 domain literal
+R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
+R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
+R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr
+
+
+
+
+
+# if really UUCP, handle it immediately
+
+# try UUCP traffic as a local address
+R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3
+R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3
+
+# hostnames ending in class P are always canonical
+R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4
+R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4
+R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
+R$* CC $* $| $* $: $3
+# pass to name server to make hostname canonical
+R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
+R$* $| $* $: $2
+
+# local host aliases and pseudo-domains are always canonical
+R$* < @ $=w > $* $: $1 < @ $2 . > $3
+R$* < @ $=M > $* $: $1 < @ $2 . > $3
+R$* < @ $* . . > $* $1 < @ $2 . > $3
+
+
+##################################################
+### Ruleset 4 -- Final Output Post-rewriting ###
+##################################################
+Sfinal=4
+
+R$+ :; <@> $@ $1 : handle <list:;>
+R$* <@> $@ handle <> and list:;
+
+# strip trailing dot off possibly canonical name
+R$* < @ $+ . > $* $1 < @ $2 > $3
+
+# eliminate internal code
+R$* < @ *LOCAL* > $* $1 < @ $j > $2
+
+# externalize local domain info
+R$* < $+ > $* $1 $2 $3 defocus
+R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 <route-addr> canonical
+R@ $* $@ @ $1 ... and exit
+
+# UUCP must always be presented in old form
+R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u
+
+# put DECnet back in :: form
+R$+ @ $+ . DECNET $2 :: $1 u@h.DECNET => h::u
+# delete duplicate local names
+R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host
+
+
+
+##############################################################
+### Ruleset 97 -- recanonicalize and call ruleset zero ###
+### (used for recursive calls) ###
+##############################################################
+
+SRecurse=97
+R$* $: $>canonify $1
+R$* $@ $>parse $1
+
+
+######################################
+### Ruleset 0 -- Parse Address ###
+######################################
+
+Sparse=0
+
+R$* $: $>Parse0 $1 initial parsing
+R<@> $#local $: <@> special case error msgs
+R$* $: $>ParseLocal $1 handle local hacks
+R$* $: $>Parse1 $1 final parsing
+
+#
+# Parse0 -- do initial syntax checking and eliminate local addresses.
+# This should either return with the (possibly modified) input
+# or return with a #error mailer. It should not return with a
+# #mailer other than the #error mailer.
+#
+
+SParse0
+R<@> $@ <@> special case error msgs
+R$* : $* ; <@> $#error $@ 5.1.3 $: "553 List:; syntax illegal for recipient addresses"
+R@ <@ $* > < @ $1 > catch "@@host" bogosity
+R<@ $+> $#error $@ 5.1.3 $: "553 User address required"
+R$+ <@> $#error $@ 5.1.3 $: "553 Hostname required"
+R$* $: <> $1
+R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
+R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
+R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "553 Invalid address"
+R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
+R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "553 Colon illegal in host name part"
+R<> $* $1
+R$* < @ . $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
+R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "553 Invalid host name"
+R$* < @ $* @ > $* $#error $@ 5.1.2 $: "553 Invalid route address"
+R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "553 Invalid route address"
+R$* , $~O $* $#error $@ 5.1.3 $: "553 Invalid route address"
+
+
+# now delete the local info -- note $=O to find characters that cause forwarding
+R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
+R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
+R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
+R< @ $+ > $#error $@ 5.1.3 $: "553 User address required"
+R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
+R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
+R< @ *LOCAL* > $#error $@ 5.1.3 $: "553 User address required"
+R$* $=O $* < @ *LOCAL* >
+ $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
+R$* < @ *LOCAL* > $: $1
+
+#
+# Parse1 -- the bottom half of ruleset 0.
+#
+
+SParse1
+
+# handle numeric address spec
+R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
+R$* < @ [ $+ ] > $* $1 < @ [ $2 ] : $S > $3 Add smart host to path
+R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
+R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
+R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer
+
+
+# short circuit local delivery so forwarded email works
+
+
+R$=L < @ $=w . > $#local $: @ $1 special local names
+R$+ < @ $=w . > $#local $: $1 regular local name
+
+
+# resolve remotely connected UUCP links (if any)
+
+# resolve fake top level domains by forwarding to other hosts
+
+
+
+# pass names that still have a host to a smarthost (if defined)
+R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name
+
+# deal with other remote names
+R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
+
+# handle locally delivered names
+R$=L $#local $: @ $1 special local names
+R$+ $#local $: $1 regular local names
+
+###########################################################################
+### Ruleset 5 -- special rewriting after aliases have been expanded ###
+###########################################################################
+
+SLocal_localaddr
+Slocaladdr=5
+R$+ $: $1 $| $>"Local_localaddr" $1
+R$+ $| $#ok $@ $1 no change
+R$+ $| $#$* $#$2
+R$+ $| $* $: $1
+
+
+
+
+# deal with plussed users so aliases work nicely
+R$+ + * $#local $@ $&h $: $1
+R$+ + $* $#local $@ + $2 $: $1 + *
+
+# prepend an empty "forward host" on the front
+R$+ $: <> $1
+
+
+
+R< > $+ $: < > < $1 <> $&h > nope, restore +detail
+
+R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
+R< > < $+ <> $* > $: < > < $1 > else discard
+R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
+R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra +
+R< > < $+ > $@ $1 no +detail
+R$+ $: $1 <> $&h add +detail back in
+
+R$+ <> + $* $: $1 + $2 check whether +detail
+R$+ <> $* $: $1 else discard
+R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
+R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension
+
+R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
+
+R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >
+
+
+###################################################################
+### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
+###################################################################
+
+SMailerToTriple=95
+R< > $* $@ $1 strip off null relay
+R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
+R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2
+R< local : $* > $* $>CanonLocal < $1 > $2
+R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
+R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
+R< $=w > $* $@ $2 delete local host
+R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer
+
+###################################################################
+### Ruleset CanonLocal -- canonify local: syntax ###
+###################################################################
+
+SCanonLocal
+# strip local host from routed addresses
+R< $* > < @ $+ > : $+ $@ $>Recurse $3
+R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4
+
+# strip trailing dot from any host name that may appear
+R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 >
+
+# handle local: syntax -- use old user, either with or without host
+R< > $* < @ $* > $* $#local $@ $1@$2 $: $1
+R< > $+ $#local $@ $1 $: $1
+
+# handle local:user@host syntax -- ignore host part
+R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 >
+
+# handle local:user syntax
+R< $+ > $* <@ $* > $* $#local $@ $2@$3 $: $1
+R< $+ > $* $#local $@ $2 $: $1
+
+###################################################################
+### Ruleset 93 -- convert header names to masqueraded form ###
+###################################################################
+
+SMasqHdr=93
+
+
+# do not masquerade anything in class N
+R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
+
+R$* < @ *LOCAL* > $@ $1 < @ $j . >
+
+###################################################################
+### Ruleset 94 -- convert envelope names to masqueraded form ###
+###################################################################
+
+SMasqEnv=94
+R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
+
+###################################################################
+### Ruleset 98 -- local part of ruleset zero (can be null) ###
+###################################################################
+
+SParseLocal=98
+
+
+
+
+######################################################################
+### CanonAddr -- Convert an address into a standard form for
+### relay checking. Route address syntax is
+### crudely converted into a %-hack address.
+###
+### Parameters:
+### $1 -- full recipient address
+###
+### Returns:
+### parsed address, not in source route form
+######################################################################
+
+SCanonAddr
+R$* $: $>Parse0 $>canonify $1 make domain canonical
+
+
+######################################################################
+### ParseRecipient -- Strip off hosts in $=R as well as possibly
+### $* $=m or the access database.
+### Check user portion for host separators.
+###
+### Parameters:
+### $1 -- full recipient address
+###
+### Returns:
+### parsed, non-local-relaying address
+######################################################################
+
+SParseRecipient
+R$* $: <?> $>CanonAddr $1
+R<?> $* < @ $* . > <?> $1 < @ $2 > strip trailing dots
+R<?> $- < @ $* > $: <?> $(dequote $1 $) < @ $2 > dequote local part
+
+# if no $=O character, no host in the user portion, we are done
+R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4>
+R<?> $* $@ $1
+
+
+R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 >
+
+
+
+R<RELAY> $* < @ $* > $@ $>ParseRecipient $1
+R<$+> $* $@ $2
+
+
+######################################################################
+### check_relay -- check hostname/address on SMTP startup
+######################################################################
+
+SLocal_check_relay
+Scheck_relay
+R$* $: $1 $| $>"Local_check_relay" $1
+R$* $| $* $| $#$* $#$3
+R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2
+
+SBasic_check_relay
+# check for deferred delivery mode
+R$* $: < ${deliveryMode} > $1
+R< d > $* $@ deferred
+R< $* > $* $: $2
+
+
+
+
+######################################################################
+### check_mail -- check SMTP `MAIL FROM:' command argument
+######################################################################
+
+SLocal_check_mail
+Scheck_mail
+R$* $: $1 $| $>"Local_check_mail" $1
+R$* $| $#$* $#$2
+R$* $| $* $@ $>"Basic_check_mail" $1
+
+SBasic_check_mail
+# check for deferred delivery mode
+R$* $: < ${deliveryMode} > $1
+R< d > $* $@ deferred
+R< $* > $* $: $2
+
+# authenticated?
+R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
+R$* $| $#$+ $#$2
+R$* $| $* $: $1
+
+R<> $@ <OK> we MUST accept <> (RFC 1123)
+R$+ $: <?> $1
+R<?><$+> $: <@> <$1>
+R<?>$+ $: <@> <$1>
+R$* $: $&{daemon_flags} $| $1
+R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
+R$* u $* $| <@> < $* > $: <?> < $3 >
+R$* $| $* $: $2
+# handle case of @localhost on address
+R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
+R<@> < $* @ [127.0.0.1] >
+ $: < ? $&{client_name} > < $1 @ [127.0.0.1] >
+R<@> < $* @ localhost.$m >
+ $: < ? $&{client_name} > < $1 @ localhost.$m >
+R<@> < $* @ localhost.UUCP >
+ $: < ? $&{client_name} > < $1 @ localhost.UUCP >
+R<@> $* $: $1 no localhost as domain
+R<? $=w> $* $: $2 local client: ok
+R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for sender address"
+R<?> $* $: $1
+R$* $: <?> $>CanonAddr $1 canonify sender address and mark it
+R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots
+# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
+R<?> $* < @ $* $=P > $: <OK> $1 < @ $2 $3 >
+R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 >
+R<? $* <$->> $* < @ $+ >
+ $: <$2> $3 < @ $4 >
+
+
+# handle case of no @domain on address
+R<?> $* $: $&{daemon_flags} $| <?> $1
+R$* u $* $| <?> $* $: <OKR> $3
+R$* $| $* $: $2
+R<?> $* $: < ? $&{client_name} > $1
+R<?> $* $@ <OK> ...local unqualed ok
+R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f
+ ...remote is not
+# check results
+R<?> $* $: @ $1 mark address: nothing known about it
+R<$={ResOk}> $* $@ <OKR> domain ok: stop
+R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
+R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
+
+######################################################################
+### check_rcpt -- check SMTP `RCPT TO:' command argument
+######################################################################
+
+SLocal_check_rcpt
+Scheck_rcpt
+R$* $: $1 $| $>"Local_check_rcpt" $1
+R$* $| $#$* $#$2
+R$* $| $* $@ $>"Basic_check_rcpt" $1
+
+SBasic_check_rcpt
+# empty address?
+R<> $#error $@ nouser $: "553 User address required"
+R$@ $#error $@ nouser $: "553 User address required"
+# check for deferred delivery mode
+R$* $: < ${deliveryMode} > $1
+R< d > $* $@ deferred
+R< $* > $* $: $2
+
+
+######################################################################
+R$* $: $1 $| @ $>"Rcpt_ok" $1
+R$* $| @ $#TEMP $+ $: $1 $| T $2
+R$* $| @ $#$* $#$2
+R$* $| @ RELAY $@ RELAY
+R$* $| @ $* $: O $| $>"Relay_ok" $1
+R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
+R$* $| $#TEMP $+ $#error $2
+R$* $| $#$* $#$2
+R$* $| RELAY $@ RELAY
+R T $+ $| $* $#error $1
+# anything else is bogus
+R$* $#error $@ 5.7.1 $: "550 Relaying denied"
+
+
+######################################################################
+### Rcpt_ok: is the recipient ok?
+######################################################################
+SRcpt_ok
+R$* $: $>ParseRecipient $1 strip relayable hosts
+
+
+
+
+# authenticated via TLS?
+R$* $: $1 $| $>RelayTLS client authenticated?
+R$* $| $# $+ $# $2 error/ok?
+R$* $| $* $: $1 no
+
+R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
+R$* $| $# $* $# $2
+R$* $| NO $: $1
+R$* $| $* $: $1 $| $&{auth_type}
+R$* $| $: $1
+R$* $| $={TrustAuthMech} $# RELAY
+R$* $| $* $: $1
+# anything terminating locally is ok
+R$+ < @ $=w > $@ RELAY
+R$+ < @ $* $=R > $@ RELAY
+
+
+
+# check for local user (i.e. unqualified address)
+R$* $: <?> $1
+R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 >
+# local user is ok
+R<?> $+ $@ RELAY
+R<$+> $* $: $2
+
+######################################################################
+### Relay_ok: is the relay/sender ok?
+######################################################################
+SRelay_ok
+# anything originating locally is ok
+# check IP address
+R$* $: $&{client_addr}
+R$@ $@ RELAY originated locally
+R0 $@ RELAY originated locally
+R$=R $* $@ RELAY relayable IP address
+R$* $: [ $1 ] put brackets around it...
+R$=w $@ RELAY ... and see if it is local
+
+
+# check client name: first: did it resolve?
+R$* $: < $&{client_resolve} >
+R<TEMP> $#TEMP $@ 4.7.1 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
+R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
+R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
+R$* $: <@> $&{client_name}
+R<@> $@ RELAY
+# pass to name server to make hostname canonical
+R<@> $* $=P $:<?> $1 $2
+R<@> $+ $:<?> $[ $1 $]
+R$* . $1 strip trailing dots
+R<?> $=w $@ RELAY
+R<?> $* $=R $@ RELAY
+
+
+
+
+######################################################################
+### trust_auth: is user trusted to authenticate as someone else?
+###
+### Parameters:
+### $1: AUTH= parameter from MAIL command
+######################################################################
+
+SLocal_trust_auth
+Strust_auth
+R$* $: $&{auth_type} $| $1
+# required by RFC 2554 section 4.
+R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated"
+R$* $| $&{auth_authen} $@ identical
+R$* $| <$&{auth_authen}> $@ identical
+R$* $| $* $: $1 $| $>"Local_trust_auth" $1
+R$* $| $#$* $#$2
+R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
+
+######################################################################
+### Relay_Auth: allow relaying based on authentication?
+###
+### Parameters:
+### $1: ${auth_type}
+######################################################################
+SLocal_Relay_Auth
+
+
+
+######################################################################
+### tls_client: is connection with client "good" enough?
+### (done in server)
+###
+### Parameters:
+### ${verify} $| (MAIL|STARTTLS)
+######################################################################
+Stls_client
+R$* $| $* $@ $>"TLS_connection" $1
+
+######################################################################
+### tls_server: is connection with server "good" enough?
+### (done in client)
+###
+### Parameter:
+### ${verify}
+######################################################################
+Stls_server
+R$* $@ $>"TLS_connection" $1
+
+######################################################################
+### TLS_connection: is TLS connection "good" enough?
+###
+### Parameters:
+### ${verify}
+### Requirement: RHS from access map, may be ? for none.
+######################################################################
+STLS_connection
+RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake."
+
+
+######################################################################
+### RelayTLS: allow relaying based on TLS authentication
+###
+### Parameters:
+### none
+######################################################################
+SRelayTLS
+# authenticated?
+
+######################################################################
+### authinfo: lookup authinfo in the access map
+###
+### Parameters:
+### $1: {server_name}
+### $2: {server_addr}
+######################################################################
+Sauthinfo
+
+
+
+
+SLocal_localaddr
+R$+ $: $>ParseRecipient $1
+R$* < @ $+ > $* $#relay $@ ${MTAHost} $: $1 < @ $2 > $3
+# DECnet
+R$+ :: $+ $#relay $@ ${MTAHost} $: $1 :: $2
+R$* $#relay $@ ${MTAHost} $: $1 < @ $j >
+#
+######################################################################
+######################################################################
+#####
+##### MAIL FILTER DEFINITIONS
+#####
+######################################################################
+######################################################################
+
+#
+######################################################################
+######################################################################
+#####
+##### MAILER DEFINITIONS
+#####
+######################################################################
+######################################################################
+
+
+##################################################
+### Local and Program Mailer specification ###
+##################################################
+
+##### $Id: local.m4,v 8.58 2000/10/26 01:58:29 ca Exp $ #####
+
+#
+# Envelope sender rewriting
+#
+SEnvFromL
+R<@> $n errors to mailer-daemon
+R@ <@ $*> $n temporarily bypass Sun bogosity
+R$+ $: $>AddDomain $1 add local domain if needed
+R$* $: $>MasqEnv $1 do masquerading
+
+#
+# Envelope recipient rewriting
+#
+SEnvToL
+R$+ < @ $* > $: $1 strip host part
+R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type
+R<e s> $+ + $* $: $1 remove +detail for sender
+R< $* > $+ $: $2 else remove mark
+
+#
+# Header sender rewriting
+#
+SHdrFromL
+R<@> $n errors to mailer-daemon
+R@ <@ $*> $n temporarily bypass Sun bogosity
+R$+ $: $>AddDomain $1 add local domain if needed
+R$* $: $>MasqHdr $1 do masquerading
+
+#
+# Header recipient rewriting
+#
+SHdrToL
+R$+ $: $>AddDomain $1 add local domain if needed
+R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
+
+#
+# Common code to add local domain name (only if always-add-domain)
+#
+SAddDomain
+
+Mlocal, P=[IPC], F=lmDFMuXkw5, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
+ T=DNS/RFC822/SMTP,
+ A=TCP $h
+Mprog, P=[IPC], F=lmDFMuXk5, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/,
+ T=X-Unix/X-Unix/X-Unix,
+ A=TCP $h
+
+#####################################
+### SMTP Mailer specification ###
+#####################################
+
+##### $Id: smtp.m4,v 8.64 2001/04/03 01:52:54 gshapiro Exp $ #####
+
+#
+# common sender and masquerading recipient rewriting
+#
+SMasqSMTP
+R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
+R$+ $@ $1 < @ *LOCAL* > add local qualification
+
+#
+# convert pseudo-domain addresses to real domain addresses
+#
+SPseudoToReal
+
+# pass <route-addr>s through
+R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr>
+
+# output fake domains as user%fake@relay
+
+# do UUCP heuristics; note that these are shared with UUCP mailers
+R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form
+R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form
+
+# leave these in .UUCP form to avoid further tampering
+R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
+R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
+R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
+R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
+R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part
+R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY
+
+
+#
+# envelope sender rewriting
+#
+SEnvFromSMTP
+R$+ $: $>PseudoToReal $1 sender/recipient common
+R$* :; <@> $@ list:; special case
+R$* $: $>MasqSMTP $1 qualify unqual'ed names
+R$+ $: $>MasqEnv $1 do masquerading
+
+
+#
+# envelope recipient rewriting --
+# also header recipient if not masquerading recipients
+#
+SEnvToSMTP
+R$+ $: $>PseudoToReal $1 sender/recipient common
+R$+ $: $>MasqSMTP $1 qualify unqual'ed names
+R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
+
+#
+# header sender and masquerading header recipient rewriting
+#
+SHdrFromSMTP
+R$+ $: $>PseudoToReal $1 sender/recipient common
+R:; <@> $@ list:; special case
+
+# do special header rewriting
+R$* <@> $* $@ $1 <@> $2 pass null host through
+R< @ $* > $* $@ < @ $1 > $2 pass route-addr through
+R$* $: $>MasqSMTP $1 qualify unqual'ed names
+R$+ $: $>MasqHdr $1 do masquerading
+
+
+#
+# relay mailer header masquerading recipient rewriting
+#
+SMasqRelay
+R$+ $: $>MasqSMTP $1
+R$+ $: $>MasqHdr $1
+
+Msmtp, P=[IPC], F=mDFMuXk05, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
+ T=DNS/RFC822/SMTP,
+ A=TCP $h
+Mesmtp, P=[IPC], F=mDFMuXak05, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
+ T=DNS/RFC822/SMTP,
+ A=TCP $h
+Msmtp8, P=[IPC], F=mDFMuX8k05, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
+ T=DNS/RFC822/SMTP,
+ A=TCP $h
+Mdsmtp, P=[IPC], F=mDFMuXa%k05, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
+ T=DNS/RFC822/SMTP,
+ A=TCP $h
+Mrelay, P=[IPC], F=mDFMuXa8k0, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040,
+ T=DNS/RFC822/SMTP,
+ A=TCP $h
+
diff --git a/contrib/sendmail/cf/cf/submit.mc b/contrib/sendmail/cf/cf/submit.mc
new file mode 100644
index 000000000000..f27dc1c57e88
--- /dev/null
+++ b/contrib/sendmail/cf/cf/submit.mc
@@ -0,0 +1,22 @@
+divert(-1)
+#
+# Copyright (c) 2001 Sendmail, Inc. and its suppliers.
+# All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+#
+# This is the prototype file for a set-group-ID sm-msp sendmail that
+# acts as a initial mail submission program.
+#
+
+divert(0)dnl
+VERSIONID(`$Id: submit.mc,v 8.5 2001/09/08 01:20:53 gshapiro Exp $')
+define(`confCF_VERSION', `Submit')dnl
+define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
+define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
+FEATURE(`msp')dnl
diff --git a/contrib/sendmail/cf/cf/tcpproto.mc b/contrib/sendmail/cf/cf/tcpproto.mc
index de90c527ff93..969cb71f2ec6 100644
--- a/contrib/sendmail/cf/cf/tcpproto.mc
+++ b/contrib/sendmail/cf/cf/tcpproto.mc
@@ -26,7 +26,7 @@ divert(-1)
#
divert(0)dnl
-VERSIONID(`$Id: tcpproto.mc,v 8.13.22.1 2000/08/03 15:25:20 ca Exp $')
+VERSIONID(`$Id: tcpproto.mc,v 8.14 2000/08/03 15:26:50 ca Exp $')
OSTYPE(`unknown')
FEATURE(`nouucp', `reject')
MAILER(`local')
diff --git a/contrib/sendmail/cf/feature/access_db.m4 b/contrib/sendmail/cf/feature/access_db.m4
index 14a8fe89e734..256b2815f356 100644
--- a/contrib/sendmail/cf/feature/access_db.m4
+++ b/contrib/sendmail/cf/feature/access_db.m4
@@ -1,6 +1,6 @@
divert(-1)
#
-# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers.
# All rights reserved.
#
# By using this file, you agree to the terms and conditions set
@@ -10,14 +10,28 @@ divert(-1)
#
divert(0)
-VERSIONID(`$Id: access_db.m4,v 8.15 1999/07/22 17:55:34 gshapiro Exp $')
+VERSIONID(`$Id: access_db.m4,v 8.23 2001/03/16 00:51:25 gshapiro Exp $')
divert(-1)
define(`_ACCESS_TABLE_', `')
define(`_TAG_DELIM_', `:')dnl should be in OperatorChars
+ifelse(lower(_ARG2_),`skip',`define(`_ACCESS_SKIP_', `1')')
+ifelse(lower(_ARG2_),`lookupdotdomain',`define(`_LOOKUPDOTDOMAIN_', `1')')
+ifelse(lower(_ARG3_),`skip',`define(`_ACCESS_SKIP_', `1')')
+ifelse(lower(_ARG3_),`lookupdotdomain',`define(`_LOOKUPDOTDOMAIN_', `1')')
+define(`_ATMPF_', `<TMPF>')dnl
+dnl check whether arg contains -T`'_ATMPF_
+ifelse(defn(`_ARG_'), `', `',
+ defn(`_ARG_'), `LDAP', `',
+ `ifelse(index(_ARG_, _ATMPF_), `-1',
+ `errprint(`*** WARNING: missing -T'_ATMPF_` in argument of FEATURE(`access_db',' defn(`_ARG_')`)
+')
+ define(`_ABP_', index(_ARG_, ` '))
+ define(`_NARG_', `substr(_ARG_, 0, _ABP_) -T'_ATMPF_` substr(_ARG_, _ABP_)')
+')')
LOCAL_CONFIG
# Access list database (for spam stomping)
-Kaccess ifelse(defn(`_ARG_'), `',
- DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`access',
- `_ARG_')
+Kaccess ifelse(defn(`_ARG_'), `', DATABASE_MAP_TYPE -T`'_ATMPF_ MAIL_SETTINGS_DIR`access',
+ defn(`_ARG_'), `LDAP', `ldap -T`'_ATMPF_ -1 -v sendmailMTAMapValue -k (&(objectClass=sendmailMTAMapObject)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAMapName=access)(sendmailMTAKey=%0))',
+ defn(`_NARG_'), `', `_ARG_', `_NARG_')
diff --git a/contrib/sendmail/cf/feature/allmasquerade.m4 b/contrib/sendmail/cf/feature/allmasquerade.m4
index bbb866025f41..aa264f961d27 100644
--- a/contrib/sendmail/cf/feature/allmasquerade.m4
+++ b/contrib/sendmail/cf/feature/allmasquerade.m4
@@ -1,6 +1,6 @@
divert(-1)
#
-# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
@@ -13,7 +13,13 @@ divert(-1)
#
divert(0)
-VERSIONID(`$Id: allmasquerade.m4,v 8.11 1999/08/06 01:28:26 gshapiro Exp $')
+VERSIONID(`$Id: allmasquerade.m4,v 8.13 2000/09/12 22:00:53 ca Exp $')
divert(-1)
+ifdef(`_MAILER_local_',
+ `errprint(`*** MAILER(`local') must appear after FEATURE(`allmasquerade')')
+')dnl
+ifdef(`_MAILER_uucp_',
+ `errprint(`*** MAILER(`uucp') must appear after FEATURE(`allmasquerade')')
+')dnl
define(`_ALL_MASQUERADE_', 1)
diff --git a/contrib/sendmail/cf/feature/always_add_domain.m4 b/contrib/sendmail/cf/feature/always_add_domain.m4
index 3ea174bd5147..a29956a635b4 100644
--- a/contrib/sendmail/cf/feature/always_add_domain.m4
+++ b/contrib/sendmail/cf/feature/always_add_domain.m4
@@ -1,6 +1,6 @@
divert(-1)
#
-# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
@@ -13,7 +13,10 @@ divert(-1)
#
divert(0)
-VERSIONID(`$Id: always_add_domain.m4,v 8.9 1999/02/07 07:26:08 gshapiro Exp $')
+VERSIONID(`$Id: always_add_domain.m4,v 8.11 2000/09/12 22:00:53 ca Exp $')
divert(-1)
-define(`_ALWAYS_ADD_DOMAIN_', 1)
+ifdef(`_MAILER_local_',
+ `errprint(`*** MAILER(`local') must appear after FEATURE(`always_add_domain')')
+')dnl
+define(`_ALWAYS_ADD_DOMAIN_', ifelse(len(X`'_ARG_),`1',`',_ARG_))
diff --git a/contrib/sendmail/cf/feature/authinfo.m4 b/contrib/sendmail/cf/feature/authinfo.m4
new file mode 100644
index 000000000000..3533d3067946
--- /dev/null
+++ b/contrib/sendmail/cf/feature/authinfo.m4
@@ -0,0 +1,22 @@
+divert(-1)
+#
+# Copyright (c) 2000-2001 Sendmail, Inc. and its suppliers.
+# All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+divert(0)
+VERSIONID(`$Id: authinfo.m4,v 1.7 2001/03/16 00:51:25 gshapiro Exp $')
+divert(-1)
+
+define(`_AUTHINFO_TABLE_', `')
+
+LOCAL_CONFIG
+# authinfo list database: contains info for authentication as client
+Kauthinfo ifelse(defn(`_ARG_'), `', DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`authinfo',
+ defn(`_ARG_'), `LDAP', `ldap -1 -v sendmailMTAMapValue -k (&(objectClass=sendmailMTAMapObject)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAMapName=authinfo)(sendmailMTAKey=%0))',
+ `_ARG_')
diff --git a/contrib/sendmail/cf/feature/bestmx_is_local.m4 b/contrib/sendmail/cf/feature/bestmx_is_local.m4
index 22c87233caa2..911d2b542192 100644
--- a/contrib/sendmail/cf/feature/bestmx_is_local.m4
+++ b/contrib/sendmail/cf/feature/bestmx_is_local.m4
@@ -1,6 +1,6 @@
divert(-1)
#
-# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
@@ -13,10 +13,10 @@ divert(-1)
#
divert(0)
-VERSIONID(`$Id: bestmx_is_local.m4,v 8.24 1999/10/18 21:50:24 ca Exp $')
+VERSIONID(`$Id: bestmx_is_local.m4,v 8.26 2000/09/17 17:30:00 gshapiro Exp $')
divert(-1)
-define(_BESTMX_IS_LOCAL_, _ARG_)
+define(`_BESTMX_IS_LOCAL_', _ARG_)
LOCAL_CONFIG
# turn on bestMX lookup table
diff --git a/contrib/sendmail/cf/feature/bitdomain.m4 b/contrib/sendmail/cf/feature/bitdomain.m4
index 7ac7304af06d..3232be80d316 100644
--- a/contrib/sendmail/cf/feature/bitdomain.m4
+++ b/contrib/sendmail/cf/feature/bitdomain.m4
@@ -1,6 +1,6 @@
divert(-1)
#
-# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998, 1999, 2001 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
@@ -13,13 +13,13 @@ divert(-1)
#
divert(0)
-VERSIONID(`$Id: bitdomain.m4,v 8.23 1999/07/22 17:55:34 gshapiro Exp $')
+VERSIONID(`$Id: bitdomain.m4,v 8.28 2001/03/16 00:51:25 gshapiro Exp $')
divert(-1)
define(`_BITDOMAIN_TABLE_', `')
LOCAL_CONFIG
# BITNET mapping table
-Kbitdomain ifelse(defn(`_ARG_'), `',
- DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`bitdomain',
+Kbitdomain ifelse(defn(`_ARG_'), `', DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`bitdomain',
+ defn(`_ARG_'), `LDAP', `ldap -1 -v sendmailMTAMapValue -k (&(objectClass=sendmailMTAMapObject)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAMapName=bitdomain)(sendmailMTAKey=%0))',
`_ARG_')
diff --git a/contrib/sendmail/cf/feature/compat_check.m4 b/contrib/sendmail/cf/feature/compat_check.m4
new file mode 100644
index 000000000000..9f1fe93dc8ce
--- /dev/null
+++ b/contrib/sendmail/cf/feature/compat_check.m4
@@ -0,0 +1,33 @@
+divert(-1)
+#
+# Copyright (c) 2000-2001 Sendmail, Inc. and its suppliers.
+# All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+divert(0)
+VERSIONID(`$Id: compat_check.m4,v 1.3 2001/11/21 18:40:06 ca Exp $')
+divert(-1)
+ifdef(`_ACCESS_TABLE_', `',
+`errprint(`FEATURE(`compat_check') requires FEATURE(`access_db')
+')')
+
+LOCAL_RULESETS
+Scheck_compat
+# look up the pair of addresses
+# (we use <@> as the separator. Note this in the map too!)
+R< $+ > $| $+ $: $1 $| $2
+R$+ $| < $+ > $: $1 $| $2
+R$+ $| $+ $: <$(access Compat:$1<@>$2 $:OK $)>
+R$* $| $* $@ ok
+# act on the result,
+# it must be one of the following... anything else will be allowed..
+dnl for consistency with the other two even though discard does not take an
+dnl reply code
+R< DISCARD:$* > $#discard $: $1 " - discarded by check_compat"
+R< DISCARD $* > $#discard $: $1 " - discarded by check_compat"
+R< TEMP:$* > $#error $@ TEMPFAIL $: $1 " error from check_compat. Try again later"
+R< ERROR:$* > $#error $@ UNAVAILABLE $: $1 " error from check_compat"
diff --git a/contrib/sendmail/cf/feature/delay_checks.m4 b/contrib/sendmail/cf/feature/delay_checks.m4
index 15925254525e..151df956668f 100644
--- a/contrib/sendmail/cf/feature/delay_checks.m4
+++ b/contrib/sendmail/cf/feature/delay_checks.m4
@@ -10,7 +10,7 @@ divert(-1)
#
divert(0)
-VERSIONID(`$Id: delay_checks.m4,v 8.7 2000/02/26 01:32:02 gshapiro Exp $')
+VERSIONID(`$Id: delay_checks.m4,v 8.8 2000/12/05 18:50:45 ca Exp $')
divert(-1)
define(`_DELAY_CHECKS_', 1)
@@ -20,3 +20,6 @@ ifelse(defn(`_ARG_'), `', `',
`errprint(`*** ERROR: illegal argument _ARG_ for FEATURE(delay_checks)
')
')
+
+dnl be backward compatible by default
+ifelse(len(X`'_ARG2_), `1', `define(`_DELAY_COMPAT_8_10_', 1)', `')
diff --git a/contrib/sendmail/cf/feature/dnsbl.m4 b/contrib/sendmail/cf/feature/dnsbl.m4
index e5fd48992f6f..8cfb98e91d2e 100644
--- a/contrib/sendmail/cf/feature/dnsbl.m4
+++ b/contrib/sendmail/cf/feature/dnsbl.m4
@@ -1,6 +1,6 @@
divert(-1)
#
-# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers.
# All rights reserved.
#
# By using this file, you agree to the terms and conditions set
@@ -11,15 +11,22 @@ divert(-1)
divert(0)
ifdef(`_DNSBL_R_',`dnl',`dnl
-VERSIONID(`$Id: dnsbl.m4,v 8.18.16.1 2000/11/22 01:13:21 ca Exp $')')
+VERSIONID(`$Id: dnsbl.m4,v 8.26 2001/11/12 16:04:14 ca Exp $')
+define(`_DNSBL_R_',`')
+LOCAL_CONFIG
+# map for DNS based blacklist lookups
+Kdnsbl host -T<TMP>ifdef(`DNSBL_MAP_OPT',` DNSBL_MAP_OPT')')
divert(-1)
define(`_DNSBL_SRV_', `ifelse(len(X`'_ARG_),`1',`blackholes.mail-abuse.org',_ARG_)')dnl
define(`_DNSBL_MSG_', `ifelse(len(X`'_ARG2_),`1',`"550 Mail from " $`'&{client_addr} " refused by blackhole site '_DNSBL_SRV_`"',`_ARG2_')')dnl
+define(`_DNSBL_MSG_TMP_', `ifelse(_ARG3_,`t',`"451 Temporary lookup failure of " $`'&{client_addr} " at '_DNSBL_SRV_`"',`_ARG3_')')dnl
divert(8)
# DNS based IP address spam list _DNSBL_SRV_
R$* $: $&{client_addr}
-R::ffff:$-.$-.$-.$- $: <?> $(host $4.$3.$2.$1._DNSBL_SRV_. $: OK $)
-R$-.$-.$-.$- $: <?> $(host $4.$3.$2.$1._DNSBL_SRV_. $: OK $)
+R$-.$-.$-.$- $: <?> $(dnsbl $4.$3.$2.$1._DNSBL_SRV_. $: OK $)
R<?>OK $: OKSOFAR
+ifelse(len(X`'_ARG3_),`1',
+`R<?>$+<TMP> $: TMPOK',
+`R<?>$+<TMP> $#error $@ 4.7.1 $: _DNSBL_MSG_TMP_')
R<?>$+ $#error $@ 5.7.1 $: _DNSBL_MSG_
divert(-1)
diff --git a/contrib/sendmail/cf/feature/domaintable.m4 b/contrib/sendmail/cf/feature/domaintable.m4
index b609ec9a7732..b04b4971b863 100644
--- a/contrib/sendmail/cf/feature/domaintable.m4
+++ b/contrib/sendmail/cf/feature/domaintable.m4
@@ -1,6 +1,6 @@
divert(-1)
#
-# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998, 1999, 2001 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
@@ -13,13 +13,13 @@ divert(-1)
#
divert(0)
-VERSIONID(`$Id: domaintable.m4,v 8.17 1999/07/22 17:55:35 gshapiro Exp $')
+VERSIONID(`$Id: domaintable.m4,v 8.22 2001/03/16 00:51:25 gshapiro Exp $')
divert(-1)
define(`_DOMAIN_TABLE_', `')
LOCAL_CONFIG
# Domain table (adding domains)
-Kdomaintable ifelse(defn(`_ARG_'), `',
- DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`domaintable',
+Kdomaintable ifelse(defn(`_ARG_'), `', DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`domaintable',
+ defn(`_ARG_'), `LDAP', `ldap -1 -v sendmailMTAMapValue -k (&(objectClass=sendmailMTAMapObject)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAMapName=domain)(sendmailMTAKey=%0))',
`_ARG_')
diff --git a/contrib/sendmail/cf/feature/enhdnsbl.m4 b/contrib/sendmail/cf/feature/enhdnsbl.m4
new file mode 100644
index 000000000000..e254ad4b04a5
--- /dev/null
+++ b/contrib/sendmail/cf/feature/enhdnsbl.m4
@@ -0,0 +1,44 @@
+divert(-1)
+#
+# Copyright (c) 2000-2001 Sendmail, Inc. and its suppliers.
+# All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+divert(0)
+ifdef(`_EDNSBL_R_',`dnl',`dnl
+VERSIONID(`$Id: enhdnsbl.m4,v 1.7 2001/07/22 18:02:52 ca Exp $')
+LOCAL_CONFIG
+define(`_EDNSBL_R_',`')dnl
+# map for enhanced DNS based blacklist lookups
+Kednsbl dns -R A -a. -T<TMP> -r`'ifdef(`EDNSBL_TO',`EDNSBL_TO',`5')
+')
+divert(-1)
+define(`_EDNSBL_SRV_', `ifelse(len(X`'_ARG_),`1',`blackholes.mail-abuse.org',_ARG_)')dnl
+define(`_EDNSBL_MSG_', `ifelse(len(X`'_ARG2_),`1',`"550 Mail from " $`'&{client_addr} " refused by blackhole site '_EDNSBL_SRV_`"',`_ARG2_')')dnl
+define(`_EDNSBL_MSG_TMP_', `ifelse(_ARG3_,`t',`"451 Temporary lookup failure of " $`'&{client_addr} " at '_EDNSBL_SRV_`"',`_ARG3_')')dnl
+define(`_EDNSBL_MATCH_', `ifelse(len(X`'_ARG4_),`1',`$`'+',_ARG4_)')dnl
+divert(8)
+# DNS based IP address spam list _EDNSBL_SRV_
+R$* $: $&{client_addr}
+R$-.$-.$-.$- $: <?> $(ednsbl $4.$3.$2.$1._EDNSBL_SRV_. $: OK $)
+R<?>OK $: OKSOFAR
+ifelse(len(X`'_ARG3_),`1',
+`R<?>$+<TMP> $: TMPOK',
+`R<?>$+<TMP> $#error $@ 4.7.1 $: _EDNSBL_MSG_TMP_')
+R<?>_EDNSBL_MATCH_ $#error $@ 5.7.1 $: _EDNSBL_MSG_
+ifelse(len(X`'_ARG5_),`1',`dnl',
+`R<?>_ARG5_ $#error $@ 5.7.1 $: _EDNSBL_MSG_')
+ifelse(len(X`'_ARG6_),`1',`dnl',
+`R<?>_ARG6_ $#error $@ 5.7.1 $: _EDNSBL_MSG_')
+ifelse(len(X`'_ARG7_),`1',`dnl',
+`R<?>_ARG7_ $#error $@ 5.7.1 $: _EDNSBL_MSG_')
+ifelse(len(X`'_ARG8_),`1',`dnl',
+`R<?>_ARG8_ $#error $@ 5.7.1 $: _EDNSBL_MSG_')
+ifelse(len(X`'_ARG9_),`1',`dnl',
+`R<?>_ARG9_ $#error $@ 5.7.1 $: _EDNSBL_MSG_')
+divert(-1)
diff --git a/contrib/sendmail/cf/feature/genericstable.m4 b/contrib/sendmail/cf/feature/genericstable.m4
index 9104948bdaec..c20022a91850 100644
--- a/contrib/sendmail/cf/feature/genericstable.m4
+++ b/contrib/sendmail/cf/feature/genericstable.m4
@@ -1,6 +1,6 @@
divert(-1)
#
-# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998, 1999, 2001 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
@@ -13,13 +13,13 @@ divert(-1)
#
divert(0)
-VERSIONID(`$Id: genericstable.m4,v 8.16 1999/07/22 17:55:35 gshapiro Exp $')
+VERSIONID(`$Id: genericstable.m4,v 8.21 2001/03/16 00:51:26 gshapiro Exp $')
divert(-1)
define(`_GENERICS_TABLE_', `')
LOCAL_CONFIG
# Generics table (mapping outgoing addresses)
-Kgenerics ifelse(defn(`_ARG_'), `',
- DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`genericstable',
+Kgenerics ifelse(defn(`_ARG_'), `', DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`genericstable',
+ defn(`_ARG_'), `LDAP', `ldap -1 -v sendmailMTAMapValue -k (&(objectClass=sendmailMTAMapObject)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAMapName=generics)(sendmailMTAKey=%0))',
`_ARG_')
diff --git a/contrib/sendmail/cf/feature/ldap_routing.m4 b/contrib/sendmail/cf/feature/ldap_routing.m4
index 7ea0c861f91d..e856da5af9f3 100644
--- a/contrib/sendmail/cf/feature/ldap_routing.m4
+++ b/contrib/sendmail/cf/feature/ldap_routing.m4
@@ -1,6 +1,6 @@
divert(-1)
#
-# Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1999-2001 Sendmail, Inc. and its suppliers.
# All rights reserved.
#
# By using this file, you agree to the terms and conditions set
@@ -10,7 +10,7 @@ divert(-1)
#
divert(0)
-VERSIONID(`$Id: ldap_routing.m4,v 8.5.4.1 2000/07/15 18:05:05 gshapiro Exp $')
+VERSIONID(`$Id: ldap_routing.m4,v 8.8 2001/06/27 21:46:31 gshapiro Exp $')
divert(-1)
# Check first two arguments. If they aren't set, may need to warn in proto.m4
@@ -23,6 +23,11 @@ ifelse(len(X`'_ARG3_), `1', `define(`_LDAP_ROUTING_', `_PASS_THROUGH_')',
_ARG3_, `passthru', `define(`_LDAP_ROUTING_', `_PASS_THROUGH_')',
`define(`_LDAP_ROUTING_', `_MUST_EXIST_')')
+# Check for fouth argument to indicate how to deal with +detail info
+ifelse(len(X`'_ARG4_), `1', `',
+ _ARG4_, `strip', `define(`_LDAP_ROUTE_DETAIL_', `_STRIP_')',
+ _ARG4_, `preserve', `define(`_LDAP_ROUTE_DETAIL_', `_PRESERVE_')')
+
LOCAL_CONFIG
# LDAP routing maps
Kldapmh ifelse(len(X`'_ARG1_), `1',
diff --git a/contrib/sendmail/cf/feature/local_lmtp.m4 b/contrib/sendmail/cf/feature/local_lmtp.m4
index 4b44eab4af78..f3c371b9384f 100644
--- a/contrib/sendmail/cf/feature/local_lmtp.m4
+++ b/contrib/sendmail/cf/feature/local_lmtp.m4
@@ -1,6 +1,6 @@
divert(-1)
#
-# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
# All rights reserved.
#
# By using this file, you agree to the terms and conditions set
@@ -10,7 +10,7 @@ divert(-1)
#
divert(0)
-VERSIONID(`$Id: local_lmtp.m4,v 8.15 1999/11/18 05:06:22 ca Exp $')
+VERSIONID(`$Id: local_lmtp.m4,v 8.16 2000/08/18 18:58:45 ca Exp $')
divert(-1)
ifdef(`_MAILER_local_',
@@ -24,3 +24,4 @@ define(`LOCAL_MAILER_PATH',
define(`LOCAL_MAILER_FLAGS', `PSXfmnz9')
define(`LOCAL_MAILER_ARGS', `mail.local -l')
define(`LOCAL_MAILER_DSN_DIAGNOSTIC_CODE', `SMTP')
+define(`_LOCAL_LMTP_', `1')
diff --git a/contrib/sendmail/cf/feature/local_no_masquerade.m4 b/contrib/sendmail/cf/feature/local_no_masquerade.m4
new file mode 100644
index 000000000000..de2300f2f0e5
--- /dev/null
+++ b/contrib/sendmail/cf/feature/local_no_masquerade.m4
@@ -0,0 +1,18 @@
+divert(-1)
+#
+# Copyright (c) 2000 Sendmail, Inc. and its suppliers.
+# All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+
+divert(0)
+VERSIONID(`$Id: local_no_masquerade.m4,v 1.2 2000/08/03 15:54:59 ca Exp $')
+divert(-1)
+
+ifdef(`_MAILER_local_',
+ `errprint(`*** MAILER(`local') must appear after FEATURE(`local_no_masquerade')')
+')dnl
+define(`_LOCAL_NO_MASQUERADE_', `1')
diff --git a/contrib/sendmail/cf/feature/lookupdotdomain.m4 b/contrib/sendmail/cf/feature/lookupdotdomain.m4
new file mode 100644
index 000000000000..f8c2a31f3022
--- /dev/null
+++ b/contrib/sendmail/cf/feature/lookupdotdomain.m4
@@ -0,0 +1,22 @@
+divert(-1)
+#
+# Copyright (c) 2000 Sendmail, Inc. and its suppliers.
+# All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+divert(0)
+VERSIONID(`$Id: lookupdotdomain.m4,v 1.1 2000/04/13 22:32:49 ca Exp $')
+divert(-1)
+
+ifdef(`_ACCESS_TABLE_',
+ `define(`_LOOKUPDOTDOMAIN_')',
+ `errprint(`*** ERROR: FEATURE(`lookupdotdomain') requires FEATURE(`access_db')
+')')
+ifdef(`_RELAY_HOSTS_ONLY_',
+ `errprint(`*** WARNING: FEATURE(`lookupdotdomain') does not work well with FEATURE(`relay_hosts_only')
+')')
diff --git a/contrib/sendmail/cf/feature/mailertable.m4 b/contrib/sendmail/cf/feature/mailertable.m4
index 08c1bf60eb4e..e4dcd701cd41 100644
--- a/contrib/sendmail/cf/feature/mailertable.m4
+++ b/contrib/sendmail/cf/feature/mailertable.m4
@@ -1,6 +1,6 @@
divert(-1)
#
-# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998, 1999, 2001 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
@@ -13,13 +13,13 @@ divert(-1)
#
divert(0)
-VERSIONID(`$Id: mailertable.m4,v 8.18 1999/07/22 17:55:35 gshapiro Exp $')
+VERSIONID(`$Id: mailertable.m4,v 8.23 2001/03/16 00:51:26 gshapiro Exp $')
divert(-1)
define(`_MAILER_TABLE_', `')
LOCAL_CONFIG
# Mailer table (overriding domains)
-Kmailertable ifelse(defn(`_ARG_'), `',
- DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`mailertable',
+Kmailertable ifelse(defn(`_ARG_'), `', DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`mailertable',
+ defn(`_ARG_'), `LDAP', `ldap -1 -v sendmailMTAMapValue -k (&(objectClass=sendmailMTAMapObject)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAMapName=mailer)(sendmailMTAKey=%0))',
`_ARG_')
diff --git a/contrib/sendmail/cf/feature/msp.m4 b/contrib/sendmail/cf/feature/msp.m4
new file mode 100644
index 000000000000..fa68e0fc0a5a
--- /dev/null
+++ b/contrib/sendmail/cf/feature/msp.m4
@@ -0,0 +1,76 @@
+divert(-1)
+#
+# Copyright (c) 2000-2001 Sendmail, Inc. and its suppliers.
+# All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+divert(0)dnl
+VERSIONID(`$Id: msp.m4,v 1.29 2001/12/13 23:56:38 gshapiro Exp $')
+divert(-1)
+define(`ALIAS_FILE', `')
+define(`confDELIVERY_MODE', `i')
+define(`confUSE_MSP', `True')
+define(`confFORWARD_PATH', `')
+define(`confPRIVACY_FLAGS', `goaway,noetrn,restrictqrun')
+define(`confDONT_PROBE_INTERFACES', `True')
+dnl ---------------------------------------------
+dnl run as this user (even if called by root)
+ifdef(`confRUN_AS_USER',,`define(`confRUN_AS_USER', `smmsp')')
+ifdef(`confTRUSTED_USER',,`define(`confTRUSTED_USER', confRUN_AS_USER)')
+dnl ---------------------------------------------
+dnl This queue directory must have the same group
+dnl as sendmail and it must be group-writable.
+dnl notice: do not test for QUEUE_DIR, it is set in some ostype/*.m4 files
+ifdef(`MSP_QUEUE_DIR',
+`define(`QUEUE_DIR', `MSP_QUEUE_DIR')',
+`define(`QUEUE_DIR', `/var/spool/clientmqueue')')
+define(`_MTA_HOST_', ifelse(defn(`_ARG_'), `', `localhost', `_ARG_'))
+define(`_MSP_FQHN_',`dnl used to qualify addresses
+ifdef(`MASQUERADE_NAME', ifdef(`_MASQUERADE_ENVELOPE_', `$M', `$j'), `$j')')
+define(`RELAY_MAILER_ARGS', `TCP $h'ifelse(_ARG2_, `MSA', ` 587'))
+dnl ---------------------------------------------
+ifdef(`confPID_FILE', `dnl',
+`define(`confPID_FILE', QUEUE_DIR`/sm-client.pid')')
+define(`confQUEUE_FILE_MODE', `0660')dnl
+ifdef(`STATUS_FILE',
+`define(`_F_',
+`define(`_b_', index(STATUS_FILE, `sendmail.st'))ifelse(_b_, `-1', `STATUS_FILE', `substr(STATUS_FILE, 0, _b_)sm-client.st')')
+define(`STATUS_FILE', _F_)
+undefine(`_b_') undefine(`_F_')',
+`define(`STATUS_FILE', QUEUE_DIR`/sm-client.st')')
+FEATURE(`no_default_msa')dnl
+ifelse(defn(`_DPO_'), `',
+`DAEMON_OPTIONS(`Name=NoMTA, Addr=127.0.0.1, M=E')dnl')
+define(`_DEF_LOCAL_MAILER_FLAGS', `')dnl
+define(`_DEF_LOCAL_SHELL_FLAGS', `')dnl
+define(`LOCAL_MAILER_PATH', `[IPC]')dnl
+define(`LOCAL_MAILER_FLAGS', `lmDFMuXkw5')dnl
+define(`LOCAL_MAILER_ARGS', `TCP $h')dnl
+define(`LOCAL_MAILER_DSN_DIAGNOSTIC_CODE', `SMTP')dnl
+define(`LOCAL_SHELL_PATH', `[IPC]')dnl
+define(`LOCAL_SHELL_FLAGS', `lmDFMuXk5')dnl
+define(`LOCAL_SHELL_ARGS', `TCP $h')dnl
+MODIFY_MAILER_FLAGS(`SMTP', `+k05')dnl
+MODIFY_MAILER_FLAGS(`ESMTP', `+k05')dnl
+MODIFY_MAILER_FLAGS(`DSMTP', `+k05')dnl
+MODIFY_MAILER_FLAGS(`SMTP8', `+k05')dnl
+MODIFY_MAILER_FLAGS(`RELAY', `+k0')dnl
+MAILER(`local')dnl
+MAILER(`smtp')dnl
+
+LOCAL_CONFIG
+D{MTAHost}_MTA_HOST_
+
+LOCAL_RULESETS
+SLocal_localaddr
+R$+ $: $>ParseRecipient $1
+R$* < @ $+ > $* $#relay $@ ${MTAHost} $: $1 < @ $2 > $3
+ifdef(`_USE_DECNET_SYNTAX_',
+`# DECnet
+R$+ :: $+ $#relay $@ ${MTAHost} $: $1 :: $2', `dnl')
+R$* $#relay $@ ${MTAHost} $: $1 < @ _MSP_FQHN_ >
diff --git a/contrib/sendmail/cf/feature/no_default_msa.m4 b/contrib/sendmail/cf/feature/no_default_msa.m4
index 0450cdec0525..5a053399fc35 100644
--- a/contrib/sendmail/cf/feature/no_default_msa.m4
+++ b/contrib/sendmail/cf/feature/no_default_msa.m4
@@ -10,7 +10,7 @@ divert(-1)
#
divert(0)
-VERSIONID(`$Id: no_default_msa.m4,v 8.1.10.1 2000/09/17 17:04:22 gshapiro Exp $')
+VERSIONID(`$Id: no_default_msa.m4,v 8.2 2001/02/14 05:03:22 gshapiro Exp $')
divert(-1)
define(`_NO_MSA_', `1')
diff --git a/contrib/sendmail/cf/feature/nullclient.m4 b/contrib/sendmail/cf/feature/nullclient.m4
index fe3767c4b6be..8f35ca1c167f 100644
--- a/contrib/sendmail/cf/feature/nullclient.m4
+++ b/contrib/sendmail/cf/feature/nullclient.m4
@@ -22,7 +22,7 @@ ifelse(defn(`_ARG_'), `', `errprint(`Feature "nullclient" requires argument')',
#
divert(0)
-VERSIONID(`$Id: nullclient.m4,v 8.21.16.3 2000/09/17 17:04:22 gshapiro Exp $')
+VERSIONID(`$Id: nullclient.m4,v 8.24 2000/09/17 17:30:00 gshapiro Exp $')
divert(-1)
undefine(`ALIAS_FILE')
diff --git a/contrib/sendmail/cf/feature/preserve_local_plus_detail.m4 b/contrib/sendmail/cf/feature/preserve_local_plus_detail.m4
new file mode 100644
index 000000000000..bb603a607ba4
--- /dev/null
+++ b/contrib/sendmail/cf/feature/preserve_local_plus_detail.m4
@@ -0,0 +1,16 @@
+divert(-1)
+#
+# Copyright (c) 2000 Sendmail, Inc. and its suppliers.
+# All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+divert(0)
+VERSIONID(`$Id: preserve_local_plus_detail.m4,v 8.1 2000/04/10 05:48:05 gshapiro Exp $')
+divert(-1)
+
+define(`_PRESERVE_LOCAL_PLUS_DETAIL_', `1')
diff --git a/contrib/sendmail/cf/feature/preserve_luser_host.m4 b/contrib/sendmail/cf/feature/preserve_luser_host.m4
new file mode 100644
index 000000000000..b6050d106dd0
--- /dev/null
+++ b/contrib/sendmail/cf/feature/preserve_luser_host.m4
@@ -0,0 +1,19 @@
+divert(-1)
+#
+# Copyright (c) 2000 Sendmail, Inc. and its suppliers.
+# All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+divert(0)
+VERSIONID(`$Id: preserve_luser_host.m4,v 1.2 2000/11/10 18:50:30 ca Exp $')
+divert(-1)
+
+ifdef(`LUSER_RELAY', `',
+`errprint(`*** LUSER_RELAY should be defined before FEATURE(`preserve_luser_host')
+ ')')
+define(`_PRESERVE_LUSER_HOST_', `1')
diff --git a/contrib/sendmail/cf/feature/promiscuous_relay.m4 b/contrib/sendmail/cf/feature/promiscuous_relay.m4
index 86db75fe90f7..17cb7d1d8b0f 100644
--- a/contrib/sendmail/cf/feature/promiscuous_relay.m4
+++ b/contrib/sendmail/cf/feature/promiscuous_relay.m4
@@ -1,6 +1,6 @@
divert(-1)
#
-# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-1999, 2001 Sendmail, Inc. and its suppliers.
# All rights reserved.
#
# By using this file, you agree to the terms and conditions set
@@ -10,7 +10,10 @@ divert(-1)
#
divert(0)
-VERSIONID(`$Id: promiscuous_relay.m4,v 8.10 1999/02/07 07:26:11 gshapiro Exp $')
+VERSIONID(`$Id: promiscuous_relay.m4,v 8.12 2001/02/06 17:14:35 ca Exp $')
divert(-1)
define(`_PROMISCUOUS_RELAY_', 1)
+errprint(`*** WARNING: FEATURE(`promiscuous_relay') configures your system as open
+ relay. Do NOT use it on a server that is connected to the Internet!
+')
diff --git a/contrib/sendmail/cf/feature/queuegroup.m4 b/contrib/sendmail/cf/feature/queuegroup.m4
new file mode 100644
index 000000000000..06715a0f3f8f
--- /dev/null
+++ b/contrib/sendmail/cf/feature/queuegroup.m4
@@ -0,0 +1,27 @@
+divert(-1)
+#
+# Copyright (c) 2001 Sendmail, Inc. and its suppliers.
+# All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+divert(0)
+VERSIONID(`$Id: queuegroup.m4,v 1.4 2001/03/28 00:39:39 ca Exp $')
+divert(-1)
+
+ifdef(`_ACCESS_TABLE_', `',
+ `errprint(`*** ERROR: FEATURE(`queuegroup') requires FEATURE(`access_db')
+')')
+
+LOCAL_RULESETS
+Squeuegroup
+R< $+ > $1
+R $+ @ $+ $: $>SearchList <! qgrp> $| <F:$1@$2> <D:$2> <>
+ifelse(len(X`'_ARG_),`1',
+`R<?> $@',
+`R<?> $# _ARG_')
+R<$+> $# $1
diff --git a/contrib/sendmail/cf/feature/relay_local_from.m4 b/contrib/sendmail/cf/feature/relay_local_from.m4
index 6e1aa807bf98..9858eb8e3b90 100644
--- a/contrib/sendmail/cf/feature/relay_local_from.m4
+++ b/contrib/sendmail/cf/feature/relay_local_from.m4
@@ -1,6 +1,6 @@
divert(-1)
#
-# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-1999, 2001 Sendmail, Inc. and its suppliers.
# All rights reserved.
#
# By using this file, you agree to the terms and conditions set
@@ -10,7 +10,11 @@ divert(-1)
#
divert(0)
-VERSIONID(`$Id: relay_local_from.m4,v 8.5 1999/02/07 07:26:12 gshapiro Exp $')
+VERSIONID(`$Id: relay_local_from.m4,v 8.6 2001/02/06 15:55:21 ca Exp $')
divert(-1)
define(`_RELAY_LOCAL_FROM_', 1)
+errprint(`*** WARNING: FEATURE(`relay_local_from') may cause your system to act as open
+ relay. Use SMTP AUTH or STARTTLS instead. If you cannot use those,
+ try FEATURE(`relay_mail_from').
+')
diff --git a/contrib/sendmail/cf/feature/relay_mail_from.m4 b/contrib/sendmail/cf/feature/relay_mail_from.m4
index f66408dd9f1b..44bcbd670ec5 100644
--- a/contrib/sendmail/cf/feature/relay_mail_from.m4
+++ b/contrib/sendmail/cf/feature/relay_mail_from.m4
@@ -1,6 +1,6 @@
divert(-1)
#
-# Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1999, 2001 Sendmail, Inc. and its suppliers.
# All rights reserved.
#
# By using this file, you agree to the terms and conditions set
@@ -10,11 +10,14 @@ divert(-1)
#
divert(0)
-VERSIONID(`$Id: relay_mail_from.m4,v 8.2 1999/04/02 02:25:13 gshapiro Exp $')
+VERSIONID(`$Id: relay_mail_from.m4,v 8.3 2001/02/06 16:07:12 ca Exp $')
divert(-1)
ifdef(`_ACCESS_TABLE_',
`define(`_RELAY_DB_FROM_', 1)
ifelse(_ARG_,`domain',`define(`_RELAY_DB_FROM_DOMAIN_', 1)')',
- `errprint(`*** ERROR: FEATURE(relay_mail_from) requires FEATURE(access_db)
+ `errprint(`*** ERROR: FEATURE(`relay_mail_from') requires FEATURE(`access_db')
')')
+errprint(`*** WARNING: FEATURE(`relay_mail_from') may cause your system to act as open
+ relay. Use SMTP AUTH or STARTTLS instead.
+')
diff --git a/contrib/sendmail/cf/feature/use_ct_file.m4 b/contrib/sendmail/cf/feature/use_ct_file.m4
index e87ca625fa70..9e372ec567ca 100644
--- a/contrib/sendmail/cf/feature/use_ct_file.m4
+++ b/contrib/sendmail/cf/feature/use_ct_file.m4
@@ -1,6 +1,6 @@
divert(-1)
#
-# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998, 1999, 2001 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
@@ -13,12 +13,11 @@ divert(-1)
#
divert(0)
-VERSIONID(`$Id: use_ct_file.m4,v 8.9 1999/02/07 07:26:13 gshapiro Exp $')
+VERSIONID(`$Id: use_ct_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $')
divert(-1)
-# if defined, the sendmail.cf will read the /etc/sendmail.ct file
-# to find the names of trusted users. There should only be a few
-# of these, and normally this is done directly in the .cf file.
+# if defined, the sendmail.cf will read the /etc/mail/trusted-users file to
+# find the names of trusted users. There should only be a few of these.
define(`_USE_CT_FILE_', `')
diff --git a/contrib/sendmail/cf/feature/use_cw_file.m4 b/contrib/sendmail/cf/feature/use_cw_file.m4
index c7e1cee91a97..7058cab1417d 100644
--- a/contrib/sendmail/cf/feature/use_cw_file.m4
+++ b/contrib/sendmail/cf/feature/use_cw_file.m4
@@ -1,6 +1,6 @@
divert(-1)
#
-# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998, 1999, 2001 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
@@ -13,12 +13,12 @@ divert(-1)
#
divert(0)
-VERSIONID(`$Id: use_cw_file.m4,v 8.9 1999/02/07 07:26:13 gshapiro Exp $')
+VERSIONID(`$Id: use_cw_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $')
divert(-1)
-# if defined, the sendmail.cf will read the /etc/sendmail.cw file
-# to find alternate names for this host. Typically only used when
-# several hosts have been squashed into one another at high speed.
+# if defined, the sendmail.cf will read the /etc/mail/local-host-names file
+# to find alternate names for this host. Typically only used when several
+# hosts have been squashed into one another at high speed.
define(`USE_CW_FILE', `')
diff --git a/contrib/sendmail/cf/feature/uucpdomain.m4 b/contrib/sendmail/cf/feature/uucpdomain.m4
index cc34032672fd..4d23229135f6 100644
--- a/contrib/sendmail/cf/feature/uucpdomain.m4
+++ b/contrib/sendmail/cf/feature/uucpdomain.m4
@@ -1,6 +1,6 @@
divert(-1)
#
-# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998, 1999, 2001 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
@@ -13,13 +13,13 @@ divert(-1)
#
divert(0)
-VERSIONID(`$Id: uucpdomain.m4,v 8.22 1999/07/22 17:55:35 gshapiro Exp $')
+VERSIONID(`$Id: uucpdomain.m4,v 8.27 2001/03/16 00:51:26 gshapiro Exp $')
divert(-1)
define(`_UUDOMAIN_TABLE_', `')
LOCAL_CONFIG
# UUCP domain table
-Kuudomain ifelse(defn(`_ARG_'), `',
- DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`uudomain',
+Kuudomain ifelse(defn(`_ARG_'), `', DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`uudomain',
+ defn(`_ARG_'), `LDAP', `ldap -1 -v sendmailMTAMapValue -k (&(objectClass=sendmailMTAMapObject)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAMapName=uucpdomain)(sendmailMTAKey=%0))',
`_ARG_')
diff --git a/contrib/sendmail/cf/feature/virtusertable.m4 b/contrib/sendmail/cf/feature/virtusertable.m4
index b1f6028860e7..d9c628f5fbaf 100644
--- a/contrib/sendmail/cf/feature/virtusertable.m4
+++ b/contrib/sendmail/cf/feature/virtusertable.m4
@@ -1,6 +1,6 @@
divert(-1)
#
-# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998, 1999, 2001 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
@@ -13,13 +13,13 @@ divert(-1)
#
divert(0)
-VERSIONID(`$Id: virtusertable.m4,v 8.16 1999/07/22 17:55:36 gshapiro Exp $')
+VERSIONID(`$Id: virtusertable.m4,v 8.21 2001/03/16 00:51:26 gshapiro Exp $')
divert(-1)
define(`_VIRTUSER_TABLE_', `')
LOCAL_CONFIG
# Virtual user table (maps incoming users)
-Kvirtuser ifelse(defn(`_ARG_'), `',
- DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`virtusertable',
+Kvirtuser ifelse(defn(`_ARG_'), `', DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`virtusertable',
+ defn(`_ARG_'), `LDAP', `ldap -1 -v sendmailMTAMapValue -k (&(objectClass=sendmailMTAMapObject)(|(sendmailMTACluster=${sendmailMTACluster})(sendmailMTAHost=$j))(sendmailMTAMapName=virtuser)(sendmailMTAKey=%0))',
`_ARG_')
diff --git a/contrib/sendmail/cf/m4/cfhead.m4 b/contrib/sendmail/cf/m4/cfhead.m4
index d247b1912551..708a095dcc7b 100644
--- a/contrib/sendmail/cf/m4/cfhead.m4
+++ b/contrib/sendmail/cf/m4/cfhead.m4
@@ -23,6 +23,10 @@ include(TEMPFILE)dnl
syscmd(rm -f TEMPFILE)dnl')', `dnl')
#####
######################################################################
+#####
+##### DO NOT EDIT THIS FILE! Only edit the source .mc file.
+#####
+######################################################################
######################################################################
divert(-1)
@@ -46,8 +50,6 @@ define(`OSTYPE',
## helpful functions
define(`lower', `translit(`$1', `ABCDEFGHIJKLMNOPQRSTUVWXYZ', `abcdefghijklmnopqrstuvwx')')
define(`strcasecmp', `ifelse(lower($1), lower($2), `1', `0')')
-## new FEATUREs
-define(`_DNSBL_R_',`')
## access to further arguments in FEATURE/HACK
define(`_ACC_ARG_1_',`$1')
define(`_ACC_ARG_2_',`$2')
@@ -101,14 +103,21 @@ dnl in MAILER.m4: _MODMF_(LMF,`LOCAL')
dnl ----------------------------------------
define(`MAILER',
`define(`_M_N_', `ifelse(`$2', `', `$1', `$2')')dnl
-ifdef(_MAILER_`'_M_N_`'_, `dnl`'',
+ifdef(`_MAILER_DEFINED_', `', `define(`_MAILER_DEFINED_', `1')')dnl
+ifdef(_MAILER_`'_M_N_`'_,
+`errprint(`*** ERROR: MAILER('_M_N_`) already included
+')',
`define(_MAILER_`'_M_N_`'_, `')define(`_ARG_', `$2')define(`_ARGS_', `shift($@)')PUSHDIVERT(7)include(_CF_DIR_`'mailer/$1.m4)POPDIVERT`'')')
define(`DOMAIN', `PUSHDIVERT(-1)define(`_ARG_', `$2')include(_CF_DIR_`'domain/$1.m4)POPDIVERT`'')
-define(`FEATURE', `PUSHDIVERT(-1)define(`_ARG_', `$2')define(`_ARGS_', `shift($@)')include(_CF_DIR_`'feature/$1.m4)POPDIVERT`'')
+define(`FEATURE', `PUSHDIVERT(-1)ifdef(`_MAILER_DEFINED_',`errprint(`*** ERROR: FEATURE() should be before MAILER()
+')')define(`_ARG_', `$2')define(`_ARGS_', `shift($@)')include(_CF_DIR_`'feature/$1.m4)POPDIVERT`'')
define(`HACK', `PUSHDIVERT(-1)define(`_ARG_', `$2')define(`_ARGS_', `shift($@)')include(_CF_DIR_`'hack/$1.m4)POPDIVERT`'')
define(`_DPO_',`')
define(`DAEMON_OPTIONS', `define(`_DPO_', defn(`_DPO_')
O DaemonPortOptions=`$1')')
+define(`_CPO_',`')
+define(`CLIENT_OPTIONS', `define(`_CPO_', defn(`_CPO_')
+O ClientPortOptions=`$1')')
define(`_MAIL_FILTERS_', `')
define(`MAIL_FILTER', `define(`_MAIL_FILTERS_', defn(`_MAIL_FILTERS_')
X`'$1`, '`$2')')
@@ -116,7 +125,10 @@ define(`INPUT_MAIL_FILTER', `MAIL_FILTER(`$1', `$2')
ifelse(defn(`confINPUT_MAIL_FILTERS')X, `X',
`define(`confINPUT_MAIL_FILTERS', $1)',
`define(`confINPUT_MAIL_FILTERS', defn(`confINPUT_MAIL_FILTERS')`, '`$1')')')
-define(`CF_LEVEL', `9')dnl
+define(`_QUEUE_GROUP_', `')
+define(`QUEUE_GROUP', `define(`_QUEUE_GROUP_', defn(`_QUEUE_GROUP_')
+Q`'$1`, '`$2')')
+define(`CF_LEVEL', `10')dnl
define(`VERSIONID', ``##### $1 #####'')
define(`LOCAL_RULE_0', `divert(3)')
define(`LOCAL_RULE_1',
@@ -139,6 +151,36 @@ define(`LOCAL_RULESETS',
`divert(9)
')
+define(`LOCAL_SRV_FEATURES',
+`define(`_LOCAL_SRV_FEATURES_')
+ifdef(`_MAILER_DEFINED_',,`errprint(`*** WARNING: MAILER() should be before LOCAL_SRV_FEATURES
+')')
+divert(9)
+SLocal_srv_features')
+define(`LOCAL_TRY_TLS',
+`define(`_LOCAL_TRY_TLS_')
+ifdef(`_MAILER_DEFINED_',,`errprint(`*** WARNING: MAILER() should be before LOCAL_TRY_TLS
+')')
+divert(9)
+SLocal_try_tls')
+define(`LOCAL_TLS_RCPT',
+`define(`_LOCAL_TLS_RCPT_')
+ifdef(`_MAILER_DEFINED_',,`errprint(`*** WARNING: MAILER() should be before LOCAL_TLS_RCPT
+')')
+divert(9)
+SLocal_tls_rcpt')
+define(`LOCAL_TLS_CLIENT',
+`define(`_LOCAL_TLS_CLIENT_')
+ifdef(`_MAILER_DEFINED_',,`errprint(`*** WARNING: MAILER() should be before LOCAL_TLS_CLIENT
+')')
+divert(9)
+SLocal_tls_client')
+define(`LOCAL_TLS_SERVER',
+`define(`_LOCAL_TLS_SERVER_')
+ifdef(`_MAILER_DEFINED_',,`errprint(`*** WARNING: MAILER() should be before LOCAL_TLS_SERVER
+')')
+divert(9)
+SLocal_tls_server')
define(`LOCAL_RULE_3', `divert(2)')
define(`LOCAL_CONFIG', `divert(6)')
define(`MAILER_DEFINITIONS', `divert(7)')
@@ -149,17 +191,19 @@ define(`DOL', ``$'$1')
define(`SITECONFIG',
`CONCAT(D, $3, $2)
define(`_CLASS_$3_', `')dnl
-ifelse($3, U, Cw$2 $2.UUCP, `dnl')
+ifelse($3, U, C{w}$2 $2.UUCP, `dnl')
define(`SITE', `ifelse(CONCAT($'2`, $3), SU,
CONCAT(CY, $'1`),
CONCAT(C, $3, $'1`))')
sinclude(_CF_DIR_`'siteconfig/$1.m4)')
define(`EXPOSED_USER', `PUSHDIVERT(5)C{E}$1
POPDIVERT`'dnl`'')
-ifdef(`_FFR_EXPOSED_USER_FILE', `define(`EXPOSED_USER_FILE', `PUSHDIVERT(5)F{E}$1
-POPDIVERT`'dnl`'')', `dnl')
+define(`EXPOSED_USER_FILE', `PUSHDIVERT(5)F{E}$1
+POPDIVERT`'dnl`'')
define(`LOCAL_USER', `PUSHDIVERT(5)C{L}$1
POPDIVERT`'dnl`'')
+define(`LOCAL_USER_FILE', `PUSHDIVERT(5)F{L}$1
+POPDIVERT`'dnl`'')
define(`MASQUERADE_AS', `define(`MASQUERADE_NAME', $1)')
define(`MASQUERADE_DOMAIN', `PUSHDIVERT(5)C{M}$1
POPDIVERT`'dnl`'')
@@ -167,6 +211,8 @@ define(`MASQUERADE_EXCEPTION', `PUSHDIVERT(5)C{N}$1
POPDIVERT`'dnl`'')
define(`MASQUERADE_DOMAIN_FILE', `PUSHDIVERT(5)F{M}$1
POPDIVERT`'dnl`'')
+define(`MASQUERADE_EXCEPTION_FILE', `PUSHDIVERT(5)F{N}$1
+POPDIVERT`'dnl`'')
define(`LOCAL_DOMAIN', `PUSHDIVERT(5)C{w}$1
POPDIVERT`'dnl`'')
define(`CANONIFY_DOMAIN', `PUSHDIVERT(5)C{Canonify}$1
@@ -181,6 +227,10 @@ define(`LDAPROUTE_DOMAIN', `PUSHDIVERT(5)C{LDAPRoute}$1
POPDIVERT`'dnl`'')
define(`LDAPROUTE_DOMAIN_FILE', `PUSHDIVERT(5)F{LDAPRoute}$1
POPDIVERT`'dnl`'')
+define(`LDAPROUTE_EQUIVALENT', `PUSHDIVERT(5)C{LDAPRouteEquiv}$1
+POPDIVERT`'dnl`'')
+define(`LDAPROUTE_EQUIVALENT_FILE', `PUSHDIVERT(5)F{LDAPRouteEquiv}$1
+POPDIVERT`'dnl`'')
define(`VIRTUSER_DOMAIN', `PUSHDIVERT(5)C{VirtHost}$1
define(`_VIRTHOSTS_')
POPDIVERT`'dnl`'')
@@ -191,7 +241,7 @@ define(`RELAY_DOMAIN', `PUSHDIVERT(5)C{R}$1
POPDIVERT`'dnl`'')
define(`RELAY_DOMAIN_FILE', `PUSHDIVERT(5)F{R}$1
POPDIVERT`'dnl`'')
-define(`TRUST_AUTH_MECH', `PUSHDIVERT(5)C{TrustAuthMech}$1
+define(`TRUST_AUTH_MECH', `_DEFIFNOT(`_USE_AUTH_',`1')PUSHDIVERT(5)C{TrustAuthMech}$1
POPDIVERT`'dnl`'')
define(`_OPTINS', `ifdef(`$1', `$2$1$3')')
@@ -211,14 +261,14 @@ define(`confFROM_LINE', `From $g $d')
define(`confOPERATORS', `.:%@!^/[]+')
define(`confSMTP_LOGIN_MSG', `$j Sendmail $v/$Z; $b')
define(`_REC_AUTH_', `$.$?{auth_type}(authenticated')
-define(`_REC_FULL_AUTH_', `$.$?{auth_type}(authenticated as ${auth_authen} $?{auth_author}for ${auth_author} $.with ${auth_type}')
+define(`_REC_FULL_AUTH_', `$.$?{auth_type}(user=${auth_authen} $?{auth_author}author=${auth_author} $.mech=${auth_type}')
define(`_REC_HDR_', `$?sfrom $s $.$?_($?s$|from $.$_)')
define(`_REC_END_', `for $u; $|;
$.$b')
-define(`_REC_TLS_', `(using ${tls_version} with cipher ${cipher} (${cipher_bits} bits) verified ${verify})$.$?u')
+define(`_REC_TLS_', `(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u')
define(`_REC_BY_', `$.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}')
define(`confRECEIVED_HEADER', `_REC_HDR_
- _REC_AUTH_$?{auth_ssf} (${auth_ssf} bits)$.)
+ _REC_AUTH_$?{auth_ssf} bits=${auth_ssf}$.)
_REC_BY_
_REC_TLS_
_REC_END_')
@@ -251,4 +301,4 @@ define(`confMILTER_MACROS_ENVRCPT', ``{rcpt_mailer}, {rcpt_host}, {rcpt_addr}'')
divert(0)dnl
-VERSIONID(`$Id: cfhead.m4,v 8.76.4.16 2001/03/06 22:56:36 ca Exp $')
+VERSIONID(`$Id: cfhead.m4,v 8.107 2001/07/22 03:25:37 ca Exp $')
diff --git a/contrib/sendmail/cf/m4/proto.m4 b/contrib/sendmail/cf/m4/proto.m4
index d8a164185dac..aa12a706ad67 100644
--- a/contrib/sendmail/cf/m4/proto.m4
+++ b/contrib/sendmail/cf/m4/proto.m4
@@ -1,6 +1,6 @@
divert(-1)
#
-# Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
@@ -13,14 +13,16 @@ divert(-1)
#
divert(0)
-VERSIONID(`$Id: proto.m4,v 8.446.2.5.2.44 2001/07/31 22:25:49 gshapiro Exp $')
-
-MAILER(local)dnl
+VERSIONID(`$Id: proto.m4,v 8.628 2001/12/28 19:02:40 ca Exp $')
# level CF_LEVEL config file format
V`'CF_LEVEL/ifdef(`VENDOR_NAME', `VENDOR_NAME', `Berkeley')
divert(-1)
+dnl if MAILER(`local') not defined: do it ourself; be nice
+dnl maybe we should issue a warning?
+ifdef(`_MAILER_local_',`', `MAILER(local)')
+
# do some sanity checking
ifdef(`__OSTYPE__',,
`errprint(`*** ERROR: No system type defined (use OSTYPE macro)
@@ -76,8 +78,10 @@ define(`_OPTION', `ifdef(`$2', `O $1`'ifelse(defn(`$2'), `',, `=$2')', `#O $1`'i
dnl required to "rename" the check_* rulesets...
define(`_U_',ifdef(`_DELAY_CHECKS_',`',`_'))
dnl default relaying denied message
-ifdef(`confRELAY_MSG', `', `define(`confRELAY_MSG', `"550 Relaying denied"')')
-define(`CODE553', `553')
+ifdef(`confRELAY_MSG', `', `define(`confRELAY_MSG',
+ifdef(`_USE_AUTH_', `"550 Relaying denied. Proper authentication required."', `"550 Relaying denied"'))')
+ifdef(`confRCPTREJ_MSG', `', `define(`confRCPTREJ_MSG', `"550 Mailbox disabled for this recipient"')')
+define(`_CODE553', `553')
divert(0)dnl
# override file safeties - setting this option compromises system security,
@@ -93,6 +97,10 @@ _OPTION(LDAPDefaultSpec, `confLDAP_DEFAULT_SPEC', `-h localhost')
# local info #
##################
+# my LDAP cluster
+# need to set this before any LDAP lookups are done (including classes)
+ifdef(`confLDAP_CLUSTER', `D{sendmailMTACluster}`'confLDAP_CLUSTER', `#D{sendmailMTACluster}$m')
+
Cwlocalhost
ifdef(`USE_CW_FILE',
`# file containing names of hosts for which we receive email
@@ -131,7 +139,7 @@ CPFAX
')dnl
# "Smart" relay host (may be null)
-DS`'ifdef(`SMART_HOST', SMART_HOST)
+DS`'ifdef(`SMART_HOST', `SMART_HOST')
ifdef(`LUSER_RELAY', `dnl
# place to which unknown users should be forwarded
@@ -151,15 +159,18 @@ C[[
ifdef(`_ACCESS_TABLE_', `dnl
# access_db acceptance class
C{Accept}OK RELAY
-ifdef(`_DELAY_CHECKS_',`dnl
+ifdef(`_DELAY_COMPAT_8_10_',`dnl
ifdef(`_BLACKLIST_RCPT_',`dnl
# possible access_db RHS for spam friends/haters
C{SpamTag}SPAMFRIEND SPAMHATER')')',
`dnl')
+dnl mark for "domain is ok" (resolved or accepted anyway)
+define(`_RES_OK_', `OKR')dnl
ifdef(`_ACCEPT_UNRESOLVABLE_DOMAINS_',`dnl',`dnl
# Resolve map (to check if a host exists in check_mail)
-Kresolve host -a<OK> -T<TEMP>')
+Kresolve host -a<_RES_OK_> -T<TEMP>')
+C{ResOk}_RES_OK_
ifdef(`_NEED_MACRO_MAP_', `dnl
ifdef(`_MACRO_MAP_', `', `# macro storage map
@@ -171,16 +182,20 @@ ifdef(`confCR_FILE', `dnl
FR`'confCR_FILE',
`dnl')
-define(`TLS_SRV_TAG', `TLS_Srv')dnl
-define(`TLS_CLT_TAG', `TLS_Clt')dnl
-define(`TLS_TRY_TAG', `Try_TLS')dnl
-define(`TLS_OFF_TAG', `Offer_TLS')dnl
+define(`TLS_SRV_TAG', `"TLS_Srv"')dnl
+define(`TLS_CLT_TAG', `"TLS_Clt"')dnl
+define(`TLS_RCPT_TAG', `"TLS_Rcpt"')dnl
+define(`TLS_TRY_TAG', `"Try_TLS"')dnl
+define(`SRV_FEAT_TAG', `"Srv_Features"')dnl
dnl this may be useful in other contexts too
ifdef(`_ARITH_MAP_', `', `# arithmetic map
define(`_ARITH_MAP_', `1')dnl
Karith arith')
ifdef(`_ACCESS_TABLE_', `dnl
-# possible values for tls_connect in access map
+ifdef(`_MACRO_MAP_', `', `# macro storage map
+define(`_MACRO_MAP_', `1')dnl
+Kmacro macro')
+# possible values for TLS_connection in access map
C{tls}VERIFY ENCR', `dnl')
ifdef(`_CERT_REGEX_ISSUER_', `dnl
# extract relevant part from cert issuer
@@ -189,14 +204,16 @@ ifdef(`_CERT_REGEX_SUBJECT_', `dnl
# extract relevant part from cert subject
KCERTSubject regex _CERT_REGEX_SUBJECT_', `dnl')
+ifdef(`LOCAL_RELAY', `dnl
# who I send unqualified names to (null means deliver locally)
-DR`'ifdef(`LOCAL_RELAY', LOCAL_RELAY)
+DR`'LOCAL_RELAY')
+ifdef(`MAIL_HUB', `dnl
# who gets all local email traffic ($R has precedence for unqualified names)
-DH`'ifdef(`MAIL_HUB', MAIL_HUB)
+DH`'MAIL_HUB')
# dequoting map
-Kdequote dequote
+Kdequote dequote`'ifdef(`confDEQUOTE_OPTS', ` confDEQUOTE_OPTS', `')
divert(0)dnl # end of nullclient diversion
# class E: names that should be exposed as from this host, even if we masquerade
@@ -207,8 +224,9 @@ divert(0)dnl # end of nullclient diversion
undivert(5)dnl
ifdef(`_VIRTHOSTS_', `CR$={VirtHost}', `dnl')
+ifdef(`MASQUERADE_NAME', `dnl
# who I masquerade as (null for no masquerading) (see also $=M)
-DM`'ifdef(`MASQUERADE_NAME', MASQUERADE_NAME)
+DM`'MASQUERADE_NAME')
# my name for error messages
ifdef(`confMAILER_NAME', `Dn`'confMAILER_NAME', `#DnMAILER-DAEMON')
@@ -219,6 +237,10 @@ include(_CF_DIR_`m4/version.m4')
###############
# Options #
###############
+ifdef(`confAUTO_REBUILD',
+`errprint(WARNING: `confAUTO_REBUILD' is no longer valid.
+ There was a potential for a denial of service attack if this is set.
+)')dnl
# strip message body to 7 bits on input?
_OPTION(SevenBitInput, `confSEVEN_BIT_INPUT', `False')
@@ -250,11 +272,6 @@ _OPTION(CheckpointInterval, `confCHECKPOINT_INTERVAL', `10')
# default delivery mode
_OPTION(DeliveryMode, `confDELIVERY_MODE', `background')
-# automatically rebuild the alias database?
-# NOTE: There is a potential for a denial of service attack if this is set.
-# This option is deprecated and will be removed from a future version.
-_OPTION(AutoRebuildAliases, `confAUTO_REBUILD', `False')
-
# error message header/file
_OPTION(ErrorHeader, `confERROR_MESSAGE', `MAIL_SETTINGS_DIR`'error-header')
@@ -264,6 +281,9 @@ _OPTION(ErrorMode, `confERROR_MODE', `print')
# save Unix-style "From_" lines at top of header?
_OPTION(SaveFromLine, `confSAVE_FROM_LINES', `False')
+# queue file mode (qf files)
+_OPTION(QueueFileMode, `confQUEUE_FILE_MODE', `0600')
+
# temporary file mode
_OPTION(TempFileMode, `confTEMP_FILE_MODE', `0600')
@@ -271,7 +291,7 @@ _OPTION(TempFileMode, `confTEMP_FILE_MODE', `0600')
_OPTION(MatchGECOS, `confMATCH_GECOS', `False')
# maximum hop count
-_OPTION(MaxHopCount, `confMAX_HOP', `17')
+_OPTION(MaxHopCount, `confMAX_HOP', `25')
# location of help file
O HelpFile=ifdef(`HELP_FILE', HELP_FILE, `MAIL_SETTINGS_DIR`'helpfile')
@@ -321,12 +341,23 @@ ifelse(defn(`confDAEMON_OPTIONS'), `', `dnl',
)'dnl
`DAEMON_OPTIONS(`confDAEMON_OPTIONS')')
ifelse(defn(`_DPO_'), `',
-`ifdef(`_NETINET6_', `O DaemonPortOptions=Name=MTA-IPv4, Family=inet
-O DaemonPortOptions=Name=MTA-IPv6, Family=inet6',`O DaemonPortOptions=Name=MTA')', `_DPO_')
+`ifdef(`_NETINET6_', `O DaemonPortOptions=Name=MTA-v4, Family=inet
+O DaemonPortOptions=Name=MTA-v6, Family=inet6',`O DaemonPortOptions=Name=MTA')', `_DPO_')
ifdef(`_NO_MSA_', `dnl', `O DaemonPortOptions=Port=587, Name=MSA, M=E')
# SMTP client options
-_OPTION(ClientPortOptions, `confCLIENT_OPTIONS', `Address=0.0.0.0')
+ifelse(defn(`confCLIENT_OPTIONS'), `', `dnl',
+`errprint(WARNING: `confCLIENT_OPTIONS' is no longer valid. See cf/README for more information.
+)'dnl
+`CLIENT_OPTIONS(`confCLIENT_OPTIONS')')
+ifelse(defn(`_CPO_'), `',
+`#O ClientPortOptions=Family=inet, Address=0.0.0.0', `_CPO_')
+
+# Modifiers to `define' {daemon_flags} for direct submissions
+_OPTION(DirectSubmissionModifiers, `confDIRECT_SUBMISSION_MODIFIERS', `')
+
+# Use as mail submission program? See sendmail/SECURITY
+_OPTION(UseMSP, `confUSE_MSP', `')
# privacy flags
_OPTION(PrivacyOptions, `confPRIVACY_FLAGS', `authwarnings')
@@ -337,12 +368,37 @@ _OPTION(PostmasterCopy, `confCOPY_ERRORS_TO', `Postmaster')
# slope of queue-only function
_OPTION(QueueFactor, `confQUEUE_FACTOR', `600000')
+# limit on number of concurrent queue runners
+_OPTION(MaxQueueChildren, `confMAX_QUEUE_CHILDREN', `')
+
+# maximum number of queue-runners per queue-grouping with multiple queues
+_OPTION(MaxRunnersPerQueue, `confMAX_RUNNERS_PER_QUEUE', `1')
+
+# priority of queue runners (nice(3))
+_OPTION(NiceQueueRun, `confNICE_QUEUE_RUN', `')
+
+# shall we sort the queue by hostname first?
+_OPTION(QueueSortOrder, `confQUEUE_SORT_ORDER', `priority')
+
+# minimum time in queue before retry
+_OPTION(MinQueueAge, `confMIN_QUEUE_AGE', `30m')
+
+# how many jobs can you process in the queue?
+_OPTION(MaxQueueRunSize, `confMAX_QUEUE_RUN_SIZE', `10000')
+
+# perform initial split of envelope without checking MX records
+_OPTION(FastSplit, `confFAST_SPLIT', `1')
+
# queue directory
O QueueDirectory=ifdef(`QUEUE_DIR', QUEUE_DIR, `/var/spool/mqueue')
+# key for shared memory; 0 to turn off
+_OPTION(SharedMemoryKey, `confSHARED_MEMORY_KEY', `0')
+
# timeouts (many of these)
_OPTION(Timeout.initial, `confTO_INITIAL', `5m')
_OPTION(Timeout.connect, `confTO_CONNECT', `5m')
+_OPTION(Timeout.aconnect, `confTO_ACONNECT', `0s')
_OPTION(Timeout.iconnect, `confTO_ICONNECT', `5m')
_OPTION(Timeout.helo, `confTO_HELO', `5m')
_OPTION(Timeout.mail, `confTO_MAIL', `10m')
@@ -372,6 +428,12 @@ _OPTION(Timeout.resolver.retrans.normal, `confTO_RESOLVER_RETRANS_NORMAL', `5s')
_OPTION(Timeout.resolver.retry, `confTO_RESOLVER_RETRY', `4')
_OPTION(Timeout.resolver.retry.first, `confTO_RESOLVER_RETRY_FIRST', `4')
_OPTION(Timeout.resolver.retry.normal, `confTO_RESOLVER_RETRY_NORMAL', `4')
+_OPTION(Timeout.lhlo, `confTO_LHLO', `2m')
+_OPTION(Timeout.auth, `confTO_AUTH', `10m')
+_OPTION(Timeout.starttls, `confTO_STARTTLS', `1h')
+
+# time for DeliverBy; extension disabled if less than 0
+_OPTION(DeliverByMin, `confDELIVER_BY_MIN', `0')
# should we not prune routes in route-addr syntax addresses?
_OPTION(DontPruneRoutes, `confDONT_PRUNE_ROUTES', `False')
@@ -408,6 +470,9 @@ _OPTION(QueueLA, `confQUEUE_LA', `8')
# load average at which we refuse connections
_OPTION(RefuseLA, `confREFUSE_LA', `12')
+# load average at which we delay connections; 0 means no limit
+_OPTION(DelayLA, `confDELAY_LA', `0')
+
# maximum number of children we allow at one time
_OPTION(MaxDaemonChildren, `confMAX_DAEMON_CHILDREN', `12')
@@ -426,16 +491,10 @@ _OPTION(ClassFactor, `confWORK_CLASS_FACTOR', `1800')
# work time factor
_OPTION(RetryFactor, `confWORK_TIME_FACTOR', `90000')
-# shall we sort the queue by hostname first?
-_OPTION(QueueSortOrder, `confQUEUE_SORT_ORDER', `priority')
-
-# minimum time in queue before retry
-_OPTION(MinQueueAge, `confMIN_QUEUE_AGE', `30m')
-
# default character set
_OPTION(DefaultCharSet, `confDEF_CHAR_SET', `iso-8859-1')
-# service switch file (ignored on Solaris, Ultrix, OSF/1, others)
+# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
_OPTION(ServiceSwitchFile, `confSERVICE_SWITCH_FILE', `MAIL_SETTINGS_DIR`'service.switch')
# hosts file (normally /etc/hosts)
@@ -453,9 +512,6 @@ _OPTION(SafeFileEnvironment, `confSAFE_FILE_ENV', `/arch')
# are colons OK in addresses?
_OPTION(ColonOkInAddr, `confCOLON_OK_IN_ADDR', `True')
-# how many jobs can you process in the queue?
-_OPTION(MaxQueueRunSize, `confMAX_QUEUE_RUN_SIZE', `10000')
-
# shall I avoid expanding CNAMEs (violates protocols)?
_OPTION(DontExpandCnames, `confDONT_EXPAND_CNAMES', `False')
@@ -481,7 +537,11 @@ _OPTION(OperatorChars, `confOPERATORS', `.:@[]')
_OPTION(DontInitGroups, `confDONT_INIT_GROUPS', `False')
# are group-writable `:include:' and .forward files (un)trustworthy?
+# True (the default) means they are not trustworthy.
_OPTION(UnsafeGroupWrites, `confUNSAFE_GROUP_WRITES', `True')
+ifdef(`confUNSAFE_GROUP_WRITES',
+`errprint(`WARNING: confUNSAFE_GROUP_WRITES is deprecated; use confDONT_BLAME_SENDMAIL.
+')')
# where do errors that occur when sending errors get sent?
_OPTION(DoubleBounceAddress, `confDOUBLE_BOUNCE_ADDRESS', `postmaster')
@@ -495,6 +555,10 @@ _OPTION(RunAsUser, `confRUN_AS_USER', `sendmail')
# maximum number of recipients per SMTP envelope
_OPTION(MaxRecipientsPerMessage, `confMAX_RCPTS_PER_MESSAGE', `100')
+# limit the rate recipients per SMTP envelope are accepted
+# once the threshold number of recipients have been rejected
+_OPTION(BadRcptThrottle, `confBAD_RCPT_THROTTLE', `20')
+
# shall we get local names from our installed interfaces?
_OPTION(DontProbeInterfaces, `confDONT_PROBE_INTERFACES', `False')
@@ -531,8 +595,11 @@ _OPTION(DataFileBufferSize, `confDF_BUFFER_SIZE', `4096')
# Transcript file (xf) memory-buffer file maximum size
_OPTION(XscriptFileBufferSize, `confXF_BUFFER_SIZE', `4096')
+# lookup type to find information about local mailboxes
+_OPTION(MailboxDatabase, `confMAILBOX_DATABASE', `pw')
+
# list of authentication mechanisms
-_OPTION(AuthMechanisms, `confAUTH_MECHANISMS', `GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5')
+_OPTION(AuthMechanisms, `confAUTH_MECHANISMS', `EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5')
# default authentication information for outgoing connections
_OPTION(DefaultAuthInfo, `confDEF_AUTH_INFO', `MAIL_SETTINGS_DIR`'default-auth-info')
@@ -540,11 +607,18 @@ _OPTION(DefaultAuthInfo, `confDEF_AUTH_INFO', `MAIL_SETTINGS_DIR`'default-auth-i
# SMTP AUTH flags
_OPTION(AuthOptions, `confAUTH_OPTIONS', `')
-ifdef(`_FFR_MILTER', `
+# SMTP AUTH maximum encryption strength
+_OPTION(AuthMaxBits, `confAUTH_MAX_BITS', `')
+
+# SMTP STARTTLS server options
+_OPTION(TLSSrvOptions, `confTLS_SRV_OPTIONS', `')
+
# Input mail filters
_OPTION(InputMailFilters, `confINPUT_MAIL_FILTERS', `')
+ifdef(`confINPUT_MAIL_FILTERS', `dnl
# Milter options
+_OPTION(Milter.LogLevel, `confMILTER_LOG_LEVEL', `')
_OPTION(Milter.macros.connect, `confMILTER_MACROS_CONNECT', `')
_OPTION(Milter.macros.helo, `confMILTER_MACROS_HELO', `')
_OPTION(Milter.macros.envfrom, `confMILTER_MACROS_ENVFROM', `')
@@ -567,10 +641,10 @@ _OPTION(DHParameters, `confDH_PARAMETERS', `')
# Random data source (required for systems without /dev/urandom under OpenSSL)
_OPTION(RandFile, `confRAND_FILE', `')
-ifdef(`confQUEUE_FILE_MODE',
-`# queue file mode (qf files)
-O QueueFileMode=confQUEUE_FILE_MODE
-')
+############################
+`# QUEUE GROUP DEFINITIONS #'
+############################
+_QUEUE_GROUP_
###########################
# Message precedences #
@@ -631,9 +705,9 @@ R$@ $@ <@>
R$* $: $1 <@> mark addresses
R$* < $* > $* <@> $: $1 < $2 > $3 unmark <addr>
R@ $* <@> $: @ $1 unmark @host:...
+R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
R$* :: $* <@> $: $1 :: $2 unmark node::addr
R:`include': $* <@> $: :`include': $1 unmark :`include':...
-R$* [ IPv6 : $+ ] <@> $: $1 [ IPv6 : $2 ] unmark IPv6 addr
R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon
R$* : $* <@> $: $2 strip colon if marked
R$* <@> $: $1 unmark
@@ -656,10 +730,15 @@ ifdef(`_USE_DEPRECATED_ROUTE_ADDR_',`dnl
R@ $+ , $+ @ $1 : $2 change all "," to ":"
# localize and dispose of route-based addresses
+dnl XXX: IPv6 colon conflict
+ifdef(`NO_NETINET6', `dnl',
+`R@ [$+] : $+ $@ $>Canonify2 < @ [$1] > : $2 handle <route-addr>')
R@ $+ : $+ $@ $>Canonify2 < @$1 > : $2 handle <route-addr>
dnl',`dnl
# strip route address <@a,@b,@c:user@d> -> <user@d>
R@ $+ , $+ $2
+ifdef(`NO_NETINET6', `dnl',
+`R@ [ $* ] : $+ $2')
R@ $+ : $+ $2
dnl')
@@ -672,8 +751,9 @@ R$+ @ $+ $: $1 < @ $2 > focus on domain
R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right
R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical
-# do some sanity checking
-R$* < @ $* : $* > $* $1 < @ $2 $3 > $4 nix colons in addrs
+dnl This is flagged as an error in S0; no need to silently fix it here.
+dnl # do some sanity checking
+dnl R$* < @ $~[ $* : $* > $* $1 < @ $2 $3 > $4 nix colons in addrs
ifdef(`_NO_UUCP_', `dnl',
`# convert old-style addresses to a domain-based address
@@ -708,13 +788,8 @@ R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain
ifdef(`_NO_UUCP_', `dnl',
`R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain')
-# check for IPv6 domain literal (save quoted form)
-R$* < @ [ IPv6 : $+ ] > $* $: $2 $| $1 < @@ [ $(dequote $2 $) ] > $3 mark IPv6 addr
-R$+ $| $* < @@ $=w > $* $: $2 < @ $j . > $4 self-literal
-R$+ $| $* < @@ [ $+ ] > $* $@ $2 < @ [ IPv6 : $1 ] > $4 canon IP addr
-
-# check for IPv4 domain literal
-R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [a.b.c.d]
+# check for IPv4/IPv6 domain literal
+R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [addr]
R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal
R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr
@@ -780,13 +855,18 @@ dnl this should only apply to unqualified hostnames
dnl but if a valid character inside an unqualified hostname is an OperatorChar
dnl then $- does not work.
# lookup unqualified hostnames
-R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4', `dnl')', `dnl
+R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4', `dnl')', `dnl
dnl _NO_CANONIFY_ is not set: canonify unless:
dnl {daemon_flags} contains CC (do not canonify)
dnl but add a trailing dot to qualified hostnames so other rules will work
dnl should we do this for every hostname: even unqualified?
R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
R$* CC $* $| $* $: $3
+ifdef(`_FFR_NOCANONIFY_HEADERS', `dnl
+# do not canonify header addresses
+R$* $| $* < @ $* $~P > $* $: $&{addr_type} $| $2 < @ $3 $4 > $5
+R$* h $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6
+R$* h $* $| $* $: $3', `dnl')
# pass to name server to make hostname canonical
R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4')
dnl remove {daemon_flags} for other cases
@@ -803,6 +883,12 @@ ifdef(`_VIRTUSER_ENTIRE_DOMAIN_',
`R$* < @ $* $={VirtHost} > $* $: $1 < @ $2 $3 . > $4',
`R$* < @ $={VirtHost} > $* $: $1 < @ $2 . > $3')',
`dnl')
+ifdef(`_GENERICS_TABLE_', `dnl
+dnl hosts for genericstable are also canonical
+ifdef(`_GENERICS_ENTIRE_DOMAIN_',
+`R$* < @ $* $=G > $* $: $1 < @ $2 $3 . > $4',
+`R$* < @ $=G > $* $: $1 < @ $2 . > $3')',
+`dnl')
dnl remove superfluous dots (maybe repeatedly) which may have been added
dnl by one of the rules before
R$* < @ $* . . > $* $1 < @ $2 . > $3
@@ -870,26 +956,41 @@ R$* $: $>Parse1 $1 final parsing
SParse0
R<@> $@ <@> special case error msgs
-R$* : $* ; <@> $#error $@ 5.1.3 $: "CODE553 List:; syntax illegal for recipient addresses"
+R$* : $* ; <@> $#error $@ 5.1.3 $: "_CODE553 List:; syntax illegal for recipient addresses"
R@ <@ $* > < @ $1 > catch "@@host" bogosity
-R<@ $+> $#error $@ 5.1.3 $: "CODE553 User address required"
+R<@ $+> $#error $@ 5.1.3 $: "_CODE553 User address required"
+R$+ <@> $#error $@ 5.1.3 $: "_CODE553 Hostname required"
R$* $: <> $1
-R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
-R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "CODE553 Colon illegal in host name part"
+dnl allow tricks like [host1]:[host2]
+R<> $* < @ [ $* ] : $+ > $* $1 < @ [ $2 ] : $3 > $4
+R<> $* < @ [ $* ] , $+ > $* $1 < @ [ $2 ] , $3 > $4
+dnl but no a@[b]c
+R<> $* < @ [ $* ] $+ > $* $#error $@ 5.1.2 $: "_CODE553 Invalid address"
+R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3
+R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "_CODE553 Colon illegal in host name part"
R<> $* $1
-R$* < @ . $* > $* $#error $@ 5.1.2 $: "CODE553 Invalid host name"
-R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "CODE553 Invalid host name"
+R$* < @ . $* > $* $#error $@ 5.1.2 $: "_CODE553 Invalid host name"
+R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "_CODE553 Invalid host name"
+dnl no a@b@
+R$* < @ $* @ > $* $#error $@ 5.1.2 $: "_CODE553 Invalid route address"
+dnl no a@b@c
+R$* @ $* < @ $* > $* $#error $@ 5.1.3 $: "_CODE553 Invalid route address"
dnl comma only allowed before @; this check is not complete
-R$* , $~O $* $#error $@ 5.1.2 $: "CODE553 Invalid route address"
+R$* , $~O $* $#error $@ 5.1.3 $: "_CODE553 Invalid route address"
+
+ifdef(`_STRICT_RFC821_', `# more RFC 821 checks
+R$* . < @ $* > $* $#error $@ 5.1.2 $: "_CODE553 Local part must not end with a dot"
+R. $* < @ $* > $* $#error $@ 5.1.2 $: "_CODE553 Local part must not begin with a dot"
+dnl', `dnl')
# now delete the local info -- note $=O to find characters that cause forwarding
R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user
R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ...
R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here
-R< @ $+ > $#error $@ 5.1.3 $: "CODE553 User address required"
+R< @ $+ > $#error $@ 5.1.3 $: "_CODE553 User address required"
R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ...
R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo"
-R< @ *LOCAL* > $#error $@ 5.1.3 $: "CODE553 User address required"
+R< @ *LOCAL* > $#error $@ 5.1.3 $: "_CODE553 User address required"
R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
@@ -901,7 +1002,8 @@ R$* < @ *LOCAL* > $: $1
SParse1
ifdef(`_LDAP_ROUTING_', `dnl
# handle LDAP routing for hosts in $={LDAPRoute}
-R$+ < @ $={LDAPRoute} . > $: $>LDAPExpand <$1 < @ $2 . >> <$1 @ $2>',
+R$+ < @ $={LDAPRoute} . > $: $>LDAPExpand <$1 < @ $2 . >> <$1 @ $2> <>
+R$+ < @ $={LDAPRouteEquiv} . > $: $>LDAPExpand <$1 < @ $2 . >> <$1 @ $M> <>',
`dnl')
ifdef(`_MAILER_smtp_',
@@ -909,35 +1011,63 @@ ifdef(`_MAILER_smtp_',
dnl there is no check whether this is really an IP number
R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec
R$* < @ [ $+ ] > $* $1 < @ [ $2 ] : $S > $3 Add smart host to path
-R$* < @ [ IPv6 : $+ ] : > $*
- $#_SMTP_ $@ [ $(dequote $2 $) ] $: $1 < @ [IPv6 : $2 ] > $3 no smarthost: send
-R$* < @ [ $+ ] : > $* $#_SMTP_ $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
+R$* < @ [ $+ ] : > $* $#_SMTP_ $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send
R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
R$* < @ [ $+ ] : $+ > $* $#_SMTP_ $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer',
`dnl')
ifdef(`_VIRTUSER_TABLE_', `dnl
# handle virtual users
+ifdef(`_VIRTUSER_STOP_ONE_LEVEL_RECURSION_',`dnl
+dnl this is not a documented option
+dnl it stops looping in virtusertable mapping if input and output
+dnl are identical, i.e., if address A is mapped to A.
+dnl it does not deal with multi-level recursion
+# handle full domains in RHS of virtusertable
+R$+ < @ $+ > $: $(macro {RecipientAddress} $) $1 < @ $2 >
+R$+ < @ $+ > $: <?> $1 < @ $2 > $| $>final $1 < @ $2 >
+R<?> $+ $| $+ $: $1 $(macro {RecipientAddress} $@ $2 $)
+R<?> $+ $| $* $: $1',
+`dnl')
R$+ $: <!> $1 Mark for lookup
+dnl input: <!> local<@domain>
ifdef(`_VIRTUSER_ENTIRE_DOMAIN_',
`R<!> $+ < @ $* $={VirtHost} . > $: < $(virtuser $1 @ $2 $3 $@ $1 $: @ $) > $1 < @ $2 $3 . >',
`R<!> $+ < @ $={VirtHost} . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >')
+dnl input: <result-of-lookup | @> local<@domain> | <!> local<@domain>
R<!> $+ < @ $=w . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
+dnl if <@> local<@domain>: no match but try lookup
+dnl user+detail: try user++@domain if detail not empty
+R<@> $+ + $+ < @ $* . >
+ $: < $(virtuser $1 + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
+dnl user+detail: try user+*@domain
R<@> $+ + $* < @ $* . >
- $: < $(virtuser $1 + * @ $3 $@ $1 $@ $2 $: @ $) > $1 + $2 < @ $3 . >
+ $: < $(virtuser $1 + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
+dnl user+detail: try user@domain
R<@> $+ + $* < @ $* . >
- $: < $(virtuser $1 @ $3 $@ $1 $: @ $) > $1 + $2 < @ $3 . >
+ $: < $(virtuser $1 @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
dnl try default entry: @domain
+dnl ++@domain
+R<@> $+ + $+ < @ $+ . > $: < $(virtuser + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
dnl +*@domain
-R<@> $+ + $+ < @ $+ . > $: < $(virtuser + * @ $3 $@ $1 $@ $2 $: @ $) > $1 + $2 < @ $3 . >
+R<@> $+ + $* < @ $+ . > $: < $(virtuser + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
dnl @domain if +detail exists
-R<@> $+ + $* < @ $+ . > $: < $(virtuser @ $3 $@ $1 $@ $2 $: @ $) > $1 + $2 < @ $3 . >
+R<@> $+ + $* < @ $+ . > $: < $(virtuser @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
dnl without +detail (or no match)
R<@> $+ < @ $+ . > $: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
+dnl no match
R<@> $+ $: $1
+dnl remove mark
R<!> $+ $: $1
R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2
+ifdef(`_VIRTUSER_STOP_ONE_LEVEL_RECURSION_',`dnl
+# check virtuser input address against output address, if same, skip recursion
+R< $+ > $+ < @ $+ > $: < $1 > $2 < @ $3 > $| $1
+# it is the same: stop now
+R< $+ > $+ < @ $+ > $| $&{RecipientAddress} $: $>ParseLocal $>Parse0 $>canonify $1
+R< $+ > $+ < @ $+ > $| $* $: < $1 > $2 < @ $3 >
+dnl', `dnl')
dnl this is not a documented option
dnl it performs no looping at all for virtusertable
ifdef(`_NO_VIRTUSER_RECURSION_',
@@ -1020,7 +1150,7 @@ R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost nam
# deal with other remote names
ifdef(`_MAILER_smtp_',
`R$* < @$* > $* $#_SMTP_ $@ $2 $: $1 < @ $2 > $3 user@host.domain',
-`R$* < @$* > $* $#error $@ 5.1.2 $: "CODE553 Unrecognized host name " $2')
+`R$* < @$* > $* $#error $@ 5.1.2 $: "_CODE553 Unrecognized host name " $2')
# handle locally delivered names
R$=L $#_LOCAL_ $: @ $1 special local names
@@ -1033,15 +1163,25 @@ R$+ $#_LOCAL_ $: $1 regular local names
SLocal_localaddr
Slocaladdr=5
R$+ $: $1 $| $>"Local_localaddr" $1
+R$+ $| $#ok $@ $1 no change
R$+ $| $#$* $#$2
R$+ $| $* $: $1
-ifdef(`_FFR_5_', `
+ifdef(`_PRESERVE_LUSER_HOST_', `dnl
+# Preserve rcpt_host in {Host}
+R$+ $: $1 $| $&h $| $&{Host} check h and {Host}
+R$+ $| $| $: $(macro {Host} $@ $) $1 no h or {Host}
+R$+ $| $| $+ $: $1 h not set, {Host} set
+R$+ $| +$* $| $* $: $1 h is +detail, {Host} set
+R$+ $| $+ $| $* $: $(macro {Host} $@ @$2 $) $1 set {Host} to h
+')dnl
+
+ifdef(`_FFR_5_', `dnl
# Preserve host in a macro
R$+ $: $(macro {LocalAddrHost} $) $1
R$+ @ $+ $: $(macro {LocalAddrHost} $@ @ $2 $) $1')
-ifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', `', `
+ifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', `', `dnl
# deal with plussed users so aliases work nicely
R$+ + * $#_LOCAL_ $@ $&h $: $1`'ifdef(`_FFR_5_', ` $&{LocalAddrHost}')
R$+ + $* $#_LOCAL_ $@ + $2 $: $1 + *`'ifdef(`_FFR_5_', ` $&{LocalAddrHost}')
@@ -1051,35 +1191,61 @@ R$+ $: <> $1
ifdef(`LUSER_RELAY', `dnl
# send unrecognized local users to a relay host
-ifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', `
+ifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', `dnl
R< > $+ + $* $: < ? $L > <+ $2> $(user $1 $) look up user+
R< > $+ $: < ? $L > < > $(user $1 $) look up user
R< ? $* > < $* > $+ <> $: < > $3 $2 found; strip $L
R< ? $* > < $* > $+ $: < $1 > $3 $2 not found', `
R< > $+ $: < $L > $(user $1 $) look up user
-R< $* > $+ <> $: < > $2 found; strip $L')',
-`dnl')
+R< $* > $+ <> $: < > $2 found; strip $L')
+ifdef(`_PRESERVE_LUSER_HOST_', `dnl
+R< $+ > $+ $: < $1 > $2 $&{Host}')
+dnl')
-# see if we have a relay or a hub
-R< > $+ $: < $H > $1 try hub
-R< > $+ $: < $R > $1 try relay
-ifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', `
-R< > $+ $@ $1', `
+ifdef(`MAIL_HUB', `dnl
+R< > $+ $: < $H > $1 try hub', `dnl')
+ifdef(`LOCAL_RELAY', `dnl
+R< > $+ $: < $R > $1 try relay', `dnl')
+ifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', `dnl
+R< > $+ $@ $1', `dnl
R< > $+ $: < > < $1 <> $&h > nope, restore +detail
+ifdef(`_PRESERVE_LUSER_HOST_', `dnl
+R< > < $+ @ $+ <> + $* > $: < > < $1 + $3 @ $2 > check whether +detail')
R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail
R< > < $+ <> $* > $: < > < $1 > else discard
R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part
R< > < $+ > + $* $#_LOCAL_ $@ $2 $: @ $1`'ifdef(`_FFR_5_', ` $&{LocalAddrHost}') strip the extra +
R< > < $+ > $@ $1 no +detail
R$+ $: $1 <> $&h add +detail back in
+ifdef(`_PRESERVE_LUSER_HOST_', `dnl
+R$+ @ $+ <> + $* $: $1 + $3 @ $2 check whether +detail')
R$+ <> + $* $: $1 + $2 check whether +detail
R$+ <> $* $: $1 else discard')
R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension
R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension
-R< $- : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
+ifdef(`_PRESERVE_LUSER_HOST_', `dnl
+dnl it is $~[ instead of $- to avoid matches on IPv6 addresses
+R< $~[ : $+ > $+ @ $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $4 >')
+R< $~[ : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 >
+ifdef(`_PRESERVE_LUSER_HOST_', `dnl
+R< $+ > $+ @ $+ $@ $>MailerToTriple < $1 > $2 < @ $3 >')
R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 >
ifdef(`_MAILER_TABLE_', `dnl
+ifdef(`_LDAP_ROUTING_', `dnl
+###################################################################
+### Ruleset LDAPMailertable -- mailertable lookup for LDAP ###
+dnl input: <Domain> FullAddress
+###################################################################
+
+SLDAPMailertable
+R< $+ > $* $: < $(mailertable $1 $) > $2 lookup
+R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 check resolved?
+R< $+ > $* $: < $1 > $>Mailertable <$1> $2 try domain
+R< $+ > $#$* $#$2 found
+R< $+ > $* $#_RELAY_ $@ $1 $: $2 not found, direct relay',
+`dnl')
+
###################################################################
### Ruleset 90 -- try domain part of mailertable entry ###
dnl input: LeftPartOfDomain <RightPartOfDomain> FullAddress
@@ -1108,7 +1274,6 @@ dnl <error:text> -> error
dnl <mailer:user@host> lp<@domain>rest -> mailer host user
dnl <mailer:host> address -> mailer host address
dnl <localdomain> address -> address
-dnl <[IPv6:number]> address -> relay number address
dnl <host> address -> relay host address
###################################################################
@@ -1117,10 +1282,10 @@ R< > $* $@ $1 strip off null relay
R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2
R< local : $* > $* $>CanonLocal < $1 > $2
-R< $- : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
-R< $- : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
+dnl it is $~[ instead of $- to avoid matches on IPv6 addresses
+R< $~[ : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user
+R< $~[ : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer
R< $=w > $* $@ $2 delete local host
-R< [ IPv6 : $+ ] > $* $#_RELAY_ $@ $(dequote $1 $) $: $2 use unqualified mailer
R< $+ > $* $#_RELAY_ $@ $1 $: $2 use unqualified mailer
###################################################################
@@ -1170,6 +1335,7 @@ R$+ < @ *LOCAL* > $: < $1@$j > $1 < @ *LOCAL* > @ mark
dnl workspace: either user<@domain> or <user@domain> user <@domain> @
dnl ignore the first case for now
dnl if it has the mark lookup full address
+dnl broken: %1 is full address not just detail
R< $+ > $+ < $* > @ $: < $(generics $1 $: @ $1 $) > $2 < $3 >
dnl workspace: ... or <match|@user@domain> user <@domain>
dnl no match, try user+detail@domain
@@ -1194,6 +1360,7 @@ R< > $* $: $1 not found',
# do not masquerade anything in class N
R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
+ifdef(`MASQUERADE_NAME', `dnl
# special case the users that should be exposed
R$=E < @ *LOCAL* > $@ $1 < @ $j . > leave exposed
ifdef(`_MASQUERADE_ENTIRE_DOMAIN_',
@@ -1211,6 +1378,9 @@ ifdef(`_LIMITED_MASQUERADE_', `dnl',
R$* < @ *LOCAL* > $* $: $1 < @ $j . @ $M > $2
R$* < @ $+ @ > $* $: $1 < @ $2 > $3 $M is null
R$* < @ $+ @ $+ > $* $: $1 < @ $3 . > $4 $M is not null
+dnl', `dnl no masquerading
+dnl just fix *LOCAL* leftovers
+R$* < @ *LOCAL* > $@ $1 < @ $j . >')
###################################################################
### Ruleset 94 -- convert envelope names to masqueraded form ###
@@ -1229,115 +1399,186 @@ SParseLocal=98
undivert(3)dnl LOCAL_RULE_0
ifdef(`_LDAP_ROUTING_', `dnl
+######################################################################
+### LDAPExpand: Expand address using LDAP routing
+###
+### Parameters:
+### <$1> -- parsed address (user < @ domain . >) (pass through)
+### <$2> -- RFC822 address (user @ domain) (used for lookup)
+### <$3> -- +detail information
+###
+### Returns:
+### Mailer triplet ($#mailer $@ host $: address)
+### Parsed address (user < @ domain . >)
+######################################################################
+
SLDAPExpand
# do the LDAP lookups
-R<$+><$+> $: <$(ldapmra $2 $: $)> <$(ldapmh $2 $: $)> <$1> <$2>
+R<$+><$+><$*> $: <$(ldapmra $2 $: $)> <$(ldapmh $2 $: $)> <$1> <$2> <$3>
# if mailRoutingAddress and local or non-existant mailHost,
# return the new mailRoutingAddress
-R< $+ > < $=w > < $+ > < $+ > $@ $>Parse0 $>canonify $1
-R< $+ > < > < $+ > < $+ > $@ $>Parse0 $>canonify $1
+ifelse(_LDAP_ROUTE_DETAIL_, `_PRESERVE_', `dnl
+R<$+@$+> <$=w> <$+> <$+> <$*> $@ $>Parse0 $>canonify $1 $6 @ $2
+R<$+@$+> <> <$+> <$+> <$*> $@ $>Parse0 $>canonify $1 $5 @ $2')
+R<$+> <$=w> <$+> <$+> <$*> $@ $>Parse0 $>canonify $1
+R<$+> <> <$+> <$+> <$*> $@ $>Parse0 $>canonify $1
# if mailRoutingAddress and non-local mailHost,
# relay to mailHost with new mailRoutingAddress
-R< $+ > < $+ > < $+ > < $+ > $#_RELAY_ $@ $2 $: $>canonify $1
+ifelse(_LDAP_ROUTE_DETAIL_, `_PRESERVE_', `dnl
+ifdef(`_MAILER_TABLE_', `dnl
+# check mailertable for host, relay from there
+R<$+@$+> <$+> <$+> <$+> <$*> $>LDAPMailertable <$3> $>canonify $1 $6 @ $2',
+`R<$+@$+> <$+> <$+> <$+> <$*> $#_RELAY_ $@ $3 $: $>canonify $1 $6 @ $2')')
+ifdef(`_MAILER_TABLE_', `dnl
+# check mailertable for host, relay from there
+R<$+> <$+> <$+> <$+> <$*> $>LDAPMailertable <$2> $>canonify $1',
+`R<$+> <$+> <$+> <$+> <$*> $#_RELAY_ $@ $2 $: $>canonify $1')
# if no mailRoutingAddress and local mailHost,
# return original address
-R< > < $=w > <$+> <$+> $@ $2
+R<> <$=w> <$+> <$+> <$*> $@ $2
# if no mailRoutingAddress and non-local mailHost,
# relay to mailHost with original address
-R< > < $+ > <$+> <$+> $#_RELAY_ $@ $1 $: $2
+ifdef(`_MAILER_TABLE_', `dnl
+# check mailertable for host, relay from there
+R<> <$+> <$+> <$+> <$*> $>LDAPMailertable <$1> $2',
+`R<> <$+> <$+> <$+> <$*> $#_RELAY_ $@ $1 $: $2')
-# if no mailRoutingAddress and no mailHost,
+ifdef(`_LDAP_ROUTE_DETAIL_',
+`# if no mailRoutingAddress and no mailHost,
+# try without +detail
+R<> <> <$+> <$+ + $* @ $+> <> $@ $>LDAPExpand <$1> <$2 @ $4> <+$3>')dnl
+
+# if still no mailRoutingAddress and no mailHost,
# try @domain
-R< > < > <$+> <$+ @ $+> $@ $>LDAPExpand <$1> <@ $3>
+ifelse(_LDAP_ROUTE_DETAIL_, `_PRESERVE_', `dnl
+R<> <> <$+> <$+ + $* @ $+> <> $@ $>LDAPExpand <$1> <@ $4> <+$3>')
+R<> <> <$+> <$+ @ $+> <$*> $@ $>LDAPExpand <$1> <@ $3> <$4>
# if no mailRoutingAddress and no mailHost and this was a domain attempt,
ifelse(_LDAP_ROUTING_, `_MUST_EXIST_', `dnl
# user does not exist
-R< > < > <$+> <@ $+> $#error $@ nouser $: "550 User unknown"',
+R<> <> <$+> <@ $+> <$*> $: <?> < $&{addr_type} > < $1 >
+# only give error for envelope recipient
+R<?> <e r> <$+> $#error $@ nouser $: "550 User unknown"
+R<?> <$*> <$+> $@ $2',
`dnl
# return the original address
-R< > < > <$+> <@ $+> $@ $1')',
+R<> <> <$+> <@ $+> <$*> $@ $1')',
`dnl')
ifelse(substr(confDELIVERY_MODE,0,1), `d', `errprint(`WARNING: Antispam rules not available in deferred delivery mode.
')')
-ifdef(`_ACCESS_TABLE_', `dnl
+ifdef(`_ACCESS_TABLE_', `dnl', `divert(-1)')
######################################################################
-### LookUpDomain -- search for domain in access database
+### D: LookUpDomain -- search for domain in access database
###
### Parameters:
### <$1> -- key (domain name)
### <$2> -- default (what to return if not found in db)
dnl must not be empty
-### <$3> -- passthru (additional data passed unchanged through)
-### <$4> -- mark (must be <(!|+) single-token>)
+### <$3> -- mark (must be <(!|+) single-token>)
### ! does lookup only with tag
### + does lookup with and without tag
+### <$4> -- passthru (additional data passed unchanged through)
dnl returns: <default> <passthru>
dnl <result> <passthru>
######################################################################
-SLookUpDomain
-dnl remove IPv6 mark and dequote address
-dnl it is a bit ugly because it is checked on each "iteration"
-R<[IPv6 : $+]> <$+> <$*> <$*> $: <[$(dequote $1 $)]> <$2> <$3> <$4>
+SD
dnl workspace <key> <default> <passthru> <mark>
dnl lookup with tag (in front, no delimiter here)
-R<$*> <$+> <$*> <$- $-> $: < $(access $5`'_TAG_DELIM_`'$1 $: ? $) > <$1> <$2> <$3> <$4 $5>
+dnl 2 3 4 5
+R<$*> <$+> <$- $-> <$*> $: < $(access $4`'_TAG_DELIM_`'$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
dnl workspace <result-of-lookup|?> <key> <default> <passthru> <mark>
-ifdef(`_FFR_LOOKUPDOTDOMAIN', `dnl omit first component: lookup .rest
-R<?> <$+.$+> <$+> <$*> <$- $-> $: < $(access $5`'_TAG_DELIM_`'.$2 $: ? $) > <$1.$2> <$3> <$4> <$5 $6>', `dnl')
dnl lookup without tag?
-R<?> <$+> <$+> <$*> <+ $*> $: < $(access $1 $: ? $) > <$1> <$2> <$3> <+ $4>
-ifdef(`_FFR_LOOKUPDOTDOMAIN', `dnl omit first component: lookup .rest
-R<?> <$+.$+> <$+> <$*> <+ $*> $: < $(access .$2 $: ? $) > <$1.$2> <$3> <$4> <+ $5>', `dnl')
-dnl lookup IP address (no check is done whether it is an IP number!)
-R<?> <[$+.$-]> <$+> <$*> <$*> $@ $>LookUpDomain <[$1]> <$3> <$4> <$5>
-dnl lookup IPv6 address
-R<?> <[$+::$-]> <$+> <$*> <$*> $: $>LookUpDomain <[$1]> <$3> <$4> <$5>
-R<?> <[$+:$-]> <$+> <$*> <$*> $: $>LookUpDomain <[$1]> <$3> <$4> <$5>
+dnl 1 2 3 4
+R<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
+ifdef(`_LOOKUPDOTDOMAIN_', `dnl omit first component: lookup .rest
+dnl XXX apply this also to IP addresses?
+dnl currently it works the wrong way round for [1.2.3.4]
+dnl 1 2 3 4 5 6
+R<?> <$+.$+> <$+> <$- $-> <$*> $: < $(access $5`'_TAG_DELIM_`'.$2 $: ? $) > <$1.$2> <$3> <$4 $5> <$6>
+dnl 1 2 3 4 5
+R<?> <$+.$+> <$+> <+ $-> <$*> $: < $(access .$2 $: ? $) > <$1.$2> <$3> <+ $4> <$5>', `dnl')
+ifdef(`_ACCESS_SKIP_', `dnl
+dnl found SKIP: return <default> and <passthru>
+dnl 1 2 3 4 5
+R<SKIP> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>', `dnl')
+dnl not found: IPv4 net (no check is done whether it is an IP number!)
+dnl 1 2 3 4 5 6
+R<?> <[$+.$-]> <$+> <$- $-> <$*> $@ $>D <[$1]> <$3> <$4 $5> <$6>
+ifdef(`NO_NETINET6', `dnl',
+`dnl not found: IPv6 net
+dnl (could be merged with previous rule if we have a class containing .:)
+dnl 1 2 3 4 5 6
+R<?> <[$+::$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6>
+R<?> <[$+:$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6>')
dnl not found, but subdomain: try again
-R<?> <$+.$+> <$+> <$*> <$*> $@ $>LookUpDomain <$2> <$3> <$4> <$5>
-dnl not found, no subdomain: return default
-R<?> <$+> <$+> <$*> <$*> $@ <$2> <$3>
-dnl return result of lookup
-R<$*> <$+> <$+> <$*> <$*> $@ <$1> <$4>
+dnl 1 2 3 4 5 6
+R<?> <$+.$+> <$+> <$- $-> <$*> $@ $>D <$2> <$3> <$4 $5> <$6>
+ifdef(`_FFR_LOOKUPTAG_', `dnl lookup Tag:
+dnl 1 2 3 4
+R<?> <$+> <$+> <! $-> <$*> $: < $(access $3`'_TAG_DELIM_ $: ? $) > <$1> <$2> <! $3> <$4>', `dnl')
+dnl not found, no subdomain: return <default> and <passthru>
+dnl 1 2 3 4 5
+R<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>
+ifdef(`_ATMPF_', `dnl tempfail?
+dnl 2 3 4 5 6
+R<$* _ATMPF_> <$+> <$+> <$- $-> <$*> $@ <_ATMPF_> <$6>', `dnl')
+dnl return <result of lookup> and <passthru>
+dnl 2 3 4 5 6
+R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6>
######################################################################
-### LookUpAddress -- search for host address in access database
+### A: LookUpAddress -- search for host address in access database
###
### Parameters:
### <$1> -- key (dot quadded host address)
### <$2> -- default (what to return if not found in db)
dnl must not be empty
-### <$3> -- passthru (additional data passed through)
-### <$4> -- mark (must be <(!|+) single-token>)
+### <$3> -- mark (must be <(!|+) single-token>)
### ! does lookup only with tag
### + does lookup with and without tag
+### <$4> -- passthru (additional data passed through)
dnl returns: <default> <passthru>
dnl <result> <passthru>
######################################################################
-SLookUpAddress
+SA
dnl lookup with tag
-R<$+> <$+> <$*> <$- $+> $: < $(access $5`'_TAG_DELIM_`'$1 $: ? $) > <$1> <$2> <$3> <$4 $5>
+dnl 2 3 4 5
+R<$+> <$+> <$- $-> <$*> $: < $(access $4`'_TAG_DELIM_`'$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
dnl lookup without tag
-R<?> <$+> <$+> <$*> <+ $+> $: < $(access $1 $: ? $) > <$1> <$2> <$3> <+ $4>
-dnl no match; IPv6: remove last part
-R<?> <$+::$-> <$+> <$*> <$*> $@ $>LookUpAddress <$1> <$3> <$4> <$5>
-R<?> <$+:$-> <$+> <$*> <$*> $@ $>LookUpAddress <$1> <$3> <$4> <$5>
+dnl 1 2 3 4
+R<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
+dnl workspace <result-of-lookup|?> <key> <default> <mark> <passthru>
+ifdef(`_ACCESS_SKIP_', `dnl
+dnl found SKIP: return <default> and <passthru>
+dnl 1 2 3 4 5
+R<SKIP> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>', `dnl')
+ifdef(`NO_NETINET6', `dnl',
+`dnl no match; IPv6: remove last part
+dnl 1 2 3 4 5 6
+R<?> <$+::$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
+R<?> <$+:$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>')
dnl no match; IPv4: remove last part
-R<?> <$+.$-> <$+> <$*> <$*> $@ $>LookUpAddress <$1> <$3> <$4> <$5>
+dnl 1 2 3 4 5 6
+R<?> <$+.$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
dnl no match: return default
-R<?> <$+> <$+> <$*> <$*> $@ <$2> <$3>
+dnl 1 2 3 4 5
+R<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>
+ifdef(`_ATMPF_', `dnl tempfail?
+dnl 2 3 4 5 6
+R<$* _ATMPF_> <$+> <$+> <$- $-> <$*> $@ <_ATMPF_> <$6>', `dnl')
dnl match: return result
-R<$*> <$+> <$+> <$*> <$*> $@ <$1> <$4>',
-`dnl')
-
+dnl 2 3 4 5 6
+R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6>
+dnl endif _ACCESS_TABLE_
+divert(0)
######################################################################
### CanonAddr -- Convert an address into a standard form for
### relay checking. Route address syntax is
@@ -1385,23 +1626,18 @@ R<?> $* $=O $* < @ $* > $: <NO> $1 $2 $3 < @ $4>
dnl no $=O in localpart: return
R<?> $* $@ $1
-dnl workspace: <?> localpart<@domain>, where localpart contains $=O
+dnl workspace: <NO> localpart<@domain>, where localpart contains $=O
dnl mark everything which has an "authorized" domain with <RELAY>
ifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl
# if we relay, check username portion for user%host so host can be checked also
R<NO> $* < @ $* $=m > $: <RELAY> $1 < @ $2 $3 >', `dnl')
-
-ifdef(`_RELAY_MX_SERVED_', `dnl
-dnl do "we" ($=w) act as backup MX server for the destination domain?
-R<NO> $* < @ $+ > $: <MX> < : $(mxserved $2 $) : > < $1 < @$2 > >
-R<MX> < : $* <TEMP> : > $* $#error $@ 4.7.1 $: "450 Can not check MX records for recipient host " $1
-dnl yes: mark it as <RELAY>
-R<MX> < $* : $=w. : $* > < $+ > $: <RELAY> $4
-dnl no: put old <NO> mark back
-R<MX> < : $* : > < $+ > $: <NO> $2', `dnl')
-
dnl workspace: <(NO|RELAY)> localpart<@domain>, where localpart contains $=O
dnl if mark is <NO> then change it to <RELAY> if domain is "authorized"
+
+dnl what if access map returns something else than RELAY?
+dnl we are only interested in RELAY entries...
+dnl other To: entries: blacklist recipient; generic entries?
+dnl if it is an error we probably do not want to relay anyway
ifdef(`_RELAY_HOSTS_ONLY_',
`R<NO> $* < @ $=R > $: <RELAY> $1 < @ $2 >
ifdef(`_ACCESS_TABLE_', `dnl
@@ -1409,12 +1645,23 @@ R<NO> $* < @ $+ > $: <$(access To:$2 $: NO $)> $1 < @ $2 >
R<NO> $* < @ $+ > $: <$(access $2 $: NO $)> $1 < @ $2 >',`dnl')',
`R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 >
ifdef(`_ACCESS_TABLE_', `dnl
-R<NO> $* < @ $+ > $: $>LookUpDomain <$2> <NO> <$1 < @ $2 >> <+To>
+R<NO> $* < @ $+ > $: $>D <$2> <NO> <+ To> <$1 < @ $2 >>
R<$+> <$+> $: <$1> $2',`dnl')')
+ifdef(`_RELAY_MX_SERVED_', `dnl
+dnl do "we" ($=w) act as backup MX server for the destination domain?
+R<NO> $* < @ $+ > $: <MX> < : $(mxserved $2 $) : > < $1 < @$2 > >
+R<MX> < : $* <TEMP> : > $* $#TEMP $@ 4.7.1 $: "450 Can not check MX records for recipient host " $1
+dnl yes: mark it as <RELAY>
+R<MX> < $* : $=w. : $* > < $+ > $: <RELAY> $4
+dnl no: put old <NO> mark back
+R<MX> < : $* : > < $+ > $: <NO> $2', `dnl')
+
+dnl do we relay to this recipient domain?
R<RELAY> $* < @ $* > $@ $>ParseRecipient $1
-R<$-> $* $@ $2
+dnl something else
+R<$+> $* $@ $2
######################################################################
@@ -1435,26 +1682,28 @@ R< $* > $* $: $2
ifdef(`_ACCESS_TABLE_', `dnl
dnl workspace: {client_name} $| {client_addr}
-R$+ $| $+ $: $>LookUpDomain < $1 > <?> < $2 > <+Connect>
-dnl workspace: <result-of-lookup> <{client_addr}>
-R<?> <$+> $: $>LookUpAddress < $1 > <?> < $1 > <+Connect> no: another lookup
-dnl workspace: <result-of-lookup> <{client_addr}>
-R<?> < $+ > $: $1 found nothing
+R$+ $| $+ $: $>D < $1 > <?> <+ Connect> < $2 >
dnl workspace: <result-of-lookup> <{client_addr}>
-dnl or {client_addr}
-R<$={Accept}> < $* > $@ $1 return value of lookup
-R<REJECT> $* $#error ifdef(`confREJECT_MSG', `$: "confREJECT_MSG"', `$@ 5.7.1 $: "550 Access denied"')
-R<DISCARD> $* $#discard $: discard
+R<?> <$+> $: $>A < $1 > <?> <+ Connect> <> no: another lookup
+dnl workspace: <result-of-lookup> (<>|<{client_addr}>)
+R<?> <$*> $: OK found nothing
+dnl workspace: <result-of-lookup> (<>|<{client_addr}>) | OK
+R<$={Accept}> <$*> $@ $1 return value of lookup
+R<REJECT> <$*> $#error ifdef(`confREJECT_MSG', `$: "confREJECT_MSG"', `$@ 5.7.1 $: "550 Access denied"')
+R<DISCARD> <$*> $#discard $: discard
+ifdef(`_FFR_QUARANTINE',
+`R<QUARANTINE:$+> <$*> $#error $@ quarantine $: $1', `dnl')
dnl error tag
R<ERROR:$-.$-.$-:$+> <$*> $#error $@ $1.$2.$3 $: $4
R<ERROR:$+> <$*> $#error $: $1
+ifdef(`_ATMPF_', `R<$* _ATMPF_> <$*> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
dnl generic error from access map
R<$+> <$*> $#error $: $1', `dnl')
ifdef(`_RBL_',`dnl
# DNS based IP address spam list
+dnl workspace: ignored...
R$* $: $&{client_addr}
-R::ffff:$-.$-.$-.$- $: <?> $(host $4.$3.$2.$1._RBL_. $: OK $)
R$-.$-.$-.$- $: <?> $(host $4.$3.$2.$1._RBL_. $: OK $)
R<?>OK $: OKSOFAR
R<?>$+ $#error $@ 5.7.1 $: "550 Mail from " $&{client_addr} " refused by blackhole site _RBL_"',
@@ -1529,7 +1778,7 @@ dnl workspace: < ? $&{client_name} > <user@localhost|host>
dnl or: <address>
dnl or: <?> <address> (thanks to u in ${daemon_flags})
R<? $=w> $* $: $2 local client: ok
-R<? $+> <$+> $#error $@ 5.5.4 $: "CODE553 Real domain name required for sender address"
+R<? $+> <$+> $#error $@ 5.5.4 $: "_CODE553 Real domain name required for sender address"
dnl remove <?> (happens only if ${client_name} == "" or u in ${daemon_flags})
R<?> $* $: $1')
dnl workspace: address (or <address>)
@@ -1541,23 +1790,23 @@ R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots
R<?> $* < @ $* $=P > $: <OK> $1 < @ $2 $3 >
dnl workspace <mark> CanonicalAddress where mark is ? or OK
ifdef(`_ACCEPT_UNRESOLVABLE_DOMAINS_',
-`R<?> $* < @ $+ > $: <OK> $1 < @ $2 > ... unresolvable OK',
+`R<?> $* < @ $+ > $: <_RES_OK_> $1 < @ $2 > ... unresolvable OK',
`R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 >
R<? $* <$->> $* < @ $+ >
$: <$2> $3 < @ $4 >')
-dnl workspace <mark> CanonicalAddress where mark is ?, OK, PERM, TEMP
+dnl workspace <mark> CanonicalAddress where mark is ?, _RES_OK_, PERM, TEMP
dnl mark is ? iff the address is user (wo @domain)
ifdef(`_ACCESS_TABLE_', `dnl
# check sender address: user@address, user@, address
dnl should we remove +ext from user?
-dnl workspace: <mark> CanonicalAddress where mark is: ?, OK, PERM, TEMP
-R<$+> $+ < @ $* > $: @<$1> <$2 < @ $3 >> $| <F:$2@$3> <U:$2@> <H:$3>
+dnl workspace: <mark> CanonicalAddress where mark is: ?, _RES_OK_, PERM, TEMP
+R<$+> $+ < @ $* > $: @<$1> <$2 < @ $3 >> $| <F:$2@$3> <U:$2@> <D:$3>
R<$+> $+ $: @<$1> <$2> $| <U:$2@>
dnl workspace: @<mark> <CanonicalAddress> $| <@type:address> ....
dnl $| is used as delimiter, otherwise false matches may occur: <user<@domain>>
dnl will only return user<@domain when "reversing" the args
-R@ <$+> <$*> $| <$+> $: <@> <$1> <$2> $| $>SearchList <+From> $| <$3> <>
+R@ <$+> <$*> $| <$+> $: <@> <$1> <$2> $| $>SearchList <+ From> $| <$3> <>
dnl workspace: <@><mark> <CanonicalAddress> $| <result>
R<@> <$+> <$*> $| <$*> $: <$3> <$1> <$2> reverse result
dnl workspace: <result> <mark> <CanonicalAddress>
@@ -1574,25 +1823,28 @@ ifdef(`_ACCEPT_UNQUALIFIED_SENDERS_',`dnl',`dnl
dnl prepend daemon_flags
R<?> $* $: $&{daemon_flags} $| <?> $1
dnl accept unqualified sender: change mark to avoid test
-R$* u $* $| <?> $* $: <OK> $3
+R$* u $* $| <?> $* $: <_RES_OK_> $3
dnl remove daemon_flags
R$* $| $* $: $2
R<?> $* $: < ? $&{client_name} > $1
R<?> $* $@ <OK> ...local unqualed ok
-R<? $+> $* $#error $@ 5.5.4 $: "CODE553 Domain name required for sender address " $&f
+R<? $+> $* $#error $@ 5.5.4 $: "_CODE553 Domain name required for sender address " $&f
...remote is not')
# check results
R<?> $* $: @ $1 mark address: nothing known about it
-R<OK> $* $@ <OK>
+R<$={ResOk}> $* $@ <_RES_OK_> domain ok: stop
R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
-R<PERM> $* $#error $@ 5.1.8 $: "CODE553 Domain of sender address " $&f " does not exist"
+R<PERM> $* $#error $@ 5.1.8 $: "_CODE553 Domain of sender address " $&f " does not exist"
ifdef(`_ACCESS_TABLE_', `dnl
-R<$={Accept}> $* $# $1
+R<$={Accept}> $* $# $1 accept from access map
R<DISCARD> $* $#discard $: discard
+ifdef(`_FFR_QUARANTINE',
+`R<QUARANTINE:$+> $* $#error $@ quarantine $: $1', `dnl')
R<REJECT> $* $#error ifdef(`confREJECT_MSG', `$: "confREJECT_MSG"', `$@ 5.7.1 $: "550 Access denied"')
dnl error tag
R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
R<ERROR:$+> $* $#error $: $1
+ifdef(`_ATMPF_', `R<_ATMPF_> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
dnl generic error from access map
R<$+> $* $#error $: $1 error from access db',
`dnl')
@@ -1608,27 +1860,76 @@ R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_rcpt" $1
SBasic_check_rcpt
+# empty address?
+R<> $#error $@ nouser $: "553 User address required"
+R$@ $#error $@ nouser $: "553 User address required"
# check for deferred delivery mode
R$* $: < ${deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
ifdef(`_REQUIRE_QUAL_RCPT_', `dnl
-# require qualified recipient?
+dnl this code checks for user@host where host is not a FQHN.
+dnl it is not activated.
+dnl notice: code to check for a recipient without a domain name is
+dnl available down below; look for the same macro.
+dnl this check is done here because the name might be qualified by the
+dnl canonicalization.
+# require fully qualified domain part?
+dnl very simple canonification: make sure the address is in < >
R$+ $: <?> $1
-R<?><$+> $: <@> <$1>
-R<?>$+ $: <@> <$1>
+R<?> <$+> $: <@> <$1>
+R<?> $+ $: <@> <$1>
+R<@> < postmaster > $: postmaster
+R<@> < $* @ $+ . $+ > $: < $3 @ $4 . $5 >
dnl prepend daemon_flags
-R$* $: $&{daemon_flags} $| $1
+R<@> $* $: $&{daemon_flags} $| <@> $1
dnl workspace: ${daemon_flags} $| <@> <address>
dnl do not allow these at all or only from local systems?
-R$* r $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
+R$* r $* $| <@> < $* @ $* > $: < ? $&{client_name} > < $3 @ $4 >
R<?> < $* > $: <$1>
R<? $=w> < $* > $: <$1>
-R<? $+> <$+> $#error $@ 5.5.4 $: "553 Domain name required"
+R<? $+> <$+> $#error $@ 5.5.4 $: "553 Fully qualified domain name required"
dnl remove daemon_flags for other cases
R$* $| <@> $* $: $2', `dnl')
+dnl ##################################################################
+dnl call subroutines for recipient and relay
+dnl possible returns from subroutines:
+dnl $#TEMP temporary failure
+dnl $#error permanent failure (or temporary if from access map)
+dnl $#other stop processing
+dnl RELAY RELAYing allowed
+dnl other otherwise
+######################################################################
+R$* $: $1 $| @ $>"Rcpt_ok" $1
+dnl temporary failure? remove mark @ and remember
+R$* $| @ $#TEMP $+ $: $1 $| T $2
+dnl error or ok (stop)
+R$* $| @ $#$* $#$2
+ifdef(`_PROMISCUOUS_RELAY_', `divert(-1)', `dnl')
+R$* $| @ RELAY $@ RELAY
+dnl something else: call check sender (relay)
+R$* $| @ $* $: O $| $>"Relay_ok" $1
+dnl temporary failure: call check sender (relay)
+R$* $| T $+ $: T $2 $| $>"Relay_ok" $1
+dnl temporary failure? return that
+R$* $| $#TEMP $+ $#error $2
+dnl error or ok (stop)
+R$* $| $#$* $#$2
+R$* $| RELAY $@ RELAY
+dnl something else: return previous temp failure
+R T $+ $| $* $#error $1
+# anything else is bogus
+R$* $#error $@ 5.7.1 $: confRELAY_MSG
+divert(0)
+
+######################################################################
+### Rcpt_ok: is the recipient ok?
+dnl input: recipient address (RCPT TO)
+dnl output: see explanation at call
+######################################################################
+SRcpt_ok
ifdef(`_LOOSE_RELAY_CHECK_',`dnl
R$* $: $>CanonAddr $1
R$* < @ $* . > $1 < @ $2 > strip trailing dots',
@@ -1641,7 +1942,7 @@ R$* < @ $* > $* $: $1 < @ $2 @@ $(bestmx $2 $) > $3',
`dnl
# limit bestmx to $=B
R$* < @ $* $=B > $* $: $1 < @ $2 $3 @@ $(bestmx $2 $3 $) > $4')
-R$* $=O $* < @ $* @@ $=w . > $* $@ $>"Basic_check_rcpt" $1 $2 $3
+R$* $=O $* < @ $* @@ $=w . > $* $@ $>"Rcpt_ok" $1 $2 $3
R$* < @ $* @@ $=w . > $* $: $1 < @ $3 > $4
R$* < @ $* @@ $* > $* $: $1 < @ $2 > $4')
@@ -1651,50 +1952,60 @@ ifdef(`_ACCESS_TABLE_', `dnl
R$* $: <?> $1
dnl user is now tagged with @ to be consistent with check_mail
dnl and to distinguish users from hosts (com would be host, com@ would be user)
-R<?> $+ < @ $=w > $: <> <$1 < @ $2 >> $| <F:$1@$2> <U:$1@> <H:$2>
-R<?> $+ < @ $* > $: <> <$1 < @ $2 >> $| <F:$1@$2> <H:$2>
+R<?> $+ < @ $=w > $: <> <$1 < @ $2 >> $| <F:$1@$2> <U:$1@> <D:$2>
+R<?> $+ < @ $* > $: <> <$1 < @ $2 >> $| <F:$1@$2> <D:$2>
R<?> $+ $: <> <$1> $| <U:$1@>
dnl $| is used as delimiter, otherwise false matches may occur: <user<@domain>>
dnl will only return user<@domain when "reversing" the args
-R<> <$*> $| <$+> $: <@> <$1> $| $>SearchList <+To> $| <$2> <>
+R<> <$*> $| <$+> $: <@> <$1> $| $>SearchList <+ To> $| <$2> <>
R<@> <$*> $| <$*> $: <$2> <$1> reverse result
R<?> <$*> $: @ $1 mark address as no match
+dnl we may have to filter here because otherwise some RHSs
+dnl would be interpreted as generic error messages...
+dnl error messages should be "tagged" by prefixing them with error: !
+dnl that would make a lot of things easier.
R<$={Accept}> <$*> $: @ $2 mark address as no match
-ifdef(`_DELAY_CHECKS_',`dnl
+ifdef(`_ACCESS_SKIP_', `dnl
+R<SKIP> <$*> $: @ $1 mark address as no match', `dnl')
+ifdef(`_DELAY_COMPAT_8_10_',`dnl
+dnl compatility with 8.11/8.10:
dnl we have to filter these because otherwise they would be interpreted
dnl as generic error message...
dnl error messages should be "tagged" by prefixing them with error: !
dnl that would make a lot of things easier.
dnl maybe we should stop checks already here (if SPAM_xyx)?
R<$={SpamTag}> <$*> $: @ $2 mark address as no match')
-R<REJECT> $* $#error $@ 5.2.1 $: "550 Mailbox disabled for this recipient"
+R<REJECT> $* $#error $@ 5.2.1 $: confRCPTREJ_MSG
R<DISCARD> $* $#discard $: discard
+ifdef(`_FFR_QUARANTINE',
+`R<QUARANTINE:$+> $* $#error $@ quarantine $: $1', `dnl')
dnl error tag
R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
R<ERROR:$+> $* $#error $: $1
+ifdef(`_ATMPF_', `R<_ATMPF_> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
dnl generic error from access map
R<$+> $* $#error $: $1 error from access db
R@ $* $1 remove mark', `dnl')', `dnl')
-ifdef(`_PROMISCUOUS_RELAY_', `divert(-1)')
-# authenticated?
-dnl do this unconditionally? this requires to manage CAs carefully
-dnl just because someone has a CERT signed by a "trusted" CA
-dnl does not mean we want to allow relaying for her,
-dnl either use a subroutine or provide something more sophisticated
-dnl this could for example check the DN (maybe an access map lookup)
-R$* $: $1 $| $>RelayAuth $1 $| $&{verify} client authenticated?
-R$* $| $# $+ $# $2 error/ok?
-R$* $| $* $: $1 no
-
-# authenticated by a trusted mechanism?
-R$* $: $1 $| $&{auth_type}
+ifdef(`_PROMISCUOUS_RELAY_', `divert(-1)', `dnl')
+# authenticated via TLS?
+R$* $: $1 $| $>RelayTLS client authenticated?
+R$* $| $# $+ $# $2 error/ok?
+R$* $| $* $: $1 no
+
+R$* $: $1 $| $>"Local_Relay_Auth" $&{auth_type}
+dnl workspace: localpart<@domain> $| result of Local_Relay_Auth
+R$* $| $# $* $# $2
+dnl if Local_Relay_Auth returns NO then do not check $={TrustAuthMech}
+R$* $| NO $: $1
+R$* $| $* $: $1 $| $&{auth_type}
+dnl workspace: localpart<@domain> [ $| ${auth_type} ]
dnl empty ${auth_type}?
R$* $| $: $1
dnl mechanism ${auth_type} accepted?
dnl use $# to override further tests (delay_checks): see check_rcpt below
-R$* $| $={TrustAuthMech} $# RELAYAUTH
-dnl undo addition of ${auth_type}
+R$* $| $={TrustAuthMech} $# RELAY
+dnl remove ${auth_type}
R$* $| $* $: $1
dnl workspace: localpart<@domain> | localpart
ifelse(defn(`_NO_UUCP_'), `r',
@@ -1702,20 +2013,21 @@ ifelse(defn(`_NO_UUCP_'), `r',
R$* ! $* $: <REMOTE> $2 < @ BANG_PATH >', `dnl')
# anything terminating locally is ok
ifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl
-R$+ < @ $* $=m > $@ RELAYTO', `dnl')
-R$+ < @ $=w > $@ RELAYTO
+R$+ < @ $* $=m > $@ RELAY', `dnl')
+R$+ < @ $=w > $@ RELAY
ifdef(`_RELAY_HOSTS_ONLY_',
-`R$+ < @ $=R > $@ RELAYTO
+`R$+ < @ $=R > $@ RELAY
ifdef(`_ACCESS_TABLE_', `dnl
R$+ < @ $+ > $: <$(access To:$2 $: ? $)> <$1 < @ $2 >>
dnl workspace: <Result-of-lookup | ?> <localpart<@domain>>
R<?> <$+ < @ $+ >> $: <$(access $2 $: ? $)> <$1 < @ $2 >>',`dnl')',
-`R$+ < @ $* $=R > $@ RELAYTO
+`R$+ < @ $* $=R > $@ RELAY
ifdef(`_ACCESS_TABLE_', `dnl
-R$+ < @ $+ > $: $>LookUpDomain <$2> <?> <$1 < @ $2 >> <+To>',`dnl')')
+R$+ < @ $+ > $: $>D <$2> <?> <+ To> <$1 < @ $2 >>',`dnl')')
ifdef(`_ACCESS_TABLE_', `dnl
dnl workspace: <Result-of-lookup | ?> <localpart<@domain>>
-R<RELAY> $* $@ RELAYTO
+R<RELAY> $* $@ RELAY
+ifdef(`_ATMPF_', `R<$* _ATMPF_> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
R<$*> <$*> $: $2',`dnl')
@@ -1723,8 +2035,8 @@ ifdef(`_RELAY_MX_SERVED_', `dnl
# allow relaying for hosts which we MX serve
R$+ < @ $+ > $: < : $(mxserved $2 $) : > $1 < @ $2 >
dnl this must not necessarily happen if the client is checked first...
-R< : $* <TEMP> : > $* $#error $@ 4.7.1 $: "450 Can not check MX records for recipient host " $1
-R<$* : $=w . : $*> $* $@ RELAYTO
+R< : $* <TEMP> : > $* $#TEMP $@ 4.7.1 $: "450 Can not check MX records for recipient host " $1
+R<$* : $=w . : $*> $* $@ RELAY
R< : $* : > $* $: $2',
`dnl')
@@ -1737,7 +2049,7 @@ dnl but we should accept it anyway (maybe making it an option:
dnl RequireFQDN ?)
dnl postmaster must be accepted without domain (DRUMS)
ifdef(`_REQUIRE_QUAL_RCPT_', `dnl
-R<?> postmaster $@ TOPOSTMASTER
+R<?> postmaster $@ OK
# require qualified recipient?
dnl prepend daemon_flags
R<?> $+ $: $&{daemon_flags} $| <?> $1
@@ -1747,31 +2059,38 @@ dnl r flag? add client_name
R$* r $* $| <?> $+ $: < ? $&{client_name} > <?> $3
dnl no r flag: relay to local user (only local part)
# no qualified recipient required
-R$* $| <?> $+ $@ RELAYTOLOCAL
+R$* $| <?> $+ $@ RELAY
dnl client_name is empty
-R<?> <?> $+ $@ RELAYTOLOCAL
+R<?> <?> $+ $@ RELAY
dnl client_name is local
-R<? $=w> <?> $+ $@ RELAYTOLOCAL
+R<? $=w> <?> $+ $@ RELAY
dnl client_name is not local
R<? $+> $+ $#error $@ 5.5.4 $: "553 Domain name required"', `dnl
dnl no qualified recipient required
-R<?> $+ $@ RELAYTOLOCAL')
+R<?> $+ $@ RELAY')
dnl it is a remote user: remove mark and then check client
R<$+> $* $: $2
dnl currently the recipient address is not used below
+######################################################################
+### Relay_ok: is the relay/sender ok?
+dnl input: ignored
+dnl output: see explanation at call
+######################################################################
+SRelay_ok
# anything originating locally is ok
# check IP address
R$* $: $&{client_addr}
-R$@ $@ RELAYFROM originated locally
-R0 $@ RELAYFROM originated locally
-R$=R $* $@ RELAYFROM relayable IP address
+R$@ $@ RELAY originated locally
+R0 $@ RELAY originated locally
+R$=R $* $@ RELAY relayable IP address
ifdef(`_ACCESS_TABLE_', `dnl
-R$* $: $>LookUpAddress <$1> <?> <$1> <+Connect>
-R<RELAY> $* $@ RELAYFROM relayable IP address
+R$* $: $>A <$1> <?> <+ Connect> <$1>
+R<RELAY> $* $@ RELAY relayable IP address
+ifdef(`_ATMPF_', `R<_ATMPF_> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
R<$*> <$*> $: $2', `dnl')
R$* $: [ $1 ] put brackets around it...
-R$=w $@ RELAYFROM ... and see if it is local
+R$=w $@ RELAY ... and see if it is local
ifdef(`_RELAY_DB_FROM_', `define(`_RELAY_MAIL_FROM_', `1')')dnl
ifdef(`_RELAY_LOCAL_FROM_', `define(`_RELAY_MAIL_FROM_', `1')')dnl
@@ -1780,48 +2099,56 @@ dnl input: {client_addr} or something "broken"
dnl just throw the input away; we do not need it.
# check whether FROM is allowed to use system as relay
R$* $: <?> $>CanonAddr $&f
+R<?> $+ < @ $+ . > <?> $1 < @ $2 > remove trailing dot
ifdef(`_RELAY_LOCAL_FROM_', `dnl
# check whether local FROM is ok
-R<?> $+ < @ $=w . > $@ RELAYFROMMAIL FROM local', `dnl')
+R<?> $+ < @ $=w > $@ RELAY FROM local', `dnl')
ifdef(`_RELAY_DB_FROM_', `dnl
-R<?> $+ < @ $+ . > <?> $1 < @ $2 > remove trailing dot
-R<?> $+ < @ $+ > $: $1 < @ $2 > $| $>SearchList <! From> $| <F:$1@$2> ifdef(`_RELAY_DB_FROM_DOMAIN_', `<H:$2>') <>
-R$* <RELAY> $@ RELAYFROMMAIL RELAY FROM sender ok', `dnl
-ifdef(`_RELAY_DB_FROM_DOMAIN_', `errprint(`*** ERROR: _RELAY_DB_FROM_DOMAIN_ requires _RELAY_DB_FROM_
+R<?> $+ < @ $+ > $: <@> $>SearchList <! From> $| <F:$1@$2> ifdef(`_RELAY_DB_FROM_DOMAIN_', `<D:$2>') <>
+R<@> <RELAY> $@ RELAY RELAY FROM sender ok
+ifdef(`_ATMPF_', `R<@> <_ATMPF_> $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
+', `dnl
+ifdef(`_RELAY_DB_FROM_DOMAIN_',
+`errprint(`*** ERROR: _RELAY_DB_FROM_DOMAIN_ requires _RELAY_DB_FROM_
')',
`dnl')
dnl')', `dnl')
+dnl notice: the rulesets above do not leave a unique workspace behind.
+dnl it does not matter in this case because the following rule ignores
+dnl the input. otherwise these rules must "clean up" the workspace.
# check client name: first: did it resolve?
dnl input: ignored
R$* $: < $&{client_resolve} >
-R<TEMP> $#error $@ 4.7.1 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
+R<TEMP> $#TEMP $@ 4.7.1 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr}
R<FORGED> $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name}
R<FAIL> $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name}
dnl ${client_resolve} should be OK, so go ahead
-R$* $: <?> $&{client_name}
+R$* $: <@> $&{client_name}
+dnl should not be necessary since it has been done for client_addr already
+R<@> $@ RELAY
+dnl workspace: <@> ${client_name} (not empty)
# pass to name server to make hostname canonical
-R<?> $* $~P $:<?> $[ $1 $2 $]
+R<@> $* $=P $:<?> $1 $2
+R<@> $+ $:<?> $[ $1 $]
+dnl workspace: <?> ${client_name} (canonified)
R$* . $1 strip trailing dots
-dnl should not be necessary since it has been done for client_addr already
-R<?> $@ RELAYFROM
ifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl
-R<?> $* $=m $@ RELAYFROM', `dnl')
-R<?> $=w $@ RELAYFROM
+R<?> $* $=m $@ RELAY', `dnl')
+R<?> $=w $@ RELAY
ifdef(`_RELAY_HOSTS_ONLY_',
-`R<?> $=R $@ RELAYFROM
+`R<?> $=R $@ RELAY
ifdef(`_ACCESS_TABLE_', `dnl
R<?> $* $: <$(access Connect:$1 $: ? $)> <$1>
R<?> <$*> $: <$(access $1 $: ? $)> <$1>',`dnl')',
-`R<?> $* $=R $@ RELAYFROM
+`R<?> $* $=R $@ RELAY
ifdef(`_ACCESS_TABLE_', `dnl
-R<?> $* $: $>LookUpDomain <$1> <?> <$1> <+Connect>',`dnl')')
+R<?> $* $: $>D <$1> <?> <+ Connect> <$1>',`dnl')')
ifdef(`_ACCESS_TABLE_', `dnl
-R<RELAY> $* $@ RELAYFROM
+R<RELAY> $* $@ RELAY
+ifdef(`_ATMPF_', `R<$* _ATMPF_> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
R<$*> <$*> $: $2',`dnl')
-
-# anything else is bogus
-R$* $#error $@ 5.7.1 $: confRELAY_MSG
+dnl end of _PROMISCUOUS_RELAY_
divert(0)
ifdef(`_DELAY_CHECKS_',`dnl
# turn a canonical address in the form user<@domain>
@@ -1849,11 +2176,11 @@ ifdef(`_ACCESS_TABLE_', `',
dnl one of the next two rules is supposed to match
dnl this code has been copied from BLACKLIST... etc
dnl and simplified by omitting some < >.
-R<?> $+ < @ $=w > $: <> $1 < @ $2 > $| <F: $1@$2 > <U: $1@>
-R<?> $+ < @ $* > $: <> $1 < @ $2 > $| <F: $1@$2 >
+R<?> $+ < @ $=w > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 > <U: $1@>
+R<?> $+ < @ $* > $: <> $1 < @ $2 > $| <F: $1@$2 > <D: $2 >
dnl R<?> $@ something_is_very_wrong_here
-# lookup the addresses only with To tag
-R<> $* $| <$+> $: <@> $1 $| $>SearchList <!To> $| <$2> <>
+# lookup the addresses only with Spam tag
+R<> $* $| <$+> $: <@> $1 $| $>SearchList <! Spam> $| <$2> <>
R<@> $* $| $* $: $2 $1 reverse result
dnl', `dnl')
ifdef(`_SPAM_FRIEND_',
@@ -1861,24 +2188,163 @@ ifdef(`_SPAM_FRIEND_',
ifdef(`_SPAM_HATER_',
`errprint(`*** ERROR: define either SpamHater or SpamFriend
')', `dnl')
-R<SPAMFRIEND> $+ $@ SPAMFRIEND
+R<FRIEND> $+ $@ SPAMFRIEND
R<$*> $+ $: $2',
`dnl')
ifdef(`_SPAM_HATER_',
`# is the recipient no spam hater?
-R<SPAMHATER> $+ $: $1 spam hater: continue checks
+R<HATER> $+ $: $1 spam hater: continue checks
R<$*> $+ $@ NOSPAMHATER everyone else: stop
dnl',`dnl')
dnl run further checks: check_mail
dnl should we "clean up" $&f?
-R$* $: $1 $| $>checkmail <$&f>
+ifdef(`_FFR_MAIL_MACRO',
+`R$* $: $1 $| $>checkmail $&{mail_from}',
+`R$* $: $1 $| $>checkmail <$&f>')
R$* $| $#$* $#$2
dnl run further checks: check_relay
R$* $: $1 $| $>checkrelay $&{client_name} $| $&{client_addr}
R$* $| $#$* $#$2
R$* $| $* $: $1
', `dnl')
-ifdef(`_ACCESS_TABLE_', `dnl
+
+ifdef(`_ACCESS_TABLE_', `dnl', `divert(-1)')
+######################################################################
+### F: LookUpFull -- search for an entry in access database
+###
+### lookup of full key (which should be an address) and
+### variations if +detail exists: +* and without +detail
+###
+### Parameters:
+### <$1> -- key
+### <$2> -- default (what to return if not found in db)
+dnl must not be empty
+### <$3> -- mark (must be <(!|+) single-token>)
+### ! does lookup only with tag
+### + does lookup with and without tag
+### <$4> -- passthru (additional data passed unchanged through)
+dnl returns: <default> <passthru>
+dnl <result> <passthru>
+######################################################################
+
+SF
+dnl workspace: <key> <def> <o tag> <thru>
+dnl full lookup
+dnl 2 3 4 5
+R<$+> <$*> <$- $-> <$*> $: <$(access $4`'_TAG_DELIM_`'$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
+dnl no match, try without tag
+dnl 1 2 3 4
+R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
+dnl no match, +detail: try +*
+dnl 1 2 3 4 5 6 7
+R<?> <$+ + $* @ $+> <$*> <$- $-> <$*>
+ $: <$(access $6`'_TAG_DELIM_`'$1+*@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
+dnl no match, +detail: try +* without tag
+dnl 1 2 3 4 5 6
+R<?> <$+ + $* @ $+> <$*> <+ $-> <$*>
+ $: <$(access $1+*@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
+dnl no match, +detail: try without +detail
+dnl 1 2 3 4 5 6 7
+R<?> <$+ + $* @ $+> <$*> <$- $-> <$*>
+ $: <$(access $6`'_TAG_DELIM_`'$1@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
+dnl no match, +detail: try without +detail and without tag
+dnl 1 2 3 4 5 6
+R<?> <$+ + $* @ $+> <$*> <+ $-> <$*>
+ $: <$(access $1@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
+dnl no match, return <default> <passthru>
+dnl 1 2 3 4 5
+R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
+ifdef(`_ATMPF_', `dnl tempfail?
+dnl 2 3 4 5
+R<$+ _ATMPF_> <$*> <$- $-> <$*> $@ <_ATMPF_> <$5>', `dnl')
+dnl match, return <match> <passthru>
+dnl 2 3 4 5
+R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
+
+######################################################################
+### E: LookUpExact -- search for an entry in access database
+###
+### Parameters:
+### <$1> -- key
+### <$2> -- default (what to return if not found in db)
+dnl must not be empty
+### <$3> -- mark (must be <(!|+) single-token>)
+### ! does lookup only with tag
+### + does lookup with and without tag
+### <$4> -- passthru (additional data passed unchanged through)
+dnl returns: <default> <passthru>
+dnl <result> <passthru>
+######################################################################
+
+SE
+dnl 2 3 4 5
+R<$*> <$*> <$- $-> <$*> $: <$(access $4`'_TAG_DELIM_`'$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
+dnl no match, try without tag
+dnl 1 2 3 4
+R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
+dnl no match, return default passthru
+dnl 1 2 3 4 5
+R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
+ifdef(`_ATMPF_', `dnl tempfail?
+dnl 2 3 4 5
+R<$+ _ATMPF_> <$*> <$- $-> <$*> $@ <_ATMPF_> <$5>', `dnl')
+dnl match, return <match> <passthru>
+dnl 2 3 4 5
+R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
+
+######################################################################
+### U: LookUpUser -- search for an entry in access database
+###
+### lookup of key (which should be a local part) and
+### variations if +detail exists: +* and without +detail
+###
+### Parameters:
+### <$1> -- key (user@)
+### <$2> -- default (what to return if not found in db)
+dnl must not be empty
+### <$3> -- mark (must be <(!|+) single-token>)
+### ! does lookup only with tag
+### + does lookup with and without tag
+### <$4> -- passthru (additional data passed unchanged through)
+dnl returns: <default> <passthru>
+dnl <result> <passthru>
+######################################################################
+
+SU
+dnl user lookups are always with trailing @
+dnl 2 3 4 5
+R<$+> <$*> <$- $-> <$*> $: <$(access $4`'_TAG_DELIM_`'$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
+dnl no match, try without tag
+dnl 1 2 3 4
+R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
+dnl do not remove the @ from the lookup:
+dnl it is part of the +detail@ which is omitted for the lookup
+dnl no match, +detail: try +*
+dnl 1 2 3 4 5 6
+R<?> <$+ + $* @> <$*> <$- $-> <$*>
+ $: <$(access $5`'_TAG_DELIM_`'$1+*@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
+dnl no match, +detail: try +* without tag
+dnl 1 2 3 4 5
+R<?> <$+ + $* @> <$*> <+ $-> <$*>
+ $: <$(access $1+*@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
+dnl no match, +detail: try without +detail
+dnl 1 2 3 4 5 6
+R<?> <$+ + $* @> <$*> <$- $-> <$*>
+ $: <$(access $5`'_TAG_DELIM_`'$1@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
+dnl no match, +detail: try without +detail and without tag
+dnl 1 2 3 4 5
+R<?> <$+ + $* @> <$*> <+ $-> <$*>
+ $: <$(access $1@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
+dnl no match, return <default> <passthru>
+dnl 1 2 3 4 5
+R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
+ifdef(`_ATMPF_', `dnl tempfail?
+dnl 2 3 4 5
+R<$+ _ATMPF_> <$*> <$- $-> <$*> $@ <_ATMPF_> <$5>', `dnl')
+dnl match, return <match> <passthru>
+dnl 2 3 4 5
+R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
+
######################################################################
### SearchList: search a list of items in the access map
### Parameters:
@@ -1887,7 +2353,7 @@ dnl maybe we should have a @ (again) in front of the mark to
dnl avoid errorneous matches (with error messages?)
dnl if we can make sure that tag is always a single token
dnl then we can omit the delimiter $|, otherwise we need it
-dnl to avoid errorneous matchs (first rule: H: if there
+dnl to avoid errorneous matchs (first rule: D: if there
dnl is that mark somewhere in the list, it will be taken).
dnl moreover, we can do some tricks to enforce lookup with
dnl the tag only, e.g.:
@@ -1897,7 +2363,7 @@ dnl the tag only, e.g.:
dnl Warning: + and ! should be in OperatorChars (otherwise there must be
dnl a blank between them and the tag.
### possible values for "mark" are:
-### H: recursive host lookup (LookUpDomain)
+### D: recursive host lookup (LookUpDomain)
dnl A: recursive address lookup (LookUpAddress) [not yet required]
### E: exact lookup, no modifications
### F: full lookup, try user+ext@domain and user@domain
@@ -1907,42 +2373,32 @@ dnl A: recursive address lookup (LookUpAddress) [not yet required]
# class with valid marks for SearchList
dnl if A is activated: add it
-C{src}E F H U
+C{src}E F D U ifdef(`_FFR_SRCHLIST_A', `A')
SSearchList
-# mark H: lookup domain
-R<$+> $| <H:$+> <$*> $: <$1> $| <@> $>LookUpDomain <$2> <?> <$3> <$1>
-R<$+> $| <@> <$+> <$*> $: <$1> $| <$2> <$3>
-dnl A: NOT YET REQUIRED
-dnl R<$+> $| <A:$+> <$*> $: <$1> $| <@> $>LookUpAddress <$2> <?> <$3> <$1>
-dnl R<$+> $| <@> <$+> <$*> $: <$1> $| <$2> <$3>
-dnl lookup of the item with tag
-dnl this applies to F: U: E:
-R<$- $-> $| <$={src}:$+> <$*> $: <$1 $2> $| <$(access $2`'_TAG_DELIM_`'$4 $: $3:$4 $)> <$5>
-dnl no match, try without tag
-R<+ $-> $| <$={src}:$+> <$*> $: <+ $1> $| <$(access $3 $: $2:$3 $)> <$4>
-dnl do we really have to distinguish these cases?
-dnl probably yes, there might be a + in the domain part (is that allowed?)
-dnl user+detail lookups: should it be:
-dnl user+detail, user+*, user; just like aliases?
-R<$- $-> $| <F:$* + $*@$+> <$*> $: <$1 $2> $| <$(access $2`'_TAG_DELIM_`'$3@$5 $: F:$3 + $4@$5$)> <$6>
-R<+ $-> $| <F:$* + $*@$+> <$*> $: <+ $1> $| <$(access $2@$4 $: F:$2 + $3@$4$)> <$5>
-dnl user lookups are always with trailing @
-dnl do not remove the @ from the lookup:
-dnl it is part of the +detail@ which is omitted for the lookup
-R<$- $-> $| <U:$* + $*> <$*> $: <$1 $2> $| <$(access $2`'_TAG_DELIM_`'$3@ $: U:$3 + $4$)> <$5>
-dnl no match, try without tag
-R<+ $-> $| <U:$* + $*> <$*> $: <+ $1> $| <$(access $2@ $: U:$2 + $3$)> <$4>
-dnl no match, try rest of list
-R<$+> $| <$={src}:$+> <$+> $@ $>SearchList <$1> $| <$4>
-dnl no match, list empty: return failure
-R<$+> $| <$={src}:$+> <> $@ <?>
-dnl got result, return it
-R<$+> $| <$+> <$*> $@ <$2>
+# just call the ruleset with the name of the tag... nice trick...
+dnl 2 3 4
+R<$+> $| <$={src}:$*> <$*> $: <$1> $| <$4> $| $>$2 <$3> <?> <$1> <>
+dnl workspace: <o tag> $| <rest> $| <result of lookup> <>
+dnl no match and nothing left: return
+R<$+> $| <> $| <?> <> $@ <?>
+dnl no match but something left: continue
+R<$+> $| <$+> $| <?> <> $@ $>SearchList <$1> $| <$2>
+dnl match: return
+R<$+> $| <$*> $| <$+> <> $@ <$3>
dnl return result from recursive invocation
-R<$+> $| <$+> $@ <$2>', `dnl')
+R<$+> $| <$+> $@ <$2>
+dnl endif _ACCESS_TABLE_
+divert(0)
+
+######################################################################
+### trust_auth: is user trusted to authenticate as someone else?
+###
+### Parameters:
+### $1: AUTH= parameter from MAIL command
+######################################################################
-# is user trusted to authenticate as someone else?
-dnl AUTH= parameter from MAIL command
+dnl empty ruleset definition so it can be called
+SLocal_trust_auth
Strust_auth
R$* $: $&{auth_type} $| $1
# required by RFC 2554 section 4.
@@ -1956,111 +2412,288 @@ R$* $| $#$* $#$2
dnl default: error
R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author}
-dnl empty ruleset definition so it can be called
-SLocal_trust_auth
+######################################################################
+### Relay_Auth: allow relaying based on authentication?
+###
+### Parameters:
+### $1: ${auth_type}
+######################################################################
+SLocal_Relay_Auth
-ifdef(`_FFR_TLS_O_T', `dnl
-Soffer_tls
-R$* $: $>LookUpDomain <$&{client_name}> <?> <> <! TLS_OFF_TAG>
-R<?>$* $: $>LookUpAddress <$&{client_addr}> <?> <> <! TLS_OFF_TAG>
-R<?>$* $: <$(access TLS_OFF_TAG: $: ? $)>
+ifdef(`_ACCESS_TABLE_', `dnl
+######################################################################
+### srv_features: which features to offer to a client?
+### (done in server)
+######################################################################
+Ssrv_features
+ifdef(`_LOCAL_SRV_FEATURES_', `dnl
+R$* $: $1 $| $>"Local_srv_features" $1
+R$* $| $#$* $#$2
+R$* $| $* $: $1', `dnl')
+R$* $: $>D <$&{client_name}> <?> <! SRV_FEAT_TAG> <>
+R<?>$* $: $>A <$&{client_addr}> <?> <! SRV_FEAT_TAG> <>
+R<?>$* $: <$(access SRV_FEAT_TAG`'_TAG_DELIM_ $: ? $)>
R<?>$* $@ OK
-R<NO> <> $#error $@ 5.7.1 $: "550 do not offer TLS for " $&{client_name} " ["$&{client_addr}"]"
+ifdef(`_ATMPF_', `dnl tempfail?
+R<$* _ATMPF_>$* $#temp', `dnl')
+R<$+>$* $# $1
+######################################################################
+### try_tls: try to use STARTTLS?
+### (done in client)
+######################################################################
Stry_tls
-R$* $: $>LookUpDomain <$&{server_name}> <?> <> <! TLS_TRY_TAG>
-R<?>$* $: $>LookUpAddress <$&{server_addr}> <?> <> <! TLS_TRY_TAG>
-R<?>$* $: <$(access TLS_TRY_TAG: $: ? $)>
+ifdef(`_LOCAL_TRY_TLS_', `dnl
+R$* $: $1 $| $>"Local_try_tls" $1
+R$* $| $#$* $#$2
+R$* $| $* $: $1', `dnl')
+R$* $: $>D <$&{server_name}> <?> <! TLS_TRY_TAG> <>
+R<?>$* $: $>A <$&{server_addr}> <?> <! TLS_TRY_TAG> <>
+R<?>$* $: <$(access TLS_TRY_TAG`'_TAG_DELIM_ $: ? $)>
R<?>$* $@ OK
+ifdef(`_ATMPF_', `dnl tempfail?
+R<$* _ATMPF_>$* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
R<NO>$* $#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]"
-')dnl
+
+######################################################################
+### tls_rcpt: is connection with server "good" enough?
+### (done in client, per recipient)
+dnl called from deliver() before RCPT command
+###
+### Parameters:
+### $1: recipient
+######################################################################
+Stls_rcpt
+ifdef(`_LOCAL_TLS_RCPT_', `dnl
+R$* $: $1 $| $>"Local_tls_rcpt" $1
+R$* $| $#$* $#$2
+R$* $| $* $: $1', `dnl')
+dnl store name of other side
+R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
+dnl canonify recipient address
+R$+ $: <?> $>CanonAddr $1
+dnl strip trailing dots
+R<?> $+ < @ $+ . > <?> $1 <@ $2 >
+dnl full address?
+R<?> $+ < @ $+ > $: $1 <@ $2 > $| <F:$1@$2> <U:$1@> <D:$2> <E:>
+dnl only localpart?
+R<?> $+ $: $1 $| <U:$1@> <E:>
+dnl look it up
+dnl also look up a default value via E:
+R$* $| $+ $: $1 $| $>SearchList <! TLS_RCPT_TAG> $| $2 <>
+dnl found nothing: stop here
+R$* $| <?> $@ OK
+ifdef(`_ATMPF_', `dnl tempfail?
+R$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
+dnl use the generic routine (for now)
+R$* $| <$+> $@ $>"TLS_connection" $&{verify} $| <$2>')
-# is connection with client "good" enough? (done in server)
-# input: ${verify} $| (MAIL|STARTTLS)
+######################################################################
+### tls_client: is connection with client "good" enough?
+### (done in server)
+###
+### Parameters:
+### ${verify} $| (MAIL|STARTTLS)
+######################################################################
dnl MAIL: called from check_mail
dnl STARTTLS: called from smtp() after STARTTLS has been accepted
Stls_client
+ifdef(`_LOCAL_TLS_CLIENT_', `dnl
+R$* $: $1 $| $>"Local_tls_client" $1
+R$* $| $#$* $#$2
+R$* $| $* $: $1', `dnl')
ifdef(`_ACCESS_TABLE_', `dnl
+dnl store name of other side
+R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
dnl ignore second arg for now
dnl maybe use it to distinguish permanent/temporary error?
dnl if MAIL: permanent (STARTTLS has not been offered)
dnl if STARTTLS: temporary (offered but maybe failed)
-R$* $| $* $: $1 $| $>LookUpDomain <$&{client_name}> <?> <> <! TLS_CLT_TAG>
-R$* $| <?>$* $: $1 $| $>LookUpAddress <$&{client_addr}> <?> <> <! TLS_CLT_TAG>
+R$* $| $* $: $1 $| $>D <$&{client_name}> <?> <! TLS_CLT_TAG> <>
+R$* $| <?>$* $: $1 $| $>A <$&{client_addr}> <?> <! TLS_CLT_TAG> <>
dnl do a default lookup: just TLS_CLT_TAG
R$* $| <?>$* $: $1 $| <$(access TLS_CLT_TAG`'_TAG_DELIM_ $: ? $)>
-R$* $@ $>"tls_connection" $1', `dnl
-R$* $| $* $@ $>"tls_connection" $1')
+ifdef(`_ATMPF_', `dnl tempfail?
+R$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
+R$* $@ $>"TLS_connection" $1', `dnl
+R$* $| $* $@ $>"TLS_connection" $1')
-# is connection with server "good" enough? (done in client)
+######################################################################
+### tls_server: is connection with server "good" enough?
+### (done in client)
+###
+### Parameter:
+### ${verify}
+######################################################################
dnl i.e. has the server been authenticated and is encryption active?
dnl called from deliver() after STARTTLS command
-# input: ${verify}
Stls_server
+ifdef(`_LOCAL_TLS_SERVER_', `dnl
+R$* $: $1 $| $>"Local_tls_server" $1
+R$* $| $#$* $#$2
+R$* $| $* $: $1', `dnl')
ifdef(`_ACCESS_TABLE_', `dnl
-R$* $: $1 $| $>LookUpDomain <$&{server_name}> <?> <> <! TLS_SRV_TAG>
-R$* $| <?>$* $: $1 $| $>LookUpAddress <$&{server_addr}> <?> <> <! TLS_SRV_TAG>
+dnl store name of other side
+R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
+R$* $: $1 $| $>D <$&{server_name}> <?> <! TLS_SRV_TAG> <>
+R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! TLS_SRV_TAG> <>
dnl do a default lookup: just TLS_SRV_TAG
R$* $| <?>$* $: $1 $| <$(access TLS_SRV_TAG`'_TAG_DELIM_ $: ? $)>
-R$* $@ $>"tls_connection" $1', `dnl
-R$* $@ $>"tls_connection" $1')
+ifdef(`_ATMPF_', `dnl tempfail?
+R$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."', `dnl')
+R$* $@ $>"TLS_connection" $1', `dnl
+R$* $@ $>"TLS_connection" $1')
-Stls_connection
+######################################################################
+### TLS_connection: is TLS connection "good" enough?
+###
+### Parameters:
ifdef(`_ACCESS_TABLE_', `dnl
+### ${verify} $| <Requirement> [<>]', `dnl
+### ${verify}')
+### Requirement: RHS from access map, may be ? for none.
+dnl syntax for Requirement:
+dnl [(PERM|TEMP)+] (VERIFY[:bits]|ENCR:bits) [+extensions]
+dnl extensions: could be a list of further requirements
+dnl for now: CN:string {cn_subject} == string
+######################################################################
+STLS_connection
+ifdef(`_ACCESS_TABLE_', `dnl', `dnl use default error
+dnl deal with TLS handshake failures: abort
+RSOFTWARE $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') TLS handshake."
+divert(-1)')
dnl common ruleset for tls_{client|server}
-dnl input: $&{verify} $| <ResultOfLookup> [<>]
+dnl input: ${verify} $| <ResultOfLookup> [<>]
dnl remove optional <>
R$* $| <$*>$* $: $1 $| <$2>
+dnl workspace: ${verify} $| <ResultOfLookup>
+# create the appropriate error codes
dnl permanent or temporary error?
R$* $| <PERM + $={tls} $*> $: $1 $| <503:5.7.0> <$2 $3>
R$* $| <TEMP + $={tls} $*> $: $1 $| <403:4.7.0> <$2 $3>
dnl default case depends on TLS_PERM_ERR
R$* $| <$={tls} $*> $: $1 $| <ifdef(`TLS_PERM_ERR', `503:5.7.0', `403:4.7.0')> <$2 $3>
-dnl deal with TLS handshake failures: abort
+dnl workspace: ${verify} $| [<SMTP:ESC>] <ResultOfLookup>
+# deal with TLS handshake failures: abort
RSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed."
dnl no <reply:dns> i.e. not requirements in the access map
dnl use default error
RSOFTWARE $| $* $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') TLS handshake failed."
-R$* $| <$*> <VERIFY> $: <$2> <VERIFY> $1
-R$* $| <$*> <$={tls}:$->$* $: <$2> <$3:$4> $1
+R$* $| <$*> <VERIFY> $: <$2> <VERIFY> <> $1
+dnl separate optional requirements
+R$* $| <$*> <VERIFY + $+> $: <$2> <VERIFY> <$3> $1
+R$* $| <$*> <$={tls}:$->$* $: <$2> <$3:$4> <> $1
+dnl separate optional requirements
+R$* $| <$*> <$={tls}:$- + $+>$* $: <$2> <$3:$4> <$5> $1
dnl some other value in access map: accept
dnl this also allows to override the default case (if used)
R$* $| $* $@ OK
# authentication required: give appropriate error
# other side did authenticate (via STARTTLS)
-dnl workspace: <SMTP:ESC> <{VERIFY,ENCR}[:BITS]> ${verify}
+dnl workspace: <SMTP:ESC> <{VERIFY,ENCR}[:BITS]> <[extensions]> ${verify}
dnl only verification required and it succeeded
-R<$*><VERIFY> OK $@ OK
+R<$*><VERIFY> <> OK $@ OK
+dnl verification required and it succeeded but extensions are given
+dnl change it to <SMTP:ESC> <REQ:0> <extensions>
+R<$*><VERIFY> <$+> OK $: <$1> <REQ:0> <$2>
dnl verification required + some level of encryption
-R<$*><VERIFY:$-> OK $: <$1> <REQ:$2>
+R<$*><VERIFY:$-> <$*> OK $: <$1> <REQ:$2> <$3>
dnl just some level of encryption required
-R<$*><ENCR:$-> $* $: <$1> <REQ:$2>
-dnl verification required but ${verify} is not set
-R<$-:$+><VERIFY $*> $#error $@ $2 $: $1 " authentication required"
-R<$-:$+><VERIFY $*> FAIL $#error $@ $2 $: $1 " authentication failed"
-R<$-:$+><VERIFY $*> NO $#error $@ $2 $: $1 " not authenticated"
-R<$-:$+><VERIFY $*> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS"
+R<$*><ENCR:$-> <$*> $* $: <$1> <REQ:$2> <$3>
+dnl workspace:
+dnl 1. <SMTP:ESC> <VERIFY [:bits]> <[extensions]> {verify} (!= OK)
+dnl 2. <SMTP:ESC> <REQ:bits> <[extensions]>
+dnl verification required but ${verify} is not set (case 1.)
+R<$-:$+><VERIFY $*> <$*> $#error $@ $2 $: $1 " authentication required"
+R<$-:$+><VERIFY $*> <$*> FAIL $#error $@ $2 $: $1 " authentication failed"
+R<$-:$+><VERIFY $*> <$*> NO $#error $@ $2 $: $1 " not authenticated"
+R<$-:$+><VERIFY $*> <$*> NOT $#error $@ $2 $: $1 " no authentication requested"
+R<$-:$+><VERIFY $*> <$*> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS"
dnl some other value for ${verify}
-R<$-:$+><VERIFY $*> $+ $#error $@ $2 $: $1 " authentication failure " $4
-dnl some level of encryption required: get the maximum level
-R<$*><REQ:$-> $: <$1> <REQ:$2> $>max $&{cipher_bits} : $&{auth_ssf}
+R<$-:$+><VERIFY $*> <$*> $+ $#error $@ $2 $: $1 " authentication failure " $4
+dnl some level of encryption required: get the maximum level (case 2.)
+R<$*><REQ:$-> <$*> $: <$1> <REQ:$2> <$3> $>max $&{cipher_bits} : $&{auth_ssf}
dnl compare required bits with actual bits
-R<$*><REQ:$-> $- $: <$1> <$2:$3> $(arith l $@ $3 $@ $2 $)
-R<$-:$+><$-:$-> TRUE $#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3
+R<$*><REQ:$-> <$*> $- $: <$1> <$2:$4> <$3> $(arith l $@ $4 $@ $2 $)
+R<$-:$+><$-:$-> <$*> TRUE $#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3
+dnl strength requirements fulfilled
+dnl TLS Additional Requirements Separator
+dnl this should be something which does not appear in the extensions itself
+dnl @ could be part of a CN, DN, etc...
+dnl use < > ? those are encoded in CN, DN, ...
+define(`_TLS_ARS_', `++')dnl
+dnl workspace:
+dnl <SMTP:ESC> <REQ:bits> <extensions> result-of-compare
+R<$-:$+><$-:$-> <$*> $* $: <$1:$2 _TLS_ARS_ $5>
+dnl workspace: <SMTP:ESC _TLS_ARS_ extensions>
+dnl continue: check extensions
+R<$-:$+ _TLS_ARS_ > $@ OK
+dnl split extensions into own list
+R<$-:$+ _TLS_ARS_ $+ > $: <$1:$2> <$3>
+R<$-:$+> < $+ _TLS_ARS_ $+ > <$1:$2> <$3> <$4>
+R<$-:$+> $+ $@ $>"TLS_req" $3 $| <$1:$2>
+######################################################################
+### TLS_req: check additional TLS requirements
+###
+### Parameters: [<list> <of> <req>] $| <$-:$+>
+### $-: SMTP reply code
+### $+: Enhanced Status Code
+dnl further requirements for this ruleset:
+dnl name of "other side" is stored is {TLS_name} (client/server_name)
+dnl
+dnl currently only CN[:common_name] is implemented
+dnl right now this is only a logical AND
+dnl i.e. all requirements must be true
+dnl how about an OR? CN must be X or CN must be Y or ..
+dnl use a macro to compute this as a trivial sequential
+dnl operations (no precedences etc)?
+######################################################################
+STLS_req
+dnl no additional requirements: ok
+R $| $+ $@ OK
+dnl require CN: but no CN specified: use name of other side
+R<CN> $* $| <$+> $: <CN:$&{TLS_Name}> $1 $| <$2>
+dnl match, check rest
+R<CN:$&{cn_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
+dnl CN does not match
+dnl 1 2 3 4
+R<CN:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " CN " $&{cn_subject} " does not match " $1
+dnl cert subject
+R<CS:$&{cert_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
+dnl CS does not match
+dnl 1 2 3 4
+R<CS:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " CERT Subject " $&{cert_subject} " does not match " $1
+dnl match, check rest
+R<CI:$&{cert_issuer}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
+dnl CI does not match
+dnl 1 2 3 4
+R<CI:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " CERT Issuer " $&{cert_issuer} " does not match " $1
+dnl return from recursive call
+ROK $@ OK
+
+######################################################################
+### max: return the maximum of two values separated by :
+###
+### Parameters: [$-]:[$-]
+######################################################################
Smax
-dnl compute the max of two values separated by :
R: $: 0
R:$- $: $1
R$-: $: $1
R$-:$- $: $(arith l $@ $1 $@ $2 $) : $1 : $2
RTRUE:$-:$- $: $2
-R$-:$-:$- $: $2',
-`dnl use default error
-dnl deal with TLS handshake failures: abort
-RSOFTWARE $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') TLS handshake."')
+R$-:$-:$- $: $2
+dnl endif _ACCESS_TABLE_
+divert(0)
-SRelayAuth
+######################################################################
+### RelayTLS: allow relaying based on TLS authentication
+###
+### Parameters:
+### none
+######################################################################
+SRelayTLS
# authenticated?
dnl we do not allow relaying for anyone who can present a cert
dnl signed by a "trusted" CA. For example, even if we put verisigns
@@ -2073,24 +2706,54 @@ dnl (maybe after extracting a part with a regular expression)
dnl if this returns RELAY we relay without further questions
dnl if it returns SUBJECT we perform a similar check on the
dnl cert subject.
-R$* $| OK $: $1
-R$* $| $* $@ NO not authenticated
ifdef(`_ACCESS_TABLE_', `dnl
+R$* $: <?> $&{verify}
+R<?> OK $: OK authenticated: continue
+R<?> $* $@ NO not authenticated
ifdef(`_CERT_REGEX_ISSUER_', `dnl
-R$* $: $1 $| $(CERTIssuer $&{cert_issuer} $)',
-`R$* $: $1 $| $&{cert_issuer}')
-R$* $| $+ $: $1 $| $(access CERTISSUER:$2 $)
+R$* $: $(CERTIssuer $&{cert_issuer} $)',
+`R$* $: $&{cert_issuer}')
+R$+ $: $(access CERTISSUER`'_TAG_DELIM_`'$1 $)
dnl use $# to stop further checks (delay_check)
-R$* $| RELAY $# RELAYCERTISSUER
+RRELAY $# RELAY
ifdef(`_CERT_REGEX_SUBJECT_', `dnl
-R$* $| SUBJECT $: $1 $| <@> $(CERTSubject $&{cert_subject} $)',
-`R$* $| SUBJECT $: $1 $| <@> $&{cert_subject}')
-R$* $| <@> $+ $: $1 $| <@> $(access CERTSUBJECT:$2 $)
-R$* $| <@> RELAY $# RELAYCERTSUBJECT
-R$* $| $* $: $1', `dnl')
+RSUBJECT $: <@> $(CERTSubject $&{cert_subject} $)',
+`RSUBJECT $: <@> $&{cert_subject}')
+R<@> $+ $: <@> $(access CERTSUBJECT`'_TAG_DELIM_`'$1 $)
+R<@> RELAY $# RELAY
+R$* $: NO', `dnl')
+
+######################################################################
+### authinfo: lookup authinfo in the access map
+###
+### Parameters:
+### $1: {server_name}
+### $2: {server_addr}
+dnl both are currently ignored
+dnl if it should be done via another map, we either need to restrict
+dnl functionality (it calls D and A) or copy those rulesets (or add another
+dnl parameter which I want to avoid, it's quite complex already)
+######################################################################
+dnl omit this ruleset if neither is defined?
+dnl it causes DefaultAuthInfo to be ignored
+dnl (which may be considered a good thing).
+Sauthinfo
+ifdef(`_AUTHINFO_TABLE_', `dnl
+R$* $: <$(authinfo AuthInfo:$&{server_name} $: ? $)>
+R<?> $: <$(authinfo AuthInfo:$&{server_addr} $: ? $)>
+R<?> $: <$(authinfo AuthInfo: $: ? $)>
+R<?> $@ no no authinfo available
+R<$*> $# $1
+dnl', `dnl
+ifdef(`_ACCESS_TABLE_', `dnl
+R$* $: $1 $| $>D <$&{server_name}> <?> <! AuthInfo> <>
+R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! AuthInfo> <>
+R$* $| <?>$* $: $1 $| <$(access AuthInfo`'_TAG_DELIM_ $: ? $)> <>
+R$* $| <?>$* $@ no no authinfo available
+R$* $| <$*> <> $# $2
+dnl', `dnl')')
undivert(9)dnl LOCAL_RULESETS
-ifdef(`_FFR_MILTER', `
#
######################################################################
######################################################################
@@ -2099,7 +2762,7 @@ ifdef(`_FFR_MILTER', `
#####
######################################################################
######################################################################
-_MAIL_FILTERS_')
+_MAIL_FILTERS_
#
######################################################################
######################################################################
diff --git a/contrib/sendmail/cf/m4/version.m4 b/contrib/sendmail/cf/m4/version.m4
index adc2c2cb079b..ed123ccb39ba 100644
--- a/contrib/sendmail/cf/m4/version.m4
+++ b/contrib/sendmail/cf/m4/version.m4
@@ -1,6 +1,6 @@
divert(-1)
#
-# Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
@@ -11,8 +11,8 @@ divert(-1)
# the sendmail distribution.
#
#
-VERSIONID(`$Id: version.m4,v 8.39.4.35 2001/08/20 14:45:34 gshapiro Exp $')
+VERSIONID(`$Id: version.m4,v 8.81 2002/01/13 18:23:32 ca Exp $')
#
divert(0)
# Configuration version number
-DZ8.11.6`'ifdef(`confCF_VERSION', `/confCF_VERSION')
+DZ8.12.2`'ifdef(`confCF_VERSION', `/confCF_VERSION')
diff --git a/contrib/sendmail/cf/mailer/cyrus.m4 b/contrib/sendmail/cf/mailer/cyrus.m4
index a6afa4a953b2..cca7f8e6885b 100644
--- a/contrib/sendmail/cf/mailer/cyrus.m4
+++ b/contrib/sendmail/cf/mailer/cyrus.m4
@@ -1,6 +1,6 @@
PUSHDIVERT(-1)
#
-# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers.
# All rights reserved.
#
# By using this file, you agree to the terms and conditions set
@@ -35,15 +35,13 @@ PUSHDIVERT(-1)
# Contributed to Berkeley by John Gardiner Myers <jgm+@CMU.EDU>.
#
-ifdef(`_MAILER_local_', `',
- `errprint(`*** MAILER(`local') must appear before MAILER(`cyrus')')')dnl
-
_DEFIFNOT(`CYRUS_MAILER_FLAGS', `Ah5@/:|')
ifdef(`CYRUS_MAILER_PATH',, `define(`CYRUS_MAILER_PATH', /usr/cyrus/bin/deliver)')
ifdef(`CYRUS_MAILER_ARGS',, `define(`CYRUS_MAILER_ARGS', `deliver -e -m $h -- $u')')
ifdef(`CYRUS_MAILER_USER',, `define(`CYRUS_MAILER_USER', `cyrus:mail')')
_DEFIFNOT(`CYRUS_BB_MAILER_FLAGS', `u')
ifdef(`CYRUS_BB_MAILER_ARGS',, `define(`CYRUS_BB_MAILER_ARGS', `deliver -e -m $u')')
+define(`_CYRUS_QGRP', `ifelse(defn(`CYRUS_MAILER_QGRP'),`',`', ` Q=CYRUS_MAILER_QGRP,')')dnl
POPDIVERT
@@ -51,12 +49,12 @@ POPDIVERT
### Cyrus Mailer specification ###
##################################################
-VERSIONID(`$Id: cyrus.m4,v 8.21 1999/10/18 04:57:52 gshapiro Exp $ (Carnegie Mellon)')
+VERSIONID(`$Id: cyrus.m4,v 8.23 2001/11/12 23:11:34 ca Exp $ (Carnegie Mellon)')
Mcyrus, P=CYRUS_MAILER_PATH, F=_MODMF_(CONCAT(`lsDFMnPq', CYRUS_MAILER_FLAGS), `CYRUS'), S=EnvFromL, R=EnvToL/HdrToL,
- ifdef(`CYRUS_MAILER_MAX', `M=CYRUS_MAILER_MAX, ')U=CYRUS_MAILER_USER, T=DNS/RFC822/X-Unix,
+ ifdef(`CYRUS_MAILER_MAX', `M=CYRUS_MAILER_MAX, ')U=CYRUS_MAILER_USER, T=DNS/RFC822/X-Unix,_CYRUS_QGRP
A=CYRUS_MAILER_ARGS
Mcyrusbb, P=CYRUS_MAILER_PATH, F=_MODMF_(CONCAT(`lsDFMnP', CYRUS_BB_MAILER_FLAGS), `CYRUS'), S=EnvFromL, R=EnvToL/HdrToL,
- ifdef(`CYRUS_MAILER_MAX', `M=CYRUS_MAILER_MAX, ')U=CYRUS_MAILER_USER, T=DNS/RFC822/X-Unix,
+ ifdef(`CYRUS_MAILER_MAX', `M=CYRUS_MAILER_MAX, ')U=CYRUS_MAILER_USER, T=DNS/RFC822/X-Unix,_CYRUS_QGRP
A=CYRUS_BB_MAILER_ARGS
diff --git a/contrib/sendmail/cf/mailer/fax.m4 b/contrib/sendmail/cf/mailer/fax.m4
index 63c69314cb5a..4e2116e65362 100644
--- a/contrib/sendmail/cf/mailer/fax.m4
+++ b/contrib/sendmail/cf/mailer/fax.m4
@@ -1,6 +1,6 @@
PUSHDIVERT(-1)
#
-# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998, 1999, 2001 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
@@ -22,15 +22,16 @@ ifdef(`FAX_MAILER_PATH',,
`define(`FAX_MAILER_PATH', /usr/local/bin/faxmail)')
ifdef(`FAX_MAILER_MAX',,
`define(`FAX_MAILER_MAX', 100000)')
+define(`_FAX_QGRP', `ifelse(defn(`FAX_MAILER_QGRP'),`',`', ` Q=FAX_MAILER_QGRP,')')dnl
POPDIVERT
####################################
### FAX Mailer specification ###
####################################
-VERSIONID(`$Id: fax.m4,v 8.15 1999/10/18 04:57:53 gshapiro Exp $')
+VERSIONID(`$Id: fax.m4,v 8.16 2001/11/12 23:11:34 ca Exp $')
Mfax, P=FAX_MAILER_PATH, F=DFMhu, S=14, R=24,
- M=FAX_MAILER_MAX, T=X-Phone/X-FAX/X-Unix,
+ M=FAX_MAILER_MAX, T=X-Phone/X-FAX/X-Unix,_FAX_QGRP
A=FAX_MAILER_ARGS
LOCAL_CONFIG
diff --git a/contrib/sendmail/cf/mailer/local.m4 b/contrib/sendmail/cf/mailer/local.m4
index 3a0b7fd44d8b..c1946c97490b 100644
--- a/contrib/sendmail/cf/mailer/local.m4
+++ b/contrib/sendmail/cf/mailer/local.m4
@@ -21,65 +21,73 @@ _DEFIFNOT(`LOCAL_SHELL_FLAGS', `eu9')
ifdef(`LOCAL_SHELL_PATH',, `define(`LOCAL_SHELL_PATH', /bin/sh)')
ifdef(`LOCAL_SHELL_ARGS',, `define(`LOCAL_SHELL_ARGS', `sh -c $u')')
ifdef(`LOCAL_SHELL_DIR',, `define(`LOCAL_SHELL_DIR', `$z:/')')
+define(`LOCAL_RWR', `ifdef(`_LOCAL_LMTP_',
+`S=EnvFromSMTP/HdrFromL, R=EnvToL/HdrToL',
+`S=EnvFromL/HdrFromL, R=EnvToL/HdrToL')')
+define(`_LOCAL_QGRP', `ifelse(defn(`LOCAL_MAILER_QGRP'),`',`', ` Q=LOCAL_MAILER_QGRP,')')dnl
+define(`_PROG_QGRP', `ifelse(defn(`LOCAL_PROG_QGRP'),`',`', ` Q=LOCAL_PROG_QGRP,')')dnl
POPDIVERT
##################################################
### Local and Program Mailer specification ###
##################################################
-VERSIONID(`$Id: local.m4,v 8.50.16.2 2000/09/17 17:04:22 gshapiro Exp $')
+VERSIONID(`$Id: local.m4,v 8.58 2000/10/26 01:58:29 ca Exp $')
#
# Envelope sender rewriting
#
-SEnvFromL=10
+SEnvFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
-R$* $: $>MasqEnv $1 do masquerading
+ifdef(`_LOCAL_NO_MASQUERADE_', `dnl', `dnl
+R$* $: $>MasqEnv $1 do masquerading')
#
# Envelope recipient rewriting
#
-SEnvToL=20
+SEnvToL
R$+ < @ $* > $: $1 strip host part
-ifdef(`_FFR_ADDR_TYPE', `dnl
-ifdef(`confUSERDB_SPEC', `dnl',
-`dnl Do not forget to bump V9 to V10 before removing _FFR_ADDR_TYPE check
+ifdef(`confUSERDB_SPEC', `dnl', `dnl
R$+ + $* $: < $&{addr_type} > $1 + $2 mark with addr type
R<e s> $+ + $* $: $1 remove +detail for sender
-R< $* > $+ $: $2 else remove mark')', `dnl')
+R< $* > $+ $: $2 else remove mark')
#
# Header sender rewriting
#
-SHdrFromL=30
+SHdrFromL
R<@> $n errors to mailer-daemon
R@ <@ $*> $n temporarily bypass Sun bogosity
R$+ $: $>AddDomain $1 add local domain if needed
-R$* $: $>MasqHdr $1 do masquerading
+ifdef(`_LOCAL_NO_MASQUERADE_', `dnl', `dnl
+R$* $: $>MasqHdr $1 do masquerading')
#
# Header recipient rewriting
#
-SHdrToL=40
+SHdrToL
R$+ $: $>AddDomain $1 add local domain if needed
-ifdef(`_ALL_MASQUERADE_',
-`R$* $: $>MasqHdr $1 do all-masquerading',
+ifdef(`_ALL_MASQUERADE_', `dnl
+ifdef(`_LOCAL_NO_MASQUERADE_', `dnl', `dnl
+R$* $: $>MasqHdr $1 do all-masquerading')',
`R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2')
#
# Common code to add local domain name (only if always-add-domain)
#
-SAddDomain=50
+SAddDomain
ifdef(`_ALWAYS_ADD_DOMAIN_', `dnl
R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
+ifelse(len(X`'_ALWAYS_ADD_DOMAIN_),`1',`
R$+ $@ $1 < @ *LOCAL* > add local qualification',
+`R$+ $@ $1 < @ _ALWAYS_ADD_DOMAIN_ > add qualification')',
`dnl')
-Mlocal, P=LOCAL_MAILER_PATH, F=_MODMF_(CONCAT(_DEF_LOCAL_MAILER_FLAGS, LOCAL_MAILER_FLAGS), `LOCAL'), S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,_OPTINS(`LOCAL_MAILER_EOL', ` E=', `, ')
- _OPTINS(`LOCAL_MAILER_MAX', `M=', `, ')_OPTINS(`LOCAL_MAILER_MAXMSGS', `m=', `, ')_OPTINS(`LOCAL_MAILER_MAXRCPTS', `r=', `, ')_OPTINS(`LOCAL_MAILER_CHARSET', `C=', `, ')T=DNS/RFC822/LOCAL_MAILER_DSN_DIAGNOSTIC_CODE,
+Mlocal, P=LOCAL_MAILER_PATH, F=_MODMF_(CONCAT(_DEF_LOCAL_MAILER_FLAGS, LOCAL_MAILER_FLAGS), `LOCAL'), LOCAL_RWR,_OPTINS(`LOCAL_MAILER_EOL', ` E=', `, ')
+ _OPTINS(`LOCAL_MAILER_MAX', `M=', `, ')_OPTINS(`LOCAL_MAILER_MAXMSGS', `m=', `, ')_OPTINS(`LOCAL_MAILER_MAXRCPTS', `r=', `, ')_OPTINS(`LOCAL_MAILER_CHARSET', `C=', `, ')T=DNS/RFC822/LOCAL_MAILER_DSN_DIAGNOSTIC_CODE,_LOCAL_QGRP
A=LOCAL_MAILER_ARGS
Mprog, P=LOCAL_SHELL_PATH, F=CONCAT(_DEF_LOCAL_SHELL_FLAGS, LOCAL_SHELL_FLAGS), S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=LOCAL_SHELL_DIR,
- _OPTINS(`LOCAL_MAILER_MAX', `M=', `, ')T=X-Unix/X-Unix/X-Unix,
+ _OPTINS(`LOCAL_MAILER_MAX', `M=', `, ')T=X-Unix/X-Unix/X-Unix,_PROG_QGRP
A=LOCAL_SHELL_ARGS
diff --git a/contrib/sendmail/cf/mailer/mail11.m4 b/contrib/sendmail/cf/mailer/mail11.m4
index d60a0635503f..14bc794584f8 100644
--- a/contrib/sendmail/cf/mailer/mail11.m4
+++ b/contrib/sendmail/cf/mailer/mail11.m4
@@ -1,6 +1,6 @@
PUSHDIVERT(-1)
#
-# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers.
# All rights reserved.
#
# By using this file, you agree to the terms and conditions set
@@ -24,6 +24,7 @@ _DEFIFNOT(`MAIL11_MAILER_FLAGS', `nsFx')
ifdef(`MAIL11_MAILER_ARGS',, `define(`MAIL11_MAILER_ARGS', mail11 $g $x $h $u)')
define(`_USE_DECNET_SYNTAX_')
define(`_LOCAL_', ifdef(`confLOCAL_MAILER', confLOCAL_MAILER, `local'))
+define(`_MAIL11_QGRP', `ifelse(defn(`MAIL11_MAILER_QGRP'),`',`', ` Q=MAIL11_MAILER_QGRP,')')dnl
POPDIVERT
@@ -41,13 +42,9 @@ POPDIVERT
### UTK-MAIL11 Mailer specification ###
###########################################
-VERSIONID(`$Id: mail11.m4,v 8.19 1999/10/18 04:57:54 gshapiro Exp $')
+VERSIONID(`$Id: mail11.m4,v 8.22 2001/11/12 23:11:34 ca Exp $')
-SMail11From=15
-R$+ $: $>25 $1 preprocess
-R$w :: $+ $@ $w :: $1 ready to go
-
-SMail11To=25
+SMail11To
R$+ < @ $- .UUCP > $: $2 ! $1 back to old style
R$+ < @ $- .DECNET > $: $2 :: $1 convert to DECnet style
R$+ < @ $- .LOCAL > $: $2 :: $1 convert to DECnet style
@@ -55,6 +52,10 @@ R$+ < @ $=w. > $: $2 :: $1 convert to DECnet style
R$=w :: $+ $2 strip local names
R$+ :: $+ $@ $1 :: $2 already qualified
+SMail11From
+R$+ $: $>Mail11To $1 preprocess
+R$w :: $+ $@ $w :: $1 ready to go
+
Mmail11, P=MAIL11_MAILER_PATH, F=_MODMF_(MAIL11_MAILER_FLAGS, `MAIL11'), S=Mail11From, R=Mail11To,
- T=DNS/X-DECnet/X-Unix,
+ T=DNS/X-DECnet/X-Unix,_MAIL11_QGRP
A=MAIL11_MAILER_ARGS
diff --git a/contrib/sendmail/cf/mailer/phquery.m4 b/contrib/sendmail/cf/mailer/phquery.m4
index 09032e4b521b..58b71b07a20a 100644
--- a/contrib/sendmail/cf/mailer/phquery.m4
+++ b/contrib/sendmail/cf/mailer/phquery.m4
@@ -1,6 +1,6 @@
PUSHDIVERT(-1)
#
-# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
@@ -14,12 +14,10 @@ PUSHDIVERT(-1)
# Contributed by Kimmo Suominen <kim@tac.nyc.ny.us>.
#
-ifdef(`_MAILER_local_', `',
- `errprint(`*** MAILER(`local') must appear before MAILER(`phquery')')')dnl
-
ifdef(`PH_MAILER_PATH',, `define(`PH_MAILER_PATH', /usr/local/etc/phquery)')
_DEFIFNOT(`PH_MAILER_FLAGS', `ehmu')
ifdef(`PH_MAILER_ARGS',, `define(`PH_MAILER_ARGS', `phquery -- $u')')
+define(`_PH_QGRP', `ifelse(defn(`PH_MAILER_QGRP'),`',`', ` Q=PH_MAILER_QGRP,')')dnl
POPDIVERT
@@ -27,8 +25,8 @@ POPDIVERT
### PH Mailer specification ###
####################################
-VERSIONID(`$Id: phquery.m4,v 8.15 1999/10/18 04:57:54 gshapiro Exp $')
+VERSIONID(`$Id: phquery.m4,v 8.17 2001/11/12 23:11:34 ca Exp $')
Mph, P=PH_MAILER_PATH, F=_MODMF_(CONCAT(`nrDFM', PH_MAILER_FLAGS), `PH'), S=EnvFromL, R=EnvToL/HdrToL,
- T=DNS/RFC822/X-Unix,
+ T=DNS/RFC822/X-Unix,_PH_QGRP
A=PH_MAILER_ARGS
diff --git a/contrib/sendmail/cf/mailer/pop.m4 b/contrib/sendmail/cf/mailer/pop.m4
index a7b373d13d26..d2680e1cae9d 100644
--- a/contrib/sendmail/cf/mailer/pop.m4
+++ b/contrib/sendmail/cf/mailer/pop.m4
@@ -1,6 +1,6 @@
PUSHDIVERT(-1)
#
-# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
@@ -12,12 +12,10 @@ PUSHDIVERT(-1)
#
#
-ifdef(`_MAILER_local_', `',
- `errprint(`*** MAILER(`local') must appear before MAILER(`pop')')')dnl
-
ifdef(`POP_MAILER_PATH',, `define(`POP_MAILER_PATH', /usr/lib/mh/spop)')
_DEFIFNOT(`POP_MAILER_FLAGS', `Penu')
ifdef(`POP_MAILER_ARGS',, `define(`POP_MAILER_ARGS', `pop $u')')
+define(`_POP_QGRP', `ifelse(defn(`POP_MAILER_QGRP'),`',`', ` Q=POP_MAILER_QGRP,')')dnl
POPDIVERT
@@ -25,10 +23,10 @@ POPDIVERT
### POP Mailer specification ###
####################################
-VERSIONID(`$Id: pop.m4,v 8.20 1999/10/18 04:57:54 gshapiro Exp $')
+VERSIONID(`$Id: pop.m4,v 8.22 2001/11/12 23:11:34 ca Exp $')
Mpop, P=POP_MAILER_PATH, F=_MODMF_(CONCAT(`lsDFMq', POP_MAILER_FLAGS), `POP'), S=EnvFromL, R=EnvToL/HdrToL,
- T=DNS/RFC822/X-Unix,
+ T=DNS/RFC822/X-Unix,_POP_QGRP
A=POP_MAILER_ARGS
LOCAL_CONFIG
diff --git a/contrib/sendmail/cf/mailer/procmail.m4 b/contrib/sendmail/cf/mailer/procmail.m4
index 8589f3a89afb..103e042a7ccc 100644
--- a/contrib/sendmail/cf/mailer/procmail.m4
+++ b/contrib/sendmail/cf/mailer/procmail.m4
@@ -1,6 +1,6 @@
PUSHDIVERT(-1)
#
-# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
@@ -12,9 +12,6 @@ PUSHDIVERT(-1)
#
#
-ifdef(`_MAILER_smtp_', `',
- `errprint(`*** MAILER(`smtp') must appear before MAILER(`procmail')')')dnl
-
ifdef(`PROCMAIL_MAILER_PATH',,
`ifdef(`PROCMAIL_PATH',
`define(`PROCMAIL_MAILER_PATH', PROCMAIL_PATH)',
@@ -22,6 +19,7 @@ ifdef(`PROCMAIL_MAILER_PATH',,
_DEFIFNOT(`PROCMAIL_MAILER_FLAGS', `SPhnu9')
ifdef(`PROCMAIL_MAILER_ARGS',,
`define(`PROCMAIL_MAILER_ARGS', `procmail -Y -m $h $f $u')')
+define(`_PROCMAIL_QGRP', `ifelse(defn(`PROCMAIL_MAILER_QGRP'),`',`', ` Q=PROCMAIL_MAILER_QGRP,')')dnl
POPDIVERT
@@ -29,8 +27,8 @@ POPDIVERT
### PROCMAIL Mailer specification ###
##################*****##################
-VERSIONID(`$Id: procmail.m4,v 8.20 1999/10/18 04:57:54 gshapiro Exp $')
+VERSIONID(`$Id: procmail.m4,v 8.22 2001/11/12 23:11:34 ca Exp $')
Mprocmail, P=PROCMAIL_MAILER_PATH, F=_MODMF_(CONCAT(`DFM', PROCMAIL_MAILER_FLAGS), `PROCMAIL'), S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP,
- ifdef(`PROCMAIL_MAILER_MAX', `M=PROCMAIL_MAILER_MAX, ')T=DNS/RFC822/X-Unix,
+ ifdef(`PROCMAIL_MAILER_MAX', `M=PROCMAIL_MAILER_MAX, ')T=DNS/RFC822/X-Unix,_PROCMAIL_QGRP
A=PROCMAIL_MAILER_ARGS
diff --git a/contrib/sendmail/cf/mailer/qpage.m4 b/contrib/sendmail/cf/mailer/qpage.m4
index 31521d533d57..b0d9d51eb0f9 100644
--- a/contrib/sendmail/cf/mailer/qpage.m4
+++ b/contrib/sendmail/cf/mailer/qpage.m4
@@ -3,7 +3,7 @@ PUSHDIVERT(-1)
# Copyright (C) 1997, Philip A. Prindeville and Enteka Enterprise Technology
# Services
#
-# Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1999, 2001 Sendmail, Inc. and its suppliers.
# All rights reserved.
#
# By using this file, you agree to the terms and conditions set
@@ -16,6 +16,7 @@ ifdef(`QPAGE_MAILER_PATH', `', `define(`QPAGE_MAILER_PATH', `/usr/local/bin/qpag
_DEFIFNOT(`QPAGE_MAILER_FLAGS', `mDFMs')
ifdef(`QPAGE_MAILER_ARGS', `', `define(`QPAGE_MAILER_ARGS', `qpage -l0 -m -P$u')')
ifdef(`QPAGE_MAILER_MAX', `', `define(`QPAGE_MAILER_MAX', `4096')')
+define(`_QPAGE_QGRP', `ifelse(defn(`QPAGE_MAILER_QGRP'),`',`', ` Q=QPAGE_MAILER_QGRP,')')dnl
POPDIVERT
@@ -23,8 +24,8 @@ POPDIVERT
### QPAGE Mailer specification ###
######################################
-VERSIONID(`$Id: qpage.m4,v 8.9 1999/11/16 03:33:04 gshapiro Exp $')
+VERSIONID(`$Id: qpage.m4,v 8.10 2001/11/12 23:11:34 ca Exp $')
Mqpage, P=QPAGE_MAILER_PATH, F=_MODMF_(QPAGE_MAILER_FLAGS, `QPAGE'),
- M=QPAGE_MAILER_MAX, T=DNS/RFC822/X-Unix,
+ M=QPAGE_MAILER_MAX, T=DNS/RFC822/X-Unix,_QPAGE_QGRP
A=QPAGE_MAILER_ARGS
diff --git a/contrib/sendmail/cf/mailer/smtp.m4 b/contrib/sendmail/cf/mailer/smtp.m4
index e623a73e2139..2bf5a82e259a 100644
--- a/contrib/sendmail/cf/mailer/smtp.m4
+++ b/contrib/sendmail/cf/mailer/smtp.m4
@@ -1,6 +1,6 @@
PUSHDIVERT(-1)
#
-# Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
@@ -19,24 +19,29 @@ ifdef(`ESMTP_MAILER_ARGS',, `define(`ESMTP_MAILER_ARGS', `TCP $h')')
ifdef(`SMTP8_MAILER_ARGS',, `define(`SMTP8_MAILER_ARGS', `TCP $h')')
ifdef(`DSMTP_MAILER_ARGS',, `define(`DSMTP_MAILER_ARGS', `TCP $h')')
ifdef(`RELAY_MAILER_ARGS',, `define(`RELAY_MAILER_ARGS', `TCP $h')')
+define(`_SMTP_QGRP', `ifelse(defn(`SMTP_MAILER_QGRP'),`',`', ` Q=SMTP_MAILER_QGRP,')')dnl
+define(`_ESMTP_QGRP', `ifelse(defn(`ESMTP_MAILER_QGRP'),`',`', ` Q=ESMTP_MAILER_QGRP,')')dnl
+define(`_SMTP8_QGRP', `ifelse(defn(`SMTP8_MAILER_QGRP'),`',`', ` Q=SMTP8_MAILER_QGRP,')')dnl
+define(`_DSMTP_QGRP', `ifelse(defn(`DSMTP_MAILER_QGRP'),`',`', ` Q=DSMTP_MAILER_QGRP,')')dnl
+define(`_RELAY_QGRP', `ifelse(defn(`RELAY_MAILER_QGRP'),`',`', ` Q=RELAY_MAILER_QGRP,')')dnl
POPDIVERT
#####################################
### SMTP Mailer specification ###
#####################################
-VERSIONID(`$Id: smtp.m4,v 8.56.2.1.2.3 2000/09/25 13:53:27 ca Exp $')
+VERSIONID(`$Id: smtp.m4,v 8.64 2001/04/03 01:52:54 gshapiro Exp $')
#
# common sender and masquerading recipient rewriting
#
-SMasqSMTP=61
+SMasqSMTP
R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
R$+ $@ $1 < @ *LOCAL* > add local qualification
#
# convert pseudo-domain addresses to real domain addresses
#
-SPseudoToReal=51
+SPseudoToReal
# pass <route-addr>s through
R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr>
@@ -44,7 +49,7 @@ R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr>
# output fake domains as user%fake@relay
ifdef(`BITNET_RELAY',
`R$+ <@ $+ .BITNET. > $: $1 % $2 .BITNET < @ $B > user@host.BITNET
-R$+.BITNET <@ $+:$+ > $: $1 .BITNET < @ $3 > strip mailer: part',
+R$+.BITNET <@ $~[ $*:$+ > $: $1 .BITNET < @ $4 > strip mailer: part',
`dnl')
ifdef(`_NO_UUCP_', `dnl', `
# do UUCP heuristics; note that these are shared with UUCP mailers
@@ -56,14 +61,14 @@ R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
-R$+ < @ $+ : $+ > $@ $1 < @ $3 > strip mailer: part
+R$+ < @ $~[ $* : $+ > $@ $1 < @ $4 > strip mailer: part
R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY')
#
# envelope sender rewriting
#
-SEnvFromSMTP=11
+SEnvFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$* :; <@> $@ list:; special case
R$* $: $>MasqSMTP $1 qualify unqual'ed names
@@ -74,7 +79,7 @@ R$+ $: $>MasqEnv $1 do masquerading
# envelope recipient rewriting --
# also header recipient if not masquerading recipients
#
-SEnvToSMTP=21
+SEnvToSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R$+ $: $>MasqSMTP $1 qualify unqual'ed names
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
@@ -82,7 +87,7 @@ R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
#
# header sender and masquerading header recipient rewriting
#
-SHdrFromSMTP=31
+SHdrFromSMTP
R$+ $: $>PseudoToReal $1 sender/recipient common
R:; <@> $@ list:; special case
@@ -96,22 +101,22 @@ R$+ $: $>MasqHdr $1 do masquerading
#
# relay mailer header masquerading recipient rewriting
#
-SMasqRelay=71
+SMasqRelay
R$+ $: $>MasqSMTP $1
R$+ $: $>MasqHdr $1
Msmtp, P=[IPC], F=_MODMF_(CONCAT(_DEF_SMTP_MAILER_FLAGS, SMTP_MAILER_FLAGS), `SMTP'), S=EnvFromSMTP/HdrFromSMTP, R=ifdef(`_ALL_MASQUERADE_', `EnvToSMTP/HdrFromSMTP', `EnvToSMTP'), E=\r\n, L=990,
- _OPTINS(`SMTP_MAILER_MAX', `M=', `, ')_OPTINS(`SMTP_MAILER_MAXMSGS', `m=', `, ')_OPTINS(`SMTP_MAILER_MAXRCPTS', `r=', `, ')_OPTINS(`SMTP_MAILER_CHARSET', `C=', `, ')T=DNS/RFC822/SMTP,
+ _OPTINS(`SMTP_MAILER_MAX', `M=', `, ')_OPTINS(`SMTP_MAILER_MAXMSGS', `m=', `, ')_OPTINS(`SMTP_MAILER_MAXRCPTS', `r=', `, ')_OPTINS(`SMTP_MAILER_CHARSET', `C=', `, ')T=DNS/RFC822/SMTP,_SMTP_QGRP
A=SMTP_MAILER_ARGS
-Mesmtp, P=[IPC], F=_MODMF_(CONCAT(_DEF_SMTP_MAILER_FLAGS, `a', SMTP_MAILER_FLAGS), `SMTP'), S=EnvFromSMTP/HdrFromSMTP, R=ifdef(`_ALL_MASQUERADE_', `EnvToSMTP/HdrFromSMTP', `EnvToSMTP'), E=\r\n, L=990,
- _OPTINS(`SMTP_MAILER_MAX', `M=', `, ')_OPTINS(`SMTP_MAILER_MAXMSGS', `m=', `, ')_OPTINS(`SMTP_MAILER_MAXRCPTS', `r=', `, ')_OPTINS(`SMTP_MAILER_CHARSET', `C=', `, ')T=DNS/RFC822/SMTP,
+Mesmtp, P=[IPC], F=_MODMF_(CONCAT(_DEF_SMTP_MAILER_FLAGS, `a', SMTP_MAILER_FLAGS), `ESMTP'), S=EnvFromSMTP/HdrFromSMTP, R=ifdef(`_ALL_MASQUERADE_', `EnvToSMTP/HdrFromSMTP', `EnvToSMTP'), E=\r\n, L=990,
+ _OPTINS(`SMTP_MAILER_MAX', `M=', `, ')_OPTINS(`SMTP_MAILER_MAXMSGS', `m=', `, ')_OPTINS(`SMTP_MAILER_MAXRCPTS', `r=', `, ')_OPTINS(`SMTP_MAILER_CHARSET', `C=', `, ')T=DNS/RFC822/SMTP,_ESMTP_QGRP
A=ESMTP_MAILER_ARGS
-Msmtp8, P=[IPC], F=_MODMF_(CONCAT(_DEF_SMTP_MAILER_FLAGS, `8', SMTP_MAILER_FLAGS), `SMTP'), S=EnvFromSMTP/HdrFromSMTP, R=ifdef(`_ALL_MASQUERADE_', `EnvToSMTP/HdrFromSMTP', `EnvToSMTP'), E=\r\n, L=990,
- _OPTINS(`SMTP_MAILER_MAX', `M=', `, ')_OPTINS(`SMTP_MAILER_MAXMSGS', `m=', `, ')_OPTINS(`SMTP_MAILER_MAXRCPTS', `r=', `, ')_OPTINS(`SMTP_MAILER_CHARSET', `C=', `, ')T=DNS/RFC822/SMTP,
+Msmtp8, P=[IPC], F=_MODMF_(CONCAT(_DEF_SMTP_MAILER_FLAGS, `8', SMTP_MAILER_FLAGS), `SMTP8'), S=EnvFromSMTP/HdrFromSMTP, R=ifdef(`_ALL_MASQUERADE_', `EnvToSMTP/HdrFromSMTP', `EnvToSMTP'), E=\r\n, L=990,
+ _OPTINS(`SMTP_MAILER_MAX', `M=', `, ')_OPTINS(`SMTP_MAILER_MAXMSGS', `m=', `, ')_OPTINS(`SMTP_MAILER_MAXRCPTS', `r=', `, ')_OPTINS(`SMTP_MAILER_CHARSET', `C=', `, ')T=DNS/RFC822/SMTP,_SMTP8_QGRP
A=SMTP8_MAILER_ARGS
-Mdsmtp, P=[IPC], F=_MODMF_(CONCAT(_DEF_SMTP_MAILER_FLAGS, `a%', SMTP_MAILER_FLAGS), `SMTP'), S=EnvFromSMTP/HdrFromSMTP, R=ifdef(`_ALL_MASQUERADE_', `EnvToSMTP/HdrFromSMTP', `EnvToSMTP'), E=\r\n, L=990,
- _OPTINS(`SMTP_MAILER_MAX', `M=', `, ')_OPTINS(`SMTP_MAILER_MAXMSGS', `m=', `, ')_OPTINS(`SMTP_MAILER_MAXRCPTS', `r=', `, ')_OPTINS(`SMTP_MAILER_CHARSET', `C=', `, ')T=DNS/RFC822/SMTP,
+Mdsmtp, P=[IPC], F=_MODMF_(CONCAT(_DEF_SMTP_MAILER_FLAGS, `a%', SMTP_MAILER_FLAGS), `DSMTP'), S=EnvFromSMTP/HdrFromSMTP, R=ifdef(`_ALL_MASQUERADE_', `EnvToSMTP/HdrFromSMTP', `EnvToSMTP'), E=\r\n, L=990,
+ _OPTINS(`SMTP_MAILER_MAX', `M=', `, ')_OPTINS(`SMTP_MAILER_MAXMSGS', `m=', `, ')_OPTINS(`SMTP_MAILER_MAXRCPTS', `r=', `, ')_OPTINS(`SMTP_MAILER_CHARSET', `C=', `, ')T=DNS/RFC822/SMTP,_DSMTP_QGRP
A=DSMTP_MAILER_ARGS
Mrelay, P=[IPC], F=_MODMF_(CONCAT(_DEF_SMTP_MAILER_FLAGS, `a8', RELAY_MAILER_FLAGS), `RELAY'), S=EnvFromSMTP/HdrFromSMTP, R=ifdef(`_ALL_MASQUERADE_', `MasqSMTP/MasqRelay', `MasqSMTP'), E=\r\n, L=2040,
- _OPTINS(`RELAY_MAILER_CHARSET', `C=', `, ')_OPTINS(`RELAY_MAILER_MAXMSGS', `m=', `, ')_OPTINS(`SMTP_MAILER_MAXRCPTS', `r=', `, ')T=DNS/RFC822/SMTP,
+ _OPTINS(`RELAY_MAILER_CHARSET', `C=', `, ')_OPTINS(`RELAY_MAILER_MAXMSGS', `m=', `, ')_OPTINS(`SMTP_MAILER_MAXRCPTS', `r=', `, ')T=DNS/RFC822/SMTP,_RELAY_QGRP
A=RELAY_MAILER_ARGS
diff --git a/contrib/sendmail/cf/mailer/usenet.m4 b/contrib/sendmail/cf/mailer/usenet.m4
index 770eb3084cb2..d3ae38b94293 100644
--- a/contrib/sendmail/cf/mailer/usenet.m4
+++ b/contrib/sendmail/cf/mailer/usenet.m4
@@ -1,6 +1,6 @@
PUSHDIVERT(-1)
#
-# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
@@ -12,19 +12,17 @@ PUSHDIVERT(-1)
#
#
-ifdef(`_MAILER_local_', `',
- `errprint(`*** MAILER(`local') must appear before MAILER(`usenet')')')dnl
-
ifdef(`USENET_MAILER_PATH',, `define(`USENET_MAILER_PATH', /usr/lib/news/inews)')
_DEFIFNOT(`USENET_MAILER_FLAGS', `rsDFMmn')
ifdef(`USENET_MAILER_ARGS',, `define(`USENET_MAILER_ARGS', `inews -m -h -n')')
+define(`_USENET_QGRP', `ifelse(defn(`USENET_MAILER_QGRP'),`',`', ` Q=USENET_MAILER_QGRP,')')dnl
POPDIVERT
####################################
### USENET Mailer specification ###
####################################
-VERSIONID(`$Id: usenet.m4,v 8.19 1999/11/16 03:33:04 gshapiro Exp $')
+VERSIONID(`$Id: usenet.m4,v 8.21 2000/10/26 02:08:19 ca Exp $')
Musenet, P=USENET_MAILER_PATH, F=_MODMF_(USENET_MAILER_FLAGS, `USENET'), S=EnvFromL, R=EnvToL,
- _OPTINS(`USENET_MAILER_MAX', `M=', `, ')T=X-Usenet/X-Usenet/X-Unix,
+ _OPTINS(`USENET_MAILER_MAX', `M=', `, ')T=X-Usenet/X-Usenet/X-Unix,USENET_MAILER_QGRP
A=USENET_MAILER_ARGS $u
diff --git a/contrib/sendmail/cf/mailer/uucp.m4 b/contrib/sendmail/cf/mailer/uucp.m4
index dd915c3746d4..6513556079a9 100644
--- a/contrib/sendmail/cf/mailer/uucp.m4
+++ b/contrib/sendmail/cf/mailer/uucp.m4
@@ -1,6 +1,6 @@
PUSHDIVERT(-1)
#
-# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
@@ -11,8 +11,6 @@ PUSHDIVERT(-1)
# the sendmail distribution.
#
#
-ifdef(`_MAILER_smtp_', `',
- `errprint(`*** MAILER(`smtp') must appear before MAILER(`uucp')')')dnl
ifdef(`UUCP_MAILER_PATH',, `define(`UUCP_MAILER_PATH', /usr/bin/uux)')
ifdef(`UUCP_MAILER_ARGS',, `define(`UUCP_MAILER_ARGS', `uux - -r -a$g -gC $h!rmail ($u)')')
@@ -20,17 +18,18 @@ _DEFIFNOT(`UUCP_MAILER_FLAGS', `')
ifdef(`UUCP_MAILER_MAX',,
`define(`UUCP_MAILER_MAX',
`ifdef(`UUCP_MAX_SIZE', `UUCP_MAX_SIZE', 100000)')')
+define(`_UUCP_QGRP', `ifelse(defn(`UUCP_MAILER_QGRP'),`',`', ` Q=UUCP_MAILER_QGRP,')')dnl
POPDIVERT
#####################################
### UUCP Mailer specification ###
#####################################
-VERSIONID(`$Id: uucp.m4,v 8.38 1999/10/18 04:57:55 gshapiro Exp $')
+VERSIONID(`$Id: uucp.m4,v 8.44 2001/08/24 19:49:08 ca Exp $')
#
# envelope and header sender rewriting
#
-SFromU=12
+SFromU
# handle error address as a special case
R<@> $n errors to mailer-daemon
@@ -52,7 +51,7 @@ R! $+ $: $k ! $1 in case $U undefined
#
# envelope recipient rewriting
#
-SEnvToU=22
+SEnvToU
# list:; should disappear
R:; <@> $@
@@ -67,7 +66,7 @@ R$* < @ $+ > $2 ! $1 convert to UUCP format
#
# header recipient rewriting
#
-SHdrToU=42
+SHdrToU
# list:; syntax should disappear
R:; <@> $@
@@ -88,7 +87,7 @@ ifdef(`_MAILER_smtp_',
`#
# envelope sender rewriting for uucp-dom mailer
#
-SEnvFromUD=52
+SEnvFromUD
# handle error address as a special case
R<@> $n errors to mailer-daemon
@@ -99,7 +98,7 @@ R$* $@ $>EnvFromSMTP $1
#
# envelope sender rewriting for uucp-uudom mailer
#
-SEnvFromUUD=72
+SEnvFromUUD
# handle error address as a special case
R<@> $n errors to mailer-daemon
@@ -111,8 +110,10 @@ R$* < @ $* . > $* $1 < @ $2 > $3 strip trailing dots
R<@ $- . UUCP > : $+ $@ $1 ! $2 convert to UUCP format
R<@ $+ > : $+ $@ $1 ! $2 convert to UUCP format
R$* < @ $- . UUCP > $@ $2 ! $1 convert to UUCP format
-R$* < @ $+ > $@ $2 ! $1 convert to UUCP format')
-
+R$* < @ $+ > $@ $2 ! $1 convert to UUCP format',
+`errprint(`*** MAILER(`smtp') must appear before MAILER(`uucp')
+ if uucp-dom should be included.')
+')
PUSHDIVERT(4)
# resolve locally connected UUCP links
@@ -128,29 +129,29 @@ POPDIVERT
# old UUCP mailer (two names)
Muucp, P=UUCP_MAILER_PATH, F=_MODMF_(CONCAT(`DFMhuUd', UUCP_MAILER_FLAGS), `UUCP'), S=FromU, R=EnvToU/HdrToU,
- M=UUCP_MAILER_MAX, _OPTINS(`UUCP_MAILER_CHARSET', `C=', `, ')T=X-UUCP/X-UUCP/X-Unix,
+ M=UUCP_MAILER_MAX, _OPTINS(`UUCP_MAILER_CHARSET', `C=', `, ')T=X-UUCP/X-UUCP/X-Unix,_UUCP_QGRP
A=UUCP_MAILER_ARGS
Muucp-old, P=UUCP_MAILER_PATH, F=_MODMF_(CONCAT(`DFMhuUd', UUCP_MAILER_FLAGS), `UUCP'), S=FromU, R=EnvToU/HdrToU,
- M=UUCP_MAILER_MAX, _OPTINS(`UUCP_MAILER_CHARSET', `C=', `, ')T=X-UUCP/X-UUCP/X-Unix,
+ M=UUCP_MAILER_MAX, _OPTINS(`UUCP_MAILER_CHARSET', `C=', `, ')T=X-UUCP/X-UUCP/X-Unix,_UUCP_QGRP
A=UUCP_MAILER_ARGS
# smart UUCP mailer (handles multiple addresses) (two names)
Msuucp, P=UUCP_MAILER_PATH, F=_MODMF_(CONCAT(`mDFMhuUd', UUCP_MAILER_FLAGS), `UUCP'), S=FromU, R=EnvToU/HdrToU,
- M=UUCP_MAILER_MAX, _OPTINS(`UUCP_MAILER_CHARSET', `C=', `, ')T=X-UUCP/X-UUCP/X-Unix,
+ M=UUCP_MAILER_MAX, _OPTINS(`UUCP_MAILER_CHARSET', `C=', `, ')T=X-UUCP/X-UUCP/X-Unix,_UUCP_QGRP
A=UUCP_MAILER_ARGS
Muucp-new, P=UUCP_MAILER_PATH, F=_MODMF_(CONCAT(`mDFMhuUd', UUCP_MAILER_FLAGS), `UUCP'), S=FromU, R=EnvToU/HdrToU,
- M=UUCP_MAILER_MAX, _OPTINS(`UUCP_MAILER_CHARSET', `C=', `, ')T=X-UUCP/X-UUCP/X-Unix,
+ M=UUCP_MAILER_MAX, _OPTINS(`UUCP_MAILER_CHARSET', `C=', `, ')T=X-UUCP/X-UUCP/X-Unix,_UUCP_QGRP
A=UUCP_MAILER_ARGS
ifdef(`_MAILER_smtp_',
`# domain-ized UUCP mailer
Muucp-dom, P=UUCP_MAILER_PATH, F=_MODMF_(CONCAT(`mDFMhud', UUCP_MAILER_FLAGS), `UUCP'), S=EnvFromUD/HdrFromSMTP, R=ifdef(`_ALL_MASQUERADE_', `EnvToSMTP/HdrFromSMTP', `EnvToSMTP'),
- M=UUCP_MAILER_MAX, _OPTINS(`UUCP_MAILER_CHARSET', `C=', `, ')T=X-UUCP/X-UUCP/X-Unix,
+ M=UUCP_MAILER_MAX, _OPTINS(`UUCP_MAILER_CHARSET', `C=', `, ')T=X-UUCP/X-UUCP/X-Unix,_UUCP_QGRP
A=UUCP_MAILER_ARGS
# domain-ized UUCP mailer with UUCP-style sender envelope
Muucp-uudom, P=UUCP_MAILER_PATH, F=_MODMF_(CONCAT(`mDFMhud', UUCP_MAILER_FLAGS), `UUCP'), S=EnvFromUUD/HdrFromSMTP, R=ifdef(`_ALL_MASQUERADE_', `EnvToSMTP/HdrFromSMTP', `EnvToSMTP'),
- M=UUCP_MAILER_MAX, _OPTINS(`UUCP_MAILER_CHARSET', `C=', `, ')T=X-UUCP/X-UUCP/X-Unix,
+ M=UUCP_MAILER_MAX, _OPTINS(`UUCP_MAILER_CHARSET', `C=', `, ')T=X-UUCP/X-UUCP/X-Unix,_UUCP_QGRP
A=UUCP_MAILER_ARGS')
diff --git a/contrib/sendmail/cf/ostype/a-ux.m4 b/contrib/sendmail/cf/ostype/a-ux.m4
new file mode 100644
index 000000000000..c4d4321bc38b
--- /dev/null
+++ b/contrib/sendmail/cf/ostype/a-ux.m4
@@ -0,0 +1,21 @@
+divert(-1)
+#
+# Copyright (c) 1998, 1999, 2001 Sendmail, Inc. and its suppliers.
+# All rights reserved.
+# Copyright (c) 1983 Eric P. Allman. All rights reserved.
+# Copyright (c) 1988, 1993
+# The Regents of the University of California. All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+divert(0)
+VERSIONID(`$Id: a-ux.m4,v 8.2 2001/07/23 16:19:36 gshapiro Exp $')
+ifdef(`QUEUE_DIR',, `define(`QUEUE_DIR', /usr/spool/mqueue)')dnl
+ifdef(`UUCP_MAILER_PATH',, `define(`UUCP_MAILER_PATH', /usr/bin/uux)')dnl
+_DEFIFNOT(`LOCAL_MAILER_FLAGS', `mn9')dnl
+ifdef(`LOCAL_MAILER_ARGS',, `define(`LOCAL_MAILER_ARGS', `mail -d -r $f $u')')dnl
+define(`confEBINDIR', `/usr/lib')dnl
diff --git a/contrib/sendmail/cf/ostype/aix5.m4 b/contrib/sendmail/cf/ostype/aix5.m4
index c23c0f341341..e8df77e30ac1 100644
--- a/contrib/sendmail/cf/ostype/aix5.m4
+++ b/contrib/sendmail/cf/ostype/aix5.m4
@@ -10,7 +10,7 @@ divert(-1)
#
divert(0)
-VERSIONID(`$Id: aix5.m4,v 1.1.2.1 2000/12/09 03:32:08 ca Exp $')
+VERSIONID(`$Id: aix5.m4,v 1.1 2000/12/08 21:53:36 ca Exp $')
ifdef(`LOCAL_MAILER_PATH',, `define(`LOCAL_MAILER_PATH', /bin/bellmail)')dnl
ifdef(`LOCAL_MAILER_ARGS',, `define(`LOCAL_MAILER_ARGS', mail -F $g $u)')dnl
_DEFIFNOT(`LOCAL_MAILER_FLAGS', `mn9')dnl
diff --git a/contrib/sendmail/cf/ostype/darwin.m4 b/contrib/sendmail/cf/ostype/darwin.m4
index c5fffe0b07da..7a0ecf559c46 100644
--- a/contrib/sendmail/cf/ostype/darwin.m4
+++ b/contrib/sendmail/cf/ostype/darwin.m4
@@ -11,7 +11,7 @@ divert(-1)
#
divert(0)
-VERSIONID(`$Id: darwin.m4,v 8.1.2.1 2000/06/15 06:37:04 gshapiro Exp $')
+VERSIONID(`$Id: darwin.m4,v 8.1 2000/06/15 06:36:30 gshapiro Exp $')
ifdef(`STATUS_FILE',, `define(`STATUS_FILE', `/var/log/sendmail.st')')dnl
ifdef(`LOCAL_MAILER_PATH',, `define(`LOCAL_MAILER_PATH', /usr/libexec/mail.local)')dnl
ifdef(`UUCP_MAILER_ARGS',, `define(`UUCP_MAILER_ARGS', `uux - -r -z -a$g $h!rmail ($u)')')dnl
diff --git a/contrib/sendmail/cf/ostype/freebsd5.m4 b/contrib/sendmail/cf/ostype/freebsd5.m4
new file mode 100644
index 000000000000..eb7a73a0d5be
--- /dev/null
+++ b/contrib/sendmail/cf/ostype/freebsd5.m4
@@ -0,0 +1,20 @@
+divert(-1)
+#
+# Copyright (c) 2001 Sendmail, Inc. and its suppliers.
+# All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+divert(0)
+VERSIONID(`$Id: freebsd5.m4,v 1.1 2001/10/08 22:25:34 gshapiro Exp $')
+ifdef(`STATUS_FILE',, `define(`STATUS_FILE', `/var/log/sendmail.st')')dnl
+dnl turn on S flag for local mailer
+MODIFY_MAILER_FLAGS(`LOCAL', `+S')dnl
+ifdef(`LOCAL_MAILER_PATH',, `define(`LOCAL_MAILER_PATH', /usr/libexec/mail.local)')dnl
+ifdef(`LOCAL_MAILER_ARGS',, `define(`LOCAL_MAILER_ARGS', `mail $u')')dnl
+ifdef(`UUCP_MAILER_PATH',, `define(`UUCP_MAILER_PATH', `/usr/local/bin/uux')')dnl
+ifdef(`UUCP_MAILER_ARGS',, `define(`UUCP_MAILER_ARGS', `uux - -r -z -a$g $h!rmail ($u)')')dnl
diff --git a/contrib/sendmail/cf/ostype/linux.m4 b/contrib/sendmail/cf/ostype/linux.m4
index a1998e46fe29..b02ad29ee8e0 100644
--- a/contrib/sendmail/cf/ostype/linux.m4
+++ b/contrib/sendmail/cf/ostype/linux.m4
@@ -13,7 +13,7 @@ divert(-1)
#
divert(0)
-VERSIONID(`$Id: linux.m4,v 8.11.16.2 2000/09/17 17:04:22 gshapiro Exp $')
+VERSIONID(`$Id: linux.m4,v 8.13 2000/09/17 17:30:00 gshapiro Exp $')
define(`confEBINDIR', `/usr/sbin')
ifdef(`PROCMAIL_MAILER_PATH',,
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail'))
diff --git a/contrib/sendmail/cf/ostype/mklinux.m4 b/contrib/sendmail/cf/ostype/mklinux.m4
index 12c6f8bfb8b2..90b7d2da3098 100644
--- a/contrib/sendmail/cf/ostype/mklinux.m4
+++ b/contrib/sendmail/cf/ostype/mklinux.m4
@@ -15,7 +15,7 @@ divert(-1)
#
divert(0)
-VERSIONID(`$Id: mklinux.m4,v 8.14.4.1 2000/05/09 18:48:58 gshapiro Exp $')
+VERSIONID(`$Id: mklinux.m4,v 8.15 2000/05/09 18:48:56 gshapiro Exp $')
define(`confEBINDIR', `/usr/sbin')
ifdef(`STATUS_FILE',,
`define(`STATUS_FILE', `/var/log/sendmail.st')')
diff --git a/contrib/sendmail/cf/ostype/mpeix.m4 b/contrib/sendmail/cf/ostype/mpeix.m4
new file mode 100644
index 000000000000..9e760e94e5f4
--- /dev/null
+++ b/contrib/sendmail/cf/ostype/mpeix.m4
@@ -0,0 +1,22 @@
+divert(-1)
+#
+# Copyright (c) 2001 Sendmail, Inc. and its suppliers.
+# All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+divert(0)
+VERSIONID(`$Id: mpeix.m4,v 1.1 2001/12/13 23:56:40 gshapiro Exp $')
+
+ifdef(`LOCAL_MAILER_PATH',, `define(`LOCAL_MAILER_PATH', `/bin/tsmail')')dnl
+_DEFIFNOT(`LOCAL_MAILER_FLAGS', `mu9')dnl
+ifdef(`LOCAL_MAILER_ARGS',, `define(`LOCAL_MAILER_ARGS', `tsmail $u')')dnl
+ifdef(`LOCAL_SHELL_PATH',, `define(`LOCAL_SHELL_PATH', `/bin/sh')')dnl
+ifdef(`confDEF_USER_ID',, `define(`confDEF_USER_ID', `SERVER.SENDMAIL')')dnl
+ifdef(`confTRUSTED_USER',, `define(`confTRUSTED_USER', `SERVER.SENDMAIL')')dnl
+define(`confTIME_ZONE', `USE_TZ')dnl
+define(`confDONT_BLAME_SENDMAIL', `ForwardFileInGroupWritableDirPath')dnl
diff --git a/contrib/sendmail/cf/ostype/solaris8.m4 b/contrib/sendmail/cf/ostype/solaris8.m4
index 22e82051404b..10b9d37bd6ed 100644
--- a/contrib/sendmail/cf/ostype/solaris8.m4
+++ b/contrib/sendmail/cf/ostype/solaris8.m4
@@ -15,7 +15,7 @@ divert(-1)
#
divert(0)
-VERSIONID(`$Id: solaris8.m4,v 8.1.2.2 2000/08/23 16:10:01 gshapiro Exp $')
+VERSIONID(`$Id: solaris8.m4,v 8.2 2000/08/23 16:10:49 gshapiro Exp $')
divert(-1)
ifdef(`UUCP_MAILER_ARGS',, `define(`UUCP_MAILER_ARGS', `uux - -r -a$g $h!rmail ($u)')')
diff --git a/contrib/sendmail/cf/sendmail.schema b/contrib/sendmail/cf/sendmail.schema
new file mode 100644
index 000000000000..bab47e8c65fd
--- /dev/null
+++ b/contrib/sendmail/cf/sendmail.schema
@@ -0,0 +1,216 @@
+# Copyright (c) 2000-2001 Sendmail, Inc. and its suppliers.
+# All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+# $Id: sendmail.schema,v 8.14 2001/08/31 17:18:18 gshapiro Exp $
+
+# Note that this schema is experimental at this point as it has had little
+# public review. Therefore, it may change in future versions. Feedback
+# via sendmail@sendmail.org is encouraged.
+
+# OID arcs for Sendmail
+# enterprise: 1.3.6.1.4.1
+# sendmail: enterprise.6152
+# sendmail-at: sendmail.3.1
+# sendmail-oc: sendmail.3.2
+
+###########################################################################
+#
+# The Sendmail MTA attributes and objectclass
+#
+###########################################################################
+
+# attribute sendmailMTACluster cis
+attributetype ( 1.3.6.1.4.1.6152.10.3.1.10
+ NAME 'sendmailMTACluster'
+ DESC 'cluster name associated with a set of MTAs'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+# attribute sendmailMTAHost cis
+attributetype ( 1.3.6.1.4.1.6152.10.3.1.11
+ NAME 'sendmailMTAHost'
+ DESC 'host name associated with a MTA cluster'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+#objectClass sendmailMTA
+# requires
+# objectClass
+# allows
+# sendmailMTACluster,
+# sendmailMTAHost,
+# Description
+
+objectclass ( 1.3.6.1.4.1.6152.10.3.2.10
+ NAME 'sendmailMTA'
+ SUP top STRUCTURAL
+ DESC 'Sendmail MTA definition'
+ MAY ( sendmailMTACluster $ sendmailMTAHost $ Description ) )
+
+###########################################################################
+#
+# The Sendmail MTA shared attributes
+#
+###########################################################################
+
+# attribute sendmailMTAKey cis
+attributetype ( 1.3.6.1.4.1.6152.10.3.1.13
+ NAME 'sendmailMTAKey'
+ DESC 'key (left hand side) of an aliases or map entry'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+###########################################################################
+#
+# The Sendmail MTA Map attributes and objectclasses
+#
+###########################################################################
+
+# attribute sendmailMTAMapName cis
+attributetype ( 1.3.6.1.4.1.6152.10.3.1.14
+ NAME 'sendmailMTAMapName'
+ DESC 'identifier for the particular map'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} SINGLE-VALUE )
+
+# attribute sendmailMTAMapValue cis
+attributetype ( 1.3.6.1.4.1.6152.10.3.1.16
+ NAME 'sendmailMTAMapValue'
+ DESC 'value (right hand side) of a map entry'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+#objectClass sendmailMTAMap
+# requires
+# objectClass,
+# sendmailMTAMapName,
+# allows
+# sendmailMTACluster,
+# sendmailMTAHost,
+# Description
+
+objectclass ( 1.3.6.1.4.1.6152.10.3.2.11
+ NAME 'sendmailMTAMap'
+ SUP sendmailMTA STRUCTURAL
+ DESC 'Sendmail MTA map definition'
+ MUST sendmailMTAMapName
+ MAY ( sendmailMTACluster $ sendmailMTAHost $ Description ) )
+
+#objectClass sendmailMTAObject
+# requires
+# objectClass,
+# sendmailMTAMapName,
+# sendmailMTAKey,
+# sendmailMTAMapValue,
+# allows
+# sendmailMTACluster,
+# sendmailMTAHost,
+# Description
+
+objectclass ( 1.3.6.1.4.1.6152.10.3.2.12
+ NAME 'sendmailMTAMapObject'
+ SUP sendmailMTAMap STRUCTURAL
+ DESC 'Sendmail MTA map object'
+ MUST ( sendmailMTAMapName $ sendmailMTAKey $ sendmailMTAMapValue )
+ MAY ( sendmailMTACluster $ sendmailMTAHost $ Description ) )
+
+
+###########################################################################
+#
+# The Sendmail MTA Alias attributes and objectclasses
+#
+###########################################################################
+
+# attribute sendmailMTAAliasGrouping cis
+attributetype ( 1.3.6.1.4.1.6152.10.3.1.18
+ NAME 'sendmailMTAAliasGrouping'
+ DESC 'name that identifies a particular aliases grouping'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+# attribute sendmailMTAAliasValue cis
+attributetype ( 1.3.6.1.4.1.6152.10.3.1.20
+ NAME 'sendmailMTAAliasValue'
+ DESC 'value (right hand side) of an alias'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+#objectClass sendmailMTAAlias
+# requires
+# objectClass,
+# allows
+# sendmailMTAAliasGrouping,
+# sendmailMTACluster,
+# sendmailMTAHost,
+# Description
+
+objectclass ( 1.3.6.1.4.1.6152.10.3.2.13
+ NAME 'sendmailMTAAlias'
+ SUP sendmailMTA STRUCTURAL
+ DESC 'Sendmail MTA alias definition'
+ MAY ( sendmailMTAAliasGrouping $
+ sendmailMTACluster $ sendmailMTAHost $ Description ) )
+
+#objectClass sendmailMTAAliasObject
+# requires
+# objectClass,
+# sendmailMTAKey,
+# sendmailMTAAliasValue,
+# allows
+# sendmailMTAAliasGrouping,
+# sendmailMTACluster,
+# sendmailMTAHost,
+# Description
+
+objectclass ( 1.3.6.1.4.1.6152.10.3.2.14
+ NAME 'sendmailMTAAliasObject'
+ SUP sendmailMTAAlias STRUCTURAL
+ DESC 'Sendmail MTA alias object'
+ MUST ( sendmailMTAKey $ sendmailMTAAliasValue )
+ MAY ( sendmailMTAAliasGrouping $
+ sendmailMTACluster $ sendmailMTAHost $ Description ) )
+
+###########################################################################
+#
+# The Sendmail MTA Class attributes and objectclass
+#
+###########################################################################
+
+# attribute sendmailMTAClassName cis
+attributetype ( 1.3.6.1.4.1.6152.10.3.1.22
+ NAME 'sendmailMTAClassName'
+ DESC 'identifier for the class'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} SINGLE-VALUE )
+
+# attribute sendmailMTAClassValue cis
+attributetype ( 1.3.6.1.4.1.6152.10.3.1.23
+ NAME 'sendmailMTAClassValue'
+ DESC 'member of a class'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+#objectClass sendmailMTAClass
+# requires
+# objectClass,
+# sendmailMTAClassName,
+# sendmailMTAClassValue,
+# allows
+# sendmailMTACluster,
+# sendmailMTAHost,
+# Description
+
+objectclass ( 1.3.6.1.4.1.6152.10.3.2.15
+ NAME 'sendmailMTAClass'
+ SUP sendmailMTA STRUCTURAL
+ DESC 'Sendmail MTA class definition'
+ MUST ( sendmailMTAClassName $ sendmailMTAClassValue )
+ MAY ( sendmailMTACluster $ sendmailMTAHost $ Description ) )
diff --git a/contrib/sendmail/contrib/buildvirtuser b/contrib/sendmail/contrib/buildvirtuser
index 3ea2d660461c..2fe469b71a88 100755
--- a/contrib/sendmail/contrib/buildvirtuser
+++ b/contrib/sendmail/contrib/buildvirtuser
@@ -27,7 +27,7 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
-# $Id: buildvirtuser,v 1.1.2.3 2001/02/12 02:57:13 gshapiro Exp $
+# $Id: buildvirtuser,v 1.3 2001/02/12 02:58:20 gshapiro Exp $
=head1 NAME
diff --git a/contrib/sendmail/contrib/dnsblaccess.m4 b/contrib/sendmail/contrib/dnsblaccess.m4
new file mode 100644
index 000000000000..8eb5ae67d06e
--- /dev/null
+++ b/contrib/sendmail/contrib/dnsblaccess.m4
@@ -0,0 +1,94 @@
+divert(-1)
+#
+# Copyright (c) 2001 Sendmail, Inc. and its suppliers.
+# All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+dnl ## This is a modified enhdnsbl, loosely based on the
+dnl ## original.
+dnl ##
+dnl ## Use it as follows
+dnl ##
+dnl ## HACK(dnsblaccess, domain, optional-message, tempfail-message, keytag)
+dnl ##
+dnl ## The first argument (domain) is required. The other arguments
+dnl ## are optional and have reasonable defaults. The
+dnl ## optional-message is the error message given in case of a
+dnl ## match. The default behavior for a tempfail is to accept the
+dnl ## email. A tempfail-message value of `t' temporarily rejects
+dnl ## with a default message. Otherwise the value should be your
+dnl ## own message. The keytag is used to lookup the access map to
+dnl ## further refine the result. I recommend a qualified keytag
+dnl ## (containing a ".") as less likely to accidently conflict with
+dnl ## other access tags.
+dnl ##
+dnl ## This is best illustrated with an example. Please do not use
+dnl ## the example, as it refers to a bogus lookup list.
+dnl ##
+dnl ## Suppose that you use
+dnl ##
+dnl ## HACK(dnsblaccess, `rbl.bogus.org',`',`t',bogus.tag)
+dnl ##
+dnl ## and suppose that your access map contains the entries
+dnl ##
+dnl ## bogus.tag:127.0.0.2 REJECT
+dnl ## bogus.tag:127.0.0.3 error:dialup mail from %1 rejected by %2
+dnl ## bogus.tag:127.0.0.4 OK
+dnl ## bogus.tag:127 REJECT
+dnl ## bogus.tag: OK
+dnl ##
+dnl ## If an SMTP connection is received from 123.45.6.7, sendmail
+dnl ## will lookup the A record for 7.6.45.123.bogus.org. If there
+dnl ## is a temp failure for the lookup, sendmail will generate a
+dnl ## temporary failure with a default message. If there is no
+dnl ## A-record for this lookup, then the mail is treated as if the
+dnl ## HACK line were not present. If the lookup returns 127.0.0.2,
+dnl ## then a default message rejects the mail. If it returns
+dnl ## 127.0.0.3, then the message
+dnl ## "dialup mail from 123.45.6.7 rejected by rbl.bogus.org"
+dnl ## is used to reject the mail. If it returns 127.0.0.4, the
+dnl ## mail is processed as if there were no HACK line. If the
+dnl ## address returned is something else beginning with 127.*, the
+dnl ## mail is rejected with a default error message. If the
+dnl ## address returned does not begin 127, then the mail is
+dnl ## processed as if the HACK line were not present.
+
+divert(0)
+VERSIONID(`$Id: dnsblaccess.m4,v 1.2 2001/07/23 00:24:04 ca Exp $')
+ifdef(`_ACCESS_TABLE_', `dnl',
+ `errprint(`*** ERROR: dnsblaccess requires FEATURE(`access_db')
+')')
+ifdef(`_EDNSBL_R_',`dnl',`dnl
+define(`_EDNSBL_R_', `1')dnl ## prevent multiple redefines of the map.
+LOCAL_CONFIG
+# map for enhanced DNS based blacklist lookups
+Kednsbl dns -R A -a. -T<TMP> -r`'ifdef(`EDNSBL_TO',`EDNSBL_TO',`5')
+')
+divert(-1)
+define(`_EDNSBL_SRV_', `ifelse(len(X`'_ARG_),`1',`blackholes.mail-abuse.org',_ARG_)')dnl
+define(`_EDNSBL_MSG_', `ifelse(len(X`'_ARG2_),`1',`"550 Mail from " $`'&{client_addr} " refused by blackhole site '_EDNSBL_SRV_`"',`_ARG2_')')dnl
+define(`_EDNSBL_MSG_TMP_', `ifelse(_ARG3_,`t',`"451 Temporary lookup failure of " $`'&{client_addr} " at '_EDNSBL_SRV_`"',`_ARG3_')')dnl
+define(`_EDNSBL_KEY_', `ifelse(len(X`'_ARG4_),`1',`dnsblaccess',_ARG4_)')dnl
+divert(8)
+# DNS based IP address spam list _EDNSBL_SRV_
+R$* $: $&{client_addr}
+dnl IPv6?
+R$-.$-.$-.$- $: <?> $(ednsbl $4.$3.$2.$1._EDNSBL_SRV_. $: OK $) <>$1.$2.$3.$4
+R<?>OK<>$* $: OKSOFAR
+R<?>$+<TMP><>$* $: <? <TMPF>>
+R<?>$* $- .<>$* <$(access _EDNSBL_KEY_`:'$1$2 $@$3 $@`'_EDNSBL_SRV_ $: ? $)> $1 <>$3
+R<?>$* <>$* $:<$(access _EDNSBL_KEY_`:' $@$2 $@`'_EDNSBL_SRV_ $: ? $)> <>$2
+ifelse(len(X`'_ARG3_),`1',
+`R<$*<TMPF>>$* $: TMPOK',
+`R<$*<TMPF>>$* $#error $@ 4.7.1 $: _EDNSBL_MSG_TMP_')
+R<$={Accept}>$* $: OKSOFAR
+R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
+R<ERROR:$+> $* $#error $: $1
+R<DISCARD> $* $#discard $: discard
+R<$*> $* $#error $@ 5.7.1 $: _EDNSBL_MSG_
+divert(-1)
diff --git a/contrib/sendmail/contrib/domainmap.m4 b/contrib/sendmail/contrib/domainmap.m4
index fbaf62c82d99..540beff43efa 100644
--- a/contrib/sendmail/contrib/domainmap.m4
+++ b/contrib/sendmail/contrib/domainmap.m4
@@ -46,7 +46,7 @@ divert(-1)changequote(<<, >>)<<
in the sendmail source tree. For more information, please see the
following URL:
- http://www-wsg.cso.uiuc.edu/sendmail/patches/domainmap.html
+ http://www-dev.cso.uiuc.edu/sendmail/domainmap/
Feedback is welcome.
@@ -69,14 +69,16 @@ LOCAL_RULESETS
SDomainMapLookup
R $=L <@ $=w .> $@ $1 <@ $2 .> weed out local users, in case
# Cw contains a mapped domain
+R $+ <@ $+> $: $1 <@ $2 > <$&{addr_type}> check if sender
+R $+ <@ $+> <e s> $#smtp $@ $2 $: $1 @ $2 do not process sender
ifdef(`DOMAINMAP_NO_REGEX',`dnl
-R $+ <@ $+> $: $1 <@ $2> <$2> find domain
+R $+ <@ $+> <$*> $: $1 <@ $2> <$2> find domain
R $+ <$+> <$+ . $+> $1 <$2> < $(dequote $3 "_" $4 $) >
# change "." to "_"
R $+ <$+> <$+ .> $: $1 <$2> < $(dequote "domain_" $3 $) >
# prepend "domain_"
dnl',`dnl
-R $+ <@ $+> $: $1 <@ $2> <$2 :NOTDONE:> find domain
+R $+ <@ $+> <$*> $: $1 <@ $2> <$2 :NOTDONE:> find domain
R $+ <$+> <$+ . :NOTDONE:> $1 <$2> < $(domainmap_regex $3 $: $3 $) >
# change "." and "-" to "_"
R $+ <$+> <$+> $: $1 <$2> < $(dequote "domain_" $3 $) >
diff --git a/contrib/sendmail/contrib/link_hash.sh b/contrib/sendmail/contrib/link_hash.sh
index e07104dd8bd3..843c920d62c2 100644
--- a/contrib/sendmail/contrib/link_hash.sh
+++ b/contrib/sendmail/contrib/link_hash.sh
@@ -3,7 +3,7 @@
## Copyright (c) 2000 Sendmail, Inc. and its suppliers.
## All rights reserved.
##
-## $Id: link_hash.sh,v 1.1.2.1 2000/04/25 00:10:47 ca Exp $
+## $Id: link_hash.sh,v 1.2 2000/04/25 00:12:28 ca Exp $
##
#
# ln a certificate to its hash
diff --git a/contrib/sendmail/contrib/qtool.8 b/contrib/sendmail/contrib/qtool.8
index 1106d078db0f..5c4014267b5c 100644
--- a/contrib/sendmail/contrib/qtool.8
+++ b/contrib/sendmail/contrib/qtool.8
@@ -1,4 +1,4 @@
-.\" Copyright (c) 1999 Sendmail, Inc. and its suppliers.
+.\" Copyright (c) 1999, 2001 Sendmail, Inc. and its suppliers.
.\" All rights reserved.
.\"
.\" By using this file, you agree to the terms and conditions set
@@ -6,18 +6,18 @@
.\" the sendmail distribution.
.\"
.\"
-.\" $Id: qtool.8,v 8.9.16.2 2000/12/15 19:50:41 gshapiro Exp $
+.\" $Id: qtool.8,v 8.16 2001/11/21 19:21:20 gshapiro Exp $
.\"
-.TH QTOOL 8 "$Date: 2000/12/15 19:50:41 $"
+.TH QTOOL 8 "$Date: 2001/11/21 19:21:20 $"
.SH NAME
qtool
\- manipulate sendmail queues
.SH SYNOPSIS
.B qtool.pl
-.RB [options]
+.RB [options]
target_directory source [source ...]
.PP
-.B qtool.pl [-d/-b]
+.B qtool.pl [-Q][-d|-b]
.RB [options]
source [source ...]
.SH DESCRIPTION
@@ -28,8 +28,8 @@ running.
.PP
With no options,
.B qtool
-will move any queue files as specified by \fIsource\fP into
-\fItarget_directory\fP. \fISource\fP can be either an individual
+will move any queue files as specified by \fIsource\fP into
+\fItarget_directory\fP. \fISource\fP can be either an individual
queue control file, a queue file id, or a queue directory.
.PP
If the -d option is specified, qtool will delete the messages specified by
@@ -38,19 +38,27 @@ source instead of moving them.
If the -b option is specified, the selected messages will be bounced by
running sendmail with the -OTimeout.queuereturn=now option.
.SS Options
-.TP
+.TP
\fB\-b\fP
Bounce all of the messages specified by source. The messages will be bounced
immediately. No attempt will be made to deliver the messages.
.TP
+\fB\-C\fP configfile
+Specify the sendmail config file.
+Defaults to /etc/mail/sendmail.cf.
+.TP
\fB\-d\fP
Delete all of the messages specified by source.
-.TP
+.TP
\fB\-e\fP \fIperl_expression\fP
-Evalute \fIperl_expression\fP for each queue file as specified
-by \fIsource\fP. If \fIperl_expression\fP evaluates to true, then that
+Evalute \fIperl_expression\fP for each queue file as specified
+by \fIsource\fP. If \fIperl_expression\fP evaluates to true, then that
queue file is moved. See below for more detail on \fIperl_expression\fP.
-.TP
+.TP
+\fB\-Q\fP
+Operate on quarantined items
+(queue control file begins with hf instead of qf).
+.TP
\fB\-s\fP \fIseconds\fP
Move only the queue files specified by \fIsource\fP that have a
modification time older than \fIseconds\fP.
@@ -74,9 +82,6 @@ The last time the body was modified since the epoch in seconds.
\fBbody_size\fP
The size of the body file in bytes.
.TP
-\fBcharset\fP
-Character set (for future use).
-.TP
\fBcontent-length\fP
Content-Length: header value (Solaris sendmail only).
.TP
@@ -84,7 +89,7 @@ Content-Length: header value (Solaris sendmail only).
The controlling user.
.TP
\fBcontrol_last_mod_time\fP
-The last time the body was modified since the epoch in seconds.
+The last time the control file was modified since the epoch in seconds.
.TP
\fBcontrol_size\fP
The size of the control file in bytes.
@@ -92,15 +97,24 @@ The size of the control file in bytes.
\fBcreation_time\fP
The time when the control file was created.
.TP
+\fBcurrent_delay\fP
+Current delay for queue delay algorithm if _FFR_QUEUEDELAY is enabled.
+.TP
\fBdata_file_name\fP
The data file name (deprecated).
.TP
+\fBdeliver_by\fP
+Deliver by flag and deadline for DELIVERBY ESMTP extension.
+.TP
\fBenvid\fP
Original envelope id form ESMTP.
.TP
\fBerror_recipient\fP
The error recipient (deprecated).
.TP
+\fBfinal_recipient\fP
+Final recipient (for DSNs).
+.TP
\fBflags\fP
Array of characters that can be the following values:
.PD 0
@@ -110,7 +124,7 @@ w
warning message has been sent
.TP 8
r
-This is an error respone or DSN
+This is an error response or DSN
.TP 8
8
has 8 bit data in body
@@ -153,6 +167,13 @@ Original recipient (ORCPT= parameter).
\fBpriority\fP
Adjusted priority of message.
.TP
+\fBquarantine_reason\fP
+Quarantine reason for quarantined (held) envelopes if _FFR_QUARANTINE is
+enabled.
+.TP
+\fBqueue_delay\fP
+Queue delay algorithm if _FFR_QUEUEDELAY is enabled.
+.TP
\fBrecipient\fP
Array of character flags followed by colon and recipient name. Flags:
.PD 0
@@ -191,16 +212,19 @@ Moves the message with id d6CLQh100847 in queue q1 to queue q2.
\fBqtool.pl q2 q1/qfd6CLQh100847\fP
Moves the message with id d6CLQh100847 in queue q1 to queue q2.
.TP
-\fBqtool.pl q2 q1/dfd6CLQh100847\fP
-Moves the message with id d6CLQh100847 in queue q1 to queue q2.
-.TP
\fBqtool.pl -e '$msg{num_delivery_attempts} == 3' /q2 /q1\fP
Moves all of the queue files that have had three attempted deliveries from
queue q1 to queue q2.
+.SH BUGS
+In sendmail 8.12, it is possible for a message's queue and data files (df)
+to be stored in different queues.
+In this situation, you must give qtool the pathname of the queue file,
+not of the data file (df).
+To be safe, never feed qtool the pathname of a data file (df).
.SH SEE ALSO
sendmail(8)
.SH HISTORY
The
.B qtool
-command appeared in
+command appeared in
sendmail 8.10.
diff --git a/contrib/sendmail/contrib/qtool.pl b/contrib/sendmail/contrib/qtool.pl
index f4d36f3ae922..d93f743acb3f 100755
--- a/contrib/sendmail/contrib/qtool.pl
+++ b/contrib/sendmail/contrib/qtool.pl
@@ -1,9 +1,9 @@
#!/usr/bin/env perl
##
-## Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
-## All rights reserved.
+## Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers.
+## All rights reserved.
##
-## $Id: qtool.pl,v 8.15.16.4 2000/11/30 07:14:01 gshapiro Exp $
+## $Id: qtool.pl,v 8.26 2001/11/21 19:26:17 gshapiro Exp $
##
use strict;
use File::Basename;
@@ -43,7 +43,7 @@ use Getopt::Std;
## queue message. This lets you check for any value in the message
## headers or the control file. Here's an example:
##
-## ./qtool.pl -e '$msg->{num_delivery_attempts} >= 2' /q1 /q2
+## ./qtool.pl -e '$msg{num_delivery_attempts} >= 2' /q1 /q2
##
## This would move any queue files whose number of delivery attempts
## is greater than or equal to 2 from the queue 'q2' to the queue 'q1'.
@@ -61,9 +61,10 @@ my $source;
my $result;
my $action;
my $new_condition;
+my $qprefix;
my $conditions = new Compound();
-Getopt::Std::getopts('bde:s:', \%opts);
+Getopt::Std::getopts('bC:de:Qs:', \%opts);
sub move_action
{
@@ -113,6 +114,15 @@ if (defined $opts{e})
$conditions->add($new_condition);
}
+if (defined $opts{Q})
+{
+ $qprefix = "hf";
+}
+else
+{
+ $qprefix = "qf";
+}
+
if ($action == \&move_action)
{
$dst_name = shift(@ARGV);
@@ -126,6 +136,37 @@ if ($action == \&move_action)
$destination = new Queue($dst_name);
}
+# determine queue_root by reading config file
+my $queue_root;
+{
+ my $config_file = "/etc/mail/sendmail.cf";
+ if (defined $opts{C})
+ {
+ $config_file = $opts{C};
+ }
+
+ my $line;
+ open(CONFIG_FILE, $config_file) or die "$config_file: $!";
+ while ($line = <CONFIG_FILE>)
+ {
+ chomp $line;
+ if ($line =~ m/^O QueueDirectory=(.*)/)
+ {
+ $queue_root = $1;
+ if ($queue_root =~ m/(.*)\/[^\/]+\*$/)
+ {
+ $queue_root = $1;
+ }
+ last;
+ }
+ }
+ close(CONFIG_FILE);
+ if (!defined $queue_root)
+ {
+ die "QueueDirectory option not defined in $config_file";
+ }
+}
+
while (@ARGV)
{
$source_name = shift(@ARGV);
@@ -157,13 +198,18 @@ while (($source_name, $source) = each(%sources))
sub usage
{
- print("Usage: $0 [options] directory source ...\n");
- print(" $0 [-d|-b] source ...\n");
- print("options:\n");
- print(" -b Bounce the messages specified by source.\n");
- print(" -d Delete the messages specified by source.\n");
- print(" -e [perl expression] Move only messages for which perl expression returns true.\n");
- print(" -s [seconds] Move only messages whose qf file is older than seconds.\n");
+ print("Usage:\t$0 [options] directory source ...\n");
+ print("\t$0 [-Q][-d|-b] source ...\n");
+ print("Options:\n");
+ print("\t-b\t\tBounce the messages specified by source.\n");
+ print("\t-C configfile\tSpecify sendmail config file.\n");
+ print("\t-d\t\tDelete the messages specified by source.\n");
+ print("\t-e [perl expression]\n");
+ print("\t\t\tMove only messages for which perl expression\n");
+ print("\t\t\treturns true.\n");
+ print("\t-Q\t\tOperate on quarantined files.\n");
+ print("\t-s [seconds]\tMove only messages whose queue file is older\n");
+ print("\t\t\tthan seconds.\n");
}
##
@@ -204,10 +250,10 @@ sub add_source
$data_dir_name = $source_dir_name;
$source_prefix = substr($source_base_name, 0, 2);
- if (!-d $source_name && $source_prefix ne 'qf' &&
+ if (!-d $source_name && $source_prefix ne $qprefix &&
$source_prefix ne 'df')
{
- $source_base_name = "qf$source_base_name";
+ $source_base_name = "$qprefix$source_base_name";
$source_name = File::Spec->catfile("$source_dir_name",
"$source_base_name");
}
@@ -216,12 +262,16 @@ sub add_source
if (!-e $source_name)
{
$source_name = File::Spec->catfile("$source_dir_name", "qf",
- "qf$source_id");
+ "$qprefix$source_id");
if (!-e $source_name)
{
return "'$source_name' does not exist";
}
$data_dir_name = File::Spec->catfile("$source_dir_name", "df");
+ if (!-d $data_dir_name)
+ {
+ $data_dir_name = $source_dir_name;
+ }
$source_dir_name = File::Spec->catfile("$source_dir_name",
"qf");
}
@@ -377,7 +427,7 @@ sub initialize
my $queue_dir = shift;
$self->{id} = shift;
- $self->{file_name} = $queue_dir . '/qf' . $self->{id};
+ $self->{file_name} = $queue_dir . '/' . $qprefix . $self->{id};
$self->{headers} = {};
}
@@ -402,9 +452,11 @@ sub parse
'B' => 'body_type',
'C' => 'controlling_user',
'D' => 'data_file_name',
+ 'd' => 'data_file_directory',
'E' => 'error_recipient',
'F' => 'flags',
'H' => 'parse_header',
+ 'G' => 'queue_delay',
'I' => 'inode_number',
'K' => 'next_delivery_time',
'L' => 'content-length',
@@ -413,11 +465,14 @@ sub parse
'P' => 'priority',
'Q' => 'original_recipient',
'R' => 'recipient',
+ 'q' => 'quarantine_reason',
+ 'r' => 'final_recipient',
'S' => 'sender',
'T' => 'creation_time',
'V' => 'version',
- 'X' => 'charset',
+ 'Y' => 'current_delay',
'Z' => 'envid',
+ '!' => 'deliver_by',
'$' => 'macro'
);
my $line;
@@ -488,7 +543,7 @@ sub parse_header
if (ref($headers->{$last_header}) eq 'ARRAY')
{
$headers->{$last_header}[-1] =
- $headers->{$last_header}[-1] . $line;
+ $headers->{$last_header}[-1] . $line;
}
else
{
@@ -621,10 +676,21 @@ sub new
sub initialize
{
my $self = shift;
- my $queue_dir = shift;
+ my $data_dir = shift;
$self->{id} = shift;
-
- $self->{file_name} = $queue_dir . '/df' . $self->{id};
+ my $control_file = shift;
+
+ $self->{file_name} = $data_dir . '/df' . $self->{id};
+ return if -e $self->{file_name};
+ $control_file->parse();
+ return if !defined $control_file->{data_file_directory};
+ $data_dir = $queue_root . '/' . $control_file->{data_file_directory};
+ chomp $data_dir;
+ if (-d ($data_dir . '/df'))
+ {
+ $data_dir .= '/df';
+ }
+ $self->{file_name} = $data_dir . '/df' . $self->{id};
}
sub do_stat
@@ -694,14 +760,11 @@ sub initialize
$self->{id} = $id;
$self->{control_file} = new ControlFile($queue_dir, $id);
- if ($data_dir)
- {
- $self->{data_file} = new DataFile($data_dir, $id);
- }
- else
+ if (!$data_dir)
{
- $self->{data_file} = new DataFile($queue_dir, $id);
+ $data_dir = $queue_dir;
}
+ $self->{data_file} = new DataFile($data_dir, $id, $self->{control_file});
}
sub last_modified_time
@@ -780,7 +843,7 @@ sub move
$df_dest = $destination;
}
- if (-e File::Spec->catfile($qf_dest, "qf$self->{id}"))
+ if (-e File::Spec->catfile($qf_dest, "$qprefix$self->{id}"))
{
$result = "There is already a queued message with id '$self->{id}' in '$destination'";
}
@@ -884,7 +947,8 @@ sub initialize
## READ - Loads the queue with all of the objects that reside in it.
##
## This reads the queue's directory and creates QueuedMessage objects
-## for every file in the queue that starts with 'qf'.
+## for every file in the queue that starts with 'qf' or 'hf'
+## (depending on the -Q option).
##
sub read
@@ -920,7 +984,7 @@ sub read
return "Unable to open directory '$control_dir'";
}
- @control_files = grep { /^qf.*/ && -f "$control_dir/$_" } readdir(QUEUE_DIR);
+ @control_files = grep { /^$qprefix.*/ && -f "$control_dir/$_" } readdir(QUEUE_DIR);
closedir(QUEUE_DIR);
foreach $file_name (@control_files)
{
diff --git a/contrib/sendmail/doc/op/Makefile b/contrib/sendmail/doc/op/Makefile
index e33911329b69..09f459234a84 100644
--- a/contrib/sendmail/doc/op/Makefile
+++ b/contrib/sendmail/doc/op/Makefile
@@ -1,4 +1,4 @@
-# $Id: Makefile,v 8.7.8.4 2001/07/01 18:34:56 gshapiro Exp $
+# $Id: Makefile,v 8.14 2002/01/07 22:24:36 gshapiro Exp $
DIR= smm/08.sendmailop
SRCS= op.me
@@ -8,12 +8,14 @@ ROFF_CMD= groff
PIC_CMD= pic
EQN_CMD= eqn
UL_CMD= ul
+PS2PDF_CMD= ps2pdf
PIC= ${PIC_CMD} -C
EQNASCII= ${EQN_CMD} -C -Tascii
EQNPS= ${EQN_CMD} -C -Tps
ROFFASCII= ${ROFF_CMD} -Tascii ${MACROS}
ROFFPS= ${ROFF_CMD} -Tps -mps ${MACROS}
ULASCII= ${UL_CMD} -t dumb
+PS2PDF= ${PS2PDF_CMD}
all: ${OBJS}
@@ -25,7 +27,11 @@ op.txt: ${SRCS}
rm -f $@
${PIC} ${SRCS} | ${EQNASCII} | ${ROFFASCII} | ${ULASCII} > $@
+op.pdf: op.ps
+ rm -f $@
+ ${PS2PDF} op.ps op.pdf
+
clean:
- rm -f op.ps op.txt
+ rm -f op.ps op.txt op.pdf
install: ${OBJS}
diff --git a/contrib/sendmail/doc/op/op.me b/contrib/sendmail/doc/op/op.me
index 802e3b7be5ce..8c7beb663130 100644
--- a/contrib/sendmail/doc/op/op.me
+++ b/contrib/sendmail/doc/op/op.me
@@ -9,7 +9,7 @@
.\" the sendmail distribution.
.\"
.\"
-.\" $Id: op.me,v 8.317.4.71 2001/08/14 15:26:00 ca Exp $
+.\" $Id: op.me,v 8.592 2001/12/26 03:44:39 ca Exp $
.\"
.\" eqn op.me | pic | troff -me
.\"
@@ -81,16 +81,17 @@ This documentation is under modification.
.sp
.r
Eric Allman
+Gregory Neil Shapiro
+Claus Assmann
Sendmail, Inc.
-eric@Sendmail.COM
.sp
.de Ve
Version \\$2
..
-.Ve $Revision: 8.317.4.71 $
+.Ve $Revision: 8.592 $
.rm Ve
.sp
-For Sendmail Version 8.11
+For Sendmail Version 8.12
.)l
.(f
Sendmail is a trademark of Sendmail, Inc.
@@ -127,9 +128,9 @@ RFC821 (Simple Mail Transport Protocol),
RFC822 (Internet Mail Headers Format),
RFC974 (MX routing),
RFC1123 (Internet Host Requirements),
-RFC2045 (MIME),
-RFC1869 (SMTP Service Extensions),
+RFC1413 (Identification server),
RFC1652 (SMTP 8BITMIME Extension),
+RFC1869 (SMTP Service Extensions),
RFC1870 (SMTP SIZE Extension),
RFC1891 (SMTP Delivery Status Notifications),
RFC1892 (Multipart/Report),
@@ -138,10 +139,15 @@ RFC1894 (Delivery Status Notifications),
RFC1985 (SMTP Service Extension for Remote Message Queue Starting),
RFC2033 (Local Message Transmission Protocol),
RFC2034 (SMTP Service Extension for Returning Enhanced Error Codes),
+RFC2045 (MIME),
RFC2476 (Message Submission),
RFC2487 (SMTP Service Extension for Secure SMTP over TLS),
+RFC2554 (SMTP Service Extension for Authentication),
+RFC2821 (Simple Mail Transfer Protocol),
+RFC2822 (Internet Message Format),
+RFC2852 (Deliver By SMTP Service Extension),
and
-RFC2554 (SMTP Service Extension for Authentication).
+RFC2920 (SMTP Service Extension for Command Pipelining).
However, since
.i sendmail
is designed to work in a wider world,
@@ -169,9 +175,9 @@ for you to install
.i sendmail
and keep it happy.
Section three
-describes some parameters that may be safely tweaked.
-Section four
has information regarding the command line arguments.
+Section four
+describes some parameters that may be safely tweaked.
Section five
contains the nitty-gritty information about the configuration
file.
@@ -203,6 +209,11 @@ and the settings of various options.
Although the configuration file can be quite complex,
a configuration can usually be built
using an M4-based configuration language.
+Assuming you have the standard
+.i sendmail
+distribution, see
+.i cf/README
+for further information.
.pp
The remainder of this section will describe the installation of
.i sendmail
@@ -214,10 +225,11 @@ are given from the root of the
subtree,
normally
.i /usr/src/usr.\*(SD/sendmail
-on 4.4BSD.
+on 4.4BSD-based systems.
.pp
-If you are loading this off the tape,
-continue with the next section.
+Continue with the next section if you need/want to compile
+.i sendmail
+yourself.
If you have a running binary already on your system,
you should probably skip to section 1.2.
.sh 2 "Compiling Sendmail"
@@ -248,6 +260,8 @@ command.
In most cases these are only used when the
.i obj.*
directory is first created.
+To restart from scratch, use
+.i -c .
These commands include:
.nr ii 0.5i
.ip "\-L \fIlibdirs\fP"
@@ -285,9 +299,10 @@ will avoid auto-detecting libraries if this is set.
All libraries and map definitions must be specified
in the site configuration file.
.lp
-Any other parameters are passed to the
+Most other parameters are passed to the
.i make
-program.
+program; for details see
+.i $BUILDTOOLS/README .
.sh 3 "Creating a Site Configuration File"
.\"XXX
.pp
@@ -343,6 +358,8 @@ If neither of these are defined,
reads the alias file into memory on every invocation.
This can be slow and should be avoided.
There are also several methods for remote database access:
+.ip LDAP
+Lightweight Directory Access Protocol.
.ip NIS
Sun's Network Information Services (formerly YP).
.ip NISPLUS
@@ -352,9 +369,12 @@ NeXT's NetInfo service.
.ip HESIOD
Hesiod service (from Athena).
.lp
-Other compilation flags are set in conf.h
+Other compilation flags are set in
+.i conf.h
and should be predefined for you
unless you are porting to a new environment.
+For more options see
+.i sendmail/README .
.sh 3 "Compilation and installation"
.pp
After making the local system configuration described above,
@@ -382,7 +402,14 @@ and
/usr/\*(SB/mailq
to
/usr/\*(SD/sendmail.
-On 4.4BSD systems it will also format and install man pages.
+On most systems it will also format and install man pages.
+Notice: as of version 8.12
+.i sendmail
+will no longer be installed set-user-ID root by default.
+If you really want to use the old method, you can specify it as target:
+.(b
+\&./Build install-set-user-id
+.)b
.sh 2 "Configuration Files"
.pp
.i Sendmail
@@ -401,24 +428,9 @@ The world is complex,
and the mail configuration reflects that.
The distribution includes an m4-based configuration package
that hides a lot of the complexity.
-.pp
-These configuration files are simpler than old versions
-largely because the world has become simpler;
-in particular,
-text-based host files are officially eliminated,
-obviating the need to
-.q hide
-hosts behind a registered internet gateway.
-.pp
-These files also assume that most of your neighbors
-use domain-based UUCP addressing;
-that is,
-instead of naming hosts as
-.q host!user
-they will use
-.q host.domain!user .
-The configuration files can be customized to work around this,
-but it is more complex.
+See
+.i cf/README
+for details.
.pp
Our configuration files are processed by
.i m4
@@ -444,7 +456,7 @@ as a general description of an SMTP-connected host
running Solaris 2.x.
Files ending
.b \&.mc
-(``Master Configuration'')
+(``M4 Configuration'')
are the input descriptions;
the output is in the corresponding
.b \&.cf
@@ -521,6 +533,7 @@ Local UUCP connectivity information.
This directory has been supplanted by the mailertable feature;
any new configurations should use that feature to do UUCP
(and other) routing.
+The use of this directory is deprecated.
.pp
If you are in a new domain
(e.g., a company),
@@ -580,7 +593,8 @@ many systems install it in
I understand it is in /usr/ucblib
on System V Release 4.
.)f
-It should be setuid root.
+It should be set-group-ID smmsp as described in
+sendmail/SECURITY.
For security reasons,
/, /usr, and /usr/\*(SD
should be owned by root, mode 755\**.
@@ -594,7 +608,7 @@ and permissions are
.)f
.sh 3 "/etc/mail/sendmail.cf"
.pp
-This is the configuration file for
+This is the main configuration file for
.i sendmail \**.
.(f
\**Actually, the pathname varies depending on the operating system;
@@ -609,8 +623,9 @@ to the flags passed to the C compiler.
Moving this file is not recommended:
other programs and scripts know of this location.
.)f
-This is the only non-library file name compiled into
-.i sendmail \**.
+This is one of the two non-library file names compiled into
+.i sendmail \**,
+the other is /etc/mail/submit.cf.
.(f
\**The system libraries can reference other files;
in particular, system library subroutines that
@@ -627,6 +642,32 @@ If you have a particularly unusual system configuration
you may need to create a special version.
The format of this file is detailed in later sections
of this document.
+.sh 3 "/etc/mail/submit.cf"
+.pp
+This is the configuration file for
+.i sendmail
+when it is used for initial mail submission, in which case
+it is also called ``Mail Submission Program'' (MSP)
+in contrast to ``Mail Transfer Agent'' (MTA).
+Starting with version 8.12,
+.i sendmail
+uses one of two different configuration files based on its operation mode
+(or the new
+.b \-A
+option).
+For initial mail submission, i.e., if one of the options
+.b \-bm
+(default),
+.b \-bs ,
+or
+.b \-t
+is specified, submit.cf is used (if available),
+for other operations sendmail.cf is used.
+Details can be found in
+.i sendmail/SECURITY .
+submit.cf is shipped with sendmail (in cf/cf/) and is installed by default.
+If changes to the configuration need to be made, start with
+cf/cf/submit.mc and follow the instruction in cf/README.
.sh 3 "/usr/\*(SB/newaliases"
.pp
The
@@ -670,8 +711,8 @@ This directory should be mode 700
and owned by root.
.pp
The actual path of this directory
-is defined in the
-.b Q
+is defined by the
+.b QueueDirectory
option of the
.i sendmail.cf
file.
@@ -692,6 +733,40 @@ queue file types.
That is, the data files are stored in the `df' subdirectory,
the transcript files are stored in the `xf' subdirectory, and
all others are stored in the `qf' subdirectory.
+.pp
+If shared memory support is compiled in,
+.i sendmail
+stores the available diskspace in a shared memory segment
+to make the values readily available to all children without
+incurring system overhead.
+In this case, only the daemon updates the data;
+i.e., the sendmail daemon creates the shared memory segment
+and deletes it if it is terminated.
+To use this,
+.i sendmail
+must have been compiled with support for shared memory
+(-DSM_CONF_SHM)
+and the option
+.b SharedMemoryKey
+must be set.
+Notice: do not use the same key for
+.i sendmail
+invocations with different queue directories
+or different queue group declarations.
+.sh 3 "/var/spool/clientmqueue"
+.pp
+The directory
+.i /var/spool/clientmqueue
+should be created to hold the mail queue.
+This directory should be mode 770
+and owned by user smmsp, group smmsp.
+.pp
+The actual path of this directory
+is defined by the
+.b QueueDirectory
+option of the
+.i submit.cf
+file.
.sh 3 "/var/spool/mqueue/.hoststat"
.pp
This is a typical value for the
@@ -711,7 +786,7 @@ which includes some aliases which
.i must
be defined:
.(b
-cp lib/aliases /etc/mail/aliases
+cp sendmail/aliases /etc/mail/aliases
.i "edit /etc/mail/aliases"
.)b
You should extend this file with any aliases that are apropos to your system.
@@ -743,7 +818,7 @@ it listens on the SMTP socket for connections
and it processes the queue periodically
to insure that mail gets delivered when hosts come up.
.pp
-Add the following lines to
+If necessary, add the following lines to
.q /etc/rc
(or
.q /etc/rc.local
@@ -755,7 +830,7 @@ in one of the startup files, typically
.q /etc/init.d/sendmail :
.(b
if [ \-f /usr/\*(SD/sendmail \-a \-f /etc/mail/sendmail.cf ]; then
- (cd /var/spool/mqueue; rm \-f [lnx]f*)
+ (cd /var/spool/mqueue; rm \-f xf*)
/usr/\*(SD/sendmail \-bd \-q30m &
echo \-n ' sendmail' >/dev/console
fi
@@ -764,8 +839,8 @@ The
.q cd
and
.q rm
-commands insure that all lock files have been removed;
-extraneous lock files may be left around
+commands insure that all transcript files have been removed;
+extraneous transcript files may be left around
if the system goes down in the middle of processing a message.
The line that actually invokes
.i sendmail
@@ -834,12 +909,6 @@ done
Figure 1 \(em A complex startup script
.hl
.)z
-.pp
-If you are not running a version of UNIX
-that supports Berkeley TCP/IP,
-do not include the
-.b \-bd
-flag.
.sh 3 "/etc/mail/helpfile"
.pp
This is the help file used by the SMTP
@@ -944,10 +1013,10 @@ The number of envelope recipients for this message
The message id of the message (from the header).
.ip proto
The protocol used to receive this message (e.g., ESMTP or UUCP)
-.ip daemon
-The daemon name from the
-.b DaemonPortOptions
-setting.
+.ip daemon
+The daemon name from the
+.b DaemonPortOptions
+setting.
.ip relay
The machine from which it was received.
.lp
@@ -976,7 +1045,7 @@ The enhanced error code (RFC2034) if available.
The delivery status.
.lp
Not all fields are present in all messages;
-for example, the relay is not listed for local deliveries.
+for example, the relay is usually not listed for local deliveries.
.sh 3 "Levels"
.pp
If you have
@@ -1015,13 +1084,109 @@ signal.
The results are logged at
.sm LOG_DEBUG
priority.
-.sh 2 "The Mail Queue"
+.sh 2 "The Mail Queues"
+.pp
+Mail messages may either be delivered immediately or be held for later
+delivery.
+Held messages are placed into a holding directory called a mail queue.
.pp
-Sometimes a host cannot handle a message immediately.
-For example, it may be down or overloaded, causing it to refuse connections.
-The sending host is then expected to save this message in
-its mail queue
-and attempt to deliver it later.
+A mail message may be queued for these reasons:
+.bu
+If a mail message is temporarily undeliverable, it is queued
+and delivery is attempted later.
+If the message is addressed to multiple recipients, it is queued
+only for those recipients to whom delivery is not immediately possible.
+.bu
+If the SuperSafe option is set to true,
+all mail messages are queued while delivery is attempted.
+.bu
+If the DeliveryMode option is set to queue-only or defer,
+all mail is queued, and no immediate delivery is attempted.
+.bu
+If the load average becomes higher than the value of the QueueLA option
+and the
+.b QueueFactor
+(\c
+.b q )
+option divided by the difference in the current load average and the
+.b QueueLA
+option plus one
+is less than the priority of the message,
+messages are queued rather than immediately delivered.
+.sh 3 "Queue Groups and Queue Directories"
+.pp
+There are one or more mail queues.
+Each mail queue belongs to a queue group.
+There is always a default queue group that is called ``mqueue''
+(which is where messages go by default unless otherwise specified).
+The directory or directories which comprise the default queue group
+are specified by the QueueDirectory option.
+There are zero or more
+additional named queue groups declared using the
+.b Q
+command in the configuration file.
+.pp
+By default, a queued message is placed in the queue group
+associated with the first recipient in the recipient list.
+A recipient address is mapped to a queue group as follows.
+First, if there is a ruleset called ``queuegroup'',
+and if this ruleset maps the address to a queue group name,
+then that queue group is chosen.
+That is, the argument for the ruleset is the recipient address
+and the result should be
+.b $#
+followed by the name of a queue group.
+Otherwise, if the mailer associated with the address specifies
+a queue group, then that queue group is chosen.
+Otherwise, the default queue group is chosen.
+.pp
+A message with multiple recipients will be split
+if different queue groups are chosen
+by the mapping of recipients to queue groups.
+.pp
+When a message is placed in a queue group, and the queue group has
+more than one queue, a queue is selected randomly.
+.pp
+If a message with multiple recipients is placed into a queue group
+with the 'r' option (maximum number of recipients per message)
+set to a positive value
+.i N ,
+and if there are more than
+.i N
+recipients
+in the message, then the message will be split into multiple messages,
+each of which have at most
+.i N
+recipients.
+.sh 3 "Queue Runs"
+.pp
+.i sendmail
+has two different ways to process the queue(s).
+The first one is to start queue runners after certain intervals
+(``normal'' queue runners),
+the second one is to keep queue runner processes around
+(``persistent'' queue runners).
+How to select either of these types is discussed in the appendix
+``COMMAND LINE FLAGS''.
+Persistent queue runners have the advantage that no new processes
+need to be spawned at certain intervals; they just sleep for
+a specified time after they finished a queue run.
+Another advantage of persistent queue runners is that only one process
+belonging to a workgroup (a workgroup is a set of queue groups)
+collects the data for a queue run
+and then multiple queue runner may go ahead using that data.
+This can significantly reduce the disk I/O necessary to read the
+queue files compared to starting multiple queue runners directly.
+Their disadvantage is that a new queue run is only started
+after all queue runners belonging to a group finished their tasks.
+In case one of the queue runners tries delivery to a slow recipient site
+at the end of a queue run, the next queue run may be substantially delayed.
+In general this should be smoothed out due to the distribution of
+those slow jobs, however, for sites with small number of
+queue entries this might introduce noticable delays.
+In general, persistent queue runners are only useful for
+sites with big queues.
+.sh 3 "Manual Intervention"
.pp
Under normal conditions the mail queue will be processed transparently.
However, you may find that manual intervention is sometimes necessary.
@@ -1032,9 +1197,11 @@ Although
.i sendmail
ought to recover gracefully when the host comes up,
you may find performance unacceptably bad in the meantime.
+In that case you want to check the content of the queue
+and manipulate it as explained in the next two sections.
.sh 3 "Printing the queue"
.pp
-The contents of the queue can be printed
+The contents of the queue(s) can be printed
using the
.i mailq
command
@@ -1049,13 +1216,17 @@ This will produce a listing of the queue id's,
the size of the message,
the date the message entered the queue,
and the sender and recipients.
+If shared memory support is compiled in,
+the flag
+.b \-bP
+can be used to print the number of entries in the queue(s),
+provided a process updates the data.
.sh 3 "Forcing the queue"
.pp
.i Sendmail
-should run the queue automatically
-at intervals.
+should run the queue automatically at intervals.
When using multiple queues,
-a separate process will be created to
+a separate process will by default be created to
run each of the queues
unless the queue run is initiated by a user
with the verbose flag.
@@ -1107,17 +1278,34 @@ You should then kill the existing daemon
(since it will still be processing in the old queue directory)
and create a new daemon.
.pp
-To run the old mail queue,
-run the following command:
+To run the old mail queue, issue the following command:
.(b
-/usr/\*(SD/sendmail \-oQ/var/spool/omqueue \-q
+/usr/\*(SD/sendmail \-C /etc/mail/queue.cf \-q
.)b
The
-.b \-oQ
-flag specifies an alternate queue directory
+.b \-C
+flag specifies an alternate configuration file
+.b queue.cf
+which should refer to the moved queue directory
+.(b
+O QueueDirectory=/var/spool/omqueue
+.)b
and the
.b \-q
flag says to just run every job in the queue.
+You can also specify the moved queue directory on the command line
+.(b
+/usr/\*(SD/sendmail \-oQ/var/spool/omqueue \-q
+.)b
+but this requires that you do not have
+queue groups in the configuration file,
+because those are not subdirectories of the moved directory.
+See the section about "Queue Group Declaration" for details;
+you most likely need a different configuration file to correctly deal
+with this problem.
+However, a proper configuration of queue groups should avoid
+filling up queue directories, so you shouldn't run into
+this problem.
If you have a tendency toward voyeurism,
you can use the
.b \-v
@@ -1132,7 +1320,7 @@ rmdir /var/spool/omqueue
.pp
.i Sendmail
stores a large amount of information about each remote system it
-has connected to in memory. It is now possible to preserve some
+has connected to in memory. It is possible to preserve some
of this information on disk as well, by using the
.b HostStatusDirectory
option, so that it may be shared between several invocations of
@@ -1241,13 +1429,23 @@ aliases files nis
will ask
.i sendmail
to look for hosts in the Domain Name System first.
-If the requested host name is not found,
-it tries local files,
+If the requested host name is not found, it tries local files,
and if that fails it tries NIS.
-Similarly,
-when looking for aliases
-it will try the local files first
-followed by NIS.
+Similarly, when looking for aliases
+it will try the local files first followed by NIS.
+.pp
+Notice: since
+.i sendmail
+must access MX records for correct operation, it will use
+DNS if it is configured in the
+.b ServiceSwitchFile
+file.
+Hence an entry like
+.(b
+hosts files dns
+.)b
+will not avoid DNS lookups even if a host can be found
+in /etc/hosts.
.pp
Service switches are not completely integrated.
For example, despite the fact that the host entry listed in the above example
@@ -1255,14 +1453,6 @@ specifies to look in NIS,
on SunOS this won't happen because the system implementation of
.i gethostbyname \|(3)
doesn't understand this.
-If there is enough demand
-.i sendmail
-may reimplement
-.i gethostbyname \|(3),
-.i gethostbyaddr \|(3),
-.i getpwent \|(3),
-and the other system routines that would be necessary
-to make this work seamlessly.
.sh 2 "The Alias Database"
.pp
After recipient addresses are read from the SMTP connection
@@ -1422,28 +1612,6 @@ flag:
/usr/\*(SD/sendmail \-bi
.)b
.pp
-If the
-.b RebuildAliases
-(old
-.b D )
-option is specified in the configuration,
-.i sendmail
-will rebuild the alias database automatically
-if possible
-when it is out of date.
-Auto-rebuild can be dangerous
-on heavily loaded machines
-with large alias files;
-if it might take more than the rebuild timeout
-(option
-.b AliasWait ,
-old
-.b a ,
-which is normally five minutes)
-to rebuild the database,
-there is a chance that several processes will start the rebuild process
-simultaneously.
-.pp
If you have multiple aliases databases specified,
the
.b \-bi
@@ -1534,6 +1702,9 @@ of using ``\c
as the return address.
.sh 2 "User Information Database"
.pp
+This option is deprecated, use virtusertable and genericstable instead
+as explained in
+.i cf/README .
If you have a version of
.i sendmail
with the user information database
@@ -1582,7 +1753,7 @@ defined by the configuration file.
Others have interpretations built into
.i sendmail
that cannot be changed without changing the code.
-These builtins are described here.
+These built-ins are described here.
.sh 3 "Errors-To:"
.pp
If errors occur anywhere during processing,
@@ -1617,7 +1788,7 @@ One of the possible actions is to add an
header line for any recipients it is aware of.
.pp
The Apparently-To: header is non-standard
-and is deprecated.
+and is both deprecated and strongly discouraged.
.sh 3 "Precedence"
.pp
The Precedence: header can be used as a crude control of message priority.
@@ -1693,27 +1864,32 @@ Some important arguments are described here.
.sh 2 "Queue Interval"
.pp
The amount of time between forking a process
-to run through the queue
-is defined by the
+to run through the queue is defined by the
.b \-q
flag.
If you run with delivery mode set to
.b i
or
.b b
-this can be relatively large,
-since it will only be relevant
+this can be relatively large, since it will only be relevant
when a host that was down comes back up.
If you run in
.b q
-mode
-it should be relatively short,
+mode it should be relatively short,
since it defines the maximum amount of time that a message
may sit in the queue.
(See also the MinQueueAge option.)
.pp
RFC 1123 section 5.3.1.1 says that this value should be at least 30 minutes
(although that probably doesn't make sense if you use ``queue-only'' mode).
+.pp
+Notice: the meaning of the interval time depends on whether normal
+queue runners or persistent queue runners are used.
+For the former, it is the time between subsequent starts of a queue run.
+For the latter, it is the time sendmail waits after a persistent queue
+runner has finished its work to start the next one.
+Hence for persistent queue runners this interval should be very low,
+typically no more than two minutes.
.sh 2 "Daemon Mode"
.pp
If you allow incoming mail over an IPC connection,
@@ -1735,8 +1911,9 @@ flag may be combined in one call:
An alternative approach is to invoke sendmail from
.i inetd (8)
(use the
-.b \-bs
-flag to ask sendmail to speak SMTP on its standard input and output).
+.b \-bs \ \-Am
+flags to ask sendmail to speak SMTP on its standard input and output
+and to run as MTA).
This works and allows you to wrap
.i sendmail
in a TCP wrapper program,
@@ -1764,7 +1941,7 @@ when this is done to watch what happens:
.)b
.pp
You can also limit the jobs to those with a particular queue identifier,
-sender, or recipient
+recipient, sender, or queue group
using one of the queue modifiers.
For example,
.q \-qRberkeley
@@ -1773,40 +1950,77 @@ restricts the queue run to jobs that have the string
somewhere in one of the recipient addresses.
Similarly,
.q \-qSstring
-limits the run to particular senders and
+limits the run to particular senders,
.q \-qIstring
-limits it to particular queue identifiers.
+limits it to particular queue identifiers, and
+.q \-qGstring
+limits it to a particular queue group.
+You may also place an
+.b !
+before the
+.b I
+or
+.b R
+or
+.b S
+to indicate that jobs are limited to not including a particular queue
+identifier, recipient or sender.
+For example,
+.q \-q!Rseattle
+limits the queue run to jobs that do not have the string
+.q seattle
+somewhere in one of the recipient addresses.
+Should you need to terminate the queue jobs currently active then a SIGTERM
+to the parent of the process (or processes) will cleanly stop the jobs.
.sh 2 "Debugging"
.pp
There are a fairly large number of debug flags
built into
.i sendmail .
-Each debug flag has a number and a level,
-where higher levels means to print out more information.
+Each debug flag has a category and a level.
+Higher levels increase the level of debugging activity;
+in most cases, this means to print out more information.
The convention is that levels greater than nine are
.q absurd,
i.e.,
they print out so much information that you wouldn't normally
want to see them except for debugging that particular piece of code.
+.pp
+A debug category is either an integer, like 42,
+or a name, like ANSI.
+You can specify a range of numeric debug categories
+using the syntax 17-42.
+You can specify a set of named debug categories using
+a glob pattern like
+.q sm_trace_* .
+At present, only
+.q *
+and
+.q ?
+are supported in these glob patterns.
+.pp
Debug flags are set using the
.b \-d
option;
the syntax is:
.(b
-.ta \w'debug-option 'u
+.ta \w'debug-categories:M 'u
debug-flag: \fB\-d\fP debug-list
debug-list: debug-option [ , debug-option ]*
-debug-option: debug-range [ . debug-level ]
-debug-range: integer | integer \- integer
+debug-option: debug-categories [ . debug-level ]
+debug-categories: integer | integer \- integer | category-pattern
+category-pattern: [a-zA-Z_*?][a-zA-Z0-9_*?]*
debug-level: integer
.)b
where spaces are for reading ease only.
For example,
.(b
-\-d12 Set flag 12 to level 1
-\-d12.3 Set flag 12 to level 3
-\-d3\-17 Set flags 3 through 17 to level 1
-\-d3\-17.4 Set flags 3 through 17 to level 4
+\-d12 Set category 12 to level 1
+\-d12.3 Set category 12 to level 3
+\-d3\-17 Set categories 3 through 17 to level 1
+\-d3\-17.4 Set categories 3 through 17 to level 4
+\-dANSI Set category ANSI to level 1
+\-dsm_trace_*.3 Set all named categories matching sm_trace_* to level 3
.)b
For a complete list of the available debug flags
you will have to look at the code
@@ -1814,6 +2028,10 @@ and the
.i TRACEFLAGS
file in the sendmail distribution
(they are too dynamic to keep this document up to date).
+For a list of named debug categories in the sendmail binary, use
+.(b
+ident /usr/sbin/sendmail | grep Debug
+.)b
.sh 2 "Changing the Values of Options"
.pp
Options can be overridden using the
@@ -1836,7 +2054,7 @@ the equivalent line using the long option name is
.pp
Some options have security implications.
Sendmail allows you to set these,
-but relinquishes its setuid root permissions thereafter\**.
+but relinquishes its set-user-ID or set-group-ID permissions thereafter\**.
.(f
\**That is, it sets its effective uid to the real uid;
thus, if you are executing as root,
@@ -1864,7 +2082,8 @@ it defaults to
in the current directory.
.pp
.i Sendmail
-gives up its setuid root permissions
+gives up set-user-ID root permissions
+(if it has been installed set-user-ID root)
when you use this flag, so it is common to use a publicly writable directory
(such as /tmp)
as the queue directory (QueueDirectory or Q option) while testing.
@@ -1965,8 +2184,8 @@ This version requires that you use:
.pp
As of version 8.7,
some other syntaxes are available in test mode:
-.bu
-\&.D\|x\|value
+.nr ii 1i
+.ip \&.D\|x\|value
defines macro
.i x
to have the indicated
@@ -1975,18 +2194,47 @@ This is useful when debugging rules that use the
.b $& \c
.i x
syntax.
-.bu
-\&.C\|c\|value
+.ip \&.C\|c\|value
adds the indicated
.i value
to class
.i c .
-.bu
-\&.S\|ruleset
+.ip \&=S\|ruleset
dumps the contents of the indicated ruleset.
-.bu
-\-d\|debug-spec
+.ip \-d\|debug-spec
is equivalent to the command-line flag.
+.lp
+Version 8.9 introduced more features:
+.nr ii 1i
+.ip ?
+shows a help message.
+.ip =M
+display the known mailers.
+.ip $m
+print the value of macro m.
+.ip $=c
+print the contents of class c.
+.ip /mx\ host
+returns the MX records for `host'.
+.ip /parse\ address
+parse address, returning the value of
+.i crackaddr ,
+and the parsed address.
+.ip /try\ mailer\ addr
+rewrite address into the form it will have when
+presented to the indicated mailer.
+.ip /tryflags\ flags
+set flags used by parsing. The flags can be `H' for
+Header or `E' for Envelope, and `S' for Sender or `R'
+for Recipient. These can be combined, `HR' sets
+flags for header recipients.
+.ip /canon\ hostname
+try to canonify hostname.
+.ip /map\ mapname\ key
+look up `key' in the indicated `mapname'.
+.ip /quit
+quit address test mode.
+.lp
.sh 2 "Persistent Host Status Information"
.pp
When
@@ -2072,22 +2320,22 @@ w weeks
.pp
The argument to the
.b \-q
-flag
-specifies how often a sub-daemon will run the queue.
-This is typically set to between fifteen minutes
-and one hour.
-If not set,
-or set to zero,
+flag specifies how often a sub-daemon will run the queue.
+This is typically set to between fifteen minutes and one hour.
+If not set, or set to zero,
the queue will not be run automatically.
RFC 1123 section 5.3.1.1 recommends that this be at least 30 minutes.
+Should you need to terminate the queue jobs currently active then a SIGTERM
+to the parent of the process (or processes) will cleanly stop the jobs.
.sh 3 "Read timeouts"
.pp
Timeouts all have option names
.q Timeout.\fIsuboption\fP .
+Most of these control SMTP operations.
The recognized
.i suboption s,
their default values, and the minimum values
-allowed by RFC 1123 section 5.3.2 are:
+allowed by RFC 2821 section 4.5.3.2 (or RFC 1123 section 5.3.2) are:
.nr ii 1i
.ip connect
The time to wait for an SMTP connection to open
@@ -2110,6 +2358,18 @@ The concept is that this should be very short (a few seconds);
hosts that are well connected and responsive will thus be serviced immediately.
Hosts that are slow will not hold up other deliveries in the initial
delivery attempt.
+.ip aconnect
+[0, unspecified]
+The overall timeout waiting for all connection for a single delivery
+attempt to succeed.
+If 0, no overall limit is applied.
+This can be used to restrict the total amount of time trying to connect to
+a long list of host that could accept an e-mail for the recipient.
+This timeout does not apply to
+.b FallbackMXhost ,
+i.e., if the time is exhausted, the
+.b FallbackMXhost
+is tried next.
.ip initial
The wait for the initial 220 greeting message
[5m, 5m].
@@ -2162,10 +2422,19 @@ the time to wait for another command.
[1h, 5m].
.ip ident\(dd
The timeout waiting for a reply to an IDENT query
-[30s\**, unspecified].
+[5s\**, unspecified].
.(f
\**On some systems the default is zero to turn the protocol off entirely.
.)f
+.ip lhlo
+The wait for a reply to an LMTP LHLO command
+[2m, unspecified].
+.ip auth
+The timeout for a reply in an SMTP AUTH dialogue
+[10m, unspecified].
+.ip starttls
+The timeout for a reply to an SMTP STARTTLS command and the TLS handshake
+[1h, unspecified].
.ip fileopen\(dd
The timeout for opening .forward and :include: files [60s, none].
.ip control\(dd
@@ -2175,7 +2444,7 @@ How long status information about a host
(e.g., host down)
will be cached before it is considered stale
[30m, unspecified].
-.ip resolver.retrans
+.ip resolver.retrans\(dd
The resolver's
retransmission time interval
(in seconds)
@@ -2184,21 +2453,21 @@ Sets both
.i Timeout.resolver.retrans.first
and
.i Timeout.resolver.retrans.normal .
-.ip resolver.retrans.first
+.ip resolver.retrans.first\(dd
The resolver's
retransmission time interval
(in seconds)
for the first attempt to
deliver a message
[varies].
-.ip resolver.retrans.normal
+.ip resolver.retrans.normal\(dd
The resolver's
retransmission time interval
(in seconds)
for all resolver lookups
except the first delivery attempt
[varies].
-.ip resolver.retry
+.ip resolver.retry\(dd
The number of times
to retransmit a resolver query.
Sets both
@@ -2206,13 +2475,13 @@ Sets both
and
.i Timeout.resolver.retry.normal
[varies].
-.ip resolver.retry.first
+.ip resolver.retry.first\(dd
The number of times
to retransmit a resolver query
for the first attempt
to deliver a message
[varies].
-.ip resolver.retry.normal
+.ip resolver.retry.normal\(dd
The number of times
to retransmit a resolver query
for all resolver lookups
@@ -2230,32 +2499,6 @@ All but those marked with
.DD
(\(dd) apply to client SMTP.
.pp
-Many of the RFC 1123 minimum values
-may well be too short.
-.i Sendmail
-was designed to the RFC 822 protocols,
-which did not specify read timeouts;
-hence, versions of
-.i sendmail
-prior to version 8.1 did not guarantee to reply to messages promptly.
-In particular, a
-.q RCPT
-command specifying a mailing list
-will expand and verify the entire list;
-a large list on a slow system
-may easily take more than five minutes\**.
-.(f
-\**This verification includes looking up every address
-with the name server;
-this involves network delays,
-and can in some cases can be considerable.
-.)f
-I recommend a one hour timeout \*-
-since a communications failure during the RCPT phase is rare,
-a long timeout is not onerous
-and may ultimately help reduce network load
-and duplicated messages.
-.pp
For example, the lines:
.(b
O Timeout.command=25m
@@ -2266,7 +2509,7 @@ and the input data block timeout to three hours.
.sh 3 "Message timeouts"
.pp
After sitting in the queue for a few days,
-a message will time out.
+an undeliverable message will time out.
This is to insure that at least the sender is aware
of the inability to send a message.
The timeout is typically set to five days.
@@ -2313,7 +2556,7 @@ to return entries immediately during a queue run,
e.g., to bounce messages independent of their time in the queue.
.pp
Since these options are global,
-and since you can not know
+and since you cannot know
.i "a priori"
how long another host outside your domain will be down,
a five day timeout is recommended.
@@ -2347,11 +2590,13 @@ option,
.i sendmail
will fork before each individual message
while running the queue.
-This will prevent
+This option was used with earlier releases to prevent
.i sendmail
-from consuming large amounts of memory,
-so it may be useful in memory-poor environments.
-However, if the
+from consuming large amounts of memory.
+It should no longer be necessary with
+.i sendmail
+8.12.
+If the
.b ForkEachJob
option is not set,
.i sendmail
@@ -2362,7 +2607,7 @@ If the
.b ForkEachJob
option is set,
.i sendmail
-can not use connection caching.
+cannot use connection caching.
.sh 2 "Queue Priorities"
.pp
Every message is assigned a priority when it is first instantiated,
@@ -2430,27 +2675,23 @@ option defaults to 90000.
.sh 2 "Load Limiting"
.pp
.i Sendmail
-can be asked to queue (but not deliver)
-mail if the system load average gets too high
-using the
+can be asked to queue (but not deliver) mail
+if the system load average gets too high using the
.b QueueLA
(\c
.b x )
option.
When the load average exceeds the value of the
.b QueueLA
-option,
-the delivery mode is set to
+option, the delivery mode is set to
.b q
-(queue only)
-if the
+(queue only) if the
.b QueueFactor
(\c
.b q )
option divided by the difference in the current load average and the
.b QueueLA
-option
-plus one
+option plus one
is less than the priority of the message \(em
that is, the message is queued iff:
.EQ
@@ -2459,22 +2700,22 @@ pri > { bold QueueFactor } over { LA - { bold QueueLA } + 1 }
The
.b QueueFactor
option defaults to 600000,
-so each point of load average is worth 600000
-priority points
+so each point of load average is worth 600000 priority points
(as described above).
.pp
-For drastic cases,
-the
+For drastic cases, the
.b RefuseLA
(\c
.b X )
option defines a load average at which
.i sendmail
-will refuse
-to accept network connections.
-Locally generated mail
-(including incoming UUCP mail)
+will refuse to accept network connections.
+Locally generated mail, i.e., mail which is not submitted via SMTP
+(including incoming UUCP mail),
is still accepted.
+Notice that the MSP submits mail to the MTA via SMTP, and hence
+mail will be queued in the client queue in such a case.
+Therefore it is necessary to run the client mail queue periodically.
.sh 2 "Delivery Mode"
.pp
There are a number of delivery modes that
@@ -2514,7 +2755,9 @@ Mode
.q d
is identical to mode
.q q
-except that it also prevents all the early map lookups from working;
+except that it also prevents lookups in maps including the
+.b -D
+flag from working during the initial queue phase;
it is intended for ``dial on demand'' sites where DNS lookups
might cost real money.
Some simple error messages
@@ -2538,7 +2781,7 @@ upon initial receipt of the mail.
This speeds up the response to RCPT commands.
Mode
.q i
-cannot be used by the SMTP server.
+should not be used by the SMTP server.
.sh 2 "Log Level"
.pp
The level of logging can be set for
@@ -2610,9 +2853,18 @@ option to turn off some of these checks.
.sh 3 "To suid or not to suid?"
.pp
.i Sendmail
-is normally installed
-setuid to root.
-At the point where it is about to
+is no longer installed
+set-user-ID to root.
+sendmail/SECURITY
+explains how to configure and install
+.i sendmail
+without set-user-ID to root but set-group-ID
+which is the default configuration starting with 8.12.
+.pp
+The daemon usually runs as root, unless other measures are taken.
+At the point where
+.i sendmail
+is about to
.i exec \|(2)
a mailer,
it checks to see if the userid is zero (root);
@@ -2638,36 +2890,7 @@ to be accounted
to root
rather than to the user sending the mail.
.pp
-If you don't make
-.i sendmail
-setuid to root, it will still run but you lose a lot of functionality
-and a lot of privacy, since you'll have to make the queue directory
-world readable.
-You could also make
-.i sendmail
-setuid to some pseudo-user
-(e.g., create a user called
-.q sendmail
-and make
-.i sendmail
-setuid to that)
-which will fix the privacy problems
-but not the functionality issues.
-It also introduces problems on some operating systems
-if sendmail needs to give up the setuid special privileges.
-Also, this isn't a guarantee of security:
-for example,
-root occasionally sends mail,
-and the daemon often runs as root.
-Note however that
-.i sendmail
-must run as root or the trusted user in order to create the SMTP listener
-socket.
-.pp
-A middle ground is to make
-.i sendmail
-setuid to root,
-but set the
+A middle ground is to set the
.b RunAsUser
option.
This causes
@@ -2714,6 +2937,11 @@ that are group writable
on the grounds that they might have been tampered with
by someone other than the owner;
it will even refuse to read files in group writable directories.
+Also, sendmail will refuse to create a new aliases database in an
+unsafe directory. You can get around this by manually creating the
+database file as a trusted user ahead of time and then rebuilding the
+aliases database with
+.b newaliases .
.pp
If you are
.i quite
@@ -2772,6 +3000,10 @@ Allow a
.i \&.forward
file that is in an unsafe directory to include references
to program and files.
+.ip GroupReadableKeyFile
+Accept a group-readable key file for STARTTLS.
+.ip GroupReadableSASLDBFile
+Accept a group-readable Cyrus SASL password file.
.ip GroupWritableAliasFile
Allow group-writable alias files.
.ip GroupWritableDirPathSafe
@@ -2779,14 +3011,24 @@ Change the definition of
.q "unsafe directory"
to consider group-writable directories to be safe.
World-writable directories are always unsafe.
+.ip GroupWritableForwardFile
+Allow group writable
+.i \&.forward
+files.
.ip GroupWritableForwardFileSafe
Accept group-writable
.i \&.forward
files as safe for program and file delivery.
+.ip GroupWritableIncludeFile
+Allow group wriable
+.i :include:
+files.
.ip GroupWritableIncludeFileSafe
Accept group-writable
.i :include:
files as safe for program and file delivery.
+.ip GroupWritableSASLDBFile
+Accept a group-writable Cyrus SASL password file.
.ip HelpFileInUnsafeDirPath
Allow the file named in the
.b HelpFile
@@ -2821,6 +3063,7 @@ Allow
files that are links in writable directories.
.ip LinkedMapInWritableDir
Allow map files that are links in writable directories.
+This includes alias database files.
.ip LinkedServiceSwitchFileInWritableDir
Allow the service switch file to be a link
even if the directory is writable.
@@ -2832,13 +3075,14 @@ and
.i dbm
files)
in unsafe directories.
+This includes alias database files.
.ip NonRootSafeAddr
Do not mark file and program deliveries as unsafe
if sendmail is not running with root privileges.
.ip RunProgramInUnsafeDirPath
-Go ahead and run programs that are in writable directories.
+Run programs that are in writable directories without logging a warning.
.ip RunWritableProgram
-Go ahead and run programs that are group- or world-writable.
+Run programs that are group- or world-writable without logging a warning.
.ip TrustStickyBit
Allow group or world writable directories
if the sticky bit is set on the directory.
@@ -2846,6 +3090,14 @@ Do not set this on systems which do not honor
the sticky bit on directories.
.ip WorldWritableAliasFile
Accept world-writable alias files.
+.ip WorldWritableForwardfile
+Allow world writable
+.i \&.forward
+files.
+.ip WorldWritableIncludefile
+Allow world wriable
+.i :include:
+files.
.ip WriteMapToHardLink
Allow writes to maps that are hard links.
.ip WriteMapToSymLink
@@ -2980,13 +3232,24 @@ turns on the AAONLY (accept authoritative answers only)
and turns off the DNSRCH (search the domain path) options.
Most resolver libraries default DNSRCH, DEFNAMES, and RECURSE
flags on and all others off.
+If NETINET6 is enabled, most libraries default to USE_INET6 as well.
You can also include
.q HasWildcardMX
to specify that there is a wildcard MX record matching your domain;
this turns off MX matching when canonifying names,
which can lead to inappropriate canonifications.
-.pp
-Version level 1 configurations
+Use
+.q WorkAroundBrokenAAAA
+when faced with a a broken nameservers that returns SERVFAIL
+(a temporary failure)
+on T_AAAA (IPv6) lookups
+during hostname canonification.
+Notice: it might be necessary to apply the same (or similar) options to
+.i submit.cf
+too.
+.pp
+Version level 1 configurations (see the section about
+Configuration Version Level)
turn DNSRCH and DEFNAMES off when doing delivery lookups,
but leave them on everywhere else.
Version 8 of
@@ -3026,7 +3289,8 @@ when linking.
Some sites mount each user's home directory
from a local disk on their workstation,
so that local access is fast.
-However, the result is that .forward file lookups are slow.
+However, the result is that .forward file lookups
+from a central mail server are slow.
In some cases,
mail can even be delivered on machines inappropriately
because of a file server being down.
@@ -3056,14 +3320,13 @@ it should be mode 1777
(that is, the sticky bit should be set).
Users should create the files mode 644.
Note that you must use the
-forwardfileinunsafedirpath and
-forwardfileinunsafedirpathsafe
-flags with the DontBlameSendmail option
-to allow forward files in a world
-writable directory.
-This might also be used as a
-denial of service
-attack (users could create forward files for other users);
+ForwardFileInUnsafeDirPath and
+ForwardFileInUnsafeDirPathSafe
+flags with the
+.b DontBlameSendmail
+option to allow forward files in a world writable directory.
+This might also be used as a denial of service attack
+(users could create forward files for other users);
a better approach might be to create
/var/forward
mode 755
@@ -3162,10 +3425,11 @@ since this is done every time
.i sendmail
starts up,
rather than easy for a human to read or write.
-On the
-.q "future project"
-list is a
-configuration-file compiler.
+The configuration file should be generated via the method described in
+.b cf/README ,
+it should not be edited directly unless someone is familiar
+with the internals of the syntax described here and it is
+not possible to achieve the desired result via the default method.
.pp
The configuration file is organized as a series of lines,
each of which begins with a single character
@@ -3432,7 +3696,7 @@ and
may be multi-part.
If the
.i mailer
-is the builtin IPC mailer,
+is the built-in IPC mailer,
the
.i host
may be a colon-separated list of hosts
@@ -3653,7 +3917,12 @@ Many of these can also resolve to the special mailer name
this accepts the message as though it were successful
but then discards it without delivery.
Note,
-this mailer can not be chosen as a mailer in ruleset 0.
+this mailer cannot be chosen as a mailer in ruleset 0.
+Note also that all
+.q check_*
+rulesets have to deal with temporary failures, especially for map lookups,
+themselves, i.e., they should return a temporary error code
+or at least they should make a proper decision in those cases.
.sh 4 "check_relay"
.pp
The
@@ -3686,6 +3955,14 @@ ruleset is passed the user name parameter of the
.sm "SMTP RCPT"
command.
It can accept or reject the address.
+.sh 4 "check_data"
+.pp
+The
+.i check_data
+ruleset is called after the
+.sm "SMTP DATA"
+command, its parameter is the number of recipients.
+It can accept or reject the command.
.sh 4 "check_compat"
.pp
The
@@ -3817,6 +4094,103 @@ If the ruleset does resolve to the
.q error
mailer, the connection is aborted
(treated as non-deliverable with a permanent or temporary error).
+.sh 4 "tls_rcpt"
+.pp
+The
+.i tls_rcpt
+ruleset is called each time before a RCPT TO command is sent.
+The parameter is the current recipient.
+If the ruleset does resolve to the
+.q error
+mailer, the RCPT TO command is suppressed
+(treated as non-deliverable with a permanent or temporary error).
+This ruleset allows to require encryption or verification of
+the recipient's MTA even if the mail is somehow redirected
+to another host.
+For example, sending mail to
+.i luke@endmail.org
+may get redirected to a host named
+.i death.star
+and hence the tls_server ruleset won't apply.
+By introducing per recipient restrictions such attacks
+(e.g., via DNS spoofing) can be made impossible.
+See
+.i cf/README
+how this ruleset can be used.
+.sh 4 "srv_features"
+.pp
+The
+.i srv_features
+ruleset is called when a client connects to sendmail.
+This ruleset should return
+.b $#
+followed by a list of options (single characters
+delimited by white space).
+If the return value starts with anything else it is silently ignored.
+Generally upper case characters turn off a feature
+while lower case characters turn it on.
+The option `S' causes the server not to offer STARTTLS.
+This is useful to interact with MTAs/MUAs that have broken
+STARTTLS implementations by simply not offering it.
+`V' turns off the request for a client certificate
+during the TLS handshake.
+Option `A' and `P' suppress SMTP AUTH and PIPELINING, respectively.
+The ruleset may return `$#temp' to indicate that there is a temporary
+problem determining the correct features, e.g., if a map is unavailable.
+In that case, the SMTP server issues a temporary failure and does not
+accept email.
+.sh 4 "try_tls"
+.pp
+The
+.i try_tls
+ruleset is called when sendmail connects to another MTA.
+If the ruleset does resolve to the
+.q error
+mailer, sendmail does not try STARTTLS even if it is offered.
+This is useful to interact with MTAs that have broken
+STARTTLS implementations by simply not using it.
+.sh 4 "authinfo"
+.pp
+The
+.i authinfo
+ruleset is called when sendmail tries to authenticate to another MTA.
+It should return
+.b $#
+followed by a list of tokens that are used for SMTP AUTH.
+If the return value starts with anything else it is silently ignored.
+Each token is a tagged string of the form:
+"TDstring"
+(including the quotes), where
+.(b
+.ta 9n
+T Tag which describes the item
+D Delimiter: ':' simple text follows
+ '=' string is base64 encoded
+string Value of the item
+.)b
+Valid values for the tag are:
+.(b
+.ta 9n
+U user (authorization) id
+I authentication id
+P password
+R realm
+M list of mechanisms delimited by spaces
+.)b
+If this ruleset is defined, the option
+.b DefaultAuthInfo
+is ignored (even if the ruleset does not return a ``useful'' result).
+.sh 4 "queuegroup"
+.pp
+The
+.i queuegroup
+ruleset is used to map an address to a queue group name.
+It should return
+.b $#
+followed by the name of a queue group.
+If the return value starts with anything else it is silently ignored.
+See the section about Queue Groups and Queue Directories
+for further information.
.sh 3 "IPC mailers"
.pp
Some special processing occurs
@@ -3831,11 +4205,16 @@ The host name passed after
has MX expansion performed if not delivering via a named socket;
this looks the name up in DNS to find alternate delivery sites.
.pp
-The host name can also be provided as a dotted quad in square brackets;
+The host name can also be provided as a dotted quad
+or an IPv6 address in square brackets;
for example:
.(b
[128.32.149.78]
.)b
+or
+.(b
+[IPv6:2002:c0a8:51d2::23f4]
+.)b
This causes direct conversion of the numeric value
to an IP host address.
.pp
@@ -3934,19 +4313,6 @@ The
.b $| )
clause may be omitted.
.pp
-Lower case macro names are reserved to have
-special semantics,
-used to pass information in or out of
-.i sendmail ,
-and special characters are reserved to
-provide conditionals, etc.
-Upper case names
-(that is,
-.b $A
-through
-.b $Z )
-are specifically reserved for configuration file authors.
-.pp
The following macros are defined and/or used internally by
.i sendmail
for interpolation into argv's for mailers
@@ -4005,7 +4371,7 @@ This is set in ruleset 0 from the $@ field of a parsed address.
.ip $i
The queue id,
e.g.,
-.q HAA12345 .
+.q f344MXxp018717 .
.ip $j\(dd
The \*(lqofficial\*(rq domain name for this site.
This is fully qualified if the full qualification can be found.
@@ -4106,15 +4472,28 @@ The full name of the sender.
The home directory of the recipient.
.ip $_
The validated sender address.
+See also
+.b ${client_resolve} .
+.ip ${addr_type}
+The type of the address which is currently being rewritten.
+This macro contains up to three characters, the first
+is either `e' or `h' for envelope/header address,
+the second is a space,
+and the third is either `s' or `r' for sender/recipient address.
+Notice: for header addresses no distinction is currently made
+between sender and recipient addresses, i.e., the macro contains
+only `h'.
.ip ${auth_authen}
The client's authentication credentials as determined by authentication
(only set if successful).
+The format depends on the mechanism used, it might be just `user',
+or `user@realm', or something similar (SMTP AUTH only).
.ip ${auth_author}
The authorization identity, i.e. the AUTH= parameter of the
.sm "SMTP MAIL"
command if supplied.
.ip ${auth_type}
-The mechanism used for authentication
+The mechanism used for SMTP authentication
(only set if successful).
.ip ${auth_ssf}
The keylength (in bits) of the symmetric encryption algorithm
@@ -4125,44 +4504,74 @@ The message body type
as determined from the envelope.
.ip ${cert_issuer}
The DN (distinguished name) of the CA (certificate authority)
-that signed the presented certificate (the cert issuer).
+that signed the presented certificate (the cert issuer)
+(STARTTLS only).
+.ip ${cert_md5}
+The MD5 hash of the presented certificate (STARTTLS only).
.ip ${cert_subject}
-The DN of the presented certificate (called the cert subject).
+The DN of the presented certificate (called the cert subject)
+(STARTTLS only).
.ip ${cipher}
The cipher suite used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
-EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA.
+EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA
+(STARTTLS only).
.ip ${cipher_bits}
The keylength (in bits) of the symmetric encryption algorithm
used for a TLS connection.
.ip ${client_addr}
The IP address of the SMTP client.
+IPv6 addresses are tagged with "IPv6:" before the address.
Defined in the SMTP server only.
.ip ${client_name}
The host name of the SMTP client.
This may be the client's bracketed IP address
-in the form [ nnn.nnn.nnn.nnn ] if the client's
+in the form [ nnn.nnn.nnn.nnn ] for IPv4
+and [ IPv6:nnnn:...:nnnn ] for IPv6
+if the client's
IP address is not resolvable, or if it is resolvable
but the IP address of the resolved hostname
doesn't match the original IP address.
Defined in the SMTP server only.
+See also
+.b ${client_resolve} .
.ip ${client_port}
The port number of the SMTP client.
Defined in the SMTP server only.
.ip ${client_resolve}
Holds the result of the resolve call for
-.b ${client_name}
-: OK, FAIL, FORGED, TEMP.
+.b ${client_name} .
+Possible values are:
+.(b
+.ta 10n
+OK resolved successfully
+FAIL permanent lookup failure
+FORGED forward lookup doesn't match reverse lookup
+TEMP temporary lookup failure
+.)b
Defined in the SMTP server only.
+.i sendmail
+performs a hostname lookup on the IP address of the connecting client.
+Next the IP addresses of that hostname are looked up.
+If the client IP address does not appear in that list,
+then the hostname is maybe forged.
+This is reflected as the value FORGED for
+.b ${client_resolve}
+and it also shows up in
+.b $_
+as "(may be forged)".
+.ip ${cn_issuer}
+The CN (common name) of the CA that signed the presented certificate
+(STARTTLS only).
+.ip ${cn_subject}
+The CN (common name) of the presented certificate
+(STARTTLS only).
.ip ${currHeader}
Header value as quoted string
(possibly truncated to
.b MAXNAME ).
+This macro is only available in header check rulesets.
.ip ${daemon_addr}
The IP address the daemon is listening on for connections.
-Unless
-.b DaemonPortOptions
-is set, this will be
-.q 0.0.0.0 .
.ip ${daemon_family}
The network family
if the daemon is accepting network connections.
@@ -4208,32 +4617,43 @@ It is initially set to the value of the
.b DeliveryMode
option.
.ip ${envid}
-The envelope id passed to sendmail as part of the envelope.
+The envelope id parameter (ENVID=) passed to sendmail as part of the envelope.
.ip ${hdrlen}
The length of the header value which is stored in
${currHeader} (before possible truncation).
-If this value is greater than or equal
+If this value is greater than or equal to
.b MAXNAME
the header has been truncated.
.ip ${hdr_name}
The name of the header field for which the current header
check ruleset has been called.
This is useful for a default header check ruleset to get
-the name of the header.
+the name of the header;
+the macro is only available in header check rulesets.
.ip ${if_addr}
The IP address of the interface of an incoming connection
unless it is in the loopback net.
+IPv6 addresses are tagged with "IPv6:" before the address.
+.ip ${if_addr_out}
+The IP address of the interface of an outgoing connection
+unless it is in the loopback net.
+IPv6 addresses are tagged with "IPv6:" before the address.
.ip ${if_family}
The IP family of the interface of an incoming connection
unless it is in the loopback net.
+.ip ${if_family_out}
+The IP family of the interface of an outgoing connection
+unless it is in the loopback net.
.ip ${if_name}
-The name of the interface of an incoming connection.
+The hostname associated with the interface of an incoming connection.
This macro can be used for
SmtpGreetingMessage and HReceived for virtual hosting.
For example:
.(b
O SmtpGreetingMessage=$?{if_name}${if_name}$|$j$. MTA
.)b
+.ip ${if_name_out}
+The name of the interface of an outgoing connection.
.ip ${mail_addr}
The address part of the resolved triple of the address given for the
.sm "SMTP MAIL"
@@ -4256,6 +4676,12 @@ before the message has been collected, thereafter
the message size as computed by
.i sendmail
(and can be used in check_compat).
+.ip ${nrcpts}
+The number of validated recipients for a single message.
+Note: since recipient validation happens after
+.i check_rcpt
+has been called, the value in this ruleset
+is one less than what might be expected.
.ip ${ntries}
The number of delivery attempts.
.ip ${opMode}
@@ -4276,36 +4702,40 @@ to
The address part of the resolved triple of the address given for the
.sm "SMTP RCPT"
command.
-Defined in the SMTP server only.
+Defined in the SMTP server only after a RCPT command.
.ip ${rcpt_host}
The host from the resolved triple of the address given for the
.sm "SMTP RCPT"
command.
-Defined in the SMTP server only.
+Defined in the SMTP server only after a RCPT command.
.ip ${rcpt_mailer}
The mailer from the resolved triple of the address given for the
.sm "SMTP RCPT"
command.
-Defined in the SMTP server only.
+Defined in the SMTP server only after a RCPT command.
.ip ${server_addr}
The address of the server of the current outgoing SMTP connection.
+For LMTP delivery the macro is set to the name of the mailer.
.ip ${server_name}
-The name of the server of the current outgoing SMTP connection.
+The name of the server of the current outgoing SMTP or LMTP connection.
.ip ${tls_version}
-The TLS/SSL version used for the connection, e.g., TLSv1, SSLv3, SSLv2.
+The TLS/SSL version used for the connection, e.g., TLSv1, SSLv3, SSLv2;
+defined after STARTTLS has been used.
.ip ${verify}
-The result of the verification of the presented cert.
+The result of the verification of the presented cert;
+only defined after STARTTLS has been used.
Possible values are:
.(b
-.ta 9n
+.ta 13n
OK verification succeeded.
NO no cert presented.
+NOT no cert requested.
FAIL cert presented but could not be verified,
e.g., the signing CA is missing.
NONE STARTTLS has not been performed.
TEMP temporary error occurred.
-PROTOCOL some protocol error occurred.
-SOFTWARE STARTTLS handshake failed,
+PROTOCOL some protocol error occurred.
+SOFTWARE STARTTLS handshake failed,
which is a fatal error for this session,
the e-mail will be queued.
.)b
@@ -4552,6 +4982,9 @@ The syntax is:
.br
.b F \c
.i c\||program
+.br
+.b F \c
+.i c\|[mapkey]@mapclass:mapspec
.)b
The first form defines the class
.i c
@@ -4582,18 +5015,47 @@ The ``F'' forms
read the elements of the class
.i c
from the named
-.i file
+.i file ,
+.i program ,
or
-.i program .
+.i "map specification" .
Each element should be listed on a separate line.
-To specify an optional file, use ``-o'' between the class
+To specify an optional file, use ``\-o'' between the class
name and the file name, e.g.,
.(b
-Fc -o /path/to/file
+Fc \-o /path/to/file
.)b
If the file can't be used,
.i sendmail
will not complain but silently ignore it.
+The map form should be an optional map key, an at sign,
+and a map class followed by the specification for that map.
+Examples include:
+.(b
+F{VirtHosts}@ldap:\-k (&(objectClass=virtHosts)(host=*)) \-v host
+F{MyClass}foo@hash:/etc/mail/classes
+.)b
+will fill the class
+.b $={VirtHosts}
+from an LDAP map lookup and
+.b $={MyClass}
+from a hash database map lookup of the
+.b foo .
+There is also a built-in schema that can be accessed by only specifying:
+.(b
+F{\c
+.i ClassName }@LDAP
+.)b
+This will tell sendmail to use the default schema:
+.(b
+\-k (&(objectClass=sendmailMTAClass)
+ (sendmailMTAClassName=\c
+.i ClassName )
+ (|(sendmailMTACluster=${sendmailMTACluster})
+ (sendmailMTAHost=$j)))
+\-v sendmailMTAClassValue
+.)b
+Note that the lookup is only done when sendmail is initially started.
.pp
Elements of classes can be accessed in rules using
.b $=
@@ -4729,6 +5191,7 @@ Path The pathname of the mailer
Flags Special flags for this mailer
Sender Rewriting set(s) for sender addresses
Recipient Rewriting set(s) for recipient addresses
+recipients Maximum number of recipients per connection
Argv An argument vector to pass to this mailer
Eol The end-of-line string for this mailer
Maxsize The maximum message length to this mailer
@@ -4740,9 +5203,11 @@ Nice The nice(2) increment for the mailer
Charset The default character set for 8-bit characters
Type Type information for DSN diagnostics
Wait The maximum time to wait for the mailer
+Queuegroup The default queue group for the mailer
/ The root directory for the mailer
.)b
-Only the first character of the field name is checked.
+Only the first character of the field name is checked
+(it's case-sensitive).
.pp
The following flags may be set in the mailer description.
Any other flags may be used freely
@@ -4870,10 +5335,10 @@ to another
.i sendmail
\*-
as such it can use special protocol features.
-This option is not required
-(i.e.,
-if this option is omitted the transmission will still operate successfully,
-although perhaps not as efficiently as possible).
+This flag should not be used except for debugging purposes
+because it uses
+.b VERB
+as SMTP command.
.ip j
Do User Database rewriting on recipients as well as senders.
.ip k
@@ -4972,6 +5437,8 @@ Secure ports aren't
(secure, that is)
except on UNIX machines,
so it is unclear that this adds anything.
+.i sendmail
+must be running as root to be able to use this flag.
.ip s
Strip quote characters (" and \e) off of the address
before calling the mailer.
@@ -5001,10 +5468,12 @@ on the end.
.ip w
The user must have a valid account on this machine,
i.e.,
-getpwnam
+.i getpwnam
must succeed.
-If not,
-the mail is bounced.
+If not, the mail is bounced.
+See also the
+.b MailBoxDatabase
+option.
This is required to get
.q \&.forward
capability.
@@ -5013,11 +5482,8 @@ This mailer wants a
.q Full-Name:
header line.
.ip X
-This mailer want to use the hidden dot algorithm
-as specified in RFC821;
-basically,
-any line beginning with a dot
-will have an extra dot prepended
+This mailer wants to use the hidden dot algorithm as specified in RFC821;
+basically, any line beginning with a dot will have an extra dot prepended
(to be stripped at the other end).
This insures that lines in the message containing a dot
will not terminate the message prematurely.
@@ -5029,8 +5495,19 @@ and the local mailer.
This is a variant on SMTP
defined in RFC 2033
that is specifically designed for delivery to a local mailbox.
+.ip Z
+Apply DialDelay (if set) to this mailer.
.ip 0
-Don't look up MX records for hosts sent via SMTP.
+Don't look up MX records for hosts sent via SMTP/LMTP.
+Do not apply
+.b FallbackMXhost
+either.
+.ip 1
+Don't send null characters ('\\0') to this mailer.
+.ip 2
+Don't use ESMTP even if offered; this is useful for broken
+systems that offer ESMTP but fail on EHLO (without recovering
+when HELO is tried next).
.ip 3
Extend the list of characters converted to =XX notation
when converting to Quoted-Printable
@@ -5124,7 +5601,7 @@ The mailer with the special name
.q discard
causes any mail sent to it to be discarded
but otherwise treated as though it were successfully delivered.
-This mailer can not be used in ruleset 0,
+This mailer cannot be used in ruleset 0,
only in the various address checking rulesets.
.pp
The mailer named
@@ -5148,13 +5625,31 @@ M*file*, P=[FILE], F=lsDFMPEouq9, T=DNS/RFC822/X-Unix, A=FILE $u
M*include*, P=/dev/null, F=su, A=INCLUDE $u
.)b
.pp
+Builtin pathnames are [FILE] and [IPC], the former is used for
+delivery to files, the latter for delivery via interprocess communication.
+For mailers that use [IPC] as pathname the argument vector (A=)
+must start with TCP or FILE for delivery via a TCP or a Unix domain socket.
+If TCP is used, the second argument must be the name of the host
+to contact.
+Optionally a third argument can be used to specify a port,
+the default is smtp (port 25).
+If FILE is used, the second argument must be the name of
+the Unix domain socket.
+.pp
+If the argument vector does not contain $u then
+.i sendmail
+will speak SMTP (or LMTP if the mailer flag z is specified) to the mailer.
+.pp
+If no Eol field is defined, then the default is "\\r\\n" for
+SMTP mailers and "\\n" of others.
+.pp
The Sender and Recipient rewriting sets
may either be a simple ruleset id
or may be two ids separated by a slash;
if so, the first rewriting set is applied to envelope
addresses
and the second is applied to headers.
-Setting any value zero disables corresponding mailer-specific rewriting.
+Setting any value to zero disables corresponding mailer-specific rewriting.
.pp
The Directory
is actually a colon-separated path of directories to try.
@@ -5168,7 +5663,7 @@ This is intended to be used only on the
mailer,
since some shells (such as
.i csh )
-refuse to execute if they cannot read the home directory.
+refuse to execute if they cannot read the current directory.
Since the queue directory is not normally readable by unprivileged users
.i csh
scripts as recipients can fail.
@@ -5232,8 +5727,13 @@ or begin with
The default is
.q dns/rfc822/smtp .
.pp
-The m= field specifies the maximum number of messages to attempt to deliver
-on a single SMTP or LMTP connection.
+The m= field specifies the maximum number of messages
+to attempt to deliver on a single SMTP or LMTP connection.
+The default is infinite.
+.pp
+The r= field specifies the maximum number of recipients
+to attempt to deliver in a single envelope.
+It defaults to 100.
.pp
The /= field specifies a new root directory for the mailer. The path is
macro expanded and then passed to the
@@ -5245,6 +5745,11 @@ The Wait= field specifies the maximum time to wait for the
mailer to return after sending all data to it.
This applies to mailers that have been forked by
.i sendmail .
+.pp
+The Queuegroup= field specifies the default queue group in which
+received mail should be queued.
+This can be overridden by other means as explained in section
+``Queue Groups and Queue Directories''.
.sh 2 "H \*- Define Header"
.pp
The format of the header lines that
@@ -5272,8 +5777,8 @@ The syntax of this line is one of the following:
.)b
.(b F
.b H [\c
-.b ? \c
-.i ${macro} \c
+.b ?$ \c
+.i {macro} \c
.b ? \c
.b ]\c
.i hname \c
@@ -5305,6 +5810,12 @@ storage map in a ruleset.
If one of these headers is in the input
it is reflected to the output
regardless of these flags or macros.
+Notice:
+If a
+.i ${macro}
+is used to set a header, then it is useful to add that macro to class
+.i $={persistentMacros}
+which consists of the macros that should be saved across queue runs.
.pp
Some headers have special semantics
that will be described later.
@@ -5378,13 +5889,10 @@ or
.)b
.sh 2 "O \*- Set Option"
.pp
-There are a number of
-global
-options that
+There are a number of global options that
can be set from a configuration file.
Options are represented by full words;
-some are also representable as single characters
-for back compatibility.
+some are also representable as single characters for back compatibility.
The syntax of this line is:
.(b F
.b O \0
@@ -5421,6 +5929,11 @@ the default is TRUE),
or
a time interval.
.pp
+All filenames used in options should be absolute paths,
+i.e., starting with '/'.
+Relative filenames most likely cause surprises during operation
+(unless otherwise noted).
+.pp
The options supported (with the old, one character names in brackets) are:
.nr ii 1i
.ip "AliasFile=\fIspec, spec, ...\fP"
@@ -5437,6 +5950,29 @@ where
.i class \c
.b :
is optional and defaults to ``implicit''.
+Note that
+.i info
+is required for all
+.i class es
+except
+.q ldap .
+For the
+.q ldap
+class,
+if
+.i info
+is not specified,
+a default
+.i info
+value is used as follows:
+.(b
+\-k (&(objectClass=sendmailMTAAliasObject)
+ (sendmailMTAAliasName=aliases)
+ (|(sendmailMTACluster=${sendmailMTACluster})
+ (sendmailMTAHost=$j))
+ (sendmailMTAKey=%0))
+\-v sendmailMTAAliasValue
+.)b
Depending on how
.i sendmail
is compiled, valid classes are
@@ -5487,47 +6023,72 @@ entry to exist in the alias database
before starting up.
If it does not appear in the
.i timeout
-interval
-rebuild the database
-(if the
-.b AutoRebuildAliases
-option is also set)
-or issue a warning.
+interval issue a warning.
.ip AllowBogusHELO
[no short name]
If set, allow HELO SMTP commands that don't include a host name.
Setting this violates RFC 1123 section 5.2.5,
but is necessary to interoperate with several SMTP clients.
If there is a value, it is still checked for legitimacy.
+.ip AuthMaxBits=\fIN\fP
+[no short name]
+Limit the maximum encryption strength for the security layer in
+SMTP AUTH (SASL). Default is essentially unlimited.
+This allows to turn off additional encryption in SASL if
+STARTTLS is already encrypting the communication, because the
+existing encryption strength is taken into account when choosing
+an algorithm for the security layer.
+For example, if STARTTLS is used and the symmetric cipher is 3DES,
+then the the keylength (in bits) is 168.
+Hence setting
+.b AuthMaxBits
+to 168 will disable any encryption in SASL.
.ip AuthMechanisms
[no short name]
List of authentication mechanisms for AUTH (separated by spaces).
The advertised list of authentication mechanisms will be the
intersection of this list and the list of available mechanisms as
determined by the Cyrus SASL library.
+If STARTTLS is active, EXTERNAL will be added to this list.
+In that case, the value of {cert_subject} is used as authentication id.
.ip AuthOptions
[no short name]
-When to use the AUTH= parameter for the MAIL FROM command;
+List of options for SMTP AUTH consisting of single characters
+with intervening white space or commas.
.(b
-.ta 1i
-A Only when authentication succeeded.
-.)b
-The default is to try whenever SMTP AUTH is available.
-.ip AutoRebuildAliases
-[D]
-If set,
-rebuild the alias database if necessary and possible.
-The rebuild will happen the next time an alias is looked up.
-If this option is not set,
-.i sendmail
-will never rebuild the alias database
-unless explicitly requested
-using
-.b \-bi .
-.b NOTE :
-There is a potential for a denial of service attack if this is set.
-This option is deprecated and
-will be removed from a future version.
+.ta 4n
+A Use the AUTH= parameter for the MAIL FROM
+ command only when authentication succeeded.
+ This can be used as a workaround for broken
+ MTAs that do not implement RFC2554 correctly.
+a protection from active (non-dictionary) attacks
+ during authentication exchange.
+c require mechanisms which pass client credentials,
+ and allow mechanisms which can pass credentials
+ to do so.
+d don't permit mechanisms susceptible to passive
+ dictionary attack.
+f require forward secrecy between sessions
+ (breaking one won't help break next).
+p don't permit mechanisms susceptible to simple
+ passive attack (e.g., PLAIN, LOGIN).
+y don't permit mechanisms that allow anonymous login.
+.)b
+The first option applies to sendmail as a client, the others to a server.
+Example:
+.(b
+O AuthOptions=p,y
+.)b
+would disallow ANONYMOUS as AUTH mechanism and would
+allow PLAIN only if a security layer (e.g.,
+provided by STARTTLS) is already active.
+The options 'a', 'c', 'd', 'f', 'p', and 'y' refer to properties of the
+selected SASL mechanisms.
+Explanations of these properties can be found in the Cyrus SASL documentation.
+.ip BadRcptThrottle=\fIN\fP
+[no short name]
+If set and more than the specified number of recipients in a single SMTP
+envelope are rejected, sleep for one second after each rejected RCPT command.
.ip BlankSub=\fIc\fP
[B]
Set the blank substitution character to
@@ -5541,7 +6102,8 @@ This directory directory must contain the hashes of each CA certificate
as filenames (or as links to them).
.ip CACERTFile
[no short name]
-File containing one CA certificate.
+File containing one or more CA certificates;
+see section about STARTTLS for more information.
.ip CheckAliases
[n]
Validate the RHS of aliases when rebuilding the alias database.
@@ -5570,7 +6132,15 @@ Defaults to 1800.
.ip ClientCertFile
[no short name]
File containing the certificate of the client, i.e., this certificate
-is used when sendmail acts as client.
+is used when
+.i sendmail
+acts as client (for STARTTLS).
+.ip ClientKeyFile
+[no short name]
+File containing the private key belonging to the client certificate
+(for STARTTLS if
+.i sendmail
+runs as client).
.ip ClientPortOptions=\fIoptions\fP
[O]
Set client SMTP options.
@@ -5596,13 +6166,21 @@ can be the following character:
.(b
.ta 1i
h use name of interface for HELO command
+A don't use AUTH when sending e-mail
+S don't use STARTTLS when sending e-mail
.)b
If ``h'' is set, the name corresponding to the outgoing interface
address (whether chosen via the Connection parameter or
the default) is used for the HELO/EHLO command.
-.ip ClientKeyFile
-[no short name]
-File containing the private key belonging to the client certificate.
+However, the name must not start with a square bracket
+and it must contain at least one dot.
+This is a simple test whether the name is not
+an IP address (in square brackets) but a qualified hostname.
+Note that multiple ClientPortOptions settings are allowed
+in order to give settings for each protocol family
+(e.g., one for Family=inet and one for Family=inet6).
+A restriction placed on one family only affects
+outgoing connections on that particular family.
.ip ColonOkInAddr
[no short name]
If set, colons are acceptable in e-mail addresses
@@ -5661,7 +6239,7 @@ override the connection address (for testing purposes).
If set to a positive value,
allow no more than
.i N
-incoming daemon connections in a one second period.
+incoming connections in a one second period per daemon.
This is intended to flatten out peaks
and allow the load average checking to cut in.
Defaults to zero (no limits).
@@ -5687,7 +6265,9 @@ If not set, no control socket will be available.
Solaris and pre-4.4BSD kernel users should see the note in sendmail/README .
.ip DHParameters
File with DH parameters for STARTTLS.
-This is only required if DSA/DH is used.
+This is only required if a ciphersuite containing DSA/DH is used.
+This is only for people with a good knowledge of TLS, all others
+can ignore this option.
.ip DaemonPortOptions=\fIoptions\fP
[O]
Set server SMTP options.
@@ -5729,8 +6309,11 @@ b bind to interface through which mail has been received
c perform hostname canonification (.cf)
f require fully qualified hostname (.cf)
u allow unqualified addresses (.cf)
+A disable AUTH (overrides 'a' modifier)
C don't perform hostname canonification
E disallow ETRN (see RFC 2476)
+O optional; if opening the socket fails ignore it
+S don't offer STARTTLS
.)b
That is, one way to specify a message submission agent (MSA) that
always requires authentication is:
@@ -5756,7 +6339,8 @@ See the relevant documentation for
The modifier ``f'' disallows addresses of the form
.b user@host
unless they are submitted directly.
-The flag ``u'' allows unqualified sender addresses.
+The flag ``u'' allows unqualified sender addresses,
+i.e., those without @host.
``b'' forces sendmail to bind to the interface
through which the e-mail has been
received for the outgoing connection.
@@ -5773,16 +6357,29 @@ Note,
will listen on a new socket
for each occurence of the DaemonPortOptions option
in a configuration file.
+The modifier ``O'' causes sendmail to ignore a socket
+if it can't be opened.
+This applies to failures from the socket(2) and bind(2) calls.
.ip DefaultAuthInfo
[no short name]
Filename that contains default authentication information for outgoing
connections. This file must contain the user id, the authorization id,
-the password (plain text), and the realm to use
+the password (plain text), the realm and the list of mechanisms to use
on separate lines and must be readable by
root (or the trusted user) only.
If no realm is specified,
.b $j
is used.
+If no mechanisms are specified, the list given by
+.b AuthMechanisms
+is used.
+Notice: this option is deprecated and will be removed in future versions.
+Moreover, it doesn't work for the MSP since it can't read the file
+(the file must not be group/world-readable otherwise
+.i sendmail
+will complain).
+Use the authinfo ruleset instead which provides more control over
+the usage of the data anyway.
.ip DefaultCharSet=\fIcharset\fP
[no short name]
When a message that has 8-bit characters but is not in MIME format
@@ -5811,7 +6408,7 @@ formerly hardcoded to /usr/tmp/dead.letter.
If this option is not set (the default),
sendmail will not attempt to save to a system-wide dead.letter file
in the event
-it can not bounce the mail to the user or postmaster.
+it cannot bounce the mail to the user or postmaster.
Instead, it will rename the qf file
as it has in the past
when the dead.letter file could not be opened.
@@ -5845,6 +6442,19 @@ option has been combined into the
.b DefaultUser
option.
.)f
+.ip DelayLA=\fILA\fP
+[no short name]
+When the system load average exceeds
+.i LA ,
+.i sendmail
+will sleep for one second on most SMTP commands and
+before accepting connections.
+.ip DeliverByMin=\fItime\fP
+[0]
+Set minimum time for Deliver By SMTP Service Extension (RFC 2852).
+If 0, no time is listed, if less than 0, the extension is not offered,
+if greater than 0, it is listed as minimum time
+for the EHLO keyword DELIVERBY.
.ip DeliveryMode=\fIx\fP
[d]
Deliver in mode
@@ -5879,6 +6489,17 @@ Units default to seconds, so
uses a five second delay.
Defaults to zero
(no retry).
+This delay only applies to mailers which have the
+Z flag set.
+.ip DirectSubmissionModifiers=\fImodifiers\fP
+Defines
+.b ${daemon_flags}
+for direct (command line) submissions.
+If not set,
+.b ${daemon_flags}
+is either "CC f" if the option
+.b \-G
+is used or "c u" otherwise.
.ip DontBlameSendmail=\fIoption,option,...\fP
[no short name]
In order to avoid possible cracking attempts
@@ -5892,46 +6513,7 @@ a group-writable
directory,
then you will have to turn off this checking
(at the cost of making your system more vulnerable to attack).
-The arguments are individual options that turn off checking:
-.(b
-Safe
-AssumeSafeChown
-ClassFileInUnsafeDirPath
-DontWarnForwardFileInUnsafeDirPath
-ErrorHeaderInUnsafeDirPath
-FileDeliveryToHardLink
-FileDeliveryToSymLink
-ForwardFileInUnsafeDirPath
-ForwardFileInUnsafeDirPathSafe
-ForwardFileIngroupWritableDirPath
-GroupWritableAliasFile
-GroupWritableDirPathSafe
-GroupWritableForwardFileSafe
-GroupWritableIncludeFileSafe
-HelpFileinUnsafeDirPath
-IncludeFileInUnsafeDirPath
-IncludeFileInUnsafeDirPathSafe
-IncludeFileIngroupWritableDirPath
-InsufficientEntropy
-LinkedAliasFileInWritableDir
-LinkedClassFileInWritableDir
-LinkedForwardFileInWritableDir
-LinkedIncludeFileInWritableDir
-LinkedMapInWritableDir
-LinkedServiceSwitchFileInWritableDir
-MapInUnsafeDirPath
-NonRootSafeAddr
-RunProgramInUnsafeDirPath
-RunWritableProgram
-TrustStickyBit
-WorldWritableAliasFile
-WriteMapToHardLink
-WriteMapToSymLink
-WriteStatsToHardLink
-WriteStatsToSymLink
-.)b
-.b Safe
-is the default.
+The possible arguments have been described earlier.
The details of these flags are described above.
.\"XXX should have more here!!! XXX
.b "Use of this option is not recommended."
@@ -5981,6 +6563,9 @@ However, you will need to be certain to include all variant names
in the
.b $=w
class by some other mechanism.
+If set to
+.b loopback ,
+loopback interfaces (e.g., lo0) will not be probed.
.ip DontPruneRoutes
[R]
Normally,
@@ -6018,6 +6603,7 @@ The address is macro expanded
at the time of delivery.
If not set, defaults to
.q postmaster .
+If set to an empty string, double bounces are dropped.
.ip EightBitMode=\fIaction\fP
[8]
Set handling of eight-bit data.
@@ -6092,17 +6678,34 @@ If specified, the
.i fallbackhost
acts like a very low priority MX
on every host.
+MX records will be looked up for this host,
+unless the name is surrounded by square brackets.
This is intended to be used by sites with poor network connectivity.
Messages which are undeliverable due to temporary address failures
(e.g., DNS failure)
-also go to the FallBackMX host.
+also go to the FallbackMXhost.
+.ip FastSplit
+[no short name]
+If set to a value greater than zero (the default is one),
+it suppresses the MX lookups on addresses
+when they are initially sorted, i.e., for the first delivery attempt.
+This usually results in faster envelope splitting unless the MX records
+are readily available in a local DNS cache.
+To enforce initial sorting based on MX records set
+.b FastSplit
+to zero.
+If the mail is submitted directly from the command line, then
+the value also limits the number of processes to deliver the envelopes;
+if more envelopes are created they are only queued up
+and must be taken care of by a queue run.
+Since the default submission method is via SMTP (either from a MUA
+or via the MSP), the value of
+.b FastSplit
+is seldom used to limit the number of processes to deliver the envelopes.
.ip ForkEachJob
[Y]
If set,
deliver each job that is run from the queue in a separate process.
-Use this option if you are short of memory,
-since the default tends to consume considerable amounts of memory
-while the queue is being processed.
.ip ForwardPath=\fIpath\fP
[J]
Set the path for searching for users' .forward files.
@@ -6174,6 +6777,11 @@ A suggested value for sites desiring persistent host status is
Ignore dots in incoming messages.
This is always disabled (that is, dots are always accepted)
when reading SMTP mail.
+.ip InputMailFilters=\fIname,name,...\fP
+A comma separated list of filters which determines which filters
+(see the "X \*- Mail Filter (Milter) Definitions" section)
+and the invocation sequence are contacted for incoming SMTP messages.
+If none are set, no filters will be contacted.
.ip LDAPDefaultSpec=\fIspec\fP
[no short name]
Sets a default map specification for LDAP maps.
@@ -6198,6 +6806,21 @@ This is intended only for use from the command line.
The
.b \-M
flag is preferred.
+.ip MailboxDatabase
+[no short name]
+Type of lookup to find information about local mailboxes,
+defaults to ``pw'' which uses
+.i getpwnam .
+Other types can be introduced by adding them to the source code,
+see libsm/mbdb.c for details.
+.ip UseMSP
+[no short name]
+Use as mail submission program, i.e.,
+allow group writable queue files
+if the group is the same as that of a set-group-ID sendmail binary.
+See the file
+.b sendmail/SECURITY
+in the distribution tarball.
.ip MatchGECOS
[G]
Allow fuzzy matching on the GECOS field.
@@ -6243,10 +6866,12 @@ to be advertised in the ESMTP EHLO response.
Messages larger than this will be rejected.
.ip MaxMimeHeaderLength=\fIN[/M]\fP
[no short name]
-Sets the maximum length of certain MIME header field values
-to
+Sets the maximum length of certain MIME header field values to
.i N
characters.
+These MIME header fields are determined by being a member of
+class {checkMIMETextHeaders}, which currently contains only
+the header Content-Description.
For some of these headers which take parameters,
the maximum length of each parameter is set to
.i M
@@ -6257,6 +6882,21 @@ is not specified, one half of
will be used.
By default,
these values are 0, meaning no checks are done.
+.ip MaxQueueChildren=\fIN\fP
+[no short name]
+When set, this limits the number of concurrent queue runner processes to
+.i N.
+This helps to control the amount of system resources used when processing
+the queue. When there are multiple queue groups defined and the total number
+of queue runners for these queue groups would exceed
+.i MaxQueueChildren
+then the queue groups will not all run concurrently. That is, some portion
+of the queue groups will run concurrently such that
+.i MaxQueueChildren
+will not be exceeded, while the remaining queue groups will be run later (in
+round robin order). See also
+.i MaxRunnersPerQueue
+and the section \fBQueue Group Declaration\fP.
.ip MaxQueueRunSize=\fIN\fP
[no short name]
The maximum number of jobs that will be processed
@@ -6279,12 +6919,52 @@ in an SMTP transaction.
Note: setting this too low can interfere with sending mail from
MUAs that use SMTP for initial submission.
If not set, there is no limit on the number of recipients per envelope.
+.ip MaxRunnersPerQueue=\fIN\fP
+[no short name]
+This sets the default maximum number of queue runners for queue groups.
+Up to
+.i N
+queue runners will work in parallel on a queue group's messages.
+This is useful where the processing of a message in the queue might
+delay the processing of subsequent messages. Such a delay may be the result
+of non-erroneous situations such as a low bandwidth connection.
+May be overridden on a per queue group basis by setting the
+.i Runners
+option; see the section \fBQueue Group Declaration\fP.
+The default is 1 when not set.
.ip MeToo
[m]
Send to me too,
even if I am in an alias expansion.
This option is deprecated
and will be removed from a future version.
+.ip Milter
+[no short name]
+This option has several sub(sub)options.
+The names of the suboptions are separated by dots.
+At the first level the following options are available:
+.(b
+.ta \w'LogLevel'u+3n
+LogLevel Log level for input mail filter actions, defaults to LogLevel.
+macros Specifies list of macro to transmit to filters.
+ See list below.
+.)b
+The ``macros'' option has the following suboptions
+which specify the list of macro to transmit to milters
+after a certain event occurred.
+.(b
+.ta \w'envfrom'u+3n
+connect After session connection start
+helo After HELO command
+envfrom After MAIL FROM command
+envrcpt After RCPT TO command
+.)b
+By default the lists of macros are empty.
+Example:
+.(b
+O Milter.LogLevel=12
+O Milter.macros.connect=j, _, {daemon_name}
+.)b
.ip MinFreeBlocks=\fIN\fP
[b]
Insist on at least
@@ -6310,6 +6990,9 @@ Sets the list of characters that must be quoted if used in a full name
that is in the phrase part of a ``phrase <address>'' syntax.
The default is ``\'.''.
The characters ``@,;:\e()[]'' are always added to this list.
+.ip NiceQueueRun
+[no short name]
+The priority of queue runners (nice(3)).
.ip NoRecipientAction
[no short name]
The action to take when you receive a message that has no valid
@@ -6411,6 +7094,7 @@ noetrn Disallow ETRN entirely
noverb Disallow VERB entirely
restrictmailq Restrict mailq command
restrictqrun Restrict \-q command line flag
+restrictexpand Restrict \-bv and \-v command line flags
noreceipts Don't return success DSNs\**
nobodyreturn Don't return the body of a message with DSNs
goaway Disallow essentially all SMTP status queries
@@ -6430,6 +7114,7 @@ pseudo-flag sets all flags except
.q noreceipts ,
.q restrictmailq ,
.q restrictqrun ,
+.q restrictexpand ,
.q noetrn ,
and
.q nobodyreturn .
@@ -6439,6 +7124,22 @@ can print the queue.
If queue runs are restricted,
only root and the owner of the queue directory
can run the queue.
+The
+.q restrictexpand
+pseudo-flag instructs
+.i sendmail
+to drop privileges when the
+.b \-bv
+option is given by users who are neither root nor the TrustedUser
+so users cannot read private aliases, forwards, or :include: files.
+It will add the
+.q NonRootSafeAddr
+to the
+.q DontBlameSendmail
+option to prevent misleading unsafe address warnings.
+It also overrides the
+.b \-v
+(verbose) command line option to prevent information leakage.
Authentication Warnings add warnings about various conditions
that may indicate attempts to spoof the mail system,
such as using a non-standard queue directory.
@@ -6451,18 +7152,27 @@ The
will be macro processed.
.ip QueueDirectory=\fIdir\fP
[Q]
-Use the named
-.i dir
-as the queue directory.
-To use multiple queues, supply a value ending with an asterisk.
-For example,
-.i /var/spool/mqueue/q*
-will use all of the directories or symbolic links to directories
-beginning with
-.i q
-in
+The QueueDirectory option serves two purposes.
+First, it specifies the directory or set of directories that comprise
+the default queue group.
+Second, it specifies the directory D which is the ancestor of all queue
+directories, and which sendmail uses as its current working directory.
+When sendmail dumps core, it leaves its core files in D.
+There are two cases.
+If \fIdir\fR ends with an asterisk (eg, \fI/var/spool/mqueue/qd*\fR),
+then all of the directories or symbolic links to directories
+beginning with `qd' in
.i /var/spool/mqueue
-as queue directories.
+will be used as queue directories of the default queue group,
+and
+.i /var/spool/mqueue
+will be used as the working directory D.
+Otherwise,
+\fIdir\fR must name a directory (usually \fI/var/spool/mqueue\fR):
+the default queue group consists of the single queue directory \fIdir\fR,
+and the working directory D is set to \fIdir\fR.
+To define additional groups of queue directories,
+use the configuration file `Q' command.
Do not change the queue directory structure
while sendmail is running.
.ip QueueFactor=\fIfactor\fP
@@ -6496,6 +7206,11 @@ just queue messages
Defaults to 8 multiplied by
the number of processors online on the system
(if that can be determined).
+.ip QueueFileMode=\fImode\fP
+[no short name]
+Default permissions for queue files (octal).
+If not set, sendmail uses 0600 unless its real
+and effective uid are different in which case it uses 0644.
.ip QueueSortOrder=\fIalgorithm\fP
[no short name]
Sets the
@@ -6508,7 +7223,11 @@ Legal values are
.q filename
(to order by the name of the queue file name),
.q time
-(to order by the submission time),
+(to order by the submission/creation time),
+.q random
+(to order randomly),
+.q modification
+(to order by the modification time of the qf file (older entries first)),
and
.q priority
(to order by message priority).
@@ -6517,13 +7236,16 @@ but may tend to process low priority messages
that go to a single host
over high priority messages that go to several hosts;
it probably shouldn't be used on slow network links.
-Filename ordering saves the overhead of
+Filename and modification time ordering saves the overhead of
reading all of the queued items
before starting the queue run.
-Time ordering is almost always a bad idea,
+Creation (submission) time ordering is almost always a bad idea,
since it allows large, bulk mail to go out
before smaller, personal mail,
but may have applicability on some hosts with very fast connections.
+Random is useful if several queue runners are started by hand
+which try to drain the same queue since odds are they will be working
+on different parts of the queue at the same time.
Priority ordering is the default.
.ip QueueTimeout=\fItimeout\fP
[T]
@@ -6559,6 +7281,7 @@ can be
.q recurse ,
.q defnames ,
.q stayopen ,
+.q use_inet6 ,
or
.q dnsrch .
The string
@@ -6569,16 +7292,17 @@ or
.b \- )
can be specified to turn off matching against MX records
when doing name canonifications.
-.b N.B.
-Prior to 8.7,
-this option indicated that the name server be responding
-in order to accept addresses.
-This has been replaced by checking to see
-if the
-.q dns
-method is listed in the service switch entry for the
-.q hosts
-service.
+The string
+.q WorkAroundBrokenAAAA
+(without a
+.b +
+or
+.b \- )
+can be specified to work around some broken nameservers
+which return SERVFAIL (a temporary failure) on T_AAAA (IPv6) lookups.
+Notice: it might be necessary to apply the same (or similar) options to
+.i submit.cf
+too.
.ip RrtImpliesDsn
[R]
If this option is set, a
@@ -6693,6 +7417,20 @@ UNIX-style
lines at the front of headers.
Normally they are assumed redundant
and discarded.
+.ip SharedMemoryKey
+[no short name]
+Key to use for shared memory segment;
+if not set (or 0), shared memory will not be used.
+Requires support for shared memory to be compiled into
+.i sendmail .
+If this option is set,
+.i sendmail
+can share some data between different instances.
+For example, the number of entries in a queue directory
+or the available space in a file system.
+This allows for more efficient program execution, since only
+one process needs to update the data instead of each individual
+process gathering the data each time it is required.
.ip SendMimeErrors
[j]
If set, send error messages in MIME format
@@ -6705,10 +7443,12 @@ RFC1891.
.ip ServerCertFile
[no short name]
File containing the certificate of the server, i.e., this certificate
-is used when sendmail acts as server.
+is used when sendmail acts as server
+(used for STARTTLS).
.ip ServerKeyFile
[no short name]
-File containing the private key belonging to the server certificate.
+File containing the private key belonging to the server certificate
+(used for STARTTLS).
.ip ServiceSwitchFile=\fIfilename\fP
[no short name]
If your host operating system has a service switch abstraction
@@ -6799,9 +7539,11 @@ It can be printed using the
program.
.ip SuperSafe
[s]
-Be super-safe when running things,
-i.e.,
-always instantiate the queue file,
+This option can be set to True, False, or Interactive.
+If set to True,
+.i sendmail
+will be super-safe when running things,
+i.e., always instantiate the queue file,
even if you are going to attempt immediate delivery.
.i Sendmail
always instantiates the queue file
@@ -6809,10 +7551,23 @@ before returning control to the client
under any circumstances.
This should really
.i always
-be set.
+be set to True.
+The Interactive value has been introduced in 8.12 and can
+be used together with
+.b DeliveryMode=i .
+It skips some synchronization calls which are effectively
+doubled in the code execution path for this mode.
+.ip TLSSrvOptions
+[no short name]
+List of options for SMTP STARTTLS for the server
+consisting of single characters
+with intervening white space or commas.
+The flag ``V'' disables client verification, and hence
+it is not possible to use a client certificate for relaying.
+Currently there are no other flags available.
.ip TempFileMode=\fImode\fP
[F]
-The file mode for queue files, files to which
+The file mode for transcript files, files to which
.i sendmail
delivers directly, and files in the
.b HostStatusDirectory .
@@ -6890,6 +7645,9 @@ that is,
they cannot reference programs or write directly to files.
World writable :include: and .forward files
are always unsafe.
+Note: use
+.b DontBlameSendmail
+instead; this option is deprecated.
.ip UseErrorsTo
[l]
If there is an
@@ -6939,7 +7697,7 @@ All options can be specified on the command line using the
\-O or \-o flag,
but most will cause
.i sendmail
-to relinquish its setuid permissions.
+to relinquish its set-user-ID permissions.
The options that will not cause this are
SevenBitInput [7],
EightBitMode [8],
@@ -7038,7 +7796,7 @@ to do with the version
on the files.
For example,
as of this writing
-version 8 config files
+version 10 config files
(specifically, 8.10)
used version level 9 configurations.
.pp
@@ -7143,6 +7901,9 @@ Version level nine configuration files allow
parentheses in rulesets, i.e. they are not treated
as comments and hence removed.
.pp
+Version level ten configuration files allow
+queue group definitions.
+.pp
The
.b V
line may have an optional
@@ -7241,7 +8002,7 @@ Note that
.i default
clauses never do this mapping.
.pp
-The built in map with both name and class
+The built-in map with both name and class
.q host
is the host name canonicalization lookup.
Thus,
@@ -7381,6 +8142,13 @@ If the
.b \-z
flag is given, then all MX names are returned,
separated by the given delimiter.
+.ip dns
+This map requires the option -R to specify the DNS resource record
+type to lookup. The following types are supported:
+A, AAAA, AFSDB, CNAME, MX, NS, PTR, SRV, and TXT.
+A map lookup will return only one record.
+Hence for some types, e.g., MX records, the return value might be a random
+element of the list due to randomizing in the DNS resolver.
.ip sequence
The arguments on the `K' line are a list of maps;
the resulting map searches the argument maps in order
@@ -7470,15 +8238,14 @@ or the string specified with the the
.b \-d
flag. The flags available for the map are
.(b
+.ta 4n
-n not
-f case sensitive
--b basic regular expressions
- (default is extended)
+-b basic regular expressions (default is extended)
-s substring match
-d set the delimiter used for -s
-a append string to key
--m match only, do not
- replace/discard value
+-m match only, do not replace/discard value
-D perform no lookup in deferred delivery mode.
.)b
The
@@ -7530,7 +8297,8 @@ R$\- $: $(storage {MyMacro} $) $1
.)b
.ip arith
Perform simple arithmetic operations.
-The operation is given as key, currently +, -, *, /,
+The operation is given as key, currently +, -, *, /, %,
+|, & (bitwise OR, AND),
l (for less than), and = are supported.
The two operands are given as arguments.
The lookup returns the result of the computation,
@@ -7714,6 +8482,12 @@ in the presence of the
.b \-A
flag.
.pp
+Some additional flags are available for the host and dns maps:
+.ip "\-d"
+delay: specify the resolver's retransmission time interval (in seconds).
+.ip "\-r"
+retry: specify the number of times to retransmit a resolver query.
+.pp
The following additional flags are present in the ldap map only:
.ip "\-R"
Do not auto chase referrals. sendmail must be compiled with
@@ -7721,6 +8495,10 @@ Do not auto chase referrals. sendmail must be compiled with
to use this flag.
.ip "\-n"
Retrieve attribute names only.
+.ip "\-V\fIsep\fP"
+Retrieve both attributes name and value(s),
+separated by
+.i sep .
.ip "\-r\fIderef\fP"
Set the alias dereference option to one of never, always, search, or find.
.ip "\-s\fIscope\fP"
@@ -7811,8 +8589,245 @@ New classes can be added in the routine
.b setupmaps
in file
.b conf.c .
+.sh 2 "Q \*- Queue Group Declaration"
+.pp
+In addition to the option
+.i QueueDirectory,
+queue groups can be declared that define a (group of) queue directories
+under a common name.
+The syntax is as follows:
+.(b F
+.b Q \c
+.i name
+{, \c
+.i field =\c
+.i value \|}+
+.)b
+where
+.i name
+is the symbolic name of the queue group under which
+it can be referenced in various places
+and the
+.q field=name
+pairs define attributes of the queue group.
+Fields are:
+.ip Flags
+Flags for this queue group.
+.ip Nice
+The nice(2) increment for the queue group.
+.ip Interval
+The time between two queue runs.
+.ip Path
+The queue directory of the group (required).
+.ip Runners
+The number of parallel runners processing the queue.
+.ip Jobs
+The maximum number of jobs (messages delivered) per queue run.
+.ip recipients
+The maximum number of recipients per envelope.
+Envelopes with more than this number of recipients will be split
+into multiple envelopes in the same queue directory.
+The default value 0 means no limit.
+.lp
+Only the first character of the field name is checked.
+.pp
+By default, a queue group named
+.i mqueue
+is defined that uses the value of the
+.i QueueDirectory
+option as path.
+Notice: all paths that are used for queue groups must
+be subdirectories of
+.i QueueDirectory .
+Since they can be symbolic links, this isn't a real restriction,
+If
+.i QueueDirectory
+uses a wildcard, then the directory one level up is considered
+the ``base'' directory which all other queue directories must share.
+Please make sure that the queue directories do not overlap,
+e.g., do not specify
+.(b
+O QueueDirectory=/var/spool/mqueue/*
+Qone, P=/var/spool/mqueue/dir1
+Qtwo, P=/var/spool/mqueue/dir2
+.)b
+because this also includes
+.q dir1
+and
+.q dir2
+in the default queue group.
+However,
+.(b
+O QueueDirectory=/var/spool/mqueue/main*
+Qone, P=/var/spool/mqueue/dir
+Qtwo, P=/var/spool/mqueue/other*
+.)b
+is a valid queue group specification.
+.pp
+Options listed in the ``Flags'' field can be used to modify
+the behavior of a queue group.
+The ``f'' flag must be set if multiple queue runners are
+supposed to work on the entries in a queue group.
+Otherwise
+.i sendmail
+will work on the entries strictly sequentially.
+.pp
+The ``Interval'' field sets the time between queue runs.
+If no queue group specific interval is set, then the parameter of the
+.b -q
+option from the command line is used.
+.pp
+To control the overa