From 13bd19636bde9fea5821698cb77c32edee6a9ac9 Mon Sep 17 00:00:00 2001 From: Gregory Neil Shapiro Date: Sat, 8 Feb 2003 20:31:29 +0000 Subject: [PATCH] Import sendmail 8.12.7 --- contrib/sendmail/KNOWNBUGS | 8 +- contrib/sendmail/README | 25 +- contrib/sendmail/RELEASE_NOTES | 114 ++++- contrib/sendmail/cf/README | 167 +++++--- contrib/sendmail/cf/cf/submit.cf | 21 +- contrib/sendmail/cf/cf/submit.mc | 7 +- contrib/sendmail/cf/feature/local_procmail.m4 | 8 +- contrib/sendmail/cf/m4/cfhead.m4 | 6 +- contrib/sendmail/cf/m4/proto.m4 | 64 ++- contrib/sendmail/cf/m4/version.m4 | 4 +- contrib/sendmail/cf/sendmail.schema | 6 +- contrib/sendmail/contrib/cidrexpand | 36 +- contrib/sendmail/contrib/doublebounce.pl | 395 +++++++++--------- contrib/sendmail/doc/op/op.me | 161 ++++--- contrib/sendmail/include/libmilter/mfapi.h | 5 +- contrib/sendmail/include/libmilter/mfdef.h | 5 +- contrib/sendmail/include/libmilter/milter.h | 4 +- contrib/sendmail/include/libsmdb/smdb.h | 7 +- contrib/sendmail/include/sm/bdb.h | 47 +++ contrib/sendmail/include/sm/conf.h | 101 +++-- contrib/sendmail/include/sm/fdset.h | 12 +- .../sendmail/include/sm/os/sm_os_unixware.h | 16 +- contrib/sendmail/libmilter/README | 4 +- contrib/sendmail/libmilter/comm.c | 16 +- .../libmilter/docs/smfi_settimeout.html | 7 +- contrib/sendmail/libmilter/engine.c | 42 +- contrib/sendmail/libmilter/handler.c | 6 +- contrib/sendmail/libmilter/libmilter.h | 6 +- contrib/sendmail/libmilter/listener.c | 33 +- contrib/sendmail/libmilter/main.c | 14 +- contrib/sendmail/libmilter/signal.c | 5 +- contrib/sendmail/libsm/local.h | 7 +- contrib/sendmail/libsm/mbdb.c | 13 +- contrib/sendmail/libsm/refill.c | 7 +- contrib/sendmail/libsm/stdio.c | 10 +- contrib/sendmail/libsmdb/smdb2.c | 10 +- contrib/sendmail/libsmutil/cf.c | 33 +- contrib/sendmail/mail.local/mail.local.c | 31 +- contrib/sendmail/mailstats/mailstats.8 | 8 +- contrib/sendmail/smrsh/smrsh.c | 49 ++- contrib/sendmail/src/Makefile.m4 | 3 +- contrib/sendmail/src/README | 51 ++- contrib/sendmail/src/SECURITY | 5 +- contrib/sendmail/src/TRACEFLAGS | 7 +- contrib/sendmail/src/collect.c | 12 +- contrib/sendmail/src/conf.c | 64 ++- contrib/sendmail/src/conf.h | 5 +- contrib/sendmail/src/control.c | 10 +- contrib/sendmail/src/daemon.c | 80 ++-- contrib/sendmail/src/deliver.c | 45 +- contrib/sendmail/src/envelope.c | 42 +- contrib/sendmail/src/headers.c | 6 +- contrib/sendmail/src/mailq.1 | 26 +- contrib/sendmail/src/main.c | 50 ++- contrib/sendmail/src/map.c | 59 ++- contrib/sendmail/src/mci.c | 4 +- contrib/sendmail/src/milter.c | 44 +- contrib/sendmail/src/parseaddr.c | 3 +- contrib/sendmail/src/queue.c | 136 +++--- contrib/sendmail/src/readcf.c | 52 ++- contrib/sendmail/src/recipient.c | 4 +- contrib/sendmail/src/sasl.c | 4 +- contrib/sendmail/src/savemail.c | 22 +- contrib/sendmail/src/sendmail.h | 62 ++- contrib/sendmail/src/sfsasl.c | 8 +- contrib/sendmail/src/srvrsmtp.c | 163 ++++++-- contrib/sendmail/src/sysexits.c | 11 +- contrib/sendmail/src/tls.c | 32 +- contrib/sendmail/src/trace.c | 4 +- contrib/sendmail/src/udb.c | 20 +- contrib/sendmail/src/usersmtp.c | 21 +- contrib/sendmail/src/util.c | 34 +- contrib/sendmail/src/version.c | 4 +- contrib/sendmail/vacation/vacation.c | 4 +- 74 files changed, 1751 insertions(+), 866 deletions(-) create mode 100644 contrib/sendmail/include/sm/bdb.h diff --git a/contrib/sendmail/KNOWNBUGS b/contrib/sendmail/KNOWNBUGS index 81ea244d2a22..b2c6c44327f0 100644 --- a/contrib/sendmail/KNOWNBUGS +++ b/contrib/sendmail/KNOWNBUGS @@ -235,4 +235,10 @@ Kresolve sequence dnsmx canon the file. This is unavoidable as sendmail must verify the file is safe to open before opening it. A file can not be locked until it is open. -$Revision: 8.55 $, Last updated $Date: 2002/03/05 00:45:54 $ +* MAIL_HUB always takes precedence over LOCAL_RELAY + + Despite the information in the documentation, MAIL_HUB ($H) will always + be used if set instead of LOCAL_RELAY ($R). This will be fixed in a + future version. + +$Revision: 8.55.2.1 $, Last updated $Date: 2002/12/18 22:38:48 $ diff --git a/contrib/sendmail/README b/contrib/sendmail/README index 8fb91a020553..ec4d441e335b 100644 --- a/contrib/sendmail/README +++ b/contrib/sendmail/README @@ -177,10 +177,17 @@ There are other files you should read. Rooted in this directory are: cf/README Details on configuring sendmail. doc/op/op.me - The sendmail Installation & Operations Guide. Be warned: if - you are running this off on SunOS or some other system with an - old version of -me, you need to add the following macro to the - macros: + The sendmail Installation & Operations Guide. In addition + to the shipped PostScript version, plain text and PDF versions + can be generating using (assuming the required conversion software + is installed on your system, see doc/op/Makefile): + + cd doc/op && make op.txt op.pdf + + Be warned: on some systems calling make in doc/op/ will cause + errors due to nroff/groff problems. Known problems are: + - running this off on systems with an old version of -me, you + need to add the following macro to the macros: .de sm \s-1\\$1\\s0\\$2 @@ -188,6 +195,14 @@ There are other files you should read. Rooted in this directory are: This sets a word in a smaller pointsize. + - with new groff versions (1.18 seems affected) + + GROFF_NO_SGR=1 + + needs to be set, e.g., in doc/op/Makefile: + + ROFF_CMD= GROFF_NO_SGR=1 groff + +--------------+ | RELATED RFCS | @@ -448,4 +463,4 @@ sendmail Source for the sendmail program itself. test Some test scripts (currently only for compilation aids). vacation Source for the vacation program. NOT PART OF SENDMAIL! -$Revision: 8.90 $, Last updated $Date: 2002/05/25 02:55:59 $ +$Revision: 8.90.2.1 $, Last updated $Date: 2002/11/09 23:32:28 $ diff --git a/contrib/sendmail/RELEASE_NOTES b/contrib/sendmail/RELEASE_NOTES index b5e6d1893a5e..f5bc81ec03cd 100644 --- a/contrib/sendmail/RELEASE_NOTES +++ b/contrib/sendmail/RELEASE_NOTES @@ -1,11 +1,123 @@ SENDMAIL RELEASE NOTES - $Id: RELEASE_NOTES,v 8.1340.2.43 2002/08/26 21:53:31 gshapiro Exp $ + $Id: RELEASE_NOTES,v 8.1340.2.100 2002/12/28 19:47:00 ca Exp $ This listing shows the version of the sendmail binary, the version of the sendmail configuration files, the date of release, and a summary of the changes in that release. +8.12.7/8.12.7 2002/12/29 + Properly clean up macros to avoid persistence of session data + across various connections. This could cause session + oriented restrictions, e.g., STARTTLS requirements, + to erroneously allow a connection. Problem noted + by Tim Maletic of Priority Health. + Do not lookup MX records when sorting the MSP queue. The MSP + only needs to relay all mail to the MTA. Problem found + by Gary Mills of the University of Manitoba. + Do not restrict the length of connection information to 100 + characters in some logging statements. Problem noted by + Erik Parker. + When converting an enhanced status code to an exit status, use + EX_CONFIG if the first digit is not 2, 4, or 5 or if *.1.5 + is used. + Reset macro $x when receiving another MAIL command. Problem + noted by Vlado Potisk of Wigro s.r.o. + Don't bother setting the permissions on the build area statistics + file, the proper permissions will be put on the file at + install time. This fixes installation over NFS for some + users. Problem noted by Martin J. Dellwo of 3-Dimensional + Pharmaceuticals, Inc. + Fix problem of decoding SASLv2 encrypted data. Problem noted by + Alex Deiter of Mobile TeleSystems, Komi Republic. + Log milter socket open errors at MilterLogLevel 1 or higher instead + of 11 or higher. + Print early system errors to the console instead of silently + exiting. Problem noted by James Jong of IBM. + Do not process a queue group if Runners is set to 0, regardless + of whether F=f or sendmail is run in verbose mode (-v). + The use of -qGname will still force queue group "name" + to be run even if Runners=0. + Change the level for logging the fact that a daemon is refusing + connections due to high load from LOG_INFO to LOG_NOTICE. + Patch from John Beck of Sun Microsystems. + Use location information for submit.cf from NetInfo + (/locations/sendmail/submit.cf) if available. + Re-enable ForkEachJob which was lost in 8.12.0. Problem noted by + Neil Rickert of Northern Illinois University. + Make behavior of /canon in debug mode consistent with usage in + rulesets. Patch from Shigeno Kazutaka of IIJ. + Fix a potential memory leak in envelope splitting. Problem noted + by John Majikes of IBM. + Do not try to share an mailbox database LDAP connection across + different processes. Problem noted by Randy Kunkee. + Fix logging for undelivered recipients when the SMTP connection + times out during message collection. Problem noted by Neil + Rickert of Northern Illinois University. + Avoid problems with QueueSortOrder=random due to problems with + qsort() on Solaris (and maybe some other operating systems). + Problem noted by Stephan Schulz of Gruner+Jahr.. + If -f "" is specified, set the sender address to "<>". Problem + noted by Matthias Andree. + Fix formatting problem of footnotes for plain text output on some + versions of tmac. Patch from Per Hedeland of Ericsson. + Portability: + Berkeley DB 4.1 support (requires at least 4.1.25). + Some getopt(3) implementations in GNU/Linux are broken + and pass a NULL pointer to an option which requires + an argument, hence the builtin version of + sendmail is used instead. This can be overridden + by using -DSM_CONF_GETOPT=0. Problem noted by + Vlado Potisk of Wigro s.r.o. + Support for nph-1.2.0 from Mark D. Roth of the University + of Illinois at Urbana-Champaign. + Support for FreeBSD 5.0's MAC labeling from Robert Watson + of the TrustedBSD Project. + Support for reading the number of processors on an IRIX + system from Michel Bourget of SGI. + Support for UnixWare 7.1 based on input from Larry Rosenman. + Interix support from Nedelcho Stanev of Atlantic Sky + Corporation. + Update Mac OS X/Darwin portability from Wilfredo Sanchez. + CONFIG: Enforce tls_client restrictions even if delay_checks + is used. Problem noted by Malte Starostik. + CONFIG: Deal with an empty hostname created via bogus + DNS entries to get around access restrictions. + Problem noted by Kai Schlichting. + CONFIG: Use FEATURE(`msp', `[127.0.0.1]') in submit.mc by default + to avoid problems with hostname resolution for localhost + which on many systems does not resolve to 127.0.0.1 (or + ::1 for IPv6). If you do not use IPv4 but only IPv6 then + you need to change submit.mc accordingly, see the comment + in the file itself. + CONFIG: Set confDONT_INIT_GROUPS to True in submit.mc to avoid + error messages from initgroups(3) on AIX 4.3 when sending + mail to non-existing users. Problem noted by Mark Roth of + the University of Illinois at Urbana-Champaign. + CONFIG: Allow local_procmail to override local_lmtp settings. + CONFIG: Always allow connections from 127.0.0.1 or IPv6:::1 to + relay. + CONTRIB: cidrexpand: Deal with the prefix tags that may be included + in access_db. + CONTRIB: New version of doublebounce.pl contributed by Leo Bicknell. + LIBMILTER: On Solaris libmilter may get into an endless loop if + an error in the communication from/to the MTA occurs. + Patch from Gurusamy Sarathy of Active State. + LIBMILTER: Ignore EINTR from sigwait(3) which may happen on Tru64. + Patch from from Jose Marcio Martins da Cruz of Ecole + Nationale Superieure des Mines de Paris. + MAIL.LOCAL: Fix a truncation race condition if the close() on + the mailbox fails. Problem noted by Tomoko Fukuzawa of + Sun Microsystems. + MAIL.LOCAL: Fix a potential file descriptor leak if mkstemp(3) + fails. Patch from John Beck of Sun Microsystems. + SMRSH: SECURITY: Only allow regular files or symbolic links to be + used for a command. Problem noted by David Endler of + iDEFENSE, Inc. + New Files: + devtools/OS/Interix + include/sm/bdb.h + 8.12.6/8.12.6 2002/08/26 Do not add the FallbackMXhost (or its MX records) to the list returned by the bestmx map when -z is used as option. diff --git a/contrib/sendmail/cf/README b/contrib/sendmail/cf/README index 6a556c80d141..167d6a4a3f48 100644 --- a/contrib/sendmail/cf/README +++ b/contrib/sendmail/cf/README @@ -189,6 +189,13 @@ expanded. This also applies to because ``define'' is an M4 keyword. If you want to use them, surround them with directed quotes, `like this'. +Since m4 uses single quotes (opening "`" and closing "'") to quote +arguments, those quotes can't be used in arguments. For example, +it is not possible to define a rejection message containing a single +quote. Usually there are simple workarounds by changing those +messages; in the worst case it might be ok to change the value +directly in the generated .cf file, which however is not advised. + Notice: ------- @@ -466,6 +473,10 @@ CYRUSV2_MAILER_ARGS [FILE /var/imap/socket/lmtp] The arguments passed change the name of the Unix domain socket, or to switch to delivery via TCP (e.g., `TCP $h lmtp') CYRUSV2_MAILER_QGRP [undefined] The queue group for the cyrusv2 mailer. +CYRUSV2_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data + that ARRIVE from an address that resolves to one the + Cyrus mailer and which are converted to MIME will + be labeled with this character set. confEBINDIR [/usr/libexec] The directory for executables. Currently used for FEATURE(`local_lmtp') and FEATURE(`smrsh'). @@ -895,6 +906,12 @@ local_no_masquerade if MASQUERADE_AS is used. MASQUERADE_AS will only have effect on addresses of mail going outside the local domain. +masquerade_envelope + If masquerading is enabled (using MASQUERADE_AS) or the + genericstable is in use, this feature will cause envelope + addresses to also masquerade as being from the masquerade + host. Normally only the header addresses are masqueraded. + genericstable This feature will cause unqualified addresses (i.e., without a domain) and addresses with a domain listed in class {G} to be looked up in a map and turned into another ("generic") @@ -1058,6 +1075,9 @@ local_procmail Use procmail or another delivery agent as the local mailer. 3. Flags for the mailer [default: SPfhn9] Empty arguments cause the defaults to be taken. + Note that if you are on a system with a broken + setreuid() call, you may need to add -f $f to the procmail + argument vector to pass the proper sender to procmail. For example, this allows it to use the maildrop (http://www.flounder.net/~mrsam/maildrop/) mailer instead @@ -1136,7 +1156,8 @@ relay_based_on_MX relay_mail_from Allows relaying if the mail sender is listed as RELAY in - the access map. If an optional argument `domain' is given, + the access map. If an optional argument `domain' (this + is the literal word `domain', not a placeholder) is given, relaying can be allowed just based on the domain portion of the sender address. This feature should only be used if absolutely necessary as the sender address can be easily @@ -1223,6 +1244,10 @@ dnsbl Turns on rejection of hosts found in an DNS based rejection to query different DNS based rejection lists. See also enhdnsbl for an enhanced version. + Set the DNSBL_MAP mc option to change the default map + definition from `host'. Set the DNSBL_MAP_OPT mc option + to add additional options to the map specification used. + Some DNS based rejection lists cause failures if asked for AAAA records. If your sendmail version is compiled with IPv6 support (NETINET6) and you experience this @@ -1259,6 +1284,9 @@ enhdnsbl Enhanced version of dnsbl (see above). Further arguments i.e., `', is specified. This feature requires that sendmail has been compiled with the flag DNSMAP (see sendmail/README). + Set the EDNSBL_TO mc option to change the DNS retry count + from the default value of 5. + lookupdotdomain Look up also .domain in the access map. This allows to match only subdomains. It does not work well with FEATURE(`relay_hosts_only'), because most lookups for @@ -1323,15 +1351,20 @@ msp Defines config file for Message Submission Program. Some more hints about possible changes can be found below in the section MESSAGE SUBMISSION PROGRAM. - Note: if localhost doesn't resolve to the IP address - of your local system (127.0.0.1 or ::1 for IPv6), - then you either need to fix your hostname resolution - (localhost and localhost.YOUR.DOMAIN should resolve - to that address by convention) or you need to specify - the IP address as argument, e.g., + Note: Due to many problems, submit.mc uses FEATURE(`msp', `[127.0.0.1]') + by default. If you have a machine with IPv6 only, + change it to + + FEATURE(`msp', `[IPv6:::1]') + + If you want to continue using '[localhost]', (the behavior + up to 8.12.6), use + + FEATURE(`msp') + queuegroup A simple example how to select a queue group based on the full e-mail address or the domain of the recipient. Selection is done via entries in the @@ -2188,15 +2221,16 @@ A slightly better solution is FEATURE(`relay_mail_from') which allows relaying if the mail sender is listed as RELAY in the -access map. If an optional argument `domain' is given, the domain -portion of the mail sender is also checked to allowing relaying. -This option only works together with the tag From: for the LHS of -the access map entries (see below: Finer control...). This feature -allows spammers to abuse your mail server by specifying a return -address that you enabled in your access file. This may be harder -to figure out for spammers, but it should not be used unless -necessary. Instead use SMTP AUTH or STARTTLS to allow relaying -for roaming users. +access map. If an optional argument `domain' (this is the literal +word `domain', not a placeholder) is given, the domain portion of +the mail sender is also checked to allowing relaying. This option +only works together with the tag From: for the LHS of the access +map entries (see below: Finer control...). This feature allows +spammers to abuse your mail server by specifying a return address +that you enabled in your access file. This may be harder to figure +out for spammers, but it should not be used unless necessary. +Instead use SMTP AUTH or STARTTLS to allow relaying for roaming +users. If source routing is used in the recipient address (e.g., @@ -2341,7 +2375,7 @@ The value part of the map can contain: For example: - cyberspammer.com ERROR:550 "We don't accept mail from spammers" + cyberspammer.com ERROR:"550 We don't accept mail from spammers" okay.cyberspammer.com OK sendmail.org RELAY 128.32 RELAY @@ -2465,11 +2499,15 @@ instead of just disabling the DNS lookups in the backlists. The features described above make use of the check_relay, check_mail, -and check_rcpt rulesets. If you wish to include your own checks, -you can put your checks in the rulesets Local_check_relay, -Local_check_mail, and Local_check_rcpt. For example if you wanted to -block senders with all numeric usernames (i.e. 2312343@bigisp.com), -you would use Local_check_mail and the regex map: +and check_rcpt rulesets. Note that check_relay checks the SMTP +client hostname and IP address when the connection is made to your +server. It does not check if a mail message is being relayed to +another server. That check is done in check_rcpt. If you wish to +include your own checks, you can put your checks in the rulesets +Local_check_relay, Local_check_mail, and Local_check_rcpt. For +example if you wanted to block senders with all numeric usernames +(i.e. 2312343@bigisp.com), you would use Local_check_mail and the +regex map: LOCAL_CONFIG Kallnumbers regex -a@MATCH ^[0-9]+$ @@ -2574,8 +2612,9 @@ the friend option and having Spam:abuse@ FRIEND -in the access map, mail to abuse@localdomain will get through. It is -also possible to specify a full address or an address with +detail: +in the access map, mail to abuse@localdomain will get through (where +"localdomain" is any domain in class {w}). It is also possible to +specify a full address or an address with +detail: Spam:abuse@my.domain FRIEND Spam:me+abuse@ FRIEND @@ -2597,9 +2636,10 @@ This is done by adding a ruleset call to the 'H' header definition command in sendmail.cf. For example, this can be used to check the validity of a Message-ID: header: - LOCAL_RULESETS + LOCAL_CONFIG HMessage-Id: $>CheckMessageId + LOCAL_RULESETS SCheckMessageId R< $+ @ $+ > $@ OK R$* $#error $: 553 Header Error @@ -2636,10 +2676,9 @@ probably not be used in production. LOCAL_CONFIG Kstorage macro - - LOCAL_RULESETS HMessage-Id: $>CheckMessageId + LOCAL_RULESETS SCheckMessageId # Record the presence of the header R$* $: $(storage {MessageIdCheck} $@ OK $) $1 @@ -2714,22 +2753,22 @@ ${server_addr} the address of the server of the current outgoing SMTP Relaying -------- -SMTP STARTTLS can allow relaying for senders who have successfully -authenticated themselves. This is done in the ruleset RelayAuth. If the -verification of the cert failed (${verify} != OK), relaying is subject to -the usual rules. Otherwise the DN of the issuer is looked up in the access -map using the tag CERTISSUER. If the resulting value is RELAY, relaying is -allowed. If it is SUBJECT, the DN of the cert subject is looked up next in -the access map using the tag CERTSUBJECT. If the value is RELAY, relaying -is allowed. -To make things a bit more flexible (or complicated), the values for +SMTP STARTTLS can allow relaying for remote SMTP clients which have +successfully authenticated themselves. This is done in the ruleset +RelayAuth. If the verification of the cert failed (${verify} != OK), +relaying is subject to the usual rules. Otherwise the DN of the issuer is +looked up in the access map using the tag CERTISSUER. If the resulting +value is RELAY, relaying is allowed. If it is SUBJECT, the DN of the cert +subject is looked up next in the access map using the tag CERTSUBJECT. If +the value is RELAY, relaying is allowed. + ${cert_issuer} and ${cert_subject} can be optionally modified by regular expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and _CERT_REGEX_SUBJECT_, respectively. To avoid problems with those macros in rulesets and map lookups, they are modified as follows: each non-printable -character and the characters '<', '>', '(', ')', '"', '+' are replaced by -their HEX value with a leading '+'. For example: +character and the characters '<', '>', '(', ')', '"', '+', ' ' are replaced +by their HEX value with a leading '+'. For example: /C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email= darth+cert@endmail.org @@ -2741,6 +2780,9 @@ Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org (line breaks have been inserted for readability). +The macros which are subject to this encoding are ${cert_subject}, +${cert_issuer}, ${cn_subject}, and ${cn_issuer}. + Examples: To allow relaying for everyone who can present a cert signed by @@ -2750,7 +2792,7 @@ Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org simply use: -CERTIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN= +CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN= Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org RELAY To allow relaying only for a subset of machines that have a cert signed by @@ -2760,9 +2802,9 @@ Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org use: -CERTIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN= +CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN= Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org SUBJECT -CERTSubject:/C=US/ST=California/O=endmail.org/OU=private/CN= +CertSubject:/C=US/ST=California/O=endmail.org/OU=private/CN= DeathStar/Email=deathstar@endmail.org RELAY Note: line breaks have been inserted after "CN=" for readability, @@ -3898,9 +3940,9 @@ confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map maps unless they are specified in the individual map specification ('K' command). -confCACERT_PATH CACERTPath [undefined] Path to directory +confCACERT_PATH CACertPath [undefined] Path to directory with certs of CAs. -confCACERT CACERTFile [undefined] File containing one CA +confCACERT CACertFile [undefined] File containing one CA cert. confSERVER_CERT ServerCertFile [undefined] File containing the cert of the server, i.e., this cert @@ -3959,17 +4001,25 @@ confINPUT_MAIL_FILTERS InputMailFilters confMILTER_LOG_LEVEL Milter.LogLevel [9] Log level for input mail filter actions, defaults to LogLevel. confMILTER_MACROS_CONNECT Milter.macros.connect - [empty] Macros to transmit to milters - when a session connection starts. + [j, _, {daemon_name}, {if_name}, + {if_addr}] Macros to transmit to + milters when a session connection + starts. confMILTER_MACROS_HELO Milter.macros.helo - [empty] Macros to transmit to milters - after HELO command. + [{tls_version}, {cipher}, + {cipher_bits}, {cert_subject}, + {cert_issuer}] Macros to transmit to + milters after HELO/EHLO command. confMILTER_MACROS_ENVFROM Milter.macros.envfrom - [empty] Macros to transmit to milters - after MAIL FROM command. + [i, {auth_type}, {auth_authen}, + {auth_ssf}, {auth_author}, + {mail_mailer}, {mail_host}, + {mail_addr}] Macros to transmit to + milters after MAIL FROM command. confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt - [empty] Macros to transmit to milters - after RCPT TO command. + [{rcpt_mailer}, {rcpt_host}, + {rcpt_addr}] Macros to transmit to + milters after RCPT TO command. See also the description of OSTYPE for some parameters that can be @@ -4020,13 +4070,12 @@ Example 3: To listen on both IPv4 and IPv6 interfaces, use A "Message Submission Agent" still uses all of the same rulesets for processing the message (and therefore still allows message rejection via the check_* rulesets). In accordance with the RFC, the MSA will ensure -that all domains in the envelope are fully qualified if the message is -relayed to another MTA. It will also enforce the normal address syntax -rules and log error messages. Additionally, by using the M=a modifier -you can require authentication before messages are accepted by the MSA. -Notice: Do NOT use the 'a' modifier on a public accessible MTA! -Finally, the M=E modifier shown above disables ETRN as required by RFC -2476. +that all domains in envelope addresses are fully qualified if the message +is relayed to another MTA. It will also enforce the normal address syntax +rules and log error messages. Additionally, by using the M=a modifier you +can require authentication before messages are accepted by the MSA. +Notice: Do NOT use the 'a' modifier on a public accessible MTA! Finally, +the M=E modifier shown above disables ETRN as required by RFC 2476. Mail filters can be defined using the INPUT_MAIL_FILTER() and MAIL_FILTER() commands: @@ -4311,4 +4360,4 @@ M4 DIVERSIONS 8 DNS based blacklists 9 special local rulesets (1 and 2) -$Revision: 8.623.2.1 $, Last updated $Date: 2002/08/07 23:14:56 $ +$Revision: 8.623.2.18 $, Last updated $Date: 2002/12/29 04:16:51 $ diff --git a/contrib/sendmail/cf/cf/submit.cf b/contrib/sendmail/cf/cf/submit.cf index 5b85e7a3972c..6024a971836a 100644 --- a/contrib/sendmail/cf/cf/submit.cf +++ b/contrib/sendmail/cf/cf/submit.cf @@ -24,15 +24,15 @@ ###################################################################### ###################################################################### -##### $Id: cfhead.m4,v 8.108 2002/06/13 18:53:24 ca Exp $ ##### +##### $Id: cfhead.m4,v 8.108.2.1 2002/08/27 20:19:08 gshapiro Exp $ ##### ##### $Id: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $ ##### -##### $Id: submit.mc,v 8.6 2002/03/26 03:30:58 ca Exp $ ##### +##### $Id: submit.mc,v 8.6.2.4 2002/12/29 03:54:34 ca Exp $ ##### ##### $Id: msp.m4,v 1.32 2002/03/26 22:02:03 ca Exp $ ##### ##### $Id: no_default_msa.m4,v 8.2 2001/02/14 05:03:22 gshapiro Exp $ ##### -##### $Id: proto.m4,v 8.649.2.5 2002/08/15 02:39:01 ca Exp $ ##### +##### $Id: proto.m4,v 8.649.2.13 2002/12/04 00:12:18 ca Exp $ ##### # level 10 config file format V10/Berkeley @@ -106,11 +106,11 @@ Kdequote dequote DnMAILER-DAEMON -D{MTAHost}[localhost] +D{MTAHost}[127.0.0.1] # Configuration version number -DZ8.12.6/Submit +DZ8.12.7/Submit ############### @@ -398,7 +398,7 @@ O UnixFromLine=From $g $d O OperatorChars=.:%@!^/[]+ # shall I avoid calling initgroups(3) because of high NIS costs? -#O DontInitGroups=False +O DontInitGroups=True # are group-writable :include: and .forward files (un)trustworthy? # True (the default) means they are not trustworthy. @@ -480,9 +480,9 @@ O PidFile=/var/spool/clientmqueue/sm-client.pid # CA directory -#O CACERTPath +#O CACertPath # CA file -#O CACERTFile +#O CACertFile # Server Cert #O ServerCertFile # Server private key @@ -1010,7 +1010,7 @@ R> $* < @ $+ > R $* $: $&{daemon_flags} $| $1 R$* u $* $| $* $: $3 R$* $| $* $: $2 -R $* $: < ? $&{client_name} > $1 +R $* $: < ? $&{client_addr} > $1 R $* $@ ...local unqualed ok R $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f ...remote is not @@ -1098,6 +1098,8 @@ SRelay_ok R$* $: $&{client_addr} R$@ $@ RELAY originated locally R0 $@ RELAY originated locally +R127.0.0.1 $@ RELAY originated locally +RIPv6:::1 $@ RELAY originated locally R$=R $* $@ RELAY relayable IP address R$* $: [ $1 ] put brackets around it... R$=w $@ RELAY ... and see if it is local @@ -1109,7 +1111,6 @@ R $#TEMP $@ 4.7.1 $: "450 Relaying temporarily denied. Cannot resolve PT R $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name} R $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name} R$* $: <@> $&{client_name} -R<@> $@ RELAY # pass to name server to make hostname canonical R<@> $* $=P $: $1 $2 R<@> $+ $: $[ $1 $] diff --git a/contrib/sendmail/cf/cf/submit.mc b/contrib/sendmail/cf/cf/submit.mc index 2ab5972eb7a9..6177506749d8 100644 --- a/contrib/sendmail/cf/cf/submit.mc +++ b/contrib/sendmail/cf/cf/submit.mc @@ -15,9 +15,12 @@ divert(-1) # divert(0)dnl -VERSIONID(`$Id: submit.mc,v 8.6 2002/03/26 03:30:58 ca Exp $') +VERSIONID(`$Id: submit.mc,v 8.6.2.4 2002/12/29 03:54:34 ca Exp $') define(`confCF_VERSION', `Submit')dnl define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet define(`confTIME_ZONE', `USE_TZ')dnl -FEATURE(`msp')dnl +define(`confDONT_INIT_GROUPS', `True')dnl +dnl +dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1] +FEATURE(`msp', `[127.0.0.1]')dnl diff --git a/contrib/sendmail/cf/feature/local_procmail.m4 b/contrib/sendmail/cf/feature/local_procmail.m4 index 29bb98023e9b..eaf83eab3828 100644 --- a/contrib/sendmail/cf/feature/local_procmail.m4 +++ b/contrib/sendmail/cf/feature/local_procmail.m4 @@ -1,6 +1,6 @@ divert(-1) # -# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers. +# Copyright (c) 1998, 1999, 2002 Sendmail, Inc. and its suppliers. # All rights reserved. # Copyright (c) 1994 Eric P. Allman. All rights reserved. # Copyright (c) 1988, 1993 @@ -13,7 +13,7 @@ divert(-1) # divert(0) -VERSIONID(`$Id: local_procmail.m4,v 8.21 1999/11/18 05:06:23 ca Exp $') +VERSIONID(`$Id: local_procmail.m4,v 8.21.42.1 2002/11/17 04:25:07 ca Exp $') divert(-1) ifdef(`_MAILER_local_', @@ -30,3 +30,7 @@ define(`LOCAL_MAILER_ARGS', ifelse(len(X`'_ARG2_), `1', `procmail -Y -a $h -d $u', _ARG2_)) define(`LOCAL_MAILER_FLAGS', ifelse(len(X`'_ARG3_), `1', `SPfhn9', _ARG3_)) +dnl local_procmail conflicts with local_lmtp but the latter might be +dnl defined in an OS/ file (solaris8). Let's just undefine it. +undefine(`_LOCAL_LMTP_') +undefine(`LOCAL_MAILER_DSN_DIAGNOSTIC_CODE') diff --git a/contrib/sendmail/cf/m4/cfhead.m4 b/contrib/sendmail/cf/m4/cfhead.m4 index f956365fc652..80ab9bd99018 100644 --- a/contrib/sendmail/cf/m4/cfhead.m4 +++ b/contrib/sendmail/cf/m4/cfhead.m4 @@ -16,11 +16,11 @@ ##### ##### SENDMAIL CONFIGURATION FILE ##### -ifdef(`unix', `dnl +ifdef(`__win32__', `dnl', `dnl ifdef(`TEMPFILE', `dnl', `define(`TEMPFILE', maketemp(/tmp/cfXXXXXX))dnl syscmd(sh _CF_DIR_`'sh/makeinfo.sh _CF_DIR_ > TEMPFILE)dnl include(TEMPFILE)dnl -syscmd(rm -f TEMPFILE)dnl')', `dnl') +syscmd(rm -f TEMPFILE)dnl')') ##### ###################################################################### ##### @@ -303,4 +303,4 @@ define(`confMILTER_MACROS_ENVRCPT', ``{rcpt_mailer}, {rcpt_host}, {rcpt_addr}'') divert(0)dnl -VERSIONID(`$Id: cfhead.m4,v 8.108 2002/06/13 18:53:24 ca Exp $') +VERSIONID(`$Id: cfhead.m4,v 8.108.2.1 2002/08/27 20:19:08 gshapiro Exp $') diff --git a/contrib/sendmail/cf/m4/proto.m4 b/contrib/sendmail/cf/m4/proto.m4 index 19a72f7c09c5..b3d81d1af406 100644 --- a/contrib/sendmail/cf/m4/proto.m4 +++ b/contrib/sendmail/cf/m4/proto.m4 @@ -13,7 +13,7 @@ divert(-1) # divert(0) -VERSIONID(`$Id: proto.m4,v 8.649.2.5 2002/08/15 02:39:01 ca Exp $') +VERSIONID(`$Id: proto.m4,v 8.649.2.13 2002/12/04 00:12:18 ca Exp $') # level CF_LEVEL config file format V`'CF_LEVEL/ifdef(`VENDOR_NAME', `VENDOR_NAME', `Berkeley') @@ -205,11 +205,13 @@ ifdef(`_CERT_REGEX_SUBJECT_', `dnl KCERTSubject regex _CERT_REGEX_SUBJECT_', `dnl') ifdef(`LOCAL_RELAY', `dnl -# who I send unqualified names to (null means deliver locally) +# who I send unqualified names to if FEATURE(stickyhost) is used +# (null means deliver locally) DR`'LOCAL_RELAY') ifdef(`MAIL_HUB', `dnl -# who gets all local email traffic ($R has precedence for unqualified names) +# who gets all local email traffic +# ($R has precedence for unqualified names if FEATURE(stickyhost) is used) DH`'MAIL_HUB') # dequoting map @@ -630,9 +632,9 @@ _OPTION(Milter.macros.envfrom, `confMILTER_MACROS_ENVFROM', `') _OPTION(Milter.macros.envrcpt, `confMILTER_MACROS_ENVRCPT', `')') # CA directory -_OPTION(CACERTPath, `confCACERT_PATH', `') +_OPTION(CACertPath, `confCACERT_PATH', `') # CA file -_OPTION(CACERTFile, `confCACERT', `') +_OPTION(CACertFile, `confCACERT', `') # Server Cert _OPTION(ServerCertFile, `confSERVER_CERT', `') # Server private key @@ -1697,6 +1699,9 @@ ifdef(`_ACCESS_TABLE_', `dnl dnl workspace: {client_name} $| {client_addr} R$+ $| $+ $: $>D < $1 > <+ Connect> < $2 > dnl workspace: <{client_addr}> +dnl OR $| $+ if client_name is empty +R $| $+ $: $>A < $1 > <+ Connect> <> empty client_name +dnl workspace: <{client_addr}> R <$+> $: $>A < $1 > <+ Connect> <> no: another lookup dnl workspace: (<>|<{client_addr}>) R <$*> $: OK found nothing @@ -1841,7 +1846,7 @@ dnl accept unqualified sender: change mark to avoid test R$* u $* $| $* $: <_RES_OK_> $3 dnl remove daemon_flags R$* $| $* $: $2 -R $* $: < ? $&{client_name} > $1 +R $* $: < ? $&{client_addr} > $1 R $* $@ <_RES_OK_> ...local unqualed ok R $* $#error $@ 5.5.4 $: "_CODE553 Domain name required for sender address " $&f ...remote is not') @@ -1896,7 +1901,7 @@ R$+ $: $1 R <$+> $: <@> <$1> R $+ $: <@> <$1> R<@> < postmaster > $: postmaster -R<@> < $* @ $+ . $+ > $: < $3 @ $4 . $5 > +R<@> < $* @ $+ . $+ > $: < $1 @ $2 . $3 > dnl prepend daemon_flags R<@> $* $: $&{daemon_flags} $| <@> $1 dnl workspace: ${daemon_flags} $| <@>
@@ -2098,6 +2103,8 @@ SRelay_ok R$* $: $&{client_addr} R$@ $@ RELAY originated locally R0 $@ RELAY originated locally +R127.0.0.1 $@ RELAY originated locally +RIPv6:::1 $@ RELAY originated locally R$=R $* $@ RELAY relayable IP address ifdef(`_ACCESS_TABLE_', `dnl R$* $: $>A <$1> <+ Connect> <$1> @@ -2147,7 +2154,11 @@ R $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{c dnl ${client_resolve} should be OK, so go ahead R$* $: <@> $&{client_name} dnl should not be necessary since it has been done for client_addr already -R<@> $@ RELAY +dnl this rule actually may cause a problem if {client_name} resolves to "" +dnl however, this should not happen since the forward lookup should fail +dnl and {client_resolve} should be TEMP or FAIL. +dnl nevertheless, removing the rule doesn't hurt. +dnl R<@> $@ RELAY dnl workspace: <@> ${client_name} (not empty) # pass to name server to make hostname canonical R<@> $* $=P $: $1 $2 @@ -2180,14 +2191,37 @@ R$* <@ $+ . > $1 <@ $2 > R$* <@ $* > $@ $1 <@ $2 > R$+ $@ $1 <@ $j > +SDelay_TLS_Client +# authenticated? +dnl code repeated here from Basic_check_mail +dnl only called from check_rcpt in delay mode if checkrcpt returns $# +R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL +R$* $| $#$+ $#$2 +dnl return result from checkrcpt +R$* $# $1 + +SDelay_TLS_Client2 +# authenticated? +dnl code repeated here from Basic_check_mail +dnl only called from check_rcpt in delay mode if stopping due to Friend/Hater +R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL +R$* $| $#$+ $#$2 +dnl return result from friend/hater check +R$* $@ $1 + # call all necessary rulesets Scheck_rcpt dnl this test should be in the Basic_check_rcpt ruleset dnl which is the correct DSN code? # R$@ $#error $@ 5.1.3 $: "553 Recipient address required" + R$+ $: $1 $| $>checkrcpt $1 dnl now we can simply stop checks by returning "$# xyz" instead of just "ok" -R$+ $| $#$* $#$2 +dnl on error (or discard) stop now +R$+ $| $#error $* $#error $2 +R$+ $| $#discard $* $#discard $2 +dnl otherwise call tls_client; see above +R$+ $| $#$* $@ $>"Delay_TLS_Client" $2 R$+ $| $* $: $>FullAddr $>CanonAddr $1 ifdef(`_SPAM_FH_', `dnl lookup user@ and user@address @@ -2207,15 +2241,15 @@ dnl', `dnl') ifdef(`_SPAM_FRIEND_', `# is the recipient a spam friend? ifdef(`_SPAM_HATER_', - `errprint(`*** ERROR: define either SpamHater or SpamFriend + `errprint(`*** ERROR: define either Hater or Friend -- not both. ')', `dnl') -R $+ $@ SPAMFRIEND +R $+ $@ $>"Delay_TLS_Client2" SPAMFRIEND R<$*> $+ $: $2', `dnl') ifdef(`_SPAM_HATER_', `# is the recipient no spam hater? R $+ $: $1 spam hater: continue checks -R<$*> $+ $@ NOSPAMHATER everyone else: stop +R<$*> $+ $@ $>"Delay_TLS_Client2" NOSPAMHATER everyone else: stop dnl',`dnl') dnl run further checks: check_mail dnl should we "clean up" $&f? @@ -2685,12 +2719,12 @@ dnl cert subject R $* $| <$+> $@ $>"TLS_req" $1 $| <$2> dnl CS does not match dnl 1 2 3 4 -R $* $| <$-:$+> $#error $@ $4 $: $3 " CERT Subject " $&{cert_subject} " does not match " $1 +R $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Subject " $&{cert_subject} " does not match " $1 dnl match, check rest R $* $| <$+> $@ $>"TLS_req" $1 $| <$2> dnl CI does not match dnl 1 2 3 4 -R $* $| <$-:$+> $#error $@ $4 $: $3 " CERT Issuer " $&{cert_issuer} " does not match " $1 +R $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Issuer " $&{cert_issuer} " does not match " $1 dnl return from recursive call ROK $@ OK @@ -2719,7 +2753,7 @@ SRelayTLS # authenticated? dnl we do not allow relaying for anyone who can present a cert dnl signed by a "trusted" CA. For example, even if we put verisigns -dnl CA in CERTPath so we can authenticate users, we do not allow +dnl CA in CertPath so we can authenticate users, we do not allow dnl them to abuse our server (they might be easier to get hold of, dnl but anyway). dnl so here is the trick: if the verification succeeded diff --git a/contrib/sendmail/cf/m4/version.m4 b/contrib/sendmail/cf/m4/version.m4 index 04757c86e513..40bf18419061 100644 --- a/contrib/sendmail/cf/m4/version.m4 +++ b/contrib/sendmail/cf/m4/version.m4 @@ -11,8 +11,8 @@ divert(-1) # the sendmail distribution. # # -VERSIONID(`$Id: version.m4,v 8.92.2.5 2002/08/24 16:27:23 ca Exp $') +VERSIONID(`$Id: version.m4,v 8.92.2.11 2002/12/28 19:45:55 ca Exp $') # divert(0) # Configuration version number -DZ8.12.6`'ifdef(`confCF_VERSION', `/confCF_VERSION') +DZ8.12.7`'ifdef(`confCF_VERSION', `/confCF_VERSION') diff --git a/contrib/sendmail/cf/sendmail.schema b/contrib/sendmail/cf/sendmail.schema index ebe4c96ac8fc..f16782229f14 100644 --- a/contrib/sendmail/cf/sendmail.schema +++ b/contrib/sendmail/cf/sendmail.schema @@ -5,7 +5,7 @@ # forth in the LICENSE file which can be found at the top level of # the sendmail distribution. # -# $Id: sendmail.schema,v 8.19 2002/06/04 17:31:43 gshapiro Exp $ +# $Id: sendmail.schema,v 8.19.2.1 2002/11/20 23:13:27 gshapiro Exp $ # Note that this schema is experimental at this point as it has had little # public review. Therefore, it may change in future versions. Feedback @@ -134,8 +134,8 @@ objectclass ( 1.3.6.1.4.1.6152.10.3.2.12 attributetype ( 1.3.6.1.4.1.6152.10.3.1.18 NAME 'sendmailMTAAliasGrouping' DESC 'name that identifies a particular aliases grouping' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # attribute sendmailMTAAliasValue cis diff --git a/contrib/sendmail/contrib/cidrexpand b/contrib/sendmail/contrib/cidrexpand index b61fc2e38c6e..67b62c565849 100755 --- a/contrib/sendmail/contrib/cidrexpand +++ b/contrib/sendmail/contrib/cidrexpand @@ -1,6 +1,6 @@ #!/usr/local/bin/perl -w -# v 0.2-very-very-beta +# v 0.2-very-beta # # 17 July 2000 Derek J. Balling (dredd@megacity.org) # @@ -13,10 +13,24 @@ # notation. Caveat: the address portion MUST be the start address or your # results will NOT be what what you want. # +# If you have two overlapping CIDR blocks with conflicting actions +# e.g. 10.2.3.128/25 REJECT and 10.2.3.143 ACCEPT +# make sure that the exceptions to the more general block are specified +# later in the access_db. +# +# the -r flag to makemap will make it "do the right thing" +# +# Modifications +# ------------- +# 5 Nov 2002 Richard Rognlie (richard@sendmail.com) +# Added code to deal with the prefix tags that may now be included in +# the access_db +# +# Added clarification in the notes for what to do if you have +# exceptions to a larger CIDR block. # # usage: -# cidrexpand < /etc/mail/access | makemap hash /etc/mail/access -# +# cidrexpand < /etc/mail/access | makemap -r hash /etc/mail/access # # Report bugs to: dredd@megacity.org # @@ -37,20 +51,20 @@ my $SENDMAIL = 1; while (<>) { - my ($left,$right,$space); + my ($prefix,$left,$right,$space); - if (! /^(\d+\.){3}\d+\/\d\d?$spaceregex.*/ ) + if (! /^(|\S\S*:)(\d+\.){3}\d+\/\d\d?$spaceregex.*/ ) { print; } else { - ($left,$space,$right) = /^((?:\d+\.){3}\d+\/\d\d?)($spaceregex)(.*)$/; + ($prefix,$left,$space,$right) = /^(|\S\S*:)((?:\d+\.){3}\d+\/\d\d?)($spaceregex)(.*)$/; my @new_lefts = expand_network($left); foreach my $nl (@new_lefts) { - print "$nl$space$right\n"; + print "$prefix$nl$space$right\n"; } } @@ -133,5 +147,13 @@ sub calc_changes $second = 255; $first = 2**($power-24) - 1; } + elsif ($mask == 0) + { + $fourth = 255; + $third = 255; + $second = 255; + $first = 255; + } + return ($first,$second,$third,$fourth); } diff --git a/contrib/sendmail/contrib/doublebounce.pl b/contrib/sendmail/contrib/doublebounce.pl index a853ec14f37f..12601d334792 100644 --- a/contrib/sendmail/contrib/doublebounce.pl +++ b/contrib/sendmail/contrib/doublebounce.pl @@ -1,232 +1,225 @@ #!/usr/bin/perl # doublebounce.pl -# attempt to return a doubly-bounced email to a postmaster -# jr@terra.net, 12/4/97 # -# invoke by creating an mail alias such as: -# doublebounce: "|/usr/local/sbin/doublebounce" -# then adding this line to your sendmail.cf: -# O DoubleBounceAddress=doublebounce +# Return a doubly-bounced e-mail to postmaster. Specific to sendmail, +# updated to work on sendmail 8.12.6. # -# optionally, add a "-d" flag in the aliases file, to send a -# debug trace to your own postmaster showing what is going on +# Based on the original doublebounce.pl code by jr@terra.net, 12/4/97. +# Updated by bicknell@ufp.org, 12/4/2002 to understand new sendmail DSN +# bounces. Code cleanup also performed, mainly making things more +# robust. # -# this allows the "postmaster" address to still go to a human being, -# while bounce messages can go to this script, which will bounce them -# back to the postmaster at the sending site. -# -# the algorithm is to scan the double-bounce error report generated -# by sendmail on stdin, for the original message (it starts after the -# second "Orignal message follows" marker), look for From, Sender, and -# Received headers from the point closest to the sender back to the point -# closest to us, and try to deliver a double-bounce report back to a -# postmaster at one of these sites in the hope that they can -# return the message to the original sender, or do something about -# the fact that that sender's return address is not valid. - +# Original intro included below, lines with ## +## attempt to return a doubly-bounced email to a postmaster +## jr@terra.net, 12/4/97 +## +## invoke by creating an mail alias such as: +## doublebounce: "|/usr/local/sbin/doublebounce" +## then adding this line to your sendmail.cf: +## O DoubleBounceAddress=doublebounce +## +## optionally, add a "-d" flag in the aliases file, to send a +## debug trace to your own postmaster showing what is going on +## +## this allows the "postmaster" address to still go to a human being, +## while bounce messages can go to this script, which will bounce them +## back to the postmaster at the sending site. +## +## the algorithm is to scan the double-bounce error report generated +## by sendmail on stdin, for the original message (it starts after the +## second "Orignal message follows" marker), look for From, Sender, and +## Received headers from the point closest to the sender back to the point +## closest to us, and try to deliver a double-bounce report back to a +## postmaster at one of these sites in the hope that they can +## return the message to the original sender, or do something about +## the fact that that sender's return address is not valid. use Socket; - -# look for debug flag -# -$dflag = 0; -$dflag = 1 if ($ARGV[0] eq "-d"); - -# get local host name -# you may need to edit these two lines for however your system does this -# -$host = `hostname`; chop($host); -$domain = `dnsdomainname`; chop($domain); - -# get temp file name -$tmp = "/tmp/doubb$$"; - -# save message from STDIN to a file -# I thought about reading it into a buffer here, but some messages -# are 10+Mb so a buffer may not be a good idea -# -if (! open(MSG, "+> $tmp")) { - # can't open temp file -- send message to local postmaster - # open(MAIL, "| /usr/sbin/sendmail -oeq postmaster"); - print MAIL ; - close(MAIL); - exit(1); -} -print MSG ; - -# scan message for list of possible sender sites -# note that original message appears after the second -# "Original message follows" marker -# look for From, Sender, and Reply-To and try them, too -# -$inhdr = 0; -$hdrs = 0; -$skip = 0; -seek(MSG, 0, 0); -while () { - chop; - if (/^ ----- Original message follows -----$/ - || /^ ----Unsent message follows----$/) { - $i = 0; - $inhdr = 1; - $hdrs++; - $skip = 1; - next; - } - if ($skip) { - $skip--; - next; - } - if (/^$/) { - last if ($hdrs >= 2); - $inhdr = 0; - next; - } - if (! $inhdr) { - next; - } - if (! /^[ \t]/) { $hdr[$i++] = $_ } - else { - $i--; - $hdr[$i++] .= $_; - } -} -$rcvd = 0; -for ($j = 0; $j < $i; $j++) { - print STDERR "DEBUG hdr[$j] = $hdr[$j]\n"; - if ($hdr[$j] =~ /^received:/i) { - ($addr[$rcvd++]) = $hdr[$j] =~ m/.*\sby\s([^\s]+)\s.*/; - } - if ($hdr[$j] =~ /^reply-to:/i) { - ($addr1{"reply-to"} = $hdr[$j]) =~ s/^reply-to: *//i; - } - if ($hdr[$j] =~ /^sender:/i) { - ($addr1{"sender"} = $hdr[$j]) =~ s/^sender: *//i; - } - if ($hdr[$j] =~ /^from:/i) { - ($addr1{"from"} = $hdr[$j]) =~ s/^from: *//i; - } -} - -# %addr and %addr1 arrays now contain lists of possible sites (or From headers). -# Go through them parsing for the site name, and attempting to send -# to the named person or postmaster@ each site in turn until successful -# -if ($dflag) { - open(DEBUG, "|/usr/sbin/sendmail postmaster"); - print DEBUG "Subject: double bounce dialog\n"; -} -$sent = 0; -# foreach $x ("from", "sender", "reply-to") { -foreach $x ("from", "sender") { - $y = &parseaddr($addr1{$x}); - if ($y) { - print DEBUG "Trying $y\n" if ($dflag); - if (&sendbounce("$y")) { - $sent++; - last; - } - $y =~ s/.*@//; - print DEBUG "Trying postmaster\@$y\n" if ($dflag); - if (&sendbounce("postmaster\@$y")) { - $sent++; - last; - } - } -} -if (! $sent) { - $rcvd--; - for ($i = $rcvd; $i >= 0; $i--) { - $y = &parseaddr($addr[$i]); - $y =~ s/.*@//; - if ($y) { - print DEBUG "Trying postmaster\@$y\n" if ($dflag); - if (&sendbounce("postmaster\@$y")) { - $sent++; - last; - } - } - } -} -if (! $sent) { - # queer things are happening to me - # $addr[0] should be own domain, so we should have just - # tried postmaster@our.domain. theoretically, we should - # not get here... - if ($dflag) { - print DEBUG "queer things are happening to me\n"; - print DEBUG "Trying postmaster\n"; - } - &sendbounce("postmaster"); -} - -# clean up and get out -# -if ($dflag) { - seek(MSG, 0, 0); - print DEBUG "\n---\n"; print DEBUG ; - close(DEBUG); -} -close(MSG); -unlink("$tmp"); -exit(0); - - - - +use Getopt::Std; +use POSIX; +use Sys::Syslog qw(:DEFAULT setlogsock); +use strict; +use vars qw( $opt_d $tmpfile); # parseaddr() # parse hostname from From: header # sub parseaddr { - local($hdr) = @_; - local($addr); + my($hdr) = @_; + my($addr); - if ($hdr =~ /<.*>/) { - ($addr) = $hdr =~ m/<(.*)>/; - return $addr; - } - if ($addr =~ /\s*\(/) { - ($addr) = $hdr =~ m/\s*(.*)\s*\(/; - return $addr; - } - ($addr) = $hdr =~ m/\s*(.*)\s*/; - return $addr; + if ($hdr =~ /<.*>/) { + ($addr) = $hdr =~ m/<(.*)>/; + $addr =~ s/.*\@//; + return $addr; + } + if ($addr =~ /\s*\(/) { + ($addr) = $hdr =~ m/\s*(.*)\s*\(/; + $addr =~ s/.*\@//; + return $addr; + } + ($addr) = $hdr =~ m/\s*(.*)\s*/; + $addr =~ s/.*\@//; + return $addr; } - # sendbounce() # send bounce to postmaster # # this re-invokes sendmail in immediate and quiet mode to try # to deliver to a postmaster. sendmail's exit status tells us -# wether the delivery attempt really was successful. +# whether the delivery attempt really was successful. # -sub sendbounce { - local($dest) = @_; - local($st); +sub send_bounce { + my($addr, $from) = @_; + my($st); + my($result); - open(MAIL, "| /usr/sbin/sendmail -ocn -odi -oeq $dest"); - print MAIL < + my($dest) = "postmaster\@" . parseaddr($addr); + + if ($opt_d) { + syslog ('info', "Attempting to send to user $dest"); + } + open(MAIL, "| /usr/sbin/sendmail -oeq $dest"); + print MAIL < Subject: Postmaster notify: double bounce -Reply-To: nobody\@$domain -Errors-To: nobody\@$domain +Reply-To: nobody +Errors-To: nobody Precedence: junk Auto-Submitted: auto-generated (postmaster notification) -The following message was received at $host.$domain for an invalid -recipient. The sender's address was also invalid. Since the message -originated at or transited through your mailer, this notification is being -sent to you in the hope that you will determine the real originator and -have them correct their From or Sender address. +The following message was received for an invalid recipient. The +sender's address was also invalid. Since the message originated +at or transited through your mailer, this notification is being +sent to you in the hope that you will determine the real originator +and have them correct their From or Sender address. -The invalid sender address was: $addr1{"from"}. +The from header on the original e-mail was: $from. - ----- The following is a double bounce at $host.$domain ----- + ----- The following is a double bounce ----- EOT - seek(MSG, 0, 0); - print MAIL ; - return close(MAIL); + + open(MSG, "<$tmpfile"); + print MAIL ; + close(MSG); + $result = close(MAIL); + if ($result) { + syslog('info', 'doublebounce successfully sent to %s', $dest); + } + return $result; } + +sub main { + # Get our command line options + getopts('d'); + + # Set up syslog + setlogsock('unix'); + openlog('doublebounce', 'pid', 'mail'); + + if ($opt_d) { + syslog('info', 'Processing a doublebounce.'); + } + + # The bounced e-mail may be large, so we'd better not try to buffer + # it in memory, get a temporary file. + $tmpfile = POSIX::tmpnam(); + + if (!open(MSG, ">$tmpfile")) { + syslog('err', "Unable to open temporary file $tmpfile"); + exit(75); # 75 is a temporary failure, sendmail should retry + } + print(MSG ); + close(MSG); + if (!open(MSG, "<$tmpfile")) { + syslog('err', "Unable to reopen temporary file $tmpfile"); + exit(74); # 74 is an IO error + } + + # Ok, now we can get down to business, find the original message + my($skip_lines, $in_header, $headers_found, @addresses); + $skip_lines = 0; + $in_header = 0; + $headers_found = 0; + while () { + if ($skip_lines > 0) { + $skip_lines--; + next; + } + chomp; + # Starting message depends on your version of sendmail + if (/^ ----- Original message follows -----$/ || + /^ ----Unsent message follows----$/ || + /^Content-Type: message\/rfc822$/) { + # Found the original message + $skip_lines++; + $in_header = 1; + $headers_found++; + next; + } + if (/^$/) { + if ($headers_found >= 2) { + # We only process two deep, even if there are more + last; + } + if ($in_header) { + # We've found the end of a header, scan for the next one + $in_header = 0; + } + next; + } + if ($in_header) { + if (! /^[ \t]/) { + # New Header + if (/^(received): (.*)/i || + /^(reply-to): (.*)/i || + /^(sender): (.*)/i || + /^(from): (.*)/i ) { + $addresses[$headers_found]{$1} = $2; + } + next; + } else { + # continuation header + # we should really process these, but we don't yet + next; + } + } else { + # Nothing to do if we're not in a header + next; + } + } + close(MSG); + + # Start with the original (inner) sender + my($addr, $sent); + foreach $addr (keys %{$addresses[2]}) { + if ($opt_d) { + syslog('info', "Trying to send to $addresses[2]{$addr} - $addresses[2]{\"From\"}"); + } + $sent = send_bounce($addresses[2]{$addr}, $addresses[2]{"From"}); + last if $sent; + } + if (!$sent && $opt_d) { + if ($opt_d) { + syslog('info', 'Unable to find original sender, falling back.'); + } + foreach $addr (keys %{$addresses[1]}) { + if ($opt_d) { + syslog('info', "Trying to send to $addresses[2]{$addr} - $addresses[2]{\"From\"}"); + } + $sent = send_bounce($addresses[1]{$addr}, $addresses[2]{"From"}); + last if $sent; + } + if (!$sent) { + syslog('info', 'Unable to find anyone to send a doublebounce notification'); + } + } + + unlink($tmpfile); +} + +main(); +exit(0); + diff --git a/contrib/sendmail/doc/op/op.me b/contrib/sendmail/doc/op/op.me index b353696cfa7b..be3340de2f38 100644 --- a/contrib/sendmail/doc/op/op.me +++ b/contrib/sendmail/doc/op/op.me @@ -9,7 +9,7 @@ .\" the sendmail distribution. .\" .\" -.\" $Id: op.me,v 8.609.2.5 2002/08/04 19:12:07 ca Exp $ +.\" $Id: op.me,v 8.609.2.17 2002/12/18 22:50:15 ca Exp $ .\" .\" eqn op.me | pic | troff -me .\" @@ -20,6 +20,8 @@ .\" Define \(dg as "*" for text output and create a new .DG macro .\" which describes the symbol. .\" +.if n .ds { [ +.if n .ds } ] .ie !c \(dg \{\ .char \(dg * .de DG @@ -88,7 +90,7 @@ Sendmail, Inc. .de Ve Version \\$2 .. -.Ve $Revision: 8.609.2.5 $ +.Ve $Revision: 8.609.2.17 $ .rm Ve .sp For Sendmail Version 8.12 @@ -817,7 +819,7 @@ file. The permissions of the alias file and the database versions should be 0640 to prevent local denial of service attacks as explained in the top level -.b README +.b README in the sendmail distribution. If the permissions 0640 are used, be sure that only trusted users belong to the group assigned to those files. Otherwise, files should not even @@ -986,7 +988,7 @@ uses the permissions of that file to prevent local denial of service attacks as explained in the top level -.b README +.b README in the sendmail distribution. If the file already exists, then it might be necessary to change the permissions accordingly, e.g., @@ -997,7 +999,7 @@ chmod 0600 /var/run/sendmail.pid .pp To prevent local denial of service attacks as explained in the top level -.b README +.b README in the sendmail distribution, the permissions of map files created by .i makemap @@ -1008,7 +1010,7 @@ If those files already exist, then it might be necessary to change the permissions accordingly, e.g., .(b cd /etc/mail -chmod 0640 *.db *.pag *.dir +chmod 0640 *.db *.pag *.dir .)b .sh 1 "NORMAL OPERATIONS" .sh 2 "The System Log" @@ -1065,10 +1067,10 @@ The number of envelope recipients for this message The message id of the message (from the header). .ip proto The protocol used to receive this message (e.g., ESMTP or UUCP) -.ip daemon -The daemon name from the -.b DaemonPortOptions -setting. +.ip daemon +The daemon name from the +.b DaemonPortOptions +setting. .ip relay The machine from which it was received. .lp @@ -1165,6 +1167,10 @@ option divided by the difference in the current load average and the option plus one is less than the priority of the message, messages are queued rather than immediately delivered. +.bu +One or more addresses are marked as expensive and delivery is postponed +until the next queue run or one or more address are marked as held via +mailer which uses the hold mailer flag. .sh 3 "Queue Groups and Queue Directories" .pp There are one or more mail queues. @@ -1363,7 +1369,7 @@ You can also specify the moved queue directory on the command line .(b /usr/\*(SD/sendmail \-oQ/var/spool/omqueue \-q .)b -but this requires that you do not have +but this requires that you do not have queue groups in the configuration file, because those are not subdirectories of the moved directory. See the section about "Queue Group Declaration" for details; @@ -2021,6 +2027,7 @@ limits the run to particular senders, limits it to particular queue identifiers, and .q \-qGstring limits it to a particular queue group. +The named queue group will be run even if it is set to have 0 runners. You may also place an .b ! before the @@ -2052,6 +2059,16 @@ i.e., they print out so much information that you wouldn't normally want to see them except for debugging that particular piece of code. .pp +You should +.b never +run a production sendmail server in debug mode. +Many of the debug flags will result in debug output being sent over the +SMTP channel. +This will confuse many mail programs. +However, for testing purposes, it can be useful +when sending mail manually via +telnet to the port you are using while debugging. +.pp A debug category is either an integer, like 42, or a name, like ANSI. You can specify a range of numeric debug categories @@ -3009,7 +3026,7 @@ alias files, and external databases) must be readable by that user. Also, since sendmail will not be able to change it's uid, -delivery to programs or files will be marked as unsafe, +delivery to programs or files will be marked as unsafe, e.g., undeliverable, in .i \&.forward , @@ -3022,6 +3039,12 @@ option to the setting .b RunAsUser is probably best suited for firewall configurations that don't have regular user logins. +If the option is used on a system which performs local delivery, +then the local delivery agent must have the proper permissions +(i.e., usually set-user-ID root) +since it will be invoked by the +.b RunAsUser , +not by root. .sh 3 "Turning off security checks" .pp .i Sendmail @@ -3334,7 +3357,7 @@ this turns off MX matching when canonifying names, which can lead to inappropriate canonifications. Use .q WorkAroundBrokenAAAA -when faced with a a broken nameservers that returns SERVFAIL +when faced with a broken nameserver that returns SERVFAIL (a temporary failure) on T_AAAA (IPv6) lookups during hostname canonification. @@ -4033,6 +4056,11 @@ where .b $| is a metacharacter separating the two parts. This ruleset can reject connections from various locations. +Note that it only checks the connecting SMTP client IP address and hostname. +It does not check for third party message relaying. +The +.i check_rcpt +ruleset discussed below usually does third party message relay checking. .sh 4 "check_mail" .pp The @@ -4215,7 +4243,8 @@ how this ruleset can be used. .pp The .i srv_features -ruleset is called when a client connects to sendmail. +ruleset is called with the connecting client's host name +when a client connects to sendmail. This ruleset should return .b $# followed by a list of options (single characters @@ -4650,7 +4679,7 @@ FORGED forward lookup doesn't match reverse lookup TEMP temporary lookup failure .)b Defined in the SMTP server only. -.i sendmail +.i sendmail performs a hostname lookup on the IP address of the connecting client. Next the IP addresses of that hostname are looked up. If the client IP address does not appear in that list, @@ -4755,6 +4784,8 @@ O SmtpGreetingMessage=$?{if_name}${if_name}$|$j$. MTA .)b .ip ${if_name_out} The name of the interface of an outgoing connection. +.ip ${load_avg} +The current load average. .ip ${mail_addr} The address part of the resolved triple of the address given for the .sm "SMTP MAIL" @@ -4775,7 +4806,7 @@ The value of the SIZE= parameter, i.e., usually the size of the message (in an ESMTP dialogue), before the message has been collected, thereafter the message size as computed by -.i sendmail +.i sendmail (and can be used in check_compat). .ip ${nrcpts} The number of validated recipients for a single message. @@ -6055,9 +6086,9 @@ where .i class \c .b : is optional and defaults to ``implicit''. -Note that +Note that .i info -is required for all +is required for all .i class es except .q ldap . @@ -6176,7 +6207,8 @@ d don't permit mechanisms susceptible to passive f require forward secrecy between sessions (breaking one won't help break next). p don't permit mechanisms susceptible to simple - passive attack (e.g., PLAIN, LOGIN). + passive attack (e.g., PLAIN, LOGIN), unless a + security layer is active. y don't permit mechanisms that allow anonymous login. .)b The first option applies to sendmail as a client, the others to a server. @@ -6185,7 +6217,7 @@ Example: O AuthOptions=p,y .)b would disallow ANONYMOUS as AUTH mechanism and would -allow PLAIN only if a security layer (e.g., +allow PLAIN and LOGIN only if a security layer (e.g., provided by STARTTLS) is already active. The options 'a', 'c', 'd', 'f', 'p', and 'y' refer to properties of the selected SASL mechanisms. @@ -6200,12 +6232,12 @@ Set the blank substitution character to .i c . Unquoted spaces in addresses are replaced by this character. Defaults to space (i.e., no change is made). -.ip CACERTPath +.ip CACertPath [no short name] Path to directory with certificates of CAs. This directory directory must contain the hashes of each CA certificate as filenames (or as links to them). -.ip CACERTFile +.ip CACertFile [no short name] File containing one or more CA certificates; see section about STARTTLS for more information. @@ -6376,7 +6408,9 @@ can ignore this option. .ip DaemonPortOptions=\fIoptions\fP [O] Set server SMTP options. -Each instance of DaemonPortOptions leads to an additional incoming socket. +Each instance of +.b DaemonPortOptions +leads to an additional incoming socket. The options are .i key=value pairs. @@ -6394,16 +6428,18 @@ RcvBufSize Size of TCP receive buffer .)b The .i Name -field is used for error messages and logging. +key is used for error messages and logging. The .i Addr ess mask may be a numeric address in dot notation or a network name. -The +The .i Family key defaults to INET (IPv4). IPv6 users who wish to also accept IPv6 connections -should add additional Family=inet6 DaemonPortOptions lines. +should add additional Family=inet6 +.b DaemonPortOptions +lines. .i Modifier can be a sequence (without any delimiters) of the following characters: @@ -6460,8 +6496,9 @@ This will also override possible settings via Note, .i sendmail will listen on a new socket -for each occurence of the DaemonPortOptions option -in a configuration file. +for each occurence of the +.b DaemonPortOptions +option in a configuration file. The modifier ``O'' causes sendmail to ignore a socket if it can't be opened. This applies to failures from the socket(2) and bind(2) calls. @@ -6473,7 +6510,7 @@ the password (plain text), the realm and the list of mechanisms to use on separate lines and must be readable by root (or the trusted user) only. If no realm is specified, -.b $j +.b $j is used. If no mechanisms are specified, the list given by .b AuthMechanisms @@ -6599,7 +6636,7 @@ Z flag set. .ip DirectSubmissionModifiers=\fImodifiers\fP Defines .b ${daemon_flags} -for direct (command line) submissions. +for direct (command line) submissions. If not set, .b ${daemon_flags} is either "CC f" if the option @@ -7458,7 +7495,7 @@ However, this means that all and .q :include: files must be readable by the indicated -.i user +.i user and all files to be written must be writable by .i user Also, all file and program deliveries will be marked unsafe @@ -7822,7 +7859,7 @@ but most will cause to relinquish its set-user-ID permissions. The options that will not cause this are SevenBitInput [7], -EightBitMode [8], +EightBitMode [8], MinFreeBlocks [b], CheckpointInterval [C], DeliveryMode [d], @@ -8196,7 +8233,7 @@ Note that, by default, if a single query matches multiple values, only the first value will be returned -unless the +unless the .b \-z (value separator) map flag is set. @@ -8378,7 +8415,7 @@ to select the substrings in the result of the lookup. For example, -s1,3,4 .)b Notes: to match a -.b $ +.b $ in a string, \\$$ must be used. @@ -8413,9 +8450,9 @@ Kstorage macro # set macro ${MyMacro} to the ruleset match R$+ $: $(storage {MyMacro} $@ $1 $) $1 # set macro ${MyMacro} to an empty string -R$* $: $(storage {MyMacro} $@ $) $1 +R$* $: $(storage {MyMacro} $@ $) $1 # clear macro ${MyMacro} -R$\- $: $(storage {MyMacro} $) $1 +R$\- $: $(storage {MyMacro} $) $1 .)b .ip arith Perform simple arithmetic operations. @@ -8744,6 +8781,9 @@ The time between two queue runs. The queue directory of the group (required). .ip Runners The number of parallel runners processing the queue. +Note that +.b F=f +must be set if this value is greater than one. .ip Jobs The maximum number of jobs (messages delivered) per queue run. .ip recipients @@ -8757,7 +8797,7 @@ Only the first character of the field name is checked. By default, a queue group named .i mqueue is defined that uses the value of the -.i QueueDirectory +.i QueueDirectory option as path. Notice: all paths that are used for queue groups must be subdirectories of @@ -8934,9 +8974,9 @@ Note the separator between each timeout field is a .b ';' . The default values (if not set) are: .b T=C:5m;S:10s;R:10s;E:5m -where +where .b s -is seconds and +is seconds and .b m is minutes. .pp @@ -9306,7 +9346,9 @@ if your system doesn't support the Internet protocols. .ip NETINET6\(dg If set, support for IPv6 networking is compiled in. -It must be separately enabled by adding DaemonPortOptions settings. +It must be separately enabled by adding +.b DaemonPortOptions +settings. .ip NETISO\(dg If set, support for ISO protocol networking is compiled in @@ -9897,11 +9939,11 @@ When acting as a server, requires X.509 certificates to support STARTTLS: one as certificate for the server (ServerCertFile and corresponding private ServerKeyFile) -at least one root CA (CACERTFile), +at least one root CA (CACertFile), i.e., a certificate that is used to sign other certificates, -and a path to a directory which contains other CAs (CACERTPath). +and a path to a directory which contains other CAs (CACertPath). The file specified via -CACERTFile +CACertFile can contain several certificates of CAs. The DNs of these certificates are sent to the client during the TLS handshake (as part of the @@ -9914,7 +9956,7 @@ sslv3 alert illegal parameter:s3_pkt.c:964:SSL alert number 47 .)b You should probably put only the CA cert into that file that signed your own cert(s), or at least only those you trust. -The CACERTPath directory must contain the hashes of each CA certificate +The CACertPath directory must contain the hashes of each CA certificate as filenames (or as links to them). Symbolic links can be generated with the following two (Bourne) shell commands: @@ -9935,6 +9977,27 @@ To allow for automatic startup of sendmail, private keys must be stored unencrypted. The keys are only protected by the permissions of the file system. Never make a private key available to a third party. +.sh 3 "Encoding of STARTTLS related Macros" +.pp +Macros that contain STARTTLS related data which comes from outside +sources, e.g., all macros containing information from certificates, +are encoded to avoid problems with non-printable or special characters. +The latter are '<', '>', '(', ')', '"', '+', and ' '. +All of these characters are replaced by their value in hexadecimal +with a leading '+'. +For example: +.(b +/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/ +Email=darth+cert@endmail.org +.)b +is encoded as: +.(b +/C=US/ST=California/O=endmail.org/OU=private/ +CN=Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org +.)b +(line breaks have been inserted for readability). +The macros which are subject to this encoding are +{cert_subject}, {cert_issuer}, {cn_subject}, and {cn_issuer}. .sh 3 "PRNG for STARTTLS" .pp STARTTLS requires a strong pseudo random number generator (PRNG) @@ -9952,7 +10015,7 @@ It is advised to use the "Entropy Gathering Daemon" EGD from Brian Warner on those systems to provide useful random data. In this case, -.i sendmail +.i sendmail must be compiled with the flag EGD, and the RandFile option must point to the EGD socket. If neither @@ -9961,7 +10024,7 @@ nor EGD are available, you have to make sure that useful random data is available all the time in RandFile. If the file hasn't been modified in the last 10 minutes before it is supposed to be used by -.i sendmail +.i sendmail the content is considered obsolete. One method for generating this file is: .(b @@ -10156,7 +10219,7 @@ throws away the message with an error. Sets the identifier used for syslog. Note that this identifier is set as early as possible. -However, +However, .i sendmail may be used if problems arise @@ -10337,7 +10400,7 @@ running as daemon. This appendix describes the format of the queue files. These files live in a queue directory. The individual qf, df, and xf files -may be stored in separate +may be stored in separate .i qf/ , .i df/ , and @@ -10691,7 +10754,7 @@ replace it with a blank sheet for double-sided output. .\".sz 10 .\"Eric Allman .\".sp -.\"Version $Revision: 8.609.2.5 $ +.\"Version $Revision: 8.609.2.17 $ .\".ce 0 .bp 3 .ce diff --git a/contrib/sendmail/include/libmilter/mfapi.h b/contrib/sendmail/include/libmilter/mfapi.h index c36a38c7f9ef..6d79030fc795 100644 --- a/contrib/sendmail/include/libmilter/mfapi.h +++ b/contrib/sendmail/include/libmilter/mfapi.h @@ -7,7 +7,7 @@ * the sendmail distribution. * * - * $Id: mfapi.h,v 8.44 2002/06/04 05:06:40 gshapiro Exp $ + * $Id: mfapi.h,v 8.44.2.3 2002/12/19 02:10:09 ca Exp $ */ /* @@ -18,6 +18,7 @@ # define _LIBMILTER_MFAPI_H 1 # include + # include # include "libmilter/mfdef.h" @@ -441,4 +442,4 @@ LIBMILTER_API int smfi_setpriv __P((SMFICTX *, void *)); LIBMILTER_API void *smfi_getpriv __P((SMFICTX *)); -#endif /* !_LIBMILTER_MFAPI_H */ +#endif /* ! _LIBMILTER_MFAPI_H */ diff --git a/contrib/sendmail/include/libmilter/mfdef.h b/contrib/sendmail/include/libmilter/mfdef.h index 649e98d4c694..ab543e826ca2 100644 --- a/contrib/sendmail/include/libmilter/mfdef.h +++ b/contrib/sendmail/include/libmilter/mfdef.h @@ -7,7 +7,7 @@ * the sendmail distribution. * * - * $Id: mfdef.h,v 8.11 2001/09/12 18:02:19 gshapiro Exp $ + * $Id: mfdef.h,v 8.11.2.1 2002/11/11 23:22:28 ca Exp $ */ /* @@ -62,6 +62,9 @@ # define SMFIR_PROGRESS 'p' /* progress */ # define SMFIR_REJECT 'r' /* reject */ # define SMFIR_TEMPFAIL 't' /* tempfail */ +# if _FFR_MILTER_421 +# define SMFIR_SHUTDOWN '4' /* 421: shutdown (internal to MTA) */ +# endif /* _FFR_MILTER_421 */ # define SMFIR_ADDHEADER 'h' /* add header */ # define SMFIR_REPLYCODE 'y' /* reply code etc */ # if _FFR_QUARANTINE diff --git a/contrib/sendmail/include/libmilter/milter.h b/contrib/sendmail/include/libmilter/milter.h index d9378faf5c25..9d0d35d761ba 100644 --- a/contrib/sendmail/include/libmilter/milter.h +++ b/contrib/sendmail/include/libmilter/milter.h @@ -7,7 +7,7 @@ * the sendmail distribution. * * - * $Id: milter.h,v 8.37 2002/03/22 19:32:48 ca Exp $ + * $Id: milter.h,v 8.37.2.1 2002/12/19 02:10:09 ca Exp $ */ /* @@ -52,4 +52,4 @@ struct smfi_str void *ctx_privdata; /* private data */ }; -#endif /* !_LIBMILTER_MILTER_H */ +#endif /* ! _LIBMILTER_MILTER_H */ diff --git a/contrib/sendmail/include/libsmdb/smdb.h b/contrib/sendmail/include/libsmdb/smdb.h index 0c7f97dba72f..c891ea56d0e4 100644 --- a/contrib/sendmail/include/libsmdb/smdb.h +++ b/contrib/sendmail/include/libsmdb/smdb.h @@ -6,7 +6,7 @@ * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * - * $Id: smdb.h,v 8.40 2002/05/24 23:20:14 gshapiro Exp $ + * $Id: smdb.h,v 8.40.2.1 2002/10/05 17:04:51 ca Exp $ * */ @@ -23,10 +23,7 @@ # endif /* NDBM */ # ifdef NEWDB -# include -# ifndef DB_VERSION_MAJOR -# define DB_VERSION_MAJOR 1 -# endif /* ! DB_VERSION_MAJOR */ +# include "sm/bdb.h" # endif /* NEWDB */ /* diff --git a/contrib/sendmail/include/sm/bdb.h b/contrib/sendmail/include/sm/bdb.h new file mode 100644 index 000000000000..34b6f7bb4dcf --- /dev/null +++ b/contrib/sendmail/include/sm/bdb.h @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2002 Sendmail, Inc. and its suppliers. + * All rights reserved. + * + * By using this file, you agree to the terms and conditions set + * forth in the LICENSE file which can be found at the top level of + * the sendmail distribution. + * + * + * $Id: bdb.h,v 1.1.2.3 2002/12/05 05:07:44 ca Exp $ + */ + +#ifndef SM_BDB_H +#define SM_BDB_H + +#if NEWDB +# include +# ifndef DB_VERSION_MAJOR +# define DB_VERSION_MAJOR 1 +# endif /* ! DB_VERSION_MAJOR */ + +# if DB_VERSION_MAJOR >= 4 && DB_VERSION_MINOR >= 1 + +# define DBTXN NULL , + +/* +** Always turn on DB_FCNTL_LOCKING for DB 4.1.x since its +** "workaround" for accepting an empty (locked) file depends on +** this flag. Notice: this requires 4.1.24 + patch (which should be +** part of 4.1.25). +*/ + +# define SM_DB_FLAG_ADD(flag) (flag) |= DB_FCNTL_LOCKING + +# else /* DB_VERSION_MAJOR >= 4 && DB_VERSION_MINOR >= 1 */ + +# define DBTXN +# if !HASFLOCK +# define SM_DB_FLAG_ADD(flag) (flag) |= DB_FCNTL_LOCKING +# else /* !HASFLOCK */ +# define SM_DB_FLAG_ADD(flag) ((void) 0) +# endif /* !HASFLOCK */ + +# endif /* DB_VERSION_MAJOR >= 4 && DB_VERSION_MINOR >= 1 */ +#endif /* NEWDB */ + +#endif /* ! SM_BDB_H */ diff --git a/contrib/sendmail/include/sm/conf.h b/contrib/sendmail/include/sm/conf.h index f1549225a2b9..c76ab0f0c5ba 100644 --- a/contrib/sendmail/include/sm/conf.h +++ b/contrib/sendmail/include/sm/conf.h @@ -10,7 +10,7 @@ * the sendmail distribution. * * - * $Id: conf.h,v 1.90.2.4 2002/08/26 22:58:37 gshapiro Exp $ + * $Id: conf.h,v 1.90.2.13 2002/12/10 03:08:56 ca Exp $ */ /* @@ -288,6 +288,10 @@ typedef int pid_t; # define SFS_TYPE SFS_4ARGS /* four argument statfs() call */ # define SFS_BAVAIL f_bfree /* alternate field name */ # define SYSLOG_BUFSIZE 512 +# if defined(_SC_NPROC_ONLN) && !defined(_SC_NPROCESSORS_ONLN) + /* _SC_NPROC_ONLN is 'mpadmin -u', total # of unrestricted processors */ +# define _SC_NPROCESSORS_ONLN _SC_NPROC_ONLN +# endif /* if defined(_SC_NPROC_ONLN) && !defined(_SC_NPROCESSORS_ONLN) */ # ifdef IRIX6 # define STAT64 1 # define QUAD_T unsigned long long @@ -698,42 +702,45 @@ typedef int pid_t; # endif /* NeXT */ /* -** Apple Rhapsody -** Contributed by Wilfredo Sanchez +** Apple Darwin (aka Rhapsody) ** -** Also used for Apple Darwin support. +** Contributed by Wilfredo Sanchez */ # if defined(DARWIN) -# define HASFCHMOD 1 /* has fchmod(2) syscall */ -# define HASFLOCK 1 /* has flock(2) syscall */ -# define HASUNAME 1 /* has uname(2) syscall */ -# define HASUNSETENV 1 -# define HASSETSID 1 /* has the setsid(2) POSIX syscall */ -# define HASINITGROUPS 1 -# define HASSETVBUF 1 -# define HASSETREUID 0 -# define HASSETEUID 1 -# define USESETEUID 1 /* has usable seteuid(2) call */ -# define HASLSTAT 1 -# define HASSETRLIMIT 1 -# define HASWAITPID 1 -# define HASSTRERROR 1 /* has strerror(3) */ -# define HASGETDTABLESIZE 1 -# define HASGETUSERSHELL 1 -# define HAS_IN_H 1 -# define SM_CONF_GETOPT 0 /* need a replacement for getopt(3) */ -# define BSD4_4_SOCKADDR /* has sa_len */ -# define NETLINK 1 /* supports AF_LINK */ -# define HAS_ST_GEN 1 /* has st_gen field in stat struct */ -# define GIDSET_T gid_t -# define LA_TYPE LA_SUBR /* use getloadavg(3) */ -# define SFS_TYPE SFS_MOUNT /* use statfs() impl */ -# define SPT_TYPE SPT_PSSTRINGS -# define SPT_PADCHAR '\0' /* pad process title with nulls */ -# define ERRLIST_PREDEFINED /* don't declare sys_errlist */ +# define HASFCHMOD 1 /* has fchmod(2) */ +# define HASFCHOWN 1 /* has fchown(2) */ +# define HASFLOCK 1 /* has flock(2) */ +# define HASUNAME 1 /* has uname(2) */ +# define HASUNSETENV 1 /* has unsetenv(3) */ +# define HASSETSID 1 /* has the setsid(2) */ +# define HASINITGROUPS 1 /* has initgroups(3) */ +# define HASSETVBUF 1 /* has setvbuf (3) */ +# define HASSETREUID 0 /* setreuid(2) unusable */ +# define HASSETEUID 1 /* has seteuid(2) */ +# define USESETEUID 1 /* has seteuid(2) */ +# define HASSETEGID 1 /* has setegid(2) */ +# define HASSETREGID 1 /* has setregid(2) */ +# define HASSETRESGID 0 /* no setresgid(2) */ +# define HASLSTAT 1 /* has lstat(2) */ +# define HASSETRLIMIT 1 /* has setrlimit(2) */ +# define HASWAITPID 1 /* has waitpid(2) */ +# define HASGETDTABLESIZE 1 /* has getdtablesize(2) */ +# define HAS_ST_GEN 1 /* has st_gen field in struct stat */ +# define HASURANDOMDEV 1 /* has urandom(4) */ +# define HASSTRERROR 1 /* has strerror(3) */ +# define HASGETUSERSHELL 1 /* had getusershell(3) */ +# define GIDSET_T gid_t /* getgroups(2) takes gid_t */ +# define LA_TYPE LA_SUBR /* use getloadavg(3) */ +# define SFS_TYPE SFS_MOUNT /* use statfs() impl */ +# define SPT_TYPE SPT_PSSTRINGS /* use magic PS_STRINGS pointer for setproctitle */ +# define ERRLIST_PREDEFINED /* don't declare sys_errlist */ +# define BSD4_4_SOCKADDR /* struct sockaddr has sa_len */ +# define SAFENFSPATHCONF 0 /* unverified: pathconf(2) doesn't work on NFS */ +# define HAS_IN_H 1 +# define NETLINK 1 /* supports AF_LINK */ # ifndef NOT_SENDMAIL -# define sleep sleepX +# define sleep sleepX extern unsigned int sleepX __P((unsigned int seconds)); # endif /* ! NOT_SENDMAIL */ # endif /* defined(DARWIN) */ @@ -1300,10 +1307,6 @@ extern void *malloc(); ** Florian La Roche ** Karl London ** -** Last compiled against: [07/21/98 @ 11:47:34 AM (Tuesday)] -** sendmail 8.9.1 bind-8.1.2 db-2.4.14 -** gcc-2.8.1 glibc-2.0.94 linux-2.1.109 -** ** NOTE: Override HASFLOCK as you will but, as of 1.99.6, mixed-style ** file locking is no longer allowed. In particular, make sure ** your DBM library and sendmail are both using either flock(2) @@ -1323,7 +1326,6 @@ extern void *malloc(); # ifndef USESETEUID # define USESETEUID 0 /* has it due to POSIX, but doesn't work */ # endif /* USESETEUID */ -# define SM_CONF_GETOPT 0 /* need a replacement for getopt(3) */ # define HASUNAME 1 /* use System V uname(2) system call */ # define HASUNSETENV 1 /* has unsetenv(3) call */ # define ERRLIST_PREDEFINED /* don't declare sys_errlist */ @@ -2216,6 +2218,26 @@ typedef struct msgb mblk_t; # define _PATH_SENDMAILPID "/var/run/sendmail.pid" # endif /* MOTO */ +/* +** Interix +** Contributed by Nedelcho Stanev +** +** Used for Interix support. +*/ + +# if defined(__INTERIX) +# define HASURANDOMDEV 1 +# define HASGETUSERSHELL 0 +# define HASSTRERROR 1 +# define HASUNSETENV 1 +# define HASFCHOWN 1 +# undef HAVE_SYS_ERRLIST +# define sys_errlist __sys_errlist +# define sys_nerr __sys_nerr +# define major(dev) ((int)(((dev) >> 8) & 0xff) +# define minor(dev) ((int)((dev) & 0xff) +# endif /* defined(__INTERIX) */ + /********************************************************************** ** End of Per-Operating System defines @@ -2696,6 +2718,11 @@ typedef void (*sigfunc_t) __P((int)); # define SYSLOG_BUFSIZE 1024 # endif /* ! SYSLOG_BUFSIZE */ +/* for FD_SET() */ +#ifndef FD_SETSIZE +# define FD_SETSIZE 256 +#endif /* ! FD_SETSIZE */ + /* ** Size of prescan buffer. ** Despite comments in the _sendmail_ book, this probably should diff --git a/contrib/sendmail/include/sm/fdset.h b/contrib/sendmail/include/sm/fdset.h index 6f13411a2342..31a0e3045591 100644 --- a/contrib/sendmail/include/sm/fdset.h +++ b/contrib/sendmail/include/sm/fdset.h @@ -1,19 +1,25 @@ /* - * Copyright (c) 2001 Sendmail, Inc. and its suppliers. + * Copyright (c) 2001, 2002 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * - * $Id: fdset.h,v 1.3 2001/03/30 23:45:31 geir Exp $ + * $Id: fdset.h,v 1.3.10.2 2002/12/10 04:02:25 ca Exp $ */ #ifndef SM_FDSET_H # define SM_FDSET_H +/* +** Note: SM_FD_OK_SELECT(fd) requires that ValidSocket(fd) has been checked +** before. +*/ + # define SM_FD_SET(fd, pfdset) FD_SET(fd, pfdset) # define SM_FD_ISSET(fd, pfdset) FD_ISSET(fd, pfdset) -# define SM_FD_SETSIZE FD_SETSIZE +# define SM_FD_SETSIZE FD_SETSIZE +# define SM_FD_OK_SELECT(fd) (FD_SETSIZE <= 0 || (fd) < FD_SETSIZE) #endif /* SM_FDSET_H */ diff --git a/contrib/sendmail/include/sm/os/sm_os_unixware.h b/contrib/sendmail/include/sm/os/sm_os_unixware.h index 2ff5ad09ca28..aac431eb91da 100644 --- a/contrib/sendmail/include/sm/os/sm_os_unixware.h +++ b/contrib/sendmail/include/sm/os/sm_os_unixware.h @@ -1,16 +1,24 @@ /* - * Copyright (c) 2001 Sendmail, Inc. and its suppliers. + * Copyright (c) 2001, 2002 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * - * $Id: sm_os_unixware.h,v 1.7 2001/11/11 16:32:00 ca Exp $ + * $Id: sm_os_unixware.h,v 1.7.2.1 2002/10/24 18:02:14 ca Exp $ */ #define SM_OS_NAME "unixware" +#ifndef SM_CONF_LONGLONG +# if defined(__SCO_VERSION__) && __SCO_VERSION__ > 400000000L +# define SM_CONF_LONGLONG 1 +# define SM_CONF_TEST_LLONG 1 +# define SM_CONF_BROKEN_SIZE_T 0 +# endif /* defined(__SCO_VERSION__) && __SCO_VERSION__ > 400000000L */ +#endif /* !SM_CONF_LONGLONG */ + /* try LLONG tests in libsm/t-types.c? */ #ifndef SM_CONF_TEST_LLONG # define SM_CONF_TEST_LLONG 0 @@ -24,7 +32,9 @@ #endif /* SM_CONF_SHM */ /* size_t seems to be signed */ -#define SM_CONF_BROKEN_SIZE_T 1 +#ifndef SM_CONF_BROKEN_SIZE_T +# define SM_CONF_BROKEN_SIZE_T 1 +#endif /* SM_CONF_BROKEN_SIZE_T */ /* don't use flock() in mail.local.c */ #ifndef LDA_USE_LOCKF diff --git a/contrib/sendmail/libmilter/README b/contrib/sendmail/libmilter/README index f38f68a80715..efc0b65d85b1 100644 --- a/contrib/sendmail/libmilter/README +++ b/contrib/sendmail/libmilter/README @@ -39,7 +39,7 @@ The following command presumes that the sample code from the end of this README is saved to a file named 'sample.c' and built in the local platform- specific build subdirectory (SRCDIR/obj.*/libmilter). - cc -I../../sendmail -I../../include -o sample sample.c libmilter.a ../libsm/libsm.a -pthread + cc -I../../include -o sample sample.c libmilter.a ../libsm/libsm.a -pthread It is recommended that you build your filters in a location outside of the sendmail source tree. Modify the compiler include references (-I) @@ -457,4 +457,4 @@ main(argc, argv) /* eof */ -$Revision: 8.35 $, Last updated $Date: 2002/01/07 21:29:20 $ +$Revision: 8.35.2.1 $, Last updated $Date: 2002/10/21 14:31:57 $ diff --git a/contrib/sendmail/libmilter/comm.c b/contrib/sendmail/libmilter/comm.c index 73d51b14ca52..707a7ce32a83 100644 --- a/contrib/sendmail/libmilter/comm.c +++ b/contrib/sendmail/libmilter/comm.c @@ -9,7 +9,7 @@ */ #include -SM_RCSID("@(#)$Id: comm.c,v 8.54.2.2 2002/08/16 17:09:13 ca Exp $") +SM_RCSID("@(#)$Id: comm.c,v 8.54.2.4 2002/12/03 17:32:45 ca Exp $") #include "libmilter.h" #include @@ -55,14 +55,6 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name) *cmd = '\0'; *rlen = 0; - if (sd >= FD_SETSIZE) - { - smi_log(SMI_LOG_ERR, "%s: fd %d is larger than FD_SETSIZE %d", - name, sd, FD_SETSIZE); - *cmd = SMFIC_SELECT; - return NULL; - } - i = 0; for (;;) { @@ -87,7 +79,7 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name) { smi_log(SMI_LOG_ERR, "%s, mi_rd_cmd: read returned %d: %s", - name, len, sm_errstring(errno)); + name, (int) len, sm_errstring(errno)); *cmd = SMFIC_RECVERR; return NULL; } @@ -160,7 +152,7 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name) { smi_log(SMI_LOG_ERR, "%s: mi_rd_cmd: read returned %d: %s", - name, len, sm_errstring(errno)); + name, (int) len, sm_errstring(errno)); ret = -1; break; } @@ -224,7 +216,7 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name) /* ** we don't care much about the timeout here, it's very long anyway -** FD_SETSIZE is only checked in mi_rd_cmd. +** FD_SETSIZE is checked when socket is created. ** XXX l == 0 ? */ diff --git a/contrib/sendmail/libmilter/docs/smfi_settimeout.html b/contrib/sendmail/libmilter/docs/smfi_settimeout.html index a9e870a6a7ec..6fee16621d7c 100644 --- a/contrib/sendmail/libmilter/docs/smfi_settimeout.html +++ b/contrib/sendmail/libmilter/docs/smfi_settimeout.html @@ -24,7 +24,10 @@ Set the filter's connection timeout value. Effects -Sets the number of seconds libmilter will wait for an MTA connection before timing out a socket. If smfi_settimeout is not called, a default timeout of 1800 seconds is used. +Sets the number of seconds libmilter will wait for an MTA connection before +timing out a socket. +If smfi_settimeout is not called, a default timeout of 7210 seconds is used. + @@ -50,7 +53,7 @@ no wait, not "wait forever".
-Copyright (c) 2000 Sendmail, Inc. and its suppliers. +Copyright (c) 2000, 2002 Sendmail, Inc. and its suppliers. All rights reserved.
By using this file, you agree to the terms and conditions set diff --git a/contrib/sendmail/libmilter/engine.c b/contrib/sendmail/libmilter/engine.c index 221a99fc80f6..970b005cb2b1 100644 --- a/contrib/sendmail/libmilter/engine.c +++ b/contrib/sendmail/libmilter/engine.c @@ -9,7 +9,7 @@ */ #include -SM_RCSID("@(#)$Id: engine.c,v 8.109.2.1 2002/07/29 16:40:47 ca Exp $") +SM_RCSID("@(#)$Id: engine.c,v 8.109.2.4 2002/12/03 17:27:32 ca Exp $") #include "libmilter.h" @@ -116,22 +116,22 @@ static int dec_arg2 __P((char *, size_t, char **, char **)); ** this function is coded in trans_ok(), see below. */ -#define MASK(x) (0x0001 << (x)) /* generate a bit "mask" for a state */ -#define NX_INIT (MASK(ST_OPTS)) -#define NX_OPTS (MASK(ST_CONN)) -#define NX_CONN (MASK(ST_HELO) | MASK(ST_MAIL)) -#define NX_HELO (MASK(ST_HELO) | MASK(ST_MAIL)) -#define NX_MAIL (MASK(ST_RCPT) | MASK(ST_ABRT)) -#define NX_RCPT (MASK(ST_HDRS) | MASK(ST_EOHS) | \ - MASK(ST_BODY) | MASK(ST_ENDM) | \ - MASK(ST_RCPT) | MASK(ST_ABRT)) -#define NX_HDRS (MASK(ST_EOHS) | MASK(ST_HDRS) | MASK(ST_ABRT)) -#define NX_EOHS (MASK(ST_BODY) | MASK(ST_ENDM) | MASK(ST_ABRT)) -#define NX_BODY (MASK(ST_ENDM) | MASK(ST_BODY) | MASK(ST_ABRT)) -#define NX_ENDM (MASK(ST_QUIT) | MASK(ST_MAIL)) +#define MI_MASK(x) (0x0001 << (x)) /* generate a bit "mask" for a state */ +#define NX_INIT (MI_MASK(ST_OPTS)) +#define NX_OPTS (MI_MASK(ST_CONN)) +#define NX_CONN (MI_MASK(ST_HELO) | MI_MASK(ST_MAIL)) +#define NX_HELO (MI_MASK(ST_HELO) | MI_MASK(ST_MAIL)) +#define NX_MAIL (MI_MASK(ST_RCPT) | MI_MASK(ST_ABRT)) +#define NX_RCPT (MI_MASK(ST_HDRS) | MI_MASK(ST_EOHS) | \ + MI_MASK(ST_BODY) | MI_MASK(ST_ENDM) | \ + MI_MASK(ST_RCPT) | MI_MASK(ST_ABRT)) +#define NX_HDRS (MI_MASK(ST_EOHS) | MI_MASK(ST_HDRS) | MI_MASK(ST_ABRT)) +#define NX_EOHS (MI_MASK(ST_BODY) | MI_MASK(ST_ENDM) | MI_MASK(ST_ABRT)) +#define NX_BODY (MI_MASK(ST_ENDM) | MI_MASK(ST_BODY) | MI_MASK(ST_ABRT)) +#define NX_ENDM (MI_MASK(ST_QUIT) | MI_MASK(ST_MAIL)) #define NX_QUIT 0 #define NX_ABRT 0 -#define NX_SKIP MASK(ST_SKIP) +#define NX_SKIP MI_MASK(ST_SKIP) static int next_states[] = { @@ -255,7 +255,7 @@ mi_engine(ctx) } if (ctx->ctx_dbg > 4) sm_dprintf("[%d] got cmd '%c' len %d\n", - (int) ctx->ctx_id, cmd, len); + (int) ctx->ctx_id, cmd, (int) len); for (i = 0; i < ncmds; i++) { if (cmd == cmds[i].cm_cmd) @@ -292,8 +292,8 @@ mi_engine(ctx) if (ctx->ctx_dbg > 1) sm_dprintf("[%d] abort: cur %d (%x) new %d (%x) next %x\n", (int) ctx->ctx_id, - curstate, MASK(curstate), - newstate, MASK(newstate), + curstate, MI_MASK(curstate), + newstate, MI_MASK(newstate), next_states[curstate]); /* call abort only if in a mail transaction */ @@ -511,7 +511,7 @@ st_optionneg(g) smi_log(SMI_LOG_ERR, "%s: st_optionneg[%d]: len too short %d < %d", g->a_ctx->ctx_smfi->xxfi_name, - (int) g->a_ctx->ctx_id, g->a_len, + (int) g->a_ctx->ctx_id, (int) g->a_len, MILTER_OPTLEN); return _SMFIS_ABORT; } @@ -615,7 +615,7 @@ st_connectinfo(g) smi_log(SMI_LOG_ERR, "%s: connect[%d]: wrong len %d >= %d", g->a_ctx->ctx_smfi->xxfi_name, - (int) g->a_ctx->ctx_id, i, l); + (int) g->a_ctx->ctx_id, (int) i, (int) l); return _SMFIS_ABORT; } @@ -990,7 +990,7 @@ trans_ok(old, new) do { /* is this state transition allowed? */ - if ((MASK(new) & next_states[s]) != 0) + if ((MI_MASK(new) & next_states[s]) != 0) return true; /* diff --git a/contrib/sendmail/libmilter/handler.c b/contrib/sendmail/libmilter/handler.c index a7b47603a2f8..5bbb97b6bf3b 100644 --- a/contrib/sendmail/libmilter/handler.c +++ b/contrib/sendmail/libmilter/handler.c @@ -9,7 +9,7 @@ */ #include -SM_RCSID("@(#)$Id: handler.c,v 8.30 2002/04/29 15:06:48 ca Exp $") +SM_RCSID("@(#)$Id: handler.c,v 8.30.2.2 2002/12/18 23:15:35 ca Exp $") #include "libmilter.h" @@ -35,8 +35,8 @@ mi_handle_session(ctx) ctx->ctx_id = (sthread_t) sthread_get_id(); /* - ** detach so resources are free when the thread returns - ** if we ever "wait" for threads, this call must be removed + ** Detach so resources are free when the thread returns. + ** If we ever "wait" for threads, this call must be removed. */ if (pthread_detach(ctx->ctx_id) != 0) diff --git a/contrib/sendmail/libmilter/libmilter.h b/contrib/sendmail/libmilter/libmilter.h index fedc24f90e9a..2b7b791e457a 100644 --- a/contrib/sendmail/libmilter/libmilter.h +++ b/contrib/sendmail/libmilter/libmilter.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2001 Sendmail, Inc. and its suppliers. + * Copyright (c) 1999-2002 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set @@ -19,7 +19,7 @@ #ifdef _DEFINE # define EXTERN # define INIT(x) = x -SM_IDSTR(MilterlId, "@(#)$Id: libmilter.h,v 8.33 2002/04/30 23:52:24 msk Exp $") +SM_IDSTR(MilterlId, "@(#)$Id: libmilter.h,v 8.33.2.7 2002/12/18 23:15:35 ca Exp $") #else /* _DEFINE */ # define EXTERN extern # define INIT(x) @@ -118,4 +118,4 @@ extern int mi_wr_cmd __P((socket_t, struct timeval *, int, char *, size_t)); extern bool mi_sendok __P((SMFICTX_PTR, int)); -#endif /* !_LIBMILTER_H */ +#endif /* ! _LIBMILTER_H */ diff --git a/contrib/sendmail/libmilter/listener.c b/contrib/sendmail/libmilter/listener.c index e809a7b615aa..532920a1dd57 100644 --- a/contrib/sendmail/libmilter/listener.c +++ b/contrib/sendmail/libmilter/listener.c @@ -9,7 +9,7 @@ */ #include -SM_RCSID("@(#)$Id: listener.c,v 8.85.2.1 2002/08/09 22:13:36 gshapiro Exp $") +SM_RCSID("@(#)$Id: listener.c,v 8.85.2.7 2002/12/10 04:02:25 ca Exp $") /* ** listener.c -- threaded network listener @@ -17,6 +17,7 @@ SM_RCSID("@(#)$Id: listener.c,v 8.85.2.1 2002/08/09 22:13:36 gshapiro Exp $") #include "libmilter.h" #include +#include # if NETINET || NETINET6 @@ -73,7 +74,13 @@ mi_opensocket(conn, backlog, dbg, smfi) (void) smutex_unlock(&L_Mutex); return MI_FAILURE; } - + if (!SM_FD_OK_SELECT(listenfd)) + { + smi_log(SMI_LOG_ERR, "%s: fd %d is larger than FD_SETSIZE %d", + smfi->xxfi_name, listenfd, FD_SETSIZE); + (void) smutex_unlock(&L_Mutex); + return MI_FAILURE; + } return MI_SUCCESS; } @@ -482,7 +489,7 @@ mi_milteropen(conn, backlog, name) { smi_log(SMI_LOG_ERR, "%s: can't malloc(%d) for sockpath: %s", - name, len, sm_errstring(errno)); + name, (int) len, sm_errstring(errno)); (void) closesocket(sock); return INVALID_SOCKET; } @@ -630,9 +637,10 @@ mi_closener() if (rs != 0) \ { \ smi_log(SMI_LOG_ERR, \ - "MI_SLEEP(): select() returned non-zero result %d, errno = %d", \ + "MI_SLEEP(): select() returned non-zero result %d, errno = %d", \ rs, errno); \ } \ + break; \ } \ } \ } @@ -668,16 +676,7 @@ mi_listener(conn, dbg, smfi, timeout, backlog) return MI_FAILURE; clilen = L_socksize; - - if (listenfd >= FD_SETSIZE) - { - smi_log(SMI_LOG_ERR, "%s: fd %d is larger than FD_SETSIZE %d", - smfi->xxfi_name, listenfd, FD_SETSIZE); - (void) smutex_unlock(&L_Mutex); - return MI_FAILURE; - } (void) smutex_unlock(&L_Mutex); - while (mi_stop() == MILTER_CONT) { (void) smutex_lock(&L_Mutex); @@ -755,6 +754,14 @@ mi_listener(conn, dbg, smfi, timeout, backlog) save_errno = EINVAL; } + /* check if acceptable for select() */ + if (ValidSocket(connfd) && !SM_FD_OK_SELECT(connfd)) + { + (void) closesocket(connfd); + connfd = INVALID_SOCKET; + save_errno = ERANGE; + } + if (!ValidSocket(connfd)) { if (save_errno == EINTR) diff --git a/contrib/sendmail/libmilter/main.c b/contrib/sendmail/libmilter/main.c index 6fc3f9587953..1828debee77c 100644 --- a/contrib/sendmail/libmilter/main.c +++ b/contrib/sendmail/libmilter/main.c @@ -9,7 +9,7 @@ */ #include -SM_RCSID("@(#)$Id: main.c,v 8.64 2002/06/04 02:32:32 geir Exp $") +SM_RCSID("@(#)$Id: main.c,v 8.64.2.8 2002/12/18 23:13:45 ca Exp $") #define _DEFINE 1 #include "libmilter.h" @@ -98,13 +98,13 @@ static int backlog = MI_SOMAXCONN; #if _FFR_SMFI_OPENSOCKET /* ** SMFI_OPENSOCKET -- try the socket setup to make sure we'll be -** able to start up +** able to start up ** -** Parameters: -** None. +** Parameters: +** None. ** -** Return: -** MI_SUCCESS/MI_FAILURE +** Return: +** MI_SUCCESS/MI_FAILURE */ int @@ -236,6 +236,6 @@ smfi_main() /* Startup the listener */ if (mi_listener(conn, dbg, smfi, timeout, backlog) != MI_SUCCESS) r = MI_FAILURE; - return r; } + diff --git a/contrib/sendmail/libmilter/signal.c b/contrib/sendmail/libmilter/signal.c index 43a85675e53e..aeb307a687ff 100644 --- a/contrib/sendmail/libmilter/signal.c +++ b/contrib/sendmail/libmilter/signal.c @@ -9,7 +9,7 @@ */ #include -SM_RCSID("@(#)$Id: signal.c,v 8.37 2002/03/23 00:55:19 ca Exp $") +SM_RCSID("@(#)$Id: signal.c,v 8.37.2.2 2002/10/23 16:52:00 ca Exp $") #include "libmilter.h" @@ -107,6 +107,9 @@ mi_signal_thread(name) if (sigwait(&set, &sig) != 0) #endif /* defined(SOLARIS) || defined(__svr5__) */ { + /* this can happen on OSF/1 (at least) */ + if (errno == EINTR) + continue; smi_log(SMI_LOG_ERR, "%s: sigwait returned error: %d", (char *)name, errno); diff --git a/contrib/sendmail/libsm/local.h b/contrib/sendmail/libsm/local.h index 943321363c22..95b5ffe05d8c 100644 --- a/contrib/sendmail/libsm/local.h +++ b/contrib/sendmail/libsm/local.h @@ -11,7 +11,7 @@ * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * - * $Id: local.h,v 1.51 2002/02/20 02:40:24 ca Exp $ + * $Id: local.h,v 1.51.2.1 2002/09/09 21:38:08 gshapiro Exp $ */ /* @@ -279,6 +279,11 @@ extern const char SmFileMagic[]; sm_io_to.tv_sec = (to) / 1000; \ sm_io_to.tv_usec = ((to) - (sm_io_to.tv_sec * 1000)) * 10; \ } \ + if (FD_SETSIZE > 0 && (fd) >= FD_SETSIZE) \ + { \ + errno = EINVAL; \ + return SM_IO_EOF; \ + } \ FD_ZERO(&sm_io_to_mask); \ FD_SET((fd), &sm_io_to_mask); \ FD_ZERO(&sm_io_x_mask); \ diff --git a/contrib/sendmail/libsm/mbdb.c b/contrib/sendmail/libsm/mbdb.c index 9e1ec639bb6f..0c338fe9a409 100644 --- a/contrib/sendmail/libsm/mbdb.c +++ b/contrib/sendmail/libsm/mbdb.c @@ -8,7 +8,7 @@ */ #include -SM_RCSID("@(#)$Id: mbdb.c,v 1.38 2002/04/05 22:59:56 gshapiro Exp $") +SM_RCSID("@(#)$Id: mbdb.c,v 1.38.2.1 2002/11/20 22:59:06 gshapiro Exp $") #include @@ -17,6 +17,7 @@ SM_RCSID("@(#)$Id: mbdb.c,v 1.38 2002/04/05 22:59:56 gshapiro Exp $") #include #include #include +#include #include #include @@ -466,10 +467,6 @@ mbdb_ldap_initialize(arg) } LDAPLMAP.ldap_base = new; } - - /* No connection yet, connect */ - if (!sm_ldap_start(MBDB_LDAP_LABEL, &LDAPLMAP)) - return EX_UNAVAILABLE; return EX_OK; } @@ -518,6 +515,12 @@ mbdb_ldap_lookup(name, user) return EX_TEMPFAIL; } + if (LDAPLMAP.ldap_pid != getpid()) + { + /* re-open map in this child process */ + LDAPLMAP.ldap_ld = NULL; + } + if (LDAPLMAP.ldap_ld == NULL) { /* map not open, try to open now */ diff --git a/contrib/sendmail/libsm/refill.c b/contrib/sendmail/libsm/refill.c index 10c7cde2eb79..6e06783d05da 100644 --- a/contrib/sendmail/libsm/refill.c +++ b/contrib/sendmail/libsm/refill.c @@ -13,7 +13,7 @@ */ #include -SM_RCSID("@(#)$Id: refill.c,v 1.49 2001/09/11 04:04:49 gshapiro Exp $") +SM_RCSID("@(#)$Id: refill.c,v 1.49.2.1 2002/09/09 21:38:08 gshapiro Exp $") #include #include #include @@ -65,6 +65,11 @@ static int sm_lflush __P((SM_FILE_T *, int *)); errno = EAGAIN; \ return SM_IO_EOF; \ } \ + if (FD_SETSIZE > 0 && (fd) >= FD_SETSIZE) \ + { \ + errno = EINVAL; \ + return SM_IO_EOF; \ + } \ FD_ZERO(&sm_io_to_mask); \ FD_SET((fd), &sm_io_to_mask); \ FD_ZERO(&sm_io_x_mask); \ diff --git a/contrib/sendmail/libsm/stdio.c b/contrib/sendmail/libsm/stdio.c index c3ab72d0124b..0e5165f097b6 100644 --- a/contrib/sendmail/libsm/stdio.c +++ b/contrib/sendmail/libsm/stdio.c @@ -13,7 +13,7 @@ */ #include -SM_RCSID("@(#)$Id: stdio.c,v 1.56 2002/04/03 21:55:15 ca Exp $") +SM_RCSID("@(#)$Id: stdio.c,v 1.56.2.3 2002/10/22 23:07:19 ca Exp $") #include #include #include @@ -24,9 +24,9 @@ SM_RCSID("@(#)$Id: stdio.c,v 1.56 2002/04/03 21:55:15 ca Exp $") #include #include #include -#include #include #include +#include #include "local.h" /* @@ -353,6 +353,11 @@ sm_stdgetinfo(fp, what, valp) fd_set readfds; struct timeval timeout; + if (SM_FD_SETSIZE > 0 && fp->f_file >= SM_FD_SETSIZE) + { + errno = EINVAL; + return -1; + } FD_ZERO(&readfds); SM_FD_SET(fp->f_file, &readfds); timeout.tv_sec = 0; @@ -422,7 +427,6 @@ sm_stdfdopen(fp, info, flags, rpool) /* Make sure the mode the user wants is a subset of the actual mode. */ if ((fdflags = fcntl(fd, F_GETFL, 0)) < 0) return -1; - tmp = fdflags & O_ACCMODE; if (tmp != O_RDWR && (tmp != (oflags & O_ACCMODE))) { diff --git a/contrib/sendmail/libsmdb/smdb2.c b/contrib/sendmail/libsmdb/smdb2.c index 9e2e8ed2de2a..1ccff5d3d545 100644 --- a/contrib/sendmail/libsmdb/smdb2.c +++ b/contrib/sendmail/libsmdb/smdb2.c @@ -8,7 +8,7 @@ */ #include -SM_RCSID("@(#)$Id: smdb2.c,v 8.72 2002/05/24 23:09:11 gshapiro Exp $") +SM_RCSID("@(#)$Id: smdb2.c,v 8.72.2.4 2002/12/03 17:01:15 ca Exp $") #include #include @@ -523,7 +523,9 @@ smdb_db_open_internal(db_name, db_type, db_flags, db_params, db) } } - result = (*db)->open(*db, db_name, NULL, db_type, db_flags, DBMMODE); + result = (*db)->open(*db, + DBTXN /* transaction for DB 4.1 */ + db_name, NULL, db_type, db_flags, DBMMODE); if (result != 0) { (void) (*db)->close(*db, 0); @@ -633,9 +635,7 @@ smdb_db_open(database, db_name, mode, mode_mask, sff, type, user_info, db_params db_flags |= DB_TRUNCATE; if (mode == O_RDONLY) db_flags |= DB_RDONLY; -# if !HASFLOCK && defined(DB_FCNTL_LOCKING) - db_flags |= DB_FCNTL_LOCKING; -# endif /* !HASFLOCK && defined(DB_FCNTL_LOCKING) */ + SM_DB_FLAG_ADD(db_flags); result = smdb_db_open_internal(db_file_name, db_type, db_flags, db_params, &db); diff --git a/contrib/sendmail/libsmutil/cf.c b/contrib/sendmail/libsmutil/cf.c index c2132c3f00c8..1db2a6793f91 100644 --- a/contrib/sendmail/libsmutil/cf.c +++ b/contrib/sendmail/libsmutil/cf.c @@ -9,7 +9,7 @@ */ #include -SM_RCSID("@(#)$Id: cf.c,v 8.18 2002/05/25 00:09:16 gshapiro Exp $") +SM_RCSID("@(#)$Id: cf.c,v 8.18.2.1 2002/09/24 21:48:23 ca Exp $") #include /* @@ -37,21 +37,13 @@ getcfname(opmode, submitmode, cftype, conffile) int cftype; char *conffile; { +#if NETINFO + char *cflocation; +#endif /* NETINFO */ if (conffile != NULL) return conffile; -#if NETINFO - { - char *cflocation; - - cflocation = ni_propval("/locations", NULL, "sendmail", - "sendmail.cf", '\0'); - if (cflocation != NULL) - return cflocation; - } -#endif /* NETINFO */ - if (cftype == SM_GET_SUBMIT_CF || ((submitmode != SUBMIT_UNKNOWN || opmode == MD_DELIVER || @@ -62,10 +54,23 @@ getcfname(opmode, submitmode, cftype, conffile) struct stat sbuf; static char cf[MAXPATHLEN]; - (void) sm_strlcpyn(cf, sizeof cf, 2, _DIR_SENDMAILCF, - "submit.cf"); +#if NETINFO + cflocation = ni_propval("/locations", NULL, "sendmail", + "submit.cf", '\0'); + if (cflocation != NULL) + (void) sm_strlcpy(cf, cflocation, sizeof cf); + else +#endif /* NETINFO */ + (void) sm_strlcpyn(cf, sizeof cf, 2, _DIR_SENDMAILCF, + "submit.cf"); if (cftype == SM_GET_SUBMIT_CF || stat(cf, &sbuf) == 0) return cf; } +#if NETINFO + cflocation = ni_propval("/locations", NULL, "sendmail", + "sendmail.cf", '\0'); + if (cflocation != NULL) + return cflocation; +#endif /* NETINFO */ return _PATH_SENDMAILCF; } diff --git a/contrib/sendmail/mail.local/mail.local.c b/contrib/sendmail/mail.local/mail.local.c index 9ef3fb574609..027829f1aa1d 100644 --- a/contrib/sendmail/mail.local/mail.local.c +++ b/contrib/sendmail/mail.local/mail.local.c @@ -18,7 +18,7 @@ SM_IDSTR(copyright, Copyright (c) 1990, 1993, 1994\n\ The Regents of the University of California. All rights reserved.\n") -SM_IDSTR(id, "@(#)$Id: mail.local.c,v 8.239 2002/05/24 20:56:32 gshapiro Exp $") +SM_IDSTR(id, "@(#)$Id: mail.local.c,v 8.239.2.2 2002/09/24 02:09:09 ca Exp $") #include #include @@ -657,6 +657,8 @@ store(from, inbody) (void) sm_strlcpy(tmpbuf, _PATH_LOCTMP, sizeof tmpbuf); if ((fd = mkstemp(tmpbuf)) < 0 || (fp = fdopen(fd, "w+")) == NULL) { + if (fd >= 0) + (void) close(fd); mailerr("451 4.3.0", "Unable to open temporary file"); return -1; } @@ -1200,7 +1202,8 @@ deliver(fd, name) #ifdef DEBUG fprintf(stderr, "reset euid = %d\n", (int) geteuid()); #endif /* DEBUG */ - (void) ftruncate(mbfd, curoff); + if (mbfd >= 0) + (void) ftruncate(mbfd, curoff); err1: if (mbfd >= 0) (void) close(mbfd); err0: unlockmbox(); @@ -1216,7 +1219,29 @@ err0: unlockmbox(); errcode = "552 5.2.2"; #endif /* EDQUOT */ mailerr(errcode, "%s: %s", path, sm_errstring(errno)); - (void) truncate(path, curoff); + mbfd = open(path, O_WRONLY|EXTRA_MODE, 0); + if (mbfd < 0 + || fstat(mbfd, &sb) < 0 || + sb.st_nlink != 1 || + !S_ISREG(sb.st_mode) || + sb.st_dev != fsb.st_dev || + sb.st_ino != fsb.st_ino || +# if HAS_ST_GEN && 0 /* AFS returns random values for st_gen */ + sb.st_gen != fsb.st_gen || +# endif /* HAS_ST_GEN && 0 */ + sb.st_uid != fsb.st_uid + ) + { + /* Don't use a bogus file */ + if (mbfd >= 0) + { + (void) close(mbfd); + mbfd = -1; + } + } + + /* Attempt to truncate back to pre-write size */ + goto err3; } else notifybiff(biffmsg); diff --git a/contrib/sendmail/mailstats/mailstats.8 b/contrib/sendmail/mailstats/mailstats.8 index 929875b913a8..582055d11617 100644 --- a/contrib/sendmail/mailstats/mailstats.8 +++ b/contrib/sendmail/mailstats/mailstats.8 @@ -6,9 +6,9 @@ .\" the sendmail distribution. .\" .\" -.\" $Id: mailstats.8,v 8.30 2002/04/12 00:42:33 ca Exp $ +.\" $Id: mailstats.8,v 8.30.2.1 2002/09/26 23:03:39 gshapiro Exp $ .\" -.TH MAILSTATS 8 "$Date: 2002/04/12 00:42:33 $" +.TH MAILSTATS 8 "$Date: 2002/09/26 23:03:39 $" .SH NAME mailstats \- display mail statistics @@ -50,10 +50,10 @@ Number of messages to the mailer. Kbytes to the mailer. .TP .B msgsrej -Number of messages rejected (by check_* rulesets). +Number of messages rejected. .TP .B msgsdis -Number of messages discarded (by check_* rulesets). +Number of messages discarded. .TP .B Mailer The name of the mailer. diff --git a/contrib/sendmail/smrsh/smrsh.c b/contrib/sendmail/smrsh/smrsh.c index 843f68beb928..9a9bc213a449 100644 --- a/contrib/sendmail/smrsh/smrsh.c +++ b/contrib/sendmail/smrsh/smrsh.c @@ -20,7 +20,7 @@ SM_IDSTR(copyright, Copyright (c) 1993\n\ The Regents of the University of California. All rights reserved.\n") -SM_IDSTR(id, "@(#)$Id: smrsh.c,v 8.58 2002/05/25 02:41:31 ca Exp $") +SM_IDSTR(id, "@(#)$Id: smrsh.c,v 8.58.2.2 2002/09/24 21:40:05 ca Exp $") /* ** SMRSH -- sendmail restricted shell @@ -57,6 +57,8 @@ SM_IDSTR(id, "@(#)$Id: smrsh.c,v 8.58 2002/05/25 02:41:31 ca Exp $") #include #include #include +#include +#include #include #include #include @@ -145,6 +147,7 @@ main(argc, argv) char *newenv[2]; char pathbuf[1000]; char specialbuf[32]; + struct stat st; #ifndef DEBUG # ifndef LOG_MAIL @@ -287,12 +290,12 @@ main(argc, argv) { /* too long */ (void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT, - "%s: %s not available for sendmail programs (filename too long)\n", + "%s: \"%s\" not available for sendmail programs (filename too long)\n", prg, cmd); if (p != NULL) *p = ' '; #ifndef DEBUG - syslog(LOG_CRIT, "uid %d: attempt to use %s (filename too long)", + syslog(LOG_CRIT, "uid %d: attempt to use \"%s\" (filename too long)", (int) getuid(), cmd); #endif /* ! DEBUG */ exit(EX_UNAVAILABLE); @@ -302,16 +305,48 @@ main(argc, argv) (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "Trying %s\n", cmdbuf); #endif /* DEBUG */ - if (access(cmdbuf, X_OK) < 0) + if (stat(cmdbuf, &st) < 0) { - /* oops.... crack attack possiblity */ + /* can't stat it */ (void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT, - "%s: %s not available for sendmail programs\n", + "%s: \"%s\" not available for sendmail programs (stat failed)\n", prg, cmd); if (p != NULL) *p = ' '; #ifndef DEBUG - syslog(LOG_CRIT, "uid %d: attempt to use %s", + syslog(LOG_CRIT, "uid %d: attempt to use \"%s\" (stat failed)", + (int) getuid(), cmd); +#endif /* ! DEBUG */ + exit(EX_UNAVAILABLE); + } + if (!S_ISREG(st.st_mode) +#ifdef S_ISLNK + && !S_ISLNK(st.st_mode) +#endif /* S_ISLNK */ + ) + { + /* can't stat it */ + (void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT, + "%s: \"%s\" not available for sendmail programs (not a file)\n", + prg, cmd); + if (p != NULL) + *p = ' '; +#ifndef DEBUG + syslog(LOG_CRIT, "uid %d: attempt to use \"%s\" (not a file)", + (int) getuid(), cmd); +#endif /* ! DEBUG */ + exit(EX_UNAVAILABLE); + } + if (access(cmdbuf, X_OK) < 0) + { + /* oops.... crack attack possiblity */ + (void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT, + "%s: \"%s\" not available for sendmail programs\n", + prg, cmd); + if (p != NULL) + *p = ' '; +#ifndef DEBUG + syslog(LOG_CRIT, "uid %d: attempt to use \"%s\"", (int) getuid(), cmd); #endif /* ! DEBUG */ exit(EX_UNAVAILABLE); diff --git a/contrib/sendmail/src/Makefile.m4 b/contrib/sendmail/src/Makefile.m4 index 6143bbedd46d..1100dea5572d 100644 --- a/contrib/sendmail/src/Makefile.m4 +++ b/contrib/sendmail/src/Makefile.m4 @@ -1,4 +1,4 @@ -dnl $Id: Makefile.m4,v 8.91.2.3 2002/07/29 22:08:09 gshapiro Exp $ +dnl $Id: Makefile.m4,v 8.91.2.4 2002/09/09 02:48:54 gshapiro Exp $ include(confBUILDTOOLSDIR`/M4/switch.m4') define(`confREQUIRE_LIBSM', `true') @@ -40,7 +40,6 @@ bldPUSH_TARGET(`statistics') divert(bldTARGETS_SECTION) statistics: ${CP} /dev/null statistics - chmod ifdef(`confSTMODE', `confSTMODE', `0600') statistics ${DESTDIR}/etc/mail/submit.cf: @echo "Please read INSTALL if anything fails while installing the binary." diff --git a/contrib/sendmail/src/README b/contrib/sendmail/src/README index b8c31ec0ad86..bb0dc15710be 100644 --- a/contrib/sendmail/src/README +++ b/contrib/sendmail/src/README @@ -9,7 +9,7 @@ # the sendmail distribution. # # -# $Id: README,v 8.355.2.3 2002/06/21 22:44:56 gshapiro Exp $ +# $Id: README,v 8.355.2.11 2002/12/18 17:15:46 ca Exp $ # This directory contains the source files for sendmail(TM). @@ -102,6 +102,8 @@ NEWDB The new Berkeley DB package. Some systems (e.g., BSD/OS and Berkeley DB library to a current version. NEWDB is included automatically if the Build script can find a library named libdb.a or libdb.so. + See also OPERATING SYSTEM AND COMPILE QUIRKS about Berkeley + DB versions, e.g., DB 4.1.x. NDBM The older NDBM implementation -- the very old V7 DBM implementation is no longer supported. NIS Network Information Services. To use this you must have @@ -597,10 +599,15 @@ MILTER Turn on support for external filters using the Milter API. See libmilter/README for more information. REQUIRES_DIR_FSYNC Turn on support for file systems that require to call fsync() for a directory if the meta-data in it has - been changed. This should be turned on at least for - ReiserFS; it is enabled by default for Linux. An alternative - to this compile time flag is to mount the queue directory - without the -async option, or using chattr +S on Linux. + been changed. This should be turned on at least for older + versions of ReiserFS; it is enabled by default for Linux. + According to some information this flag is not needed + anymore for kernel 2.4.16 and newer. We would appreciate + feedback about the semantics of the various file systems + available for Linux. + An alternative to this compile time flag is to mount the + queue directory without the -async option, or using + chattr +S on Linux. DBMMODE The default file permissions to use when creating new database files for maps and aliases. Defaults to 0640. @@ -679,6 +686,20 @@ and try again. Then take a look at the logfile and see whether there are any problems listed about permissions (unsafe files) or the validity of X.509 certificates. +From: Garrett Wollman + + If your certificate authority is hierarchical, and you only include + the top-level CA certificate in the CACertFile file, some mail clients + may be unable to infer the proper certificate chain when selecting a + client certificate. Including the bottom-level CA certificate(s) in + the CACertFile file will allow these clients to work properly. This + is not necessary if you are not using client certificates for + authentication, or if all your clients are running Sendmail or other + programs using the OpenSSL library (which get it right automatically). + In addition, some mail clients are totally incapable of using + certificate authentication -- even some of those which already support + SSL/TLS for confidentiality. + Further information can be found via: http://www.sendmail.org/tips/ @@ -690,7 +711,7 @@ http://www.sendmail.org/tips/ Please read the documentation accompanying the Cyrus SASL library (INSTALL and README). If you use Berkeley DB for Cyrus SASL then you must compile sendmail with the same version of Berkeley DB. -See devtools/README how to set the correct compile time parameters; +See devtools/README for how to set the correct compile time parameters; you should at least set the following variables: APPENDDEF(`conf_sendmail_ENVDEF', `-DSASL') @@ -703,7 +724,7 @@ BUILDING SENDMAIL. You have to select and install authentication mechanisms and tell sendmail where to find the sasl library and the include files (see -devtools/README for the parameters to set). Setup the required +devtools/README for the parameters to set). Set up the required users and passwords as explained in the SASL documentation. See also cf/README for authentication related options (especially DefaultAuthInfo if you want authentication between MTAs). @@ -752,7 +773,11 @@ GCC problems We have been told there are problems with gcc 2.8.0. If you are using this version, you should upgrade to 2.8.1 or later. -GDBM GDBM does not work with sendmail 8.8 because the additional +Berkeley DB + Berkeley DB 4.1.x with x <= 24 does not work with sendmail. + You need at least 4.1.25. + +GDBM GDBM does not work with sendmail because the additional security checks and file locking cause problems. Unfortunately, gdbm does not provide a compile flag in its version of ndbm.h so the code can adapt. Until the GDBM authors can fix these problems, @@ -990,7 +1015,7 @@ Solaris Do not use: - host: nisplus dns [NOTFOUND=return] files + hosts: nisplus dns [NOTFOUND=return] files Note that 'nisplus' above is an illustration. The same comment applies no matter what naming services you are using. If you have @@ -1329,7 +1354,7 @@ AIX 4.X /usr/lib and /lib. If you need to allow more directories, such as /usr/local/lib, modify your devtools/Site/site.AIX.4.2.m4, site.AIX.4.3.m4, and/or site.AIX.4.x.m4 file(s) and set confLDOPTS - approriately. For example: + appropriately. For example: define(`confLDOPTS', `-blibpath:/usr/lib:/lib:/usr/local/lib') @@ -1481,7 +1506,7 @@ UNICOS 8.0.3.4 running sendmail. Reported by Jerry G. DeLapp . Darwin/Mac OS X (10.X.X) - The linker errors produced regarding getopt() and it's associated + The linker errors produced regarding getopt() and its associated variables can safely be ignored. From Mike Zimmerman : @@ -1596,7 +1621,7 @@ Listproc 6.0c Just upgraded to sendmail 8.7, and discovered that listproc 6.0c breaks, because it, by default, sends a blank "HELO" rather than - a "HELO hostname" when using the 'system' or 'telnet' mailmethod. + a "HELO hostname" when using the 'system' or 'telnet' mail method. The fix is to include -DZMAILER in the compilation, which will cause it to use "HELO hostname" (which Z-mail apparently requires @@ -1768,4 +1793,4 @@ util.c Some general purpose routines used by sendmail. version.c The version number and information about this version of sendmail. -(Version $Revision: 8.355.2.3 $, last update $Date: 2002/06/21 22:44:56 $ ) +(Version $Revision: 8.355.2.11 $, last update $Date: 2002/12/18 17:15:46 $ ) diff --git a/contrib/sendmail/src/SECURITY b/contrib/sendmail/src/SECURITY index e42c0246f555..71b4643ae10f 100644 --- a/contrib/sendmail/src/SECURITY +++ b/contrib/sendmail/src/SECURITY @@ -5,7 +5,7 @@ # forth in the LICENSE file which can be found at the top level of # the sendmail distribution. # -# $Id: SECURITY,v 1.50 2002/03/29 19:45:48 ca Exp $ +# $Id: SECURITY,v 1.50.2.1 2002/09/23 21:28:48 ca Exp $ # This file gives some hints how to configure and run sendmail for @@ -199,4 +199,5 @@ Then you can use sh ./Build install-set-user-id to install the package in the old (pre-8.12) way. Make sure that -no submit.cf file is installed. +no submit.cf file is installed. See devtools/README about +confSETUSERID_INSTALL which you need to define. diff --git a/contrib/sendmail/src/TRACEFLAGS b/contrib/sendmail/src/TRACEFLAGS index 2aad39b80008..6762d8de8f89 100644 --- a/contrib/sendmail/src/TRACEFLAGS +++ b/contrib/sendmail/src/TRACEFLAGS @@ -1,4 +1,4 @@ -# $Id: TRACEFLAGS,v 8.37.2.1 2002/07/01 20:55:47 gshapiro Exp $ +# $Id: TRACEFLAGS,v 8.37.2.3 2002/09/12 02:57:36 gshapiro Exp $ 0, 4 main.c main canonical name, UUCP node name, a.k.a.s 0, 15 main.c main print configuration 0, 44 util.c printav print address of each string @@ -75,8 +75,12 @@ 63 queue.c runqueue process watching 64 multiple Milter 65 main.c permission checks +#if _FFR_ADAPTIVE_EOL 66 srvrsmtp.c conformance checks +#endif /* _FFR_ADAPTIVE_EOL */ +#if _FFR_QUEUE_SCHED_DBG 69 queue.c scheduling +#endif /* _FFR_QUEUE_SCHED_DBG */ #if _FFR_QUARANTINE 70 queue.c quarantining #endif /* _FFR_QUARANTINE */ @@ -84,6 +88,7 @@ 80 content length 81 sun remote mode 91 mci.c syslogging of MCI cache information +93,>99 * Prevent daemon connection fork for profiling/debugging 94,>99 srvrsmtp.c cause commands to fail (for protocol testing) 95 srvrsmtp.c AUTH 95 usersmtp.c AUTH diff --git a/contrib/sendmail/src/collect.c b/contrib/sendmail/src/collect.c index a4149fb0a260..6ebd049630ac 100644 --- a/contrib/sendmail/src/collect.c +++ b/contrib/sendmail/src/collect.c @@ -13,7 +13,7 @@ #include -SM_RCSID("@(#)$Id: collect.c,v 8.242.2.2 2002/08/16 14:56:01 ca Exp $") +SM_RCSID("@(#)$Id: collect.c,v 8.242.2.3 2002/12/03 17:06:30 gshapiro Exp $") static void collecttimeout __P((time_t)); static void dferror __P((SM_FILE_T *volatile, char *, ENVELOPE *)); @@ -350,6 +350,16 @@ collect(fp, smtpmode, hdrp, e) "timeout waiting for input from %s during message collect", CURHOSTNAME); errno = 0; + if (smtpmode) + { + /* + ** Override e_message in usrerr() as this + ** is the reason for failure that should + ** be logged for undelivered recipients. + */ + + e->e_message = NULL; + } usrerr("451 4.4.1 timeout waiting for input during message collect"); goto readerr; } diff --git a/contrib/sendmail/src/conf.c b/contrib/sendmail/src/conf.c index a850b2a0065b..69e5c67abd97 100644 --- a/contrib/sendmail/src/conf.c +++ b/contrib/sendmail/src/conf.c @@ -13,7 +13,7 @@ #include -SM_RCSID("@(#)$Id: conf.c,v 8.972.2.5 2002/08/16 14:56:01 ca Exp $") +SM_RCSID("@(#)$Id: conf.c,v 8.972.2.25 2002/12/12 21:19:29 ca Exp $") #include @@ -28,7 +28,6 @@ SM_RCSID("@(#)$Id: conf.c,v 8.972.2.5 2002/08/16 14:56:01 ca Exp $") # include #endif /* HASULIMIT && defined(HPUX11) */ - static void setupmaps __P((void)); static void setupmailers __P((void)); static void setupqueues __P((void)); @@ -364,6 +363,12 @@ setdefaults(e) #if MILTER InputFilters[0] = NULL; #endif /* MILTER */ +#if _FFR_REJECT_LOG + RejectLogInterval = 3 HOURS; +#endif /* _FFR_REJECT_LOG */ +#if _FFR_REQ_DIR_FSYNC_OPT + RequiresDirfsync = true; +#endif /* _FFR_REQ_DIR_FSYNC_OPT */ setupmaps(); setupqueues(); setupmailers(); @@ -2170,6 +2175,10 @@ refuseconnections(name, e, d, active) { static time_t lastconn[MAXDAEMONS]; static int conncnt[MAXDAEMONS]; +#if _FFR_REJECT_LOG + static time_t firstrejtime[MAXDAEMONS]; + static time_t nextlogtime[MAXDAEMONS]; +#endif /* _FFR_REJECT_LOG */ #if XLA if (!xla_smtp_ok()) @@ -2207,12 +2216,35 @@ refuseconnections(name, e, d, active) sm_getla(); if (RefuseLA > 0 && CurrentLA >= RefuseLA) { +# if _FFR_REJECT_LOG + time_t now; + +# define R2_MSG_LA "have been rejecting connections on daemon %s for %s" +# endif /* _FFR_REJECT_LOG */ # define R_MSG_LA "rejecting connections on daemon %s: load average: %d" sm_setproctitle(true, e, R_MSG_LA, name, CurrentLA); if (LogLevel > 8) - sm_syslog(LOG_INFO, NOQID, R_MSG_LA, name, CurrentLA); + sm_syslog(LOG_NOTICE, NOQID, R_MSG_LA, name, CurrentLA); +#if _FFR_REJECT_LOG + now = curtime(); + if (firstrejtime[d] == 0) + { + firstrejtime[d] = now; + nextlogtime[d] = now + RejectLogInterval; + } + else if (nextlogtime[d] < now) + { + sm_syslog(LOG_ERR, NOQID, R2_MSG_LA, name, + pintvl(now - firstrejtime[d], true)); + nextlogtime[d] = now + RejectLogInterval; + } +#endif /* _FFR_REJECT_LOG */ return true; } +#if _FFR_REJECT_LOG + else + firstrejtime[d] = 0; +#endif /* _FFR_REJECT_LOG */ if (DelayLA > 0 && CurrentLA >= DelayLA) { @@ -3067,13 +3099,13 @@ static char *DefaultUserShells[] = # ifdef sgi "/sbin/sh", /* SGI's shells really live in /sbin */ "/usr/bin/sh", - "/sbin/bsh", /* classic borne shell */ + "/sbin/bsh", /* classic Bourne shell */ "/bin/bsh", "/usr/bin/bsh", "/sbin/csh", /* standard csh */ "/bin/csh", "/usr/bin/csh", - "/sbin/jsh", /* classic borne shell w/ job control*/ + "/sbin/jsh", /* classic Bourne shell w/ job control*/ "/bin/jsh", "/usr/bin/jsh", "/bin/ksh", /* Korn shell */ @@ -3679,9 +3711,6 @@ chownsafe(fd, safedir) # endif /* RLIMIT_NEEDS_SYS_TIME_H */ # include #endif /* HASSETRLIMIT */ -#ifndef FD_SETSIZE -# define FD_SETSIZE 256 -#endif /* ! FD_SETSIZE */ void resetlimits() @@ -5885,6 +5914,9 @@ char *FFRCompileOptions[] = #if _FFR_DAEMON_NETUNIX "_FFR_DAEMON_NETUNIX", #endif /* _FFR_DAEMON_NETUNIX */ +#if _FFR_DEAL_WITH_ERROR_SSL + "_FFR_DEAL_WITH_ERROR_SSL", +#endif /* _FFR_DEAL_WITH_ERROR_SSL */ #if _FFR_DEPRECATE_MAILER_FLAG_I "_FFR_DEPRECATE_MAILER_FLAG_I", #endif /* _FFR_DEPRECATE_MAILER_FLAG_I */ @@ -5958,6 +5990,9 @@ char *FFRCompileOptions[] = "_FFR_MAX_FORWARD_ENTRIES", #endif /* _FFR_MAX_FORWARD_ENTRIES */ #if MILTER +# if _FFR_MILTER_421 + "_FFR_MILTER_421", +# endif /* _FFR_MILTER_421 */ # if _FFR_MILTER_PERDAEMON "_FFR_MILTER_PERDAEMON", # endif /* _FFR_MILTER_PERDAEMON */ @@ -5966,10 +6001,6 @@ char *FFRCompileOptions[] = /* Steven Pitzl */ "_FFR_NODELAYDSN_ON_HOLD", #endif /* _FFR_NODELAYDSN_ON_HOLD */ -#if _FFR_NONSTOP_PERSISTENCE -/* Suggested by Jan Krueger of digitalanswers communications consulting gmbh. */ - "_FFR_NONSTOP_PERSISTENCE", -#endif /* _FFR_NONSTOP_PERSISTENCE */ #if _FFR_NO_PIPE "_FFR_NO_PIPE", #endif /* _FFR_NO_PIPE */ @@ -5995,6 +6026,12 @@ char *FFRCompileOptions[] = #if _FFR_REDIRECTEMPTY "_FFR_REDIRECTEMPTY", #endif /* _FFR_REDIRECTEMPTY */ +#if _FFR_REJECT_LOG + "_FFR_REJECT_LOG", +#endif /* _FFR_REJECT_LOG */ +#if _FFR_REQ_DIR_FSYNC_OPT + "_FFR_REQ_DIR_FSYNC_OPT", +#endif /* _FFR_REQ_DIR_FSYNC_OPT */ #if _FFR_RESET_MACRO_GLOBALS "_FFR_RESET_MACRO_GLOBALS", #endif /* _FFR_RESET_MACRO_GLOBALS */ @@ -6027,6 +6064,9 @@ char *FFRCompileOptions[] = /* Chris Adams of HiWAAY Informations Services */ "_FFR_SPT_ALIGN", #endif /* _FFR_SPT_ALIGN */ +#if _FFR_STRIPBACKSL + "_FFR_STRIPBACKSL", +#endif /* _FFR_STRIPBACKSL */ #if _FFR_TIMERS "_FFR_TIMERS", #endif /* _FFR_TIMERS */ diff --git a/contrib/sendmail/src/conf.h b/contrib/sendmail/src/conf.h index 22d7737a33a0..0675c2dd92a0 100644 --- a/contrib/sendmail/src/conf.h +++ b/contrib/sendmail/src/conf.h @@ -10,7 +10,7 @@ * the sendmail distribution. * * - * $Id: conf.h,v 8.563 2002/06/04 02:13:50 geir Exp $ + * $Id: conf.h,v 8.563.2.3 2002/10/31 03:28:36 ca Exp $ */ /* @@ -61,6 +61,9 @@ struct rusage; /* forward declaration to get gcc to shut up in wait.h */ #define MAXLINE 2048 /* max line length */ #define MAXNAME 256 /* max length of a name */ +#ifndef MAXAUTHINFO +# define MAXAUTHINFO 100 /* max length of authinfo token */ +#endif /* ! MAXAUTHINFO */ #define MAXPV 256 /* max # of parms to mailers */ #define MAXATOM 1000 /* max atoms per address */ #define MAXRWSETS 200 /* max # of sets of rewriting rules */ diff --git a/contrib/sendmail/src/control.c b/contrib/sendmail/src/control.c index 88ff72f34fc8..d36dc66f1664 100644 --- a/contrib/sendmail/src/control.c +++ b/contrib/sendmail/src/control.c @@ -10,7 +10,9 @@ #include -SM_RCSID("@(#)$Id: control.c,v 8.118 2002/03/19 00:23:27 gshapiro Exp $") +SM_RCSID("@(#)$Id: control.c,v 8.118.4.3 2002/11/14 00:15:56 ca Exp $") + +#include /* values for cmd_code */ #define CMDERROR 0 /* bad command */ @@ -90,6 +92,12 @@ opencontrolsocket() ControlSocket = socket(AF_UNIX, SOCK_STREAM, 0); if (ControlSocket < 0) return -1; + if (SM_FD_SETSIZE > 0 && ControlSocket >= SM_FD_SETSIZE) + { + clrcontrol(); + errno = EINVAL; + return -1; + } (void) unlink(ControlSocketName); memset(&controladdr, '\0', sizeof controladdr); diff --git a/contrib/sendmail/src/daemon.c b/contrib/sendmail/src/daemon.c index 28e96ff7babc..5f8f146c0688 100644 --- a/contrib/sendmail/src/daemon.c +++ b/contrib/sendmail/src/daemon.c @@ -13,7 +13,7 @@ #include -SM_RCSID("@(#)$Id: daemon.c,v 8.613 2002/06/05 21:26:35 gshapiro Exp $") +SM_RCSID("@(#)$Id: daemon.c,v 8.613.2.11 2002/12/05 16:13:52 ca Exp $") #if defined(SOCK_STREAM) || defined(__GNU_LIBRARY__) # define USE_SOCK_STREAM 1 @@ -627,35 +627,40 @@ getrequests(e) (void) getfallbackmxrr(FallBackMX); #endif /* NAMED_BIND */ -#if !PROFILING - /* - ** Create a pipe to keep the child from writing to the - ** socket until after the parent has closed it. Otherwise - ** the parent may hang if the child has closed it first. - */ - - if (pipe(pipefd) < 0) - pipefd[0] = pipefd[1] = -1; - - (void) sm_blocksignal(SIGCHLD); - pid = fork(); - if (pid < 0) + if (tTd(93, 100)) { - syserr("daemon: cannot fork"); - if (pipefd[0] != -1) - { - (void) close(pipefd[0]); - (void) close(pipefd[1]); - } - (void) sm_releasesignal(SIGCHLD); - (void) sleep(10); - (void) close(t); - continue; + /* don't fork, handle connection in this process */ + pid = 0; + pipefd[0] = pipefd[1] = -1; } + else + { + /* + ** Create a pipe to keep the child from writing to + ** the socket until after the parent has closed + ** it. Otherwise the parent may hang if the child + ** has closed it first. + */ -#else /* !PROFILING */ - pid = 0; -#endif /* !PROFILING */ + if (pipe(pipefd) < 0) + pipefd[0] = pipefd[1] = -1; + + (void) sm_blocksignal(SIGCHLD); + pid = fork(); + if (pid < 0) + { + syserr("daemon: cannot fork"); + if (pipefd[0] != -1) + { + (void) close(pipefd[0]); + (void) close(pipefd[1]); + } + (void) sm_releasesignal(SIGCHLD); + (void) sleep(10); + (void) close(t); + continue; + } + } if (pid == 0) { @@ -736,7 +741,6 @@ getrequests(e) anynet_ntoa(&RealHostAddr)); } -#if !PROFILING if (pipefd[0] != -1) { auto char c; @@ -758,7 +762,6 @@ getrequests(e) continue; (void) close(pipefd[0]); } -#endif /* !PROFILING */ /* control socket processing */ if (control) @@ -914,8 +917,8 @@ getrequests(e) if (Daemons[curdaemon].d_inputfilterlist != NULL) { for (i = 0; - (Daemons[curdaemon].d_inputfilters[i] != NULL && - i < MAXFILTERS); + (i < MAXFILTERS && + Daemons[curdaemon].d_inputfilters[i] != NULL); i++) { InputFilters[i] = Daemons[curdaemon].d_inputfilters[i]; @@ -1093,6 +1096,14 @@ opendaemonsocket(d, firsttime) continue; } + if (SM_FD_SETSIZE > 0 && d->d_socket >= SM_FD_SETSIZE) + { + save_errno = EINVAL; + syserr("opendaemonsocket: daemon %s: server SMTP socket (%d) too large", + d->d_name, d->d_socket); + goto fail; + } + /* turn on network debugging? */ if (tTd(15, 101)) (void) setsockopt(d->d_socket, SOL_SOCKET, @@ -3289,7 +3300,7 @@ getauthinfo(fd, may_be_forged) char *ostype = NULL; char **ha; char ibuf[MAXNAME + 1]; - static char hbuf[MAXNAME * 2 + 11]; + static char hbuf[MAXNAME + MAXAUTHINFO + 11]; *may_be_forged = false; falen = sizeof RealHostAddr; @@ -3473,7 +3484,6 @@ getauthinfo(fd, may_be_forged) /* put a timeout around the whole thing */ ev = sm_setevent(TimeOuts.to_ident, authtimeout, 0); - /* connect to foreign IDENT server using same address as SMTP socket */ s = socket(la.sa.sa_family, SOCK_STREAM, 0); if (s < 0) @@ -3567,10 +3577,10 @@ getauthinfo(fd, may_be_forged) (ostype[5] == ' ' || ostype[5] == '\0')) { (void) sm_strlcpy(hbuf, "IDENT:", sizeof hbuf); - cleanstrcpy(&hbuf[6], p, MAXNAME); + cleanstrcpy(&hbuf[6], p, MAXAUTHINFO); } else - cleanstrcpy(hbuf, p, MAXNAME); + cleanstrcpy(hbuf, p, MAXAUTHINFO); len = strlen(hbuf); (void) sm_strlcpyn(&hbuf[len], sizeof hbuf - len, 2, "@", RealHostName == NULL ? "localhost" : RealHostName); diff --git a/contrib/sendmail/src/deliver.c b/contrib/sendmail/src/deliver.c index 46f5a912ad42..46b5ba6a46d9 100644 --- a/contrib/sendmail/src/deliver.c +++ b/contrib/sendmail/src/deliver.c @@ -14,7 +14,7 @@ #include #include -SM_RCSID("@(#)$Id: deliver.c,v 8.940.2.3 2002/08/16 14:56:01 ca Exp $") +SM_RCSID("@(#)$Id: deliver.c,v 8.940.2.10 2002/12/12 22:46:34 ca Exp $") #if HASSETUSERCONTEXT # include @@ -623,7 +623,6 @@ sendall(e, mode) /* and save qid for reacquisition */ ee->e_id = qid; } - #endif /* !HASFLOCK */ /* @@ -954,6 +953,11 @@ sync_dir(filename, panic) char *dirp; char dir[MAXPATHLEN]; +#if _FFR_REQ_DIR_FSYNC_OPT + if (!RequiresDirfsync) + return; +#endif /* _FFR_REQ_DIR_FSYNC_OPT */ + /* filesystems which require the directory be synced */ dirp = strrchr(filename, '/'); if (dirp != NULL) @@ -1620,6 +1624,16 @@ deliver(e, firstto) stripquotes(user); stripquotes(host); } +#if _FFR_STRIPBACKSL + /* + ** Strip one leading backslash if requesting and the + ** next character is alphanumerical (the latter can + ** probably relaxed a bit, see RFC2821). + */ + + if (bitnset(M_STRIPBACKSL, m->m_flags) && user[0] == '\\') + stripbackslash(user); +#endif /* _FFR_STRIPBACKSL */ /* hack attack -- delivermail compatibility */ if (m == ProgMailer && *user == '|') @@ -2352,15 +2366,20 @@ deliver(e, firstto) if (contextaddr != NULL) { + int sucflags; struct passwd *pwd; if (contextaddr->q_ruser != NULL) pwd = sm_getpwnam(contextaddr->q_ruser); else pwd = sm_getpwnam(contextaddr->q_user); + sucflags = LOGIN_SETRESOURCES|LOGIN_SETPRIORITY; +#ifdef LOGIN_SETMAC + sucflags |= LOGIN_SETMAC; +#endif /* LOGIN_SETMAC */ if (pwd != NULL && setusercontext(NULL, pwd, pwd->pw_uid, - LOGIN_SETRESOURCES|LOGIN_SETPRIORITY) == -1 && + sucflags) == -1 && suidwarn) { syserr("openmailer: setusercontext() failed"); @@ -5943,8 +5962,8 @@ initclttls(tls_ok) return false; if (clt_ctx != NULL) return true; /* already done */ - tls_ok_clt = inittls(&clt_ctx, TLS_I_CLT, false, CltCERTfile, - Cltkeyfile, CACERTpath, CACERTfile, DHParams); + tls_ok_clt = inittls(&clt_ctx, TLS_I_CLT, false, CltCertFile, + CltKeyFile, CACertPath, CACertFile, DHParams); return tls_ok_clt; } @@ -6063,6 +6082,21 @@ starttls(m, mci, e) tv.tv_usec = 0; } + if (!timedout && FD_SETSIZE > 0 && + (rfd >= FD_SETSIZE || + (i == SSL_ERROR_WANT_WRITE && wfd >= FD_SETSIZE))) + { + if (LogLevel > 5) + { + sm_syslog(LOG_ERR, e->e_id, + "STARTTLS=client, error: fd %d/%d too large", + rfd, wfd); + if (LogLevel > 8) + tlslogerr("client"); + } + errno = EINVAL; + goto tlsfail; + } if (!timedout && i == SSL_ERROR_WANT_READ) { fd_set ssl_maskr, ssl_maskx; @@ -6095,6 +6129,7 @@ starttls(m, mci, e) if (LogLevel > 8) tlslogerr("client"); } +tlsfail: SSL_free(clt_ssl); clt_ssl = NULL; return EX_SOFTWARE; diff --git a/contrib/sendmail/src/envelope.c b/contrib/sendmail/src/envelope.c index 27ad7cb07c69..c29871f3b806 100644 --- a/contrib/sendmail/src/envelope.c +++ b/contrib/sendmail/src/envelope.c @@ -13,7 +13,42 @@ #include -SM_RCSID("@(#)$Id: envelope.c,v 8.282 2002/05/10 15:41:11 ca Exp $") +SM_RCSID("@(#)$Id: envelope.c,v 8.282.2.2 2002/12/04 15:44:08 ca Exp $") + +/* +** CLRSESSENVELOPE -- clear session oriented data in an envelope +** +** Parameters: +** e -- the envelope to clear. +** +** Returns: +** none. +*/ + +void +clrsessenvelope(e) + ENVELOPE *e; +{ +#if SASL + macdefine(&e->e_macro, A_PERM, macid("{auth_type}"), ""); + macdefine(&e->e_macro, A_PERM, macid("{auth_authen}"), ""); + macdefine(&e->e_macro, A_PERM, macid("{auth_author}"), ""); + macdefine(&e->e_macro, A_PERM, macid("{auth_ssf}"), ""); +#endif /* SASL */ +#if STARTTLS + macdefine(&e->e_macro, A_PERM, macid("{cert_issuer}"), ""); + macdefine(&e->e_macro, A_PERM, macid("{cert_subject}"), ""); + macdefine(&e->e_macro, A_PERM, macid("{cipher_bits}"), ""); + macdefine(&e->e_macro, A_PERM, macid("{cipher}"), ""); + macdefine(&e->e_macro, A_PERM, macid("{tls_version}"), ""); + macdefine(&e->e_macro, A_PERM, macid("{verify}"), ""); +# if _FFR_TLS_1 + macdefine(&e->e_macro, A_PERM, macid("{alg_bits}"), ""); + macdefine(&e->e_macro, A_PERM, macid("{cn_issuer}"), ""); + macdefine(&e->e_macro, A_PERM, macid("{cn_subject}"), ""); +# endif /* _FFR_TLS_1 */ +#endif /* STARTTLS */ +} /* ** NEWENVELOPE -- fill in a new envelope @@ -923,6 +958,9 @@ setsender(from, e, delimptr, delimchar, internal) if (tTd(45, 1)) sm_dprintf("setsender(%s)\n", from == NULL ? "" : from); + /* may be set from earlier calls */ + macdefine(&e->e_macro, A_PERM, 'x', ""); + /* ** Figure out the real user executing us. ** Username can return errno != 0 on non-errors. @@ -1077,7 +1115,7 @@ setsender(from, e, delimptr, delimchar, internal) e->e_from.q_home = NULL; } if (FullName != NULL && !internal) - macdefine(&e->e_macro, A_PERM, 'x', FullName); + macdefine(&e->e_macro, A_TEMP, 'x', FullName); } else if (!internal && OpMode != MD_DAEMON && OpMode != MD_SMTP) { diff --git a/contrib/sendmail/src/headers.c b/contrib/sendmail/src/headers.c index fdcccf672538..5d90344658dd 100644 --- a/contrib/sendmail/src/headers.c +++ b/contrib/sendmail/src/headers.c @@ -13,7 +13,7 @@ #include -SM_RCSID("@(#)$Id: headers.c,v 8.266.4.1 2002/08/16 14:56:01 ca Exp $") +SM_RCSID("@(#)$Id: headers.c,v 8.266.4.2 2002/09/23 23:42:02 ca Exp $") static size_t fix_mime_header __P((char *)); static int priencode __P((char *)); @@ -928,7 +928,7 @@ logsender(e, msgid) ", daemon=%.20s", p); sbp += strlen(sbp); } - sm_syslog(LOG_INFO, e->e_id, "%.850s, relay=%.100s", sbuf, name); + sm_syslog(LOG_INFO, e->e_id, "%.850s, relay=%s", sbuf, name); #else /* (SYSLOG_BUFSIZE) >= 256 */ @@ -960,7 +960,7 @@ logsender(e, msgid) sbp += strlen(sbp); } sm_syslog(LOG_INFO, e->e_id, - "%.400srelay=%.100s", sbuf, name); + "%.400srelay=%s", sbuf, name); #endif /* (SYSLOG_BUFSIZE) >= 256 */ } /* diff --git a/contrib/sendmail/src/mailq.1 b/contrib/sendmail/src/mailq.1 index 0fae3ad5368d..1eb234e38ebb 100644 --- a/contrib/sendmail/src/mailq.1 +++ b/contrib/sendmail/src/mailq.1 @@ -9,15 +9,16 @@ .\" the sendmail distribution. .\" .\" -.\" $Id: mailq.1,v 8.19 2002/04/12 05:07:58 gshapiro Exp $ +.\" $Id: mailq.1,v 8.19.2.1 2002/09/26 23:03:39 gshapiro Exp $ .\" -.TH MAILQ 1 "$Date: 2002/04/12 05:07:58 $" +.TH MAILQ 1 "$Date: 2002/09/26 23:03:39 $" .SH NAME mailq \- print the mail queue .SH SYNOPSIS .B mailq .RB [ \-Ac ] +.RB [ \-q... ] .RB [ \-v ] .SH DESCRIPTION .B Mailq @@ -54,6 +55,27 @@ Show the mail submission queue specified in instead of the MTA queue specified in .IR /etc/mail/sendmail.cf . .TP +\fB\-q\fR[\fI!\fR]I substr +Limit processed jobs to those containing +.I substr +as a substring of the queue id or not when +.I ! +is specified. +.TP +\fB\-q\fR[\fI!\fR]R substr +Limit processed jobs to those containing +.I substr +as a substring of one of the recipients or not when +.I ! +is specified. +.TP +\fB\-q\fR[\fI!\fR]S substr +Limit processed jobs to those containing +.I substr +as a substring of the sender or not when +.I ! +is specified. +.TP .B \-v Print verbose information. This adds the priority of the message and diff --git a/contrib/sendmail/src/main.c b/contrib/sendmail/src/main.c index 2aff085ab2b4..fd981fc95be2 100644 --- a/contrib/sendmail/src/main.c +++ b/contrib/sendmail/src/main.c @@ -25,7 +25,7 @@ SM_UNUSED(static char copyright[]) = The Regents of the University of California. All rights reserved.\n"; #endif /* ! lint */ -SM_RCSID("@(#)$Id: main.c,v 8.887.2.1 2002/08/04 17:36:06 gshapiro Exp $") +SM_RCSID("@(#)$Id: main.c,v 8.887.2.12 2002/12/05 17:38:44 ca Exp $") #if NETINET || NETINET6 @@ -213,6 +213,10 @@ main(argc, argv, envp) /* install default exception handler */ sm_exc_newthread(fatal_error); + /* set the default in/out channel so errors reported to screen */ + InChannel = smioin; + OutChannel = smioout; + /* ** Check to see if we reentered. ** This would normally happen if e_putheader or e_putbody @@ -609,9 +613,6 @@ main(argc, argv, envp) sm_printoptions(FFRCompileOptions); } - InChannel = smioin; - OutChannel = smioout; - /* clear sendmail's environment */ ExternalEnviron = environ; emptyenviron[0] = NULL; @@ -845,7 +846,10 @@ main(argc, argv, envp) ExitStat = EX_USAGE; break; } - from = newstr(denlstring(optarg, true, true)); + if (optarg[0] == '\0') + from = newstr("<>"); + else + from = newstr(denlstring(optarg, true, true)); if (strcmp(RealUserName, from) != 0) warn_f_flag = j; break; @@ -1390,10 +1394,13 @@ main(argc, argv, envp) if (tTd(0, 10)) { + char pidpath[MAXPATHLEN]; + /* Now we know which .cf file we use */ sm_dprintf(" Conf file:\t%s (selected)\n", getcfname(OpMode, SubmitMode, cftype, conffile)); - sm_dprintf(" Pid file:\t%s (selected)\n", PidFile); + expand(PidFile, pidpath, sizeof pidpath, &BlankEnvelope); + sm_dprintf(" Pid file:\t%s (selected)\n", pidpath); } if (tTd(0, 1)) @@ -2184,6 +2191,8 @@ main(argc, argv, envp) CurrentPid = getpid(); if (qgrp != NOQGRP) { + int rwgflags = RWG_NONE; + /* ** To run a specific queue group mark it to ** be run, select the work group it's in and @@ -2194,9 +2203,13 @@ main(argc, argv, envp) i++) Queue[i]->qg_nextrun = (time_t) -1; Queue[qgrp]->qg_nextrun = 0; + if (Verbose) + rwgflags |= RWG_VERBOSE; + if (queuepersistent) + rwgflags |= RWG_PERSISTENT; + rwgflags |= RWG_FORCE; (void) run_work_group(Queue[qgrp]->qg_wgrp, - false, Verbose, - queuepersistent, false); + rwgflags); } else (void) runqueue(false, Verbose, @@ -2440,9 +2453,8 @@ main(argc, argv, envp) /* init TLS for server, ignore result for now */ (void) initsrvtls(tls_ok); #endif /* STARTTLS */ -#if PROFILING + nextreq: -#endif /* PROFILING */ p_flags = getrequests(&MainEnvelope); /* drop privileges */ @@ -2466,7 +2478,7 @@ main(argc, argv, envp) if (LogLevel > 9) { /* log connection information */ - sm_syslog(LOG_INFO, NULL, "connect from %.100s", authinfo); + sm_syslog(LOG_INFO, NULL, "connect from %s", authinfo); } /* @@ -2541,12 +2553,14 @@ main(argc, argv, envp) /* turn off profiling */ SM_PROF(1); smtp(nullserver, *p_flags, &MainEnvelope); -#if PROFILING - /* turn off profiling */ - SM_PROF(0); - if (OpMode == MD_DAEMON) - goto nextreq; -#endif /* PROFILING */ + + if (tTd(93, 100)) + { + /* turn off profiling */ + SM_PROF(0); + if (OpMode == MD_DAEMON) + goto nextreq; + } } sm_rpool_free(MainEnvelope.e_rpool); @@ -4086,7 +4100,7 @@ testmodeline(line, e) "Name too long\n"); return; } - (void) getcanonname(host, sizeof host, HasWildcardMX, + (void) getcanonname(host, sizeof host, !HasWildcardMX, NULL); (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "getcanonname(%s) returns %s\n", diff --git a/contrib/sendmail/src/map.c b/contrib/sendmail/src/map.c index feba80bea0af..6f9a46160bb3 100644 --- a/contrib/sendmail/src/map.c +++ b/contrib/sendmail/src/map.c @@ -13,7 +13,7 @@ #include -SM_RCSID("@(#)$Id: map.c,v 8.645.2.3 2002/08/09 22:23:13 gshapiro Exp $") +SM_RCSID("@(#)$Id: map.c,v 8.645.2.7 2002/12/03 17:01:15 ca Exp $") #if LDAPMAP # include @@ -29,10 +29,7 @@ SM_RCSID("@(#)$Id: map.c,v 8.645.2.3 2002/08/09 22:23:13 gshapiro Exp $") # endif /* R_FIRST */ #endif /* NDBM */ #if NEWDB -# include -# ifndef DB_VERSION_MAJOR -# define DB_VERSION_MAJOR 1 -# endif /* ! DB_VERSION_MAJOR */ +# include "sm/bdb.h" #endif /* NEWDB */ #if NIS struct dom_binding; /* forward reference needed on IRIX */ @@ -2084,10 +2081,7 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo) flags |= DB_CREATE; if (bitset(O_TRUNC, omode)) flags |= DB_TRUNCATE; - -# if !HASFLOCK && defined(DB_FCNTL_LOCKING) - flags |= DB_FCNTL_LOCKING; -# endif /* !HASFLOCK && defined(DB_FCNTL_LOCKING) */ + SM_DB_FLAG_ADD(flags); # if DB_VERSION_MAJOR > 2 ret = db_create(&db, NULL, 0); @@ -2115,7 +2109,9 @@ db_map_open(map, mode, mapclassname, dbtype, openinfo) # endif /* DB_HASH_NELEM */ if (ret == 0 && db != NULL) { - ret = db->open(db, buf, NULL, dbtype, flags, DBMMODE); + ret = db->open(db, + DBTXN /* transaction for DB 4.1 */ + buf, NULL, dbtype, flags, DBMMODE); if (ret != 0) { #ifdef DB_OLD_VERSION @@ -4888,11 +4884,25 @@ ldapmap_set_defaults(spec) */ /* what version of the ph map code we're running */ -static char phmap_id[PH_BUF_SIZE]; +static char phmap_id[128]; /* sendmail version for phmap id string */ extern const char Version[]; +/* assume we're using nph-1.1.x if not specified */ +# ifndef NPH_VERSION +# define NPH_VERSION 10100 +# endif + +/* compatibility for versions older than nph-1.2.0 */ +# if NPH_VERSION < 10200 +# define PH_OPEN_ROUNDROBIN PH_ROUNDROBIN +# define PH_OPEN_DONTID PH_DONTID +# define PH_CLOSE_FAST PH_FASTCLOSE +# define PH_ERR_DATAERR PH_DATAERR +# define PH_ERR_NOMATCH PH_NOMATCH +# endif /* NPH_VERSION < 10200 */ + /* ** PH_MAP_PARSEARGS -- parse ph map definition args. */ @@ -5090,7 +5100,12 @@ ph_timeout(unused) } static void +#if NPH_VERSION >= 10200 +ph_map_send_debug(appdata, text) + void *appdata; +#else ph_map_send_debug(text) +#endif char *text; { if (LogLevel > 9) @@ -5101,7 +5116,12 @@ ph_map_send_debug(text) } static void +#if NPH_VERSION >= 10200 +ph_map_recv_debug(appdata, text) + void *appdata; +#else ph_map_recv_debug(text) +#endif char *text; { if (LogLevel > 10) @@ -5178,9 +5198,14 @@ ph_map_open(map, mode) } /* open connection to server */ - if (!ph_open(&(pmap->ph), host, PH_ROUNDROBIN|PH_DONTID, - ph_map_send_debug, ph_map_recv_debug) && - !ph_id(pmap->ph, phmap_id)) + if (ph_open(&(pmap->ph), host, + PH_OPEN_ROUNDROBIN|PH_OPEN_DONTID, + ph_map_send_debug, ph_map_recv_debug +#if NPH_VERSION >= 10200 + , NULL +#endif + ) == 0 + && ph_id(pmap->ph, phmap_id) == 0) { if (ev != NULL) sm_clrevent(ev); @@ -5192,7 +5217,7 @@ ph_map_open(map, mode) save_errno = errno; if (ev != NULL) sm_clrevent(ev); - pmap->ph_fastclose = PH_FASTCLOSE; + pmap->ph_fastclose = PH_CLOSE_FAST; ph_map_close(map); errno = save_errno; } @@ -5253,7 +5278,7 @@ ph_map_lookup(map, key, args, pstat) i = ph_email_resolve(pmap->ph, key, pmap->ph_field_list, &value); if (i == -1) *pstat = EX_TEMPFAIL; - else if (i == PH_NOMATCH || i == PH_DATAERR) + else if (i == PH_ERR_NOMATCH || i == PH_ERR_DATAERR) *pstat = EX_UNAVAILABLE; ph_map_lookup_abort: @@ -5268,7 +5293,7 @@ ph_map_lookup(map, key, args, pstat) if (*pstat == EX_TEMPFAIL) { save_errno = errno; - pmap->ph_fastclose = PH_FASTCLOSE; + pmap->ph_fastclose = PH_CLOSE_FAST; ph_map_close(map); errno = save_errno; } diff --git a/contrib/sendmail/src/mci.c b/contrib/sendmail/src/mci.c index b54b13d05e40..5172333812f2 100644 --- a/contrib/sendmail/src/mci.c +++ b/contrib/sendmail/src/mci.c @@ -13,7 +13,7 @@ #include -SM_RCSID("@(#)$Id: mci.c,v 8.205 2002/05/24 18:53:48 gshapiro Exp $") +SM_RCSID("@(#)$Id: mci.c,v 8.205.2.2 2002/11/26 19:15:19 gshapiro Exp $") #if NETINET || NETINET6 # include @@ -1244,8 +1244,10 @@ mci_print_persistent(pathname, hostname) locked ? '*' : ' ', hostname, pintvl(curtime() - mcib.mci_lastuse, true)); if (mcib.mci_rstatus != NULL) + { (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "%.*s\n", width, mcib.mci_rstatus); + } else if (mcib.mci_exitstat == EX_TEMPFAIL && mcib.mci_errno != 0) (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "Deferred: %.*s\n", width - 10, diff --git a/contrib/sendmail/src/milter.c b/contrib/sendmail/src/milter.c index 271f7dca3950..585981c168ea 100644 --- a/contrib/sendmail/src/milter.c +++ b/contrib/sendmail/src/milter.c @@ -10,7 +10,7 @@ #include -SM_RCSID("@(#)$Id: milter.c,v 8.197.2.2 2002/08/06 22:58:38 gshapiro Exp $") +SM_RCSID("@(#)$Id: milter.c,v 8.197.2.5 2002/11/11 23:22:28 ca Exp $") #if MILTER # include @@ -580,7 +580,7 @@ milter_open(m, parseonly, e) if (parseonly) syserr("X%s: empty or missing socket information", m->mf_name); - else if (MilterLogLevel > 10) + else if (MilterLogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "Milter (%s): empty or missing socket information", m->mf_name); @@ -611,9 +611,10 @@ milter_open(m, parseonly, e) addr.sa.sa_family = AF_INET6; # else /* NETINET6 */ /* no protocols available */ - sm_syslog(LOG_ERR, e->e_id, - "Milter (%s): no valid socket protocols available", - m->mf_name); + if (MilterLogLevel > 0) + sm_syslog(LOG_ERR, e->e_id, + "Milter (%s): no valid socket protocols available", + m->mf_name); milter_error(m, e); return -1; # endif /* NETINET6 */ @@ -646,7 +647,7 @@ milter_open(m, parseonly, e) if (parseonly) syserr("X%s: unknown socket type %s", m->mf_name, p); - else if (MilterLogLevel > 10) + else if (MilterLogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "Milter (%s): unknown socket type %s", m->mf_name, p); @@ -677,7 +678,7 @@ milter_open(m, parseonly, e) if (parseonly) syserr("X%s: local socket name %s too long", m->mf_name, colon); - else if (MilterLogLevel > 10) + else if (MilterLogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "Milter (%s): local socket name %s too long", m->mf_name, colon); @@ -712,7 +713,7 @@ milter_open(m, parseonly, e) syserr("X%s: local socket name %s unsafe", m->mf_name, colon); } - else if (MilterLogLevel > 10) + else if (MilterLogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "Milter (%s): local socket name %s unsafe", m->mf_name, colon); @@ -748,7 +749,7 @@ milter_open(m, parseonly, e) if (parseonly) syserr("X%s: bad address %s (expected port@host)", m->mf_name, colon); - else if (MilterLogLevel > 10) + else if (MilterLogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "Milter (%s): bad address %s (expected port@host)", m->mf_name, colon); @@ -767,7 +768,7 @@ milter_open(m, parseonly, e) if (parseonly) syserr("X%s: invalid port number %s", m->mf_name, colon); - else if (MilterLogLevel > 10) + else if (MilterLogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "Milter (%s): invalid port number %s", m->mf_name, colon); @@ -787,7 +788,7 @@ milter_open(m, parseonly, e) if (parseonly) syserr("X%s: unknown port name %s", m->mf_name, colon); - else if (MilterLogLevel > 10) + else if (MilterLogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "Milter (%s): unknown port name %s", m->mf_name, colon); @@ -843,7 +844,7 @@ milter_open(m, parseonly, e) if (parseonly) syserr("X%s: Invalid numeric domain spec \"%s\"", m->mf_name, at); - else if (MilterLogLevel > 10) + else if (MilterLogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "Milter (%s): Invalid numeric domain spec \"%s\"", m->mf_name, at); @@ -859,7 +860,7 @@ milter_open(m, parseonly, e) if (parseonly) syserr("X%s: Invalid numeric domain spec \"%s\"", m->mf_name, at); - else if (MilterLogLevel > 10) + else if (MilterLogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "Milter (%s): Invalid numeric domain spec \"%s\"", m->mf_name, at); @@ -880,7 +881,7 @@ milter_open(m, parseonly, e) if (parseonly) syserr("X%s: Unknown host name %s", m->mf_name, at); - else if (MilterLogLevel > 10) + else if (MilterLogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "Milter (%s): Unknown host name %s", m->mf_name, at); @@ -918,7 +919,7 @@ milter_open(m, parseonly, e) if (parseonly) syserr("X%s: Unknown protocol for %s (%d)", m->mf_name, at, hp->h_addrtype); - else if (MilterLogLevel > 10) + else if (MilterLogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "Milter (%s): Unknown protocol for %s (%d)", m->mf_name, at, @@ -939,7 +940,7 @@ milter_open(m, parseonly, e) m->mf_name); if (parseonly) syserr("X%s: unknown socket protocol", m->mf_name); - else if (MilterLogLevel > 10) + else if (MilterLogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "Milter (%s): unknown socket protocol", m->mf_name); @@ -3226,7 +3227,14 @@ milter_connect(hostname, addr, e, state) { if (response != NULL && *response == '4') - *state = SMFIR_TEMPFAIL; + { +#if _FFR_MILTER_421 + if (strncmp(response, "421 ", 4) == 0) + *state = SMFIR_SHUTDOWN; + else +#endif /* _FFR_MILTER_421 */ + *state = SMFIR_TEMPFAIL; + } else *state = SMFIR_REJECT; if (response != NULL) @@ -3724,7 +3732,7 @@ milter_data(e, state) case SMFIR_REPLBODY: if (!bitset(SMFIF_MODBODY, m->mf_fflags)) { - if (MilterLogLevel > 0) + if (MilterLogLevel > 9) sm_syslog(LOG_ERR, e->e_id, "milter_data(%s): lied about replacing body, rejecting request and tempfailing message", m->mf_name); diff --git a/contrib/sendmail/src/parseaddr.c b/contrib/sendmail/src/parseaddr.c index c7de84b07acb..a69554a32f12 100644 --- a/contrib/sendmail/src/parseaddr.c +++ b/contrib/sendmail/src/parseaddr.c @@ -13,7 +13,7 @@ #include -SM_RCSID("@(#)$Id: parseaddr.c,v 8.359.2.2 2002/08/16 14:56:01 ca Exp $") +SM_RCSID("@(#)$Id: parseaddr.c,v 8.359.2.3 2002/09/26 23:03:39 gshapiro Exp $") static void allocaddr __P((ADDRESS *, int, char *, ENVELOPE *)); static int callsubr __P((char**, int, ENVELOPE *)); @@ -2086,6 +2086,7 @@ buildaddr(tv, a, flags, e) } return a; } + /* ** CATADDR -- concatenate pieces of addresses (putting in subs) ** diff --git a/contrib/sendmail/src/queue.c b/contrib/sendmail/src/queue.c index 26e73f0f52c1..a0ce797cb6cd 100644 --- a/contrib/sendmail/src/queue.c +++ b/contrib/sendmail/src/queue.c @@ -13,7 +13,7 @@ #include -SM_RCSID("@(#)$Id: queue.c,v 8.863.2.6 2002/08/16 16:27:37 gshapiro Exp $") +SM_RCSID("@(#)$Id: queue.c,v 8.863.2.22 2002/12/19 18:00:39 ca Exp $") #include @@ -27,8 +27,10 @@ SM_RCSID("@(#)$Id: queue.c,v 8.863.2.6 2002/08/16 16:27:37 gshapiro Exp $") /* ** Historical notes: -** QF_VERSION==4 was sendmail 8.10/8.11 without _FFR_QUEUEDELAY -** QF_VERSION==5 was sendmail 8.10/8.11 with _FFR_QUEUEDELAY +** QF_VERSION == 4 was sendmail 8.10/8.11 without _FFR_QUEUEDELAY +** QF_VERSION == 5 was sendmail 8.10/8.11 with _FFR_QUEUEDELAY +** QF_VERSION == 6 is sendmail 8.12 without _FFR_QUEUEDELAY +** QF_VERSION == 7 is sendmail 8.12 with _FFR_QUEUEDELAY */ #if _FFR_QUEUEDELAY @@ -134,6 +136,7 @@ static int workcmpf1(); static int workcmpf2(); static int workcmpf3(); static int workcmpf4(); +static int randi = 3; /* index for workcmpf5() */ static int workcmpf5(); static int workcmpf6(); #if _FFR_RHS @@ -198,6 +201,7 @@ static void *Pshm; /* pointer to shared memory */ static FILESYS *PtrFileSys; /* pointer to queue file system array */ int ShmId = SM_SHM_NO_ID; /* shared memory id */ static QUEUE_SHM_T *QShm; /* pointer to shared queue data */ +static size_t shms; # define SHM_OFF_PID(p) (((char *) (p)) + sizeof(int)) # define SHM_OFF_TAG(p) (((char *) (p)) + sizeof(pid_t) + sizeof(int)) @@ -255,6 +259,7 @@ hash_q(p, h) return h; } + #else /* SM_CONF_SHM */ # define FILE_SYS(i) FileSys[i] #endif /* SM_CONF_SHM */ @@ -265,6 +270,7 @@ hash_q(p, h) #define FILE_SYS_BLKSIZE(i) FILE_SYS(i).fs_blksize #define FILE_SYS_DEV(i) FILE_SYS(i).fs_dev + /* ** Current qf file field assignments: ** @@ -1200,7 +1206,7 @@ restart_work_group(wgrp) { /* avoid overflow; increment here */ WorkGrp[wgrp].wg_restartcnt++; - (void) run_work_group(wgrp, true, false, true, true); + (void) run_work_group(wgrp, RWG_FORK|RWG_PERSISTENT|RWG_RUNALL); } else { @@ -1438,6 +1444,8 @@ runqueue(forkflag, verbose, persistent, runall) for (i = 0; i < NumWorkGroups && !NoMoreRunners; i++) { + int rwgflags = RWG_NONE; + /* ** If MaxQueueChildren active then test whether the start ** of the next queue group's additional queue runners (maximum) @@ -1477,8 +1485,15 @@ runqueue(forkflag, verbose, persistent, runall) */ CurRunners += WorkGrp[curnum].wg_maxact; - ret = run_work_group(curnum, forkflag, verbose, persistent, - runall); + if (forkflag) + rwgflags |= RWG_FORK; + if (verbose) + rwgflags |= RWG_VERBOSE; + if (persistent) + rwgflags |= RWG_PERSISTENT; + if (runall) + rwgflags |= RWG_RUNALL; + ret = run_work_group(curnum, rwgflags); /* ** Failure means a message was printed for ETRN @@ -1676,7 +1691,7 @@ runner_work(e, sequenceno, didfork, skip, njobs) w->w_name + 2); (void) dowork(w->w_qgrp, w->w_qdir, w->w_name + 2, - false, false, e); + ForkQueueRuns , false, e); errno = 0; } sm_free(w->w_name); /* XXX */ @@ -1711,12 +1726,7 @@ runner_work(e, sequenceno, didfork, skip, njobs) ** ** Parameters: ** wgrp -- work group to process. -** forkflag -- true if the queue scanning should be done in -** a child process. We double-fork so it is not our -** child and we don't have to clean up after it. -** verbose -- if true, print out status information. -** persistent -- persistent queue runner? -** runall -- true: run all of the queue groups in this work group +** flags -- RWG_* flags ** ** Returns: ** true if the queue run successfully began. @@ -1729,12 +1739,9 @@ runner_work(e, sequenceno, didfork, skip, njobs) #define MIN_SLEEP_TIME 5 bool -run_work_group(wgrp, forkflag, verbose, persistent, runall) +run_work_group(wgrp, flags) int wgrp; - bool forkflag; - bool verbose; - bool persistent; - bool runall; + int flags; { register ENVELOPE *e; int njobs, qdir; @@ -1758,11 +1765,12 @@ run_work_group(wgrp, forkflag, verbose, persistent, runall) sm_getla(); /* get load average */ current_la_time = curtime(); - if (!persistent && shouldqueue(WkRecipFact, current_la_time)) + if (!bitset(RWG_PERSISTENT, flags) && + shouldqueue(WkRecipFact, current_la_time)) { char *msg = "Skipping queue run -- load average too high"; - if (verbose) + if (bitset(RWG_VERBOSE, flags)) message("458 %s\n", msg); if (LogLevel > 8) sm_syslog(LOG_INFO, NOQID, "runqueue: %s", msg); @@ -1773,12 +1781,14 @@ run_work_group(wgrp, forkflag, verbose, persistent, runall) ** See if we already have too many children. */ - if (forkflag && WorkGrp[wgrp].wg_lowqintvl > 0 && !persistent && + if (bitset(RWG_FORK, flags) && + WorkGrp[wgrp].wg_lowqintvl > 0 && + !bitset(RWG_PERSISTENT, flags) && MaxChildren > 0 && CurChildren >= MaxChildren) { char *msg = "Skipping queue run -- too many children"; - if (verbose) + if (bitset(RWG_VERBOSE, flags)) message("458 %s (%d)\n", msg, CurChildren); if (LogLevel > 8) sm_syslog(LOG_INFO, NOQID, "runqueue: %s (%d)", @@ -1790,7 +1800,7 @@ run_work_group(wgrp, forkflag, verbose, persistent, runall) ** See if we want to go off and do other useful work. */ - if (forkflag) + if (bitset(RWG_FORK, flags)) { pid_t pid; @@ -1803,7 +1813,7 @@ run_work_group(wgrp, forkflag, verbose, persistent, runall) const char *msg = "Skipping queue run -- fork() failed"; const char *err = sm_errstring(errno); - if (verbose) + if (bitset(RWG_VERBOSE, flags)) message("458 %s: %s\n", msg, err); if (LogLevel > 8) sm_syslog(LOG_INFO, NOQID, "runqueue: %s: %s", @@ -1819,7 +1829,7 @@ run_work_group(wgrp, forkflag, verbose, persistent, runall) /* wgrp only used when queue runners are persistent */ proc_list_add(pid, "Queue runner", PROC_QUEUE, WorkGrp[wgrp].wg_maxact, - persistent ? wgrp : -1); + bitset(RWG_PERSISTENT, flags) ? wgrp : -1); (void) sm_releasesignal(SIGALRM); (void) sm_releasesignal(SIGCHLD); return true; @@ -1876,7 +1886,7 @@ run_work_group(wgrp, forkflag, verbose, persistent, runall) e->e_parent = NULL; /* make sure we have disconnected from parent */ - if (forkflag) + if (bitset(RWG_FORK, flags)) { disconnect(1, e); QuickAbort = false; @@ -1908,7 +1918,7 @@ run_work_group(wgrp, forkflag, verbose, persistent, runall) /* ** Run a queue group if: - ** runall is set or the bit for this group is set. + ** RWG_RUNALL bit is set or the bit for this group is set. */ now = curtime(); @@ -1922,14 +1932,14 @@ run_work_group(wgrp, forkflag, verbose, persistent, runall) qgrp = WorkGrp[wgrp].wg_qgs[WorkGrp[wgrp].wg_curqgrp]->qg_index; WorkGrp[wgrp].wg_curqgrp++; /* advance */ WorkGrp[wgrp].wg_curqgrp %= WorkGrp[wgrp].wg_numqgrp; /* wrap */ - if (runall || + if (bitset(RWG_RUNALL, flags) || (Queue[qgrp]->qg_nextrun <= now && Queue[qgrp]->qg_nextrun != (time_t) -1)) break; if (endgrp == WorkGrp[wgrp].wg_curqgrp) { e->e_id = NULL; - if (forkflag) + if (bitset(RWG_FORK, flags)) finis(true, true, ExitStat); return true; /* we're done */ } @@ -1958,7 +1968,7 @@ run_work_group(wgrp, forkflag, verbose, persistent, runall) sm_syslog(LOG_DEBUG, NOQID, "runqueue %s, pid=%d, forkflag=%d", qid_printqueue(qgrp, qdir), (int) CurrentPid, - forkflag); + bitset(RWG_FORK, flags)); /* ** Start making passes through the queue. @@ -2015,24 +2025,6 @@ run_work_group(wgrp, forkflag, verbose, persistent, runall) maxrunners = njobs; for (loop = 0; loop < maxrunners; loop++) { -#if _FFR_NONSTOP_PERSISTENCE - /* - ** Require a free "slot" before processing - ** this queue runner. - */ - - while (MaxQueueChildren > 0 && - CurChildren > MaxQueueChildren) - { - int status; - pid_t ret; - - while ((ret = sm_wait(&status)) <= 0) - continue; - proc_list_drop(ret, status, NULL); - } -#endif /* _FFR_NONSTOP_PERSISTENCE */ - /* ** Since the delivery may happen in a child and the ** parent does not wait, the parent may close the @@ -2116,7 +2108,6 @@ run_work_group(wgrp, forkflag, verbose, persistent, runall) sm_releasesignal(SIGCHLD); -#if !_FFR_NONSTOP_PERSISTENCE /* ** Wait until all of the runners have completed before ** seeing if there is another queue group in the @@ -2135,9 +2126,8 @@ run_work_group(wgrp, forkflag, verbose, persistent, runall) continue; proc_list_drop(ret, status, NULL); } -#endif /* !_FFR_NONSTOP_PERSISTENCE */ } - else + else if (Queue[qgrp]->qg_maxqrun > 0 || bitset(RWG_FORCE, flags)) { /* ** When current process will not fork children to do the work, @@ -2162,7 +2152,7 @@ run_work_group(wgrp, forkflag, verbose, persistent, runall) } /* No more queues in work group to process. Now check persistent. */ - if (persistent) + if (bitset(RWG_PERSISTENT, flags)) { sequenceno = 1; sm_setproctitle(true, CurEnv, "running queue: %s", @@ -2244,7 +2234,7 @@ run_work_group(wgrp, forkflag, verbose, persistent, runall) /* exit without the usual cleanup */ e->e_id = NULL; - if (forkflag) + if (bitset(RWG_FORK, flags)) finis(true, true, ExitStat); /* NOTREACHED */ return true; @@ -2918,12 +2908,14 @@ sortq(max) else if (QueueSortOrder == QSO_RANDOM) { /* - ** Sort randomly. - ** workcmpf5() returns a random 1 or -1. - ** As long as nobody does a verification pass over the - ** sorted list, we should be golden. + ** Sort randomly. To avoid problems with an instable sort, + ** use a random index into the queue file name to start + ** comparison. */ + randi = get_rand_mod(MAXQFNAME); + if (randi < 2) + randi = 3; qsort((char *) WorkList, wc, sizeof *WorkList, workcmpf5); } else if (QueueSortOrder == QSO_BYMODTIME) @@ -3226,7 +3218,9 @@ workcmpf5(a, b) register WORK *a; register WORK *b; { - return (get_rand_mod(2)) ? 1 : -1; + if (strlen(a->w_name) < randi || strlen(b->w_name) < randi) + return -1; + return a->w_name[randi] - b->w_name[randi]; } /* ** WORKCMPF6 -- simple modification-time-only compare function. @@ -3452,6 +3446,7 @@ dowork(qgrp, qdir, id, forkflag, requeueflag, e) ** handler for child process. */ + /* Reset global flags */ RestartRequest = NULL; RestartWorkGroup = false; @@ -3638,6 +3633,7 @@ doworklist(el, forkflag, requeueflag) ** handler for child process. */ + /* Reset global flags */ RestartRequest = NULL; RestartWorkGroup = false; @@ -6476,7 +6472,7 @@ write_key_file(keypath, key) sff = SFF_NOLINK|SFF_ROOTOK|SFF_REGONLY|SFF_CREAT; if (TrustedUid != 0 && RealUid == TrustedUid) sff |= SFF_OPENASROOT; - keyf = safefopen(keypath, O_WRONLY|O_TRUNC, 0644, sff); + keyf = safefopen(keypath, O_WRONLY|O_TRUNC, FileMode, sff); if (keyf == NULL) { sm_syslog(LOG_ERR, NOQID, "unable to write %s: %s", @@ -6486,7 +6482,7 @@ write_key_file(keypath, key) { ok = sm_io_fprintf(keyf, SM_TIME_DEFAULT, "%ld\n", key) != SM_IO_EOF; - ok = ok && (sm_io_close(keyf, SM_TIME_DEFAULT) != SM_IO_EOF); + ok = (sm_io_close(keyf, SM_TIME_DEFAULT) != SM_IO_EOF) && ok; } return ok; } @@ -6514,9 +6510,9 @@ read_key_file(keypath, key) if (keypath == NULL || *keypath == '\0') return key; sff = SFF_NOLINK|SFF_ROOTOK|SFF_REGONLY; - if (TrustedUid != 0 && RealUid == TrustedUid) + if (RealUid == 0 || (TrustedUid != 0 && RealUid == TrustedUid)) sff |= SFF_OPENASROOT; - keyf = safefopen(keypath, O_RDONLY, 0644, sff); + keyf = safefopen(keypath, O_RDONLY, FileMode, sff); if (keyf == NULL) { sm_syslog(LOG_ERR, NOQID, "unable to read %s: %s", @@ -6577,7 +6573,6 @@ init_shm(qn, owner, hash) { int count; int save_errno; - size_t shms; count = 0; shms = SM_T_SIZE + qn * sizeof(QUEUE_SHM_T); @@ -8012,6 +8007,8 @@ split_within_queue(e) e->e_sibling = firstsibling; for (i = 0; i < nrcpt - 1; ++i) addrs[i]->q_next = addrs[i + 1]; + if (lsplits != NULL) + sm_free(lsplits); return SM_SPLIT_FAIL; } @@ -8054,12 +8051,15 @@ split_within_queue(e) break; i += maxrcpt; } - if (LogLevel > SPLIT_LOG_LEVEL && lsplits != NULL && nsplit > 0) + if (LogLevel > SPLIT_LOG_LEVEL && lsplits != NULL) { - sm_syslog(LOG_NOTICE, e->e_id, - "split: maxrcpts=%d, rcpts=%d, count=%d, id%s=%s", - maxrcpt, nrcpt - ndead, nsplit, - nsplit > 1 ? "s" : "", lsplits); + if (nsplit > 0) + { + sm_syslog(LOG_NOTICE, e->e_id, + "split: maxrcpts=%d, rcpts=%d, count=%d, id%s=%s", + maxrcpt, nrcpt - ndead, nsplit, + nsplit > 1 ? "s" : "", lsplits); + } sm_free(lsplits); } return SM_SPLIT_NEW(nsplit); diff --git a/contrib/sendmail/src/readcf.c b/contrib/sendmail/src/readcf.c index fbfdef136079..b52726540d92 100644 --- a/contrib/sendmail/src/readcf.c +++ b/contrib/sendmail/src/readcf.c @@ -13,7 +13,7 @@ #include -SM_RCSID("@(#)$Id: readcf.c,v 8.607.2.2 2002/08/19 21:50:49 gshapiro Exp $") +SM_RCSID("@(#)$Id: readcf.c,v 8.607.2.7 2002/11/10 19:13:11 ca Exp $") #if NETINET || NETINET6 # include @@ -2045,9 +2045,9 @@ static struct optioninfo #define O_CLTKEYFILE 0xb7 { "ClientKeyFile", O_CLTKEYFILE, OI_NONE }, #define O_CACERTFILE 0xb8 - { "CACERTFile", O_CACERTFILE, OI_NONE }, + { "CACertFile", O_CACERTFILE, OI_NONE }, #define O_CACERTPATH 0xb9 - { "CACERTPath", O_CACERTPATH, OI_NONE }, + { "CACertPath", O_CACERTPATH, OI_NONE }, #define O_DHPARAMS 0xba { "DHParameters", O_DHPARAMS, OI_NONE }, #define O_INPUTMILTER 0xbb @@ -2100,6 +2100,14 @@ static struct optioninfo # define O_SHMKEYFILE 0xd0 { "SharedMemoryKeyFile", O_SHMKEYFILE, OI_NONE }, #endif /* _FFR_SELECT_SHM */ +#if _FFR_REJECT_LOG +# define O_REJECTLOGINTERVAL 0xd1 + { "RejectLogInterval", O_REJECTLOGINTERVAL, OI_NONE }, +#endif /* _FFR_REJECT_LOG */ +#if _FFR_REQ_DIR_FSYNC_OPT +# define O_REQUIRES_DIR_FSYNC 0xd2 + { "RequiresDirfsync", O_REQUIRES_DIR_FSYNC, OI_NONE }, +#endif /* _FFR_REQ_DIR_FSYNC_OPT */ { NULL, '\0', OI_NONE } }; @@ -3337,18 +3345,23 @@ setoption(opt, val, safe, sticky, e) case 'A': SASLOpts |= SASL_AUTH_AUTH; break; + case 'a': SASLOpts |= SASL_SEC_NOACTIVE; break; + case 'c': SASLOpts |= SASL_SEC_PASS_CREDENTIALS; break; + case 'd': SASLOpts |= SASL_SEC_NODICTIONARY; break; + case 'f': SASLOpts |= SASL_SEC_FORWARD_SECRECY; break; + # if _FFR_SASL_OPT_M /* to be activated in 8.13 */ # if SASL >= 20101 @@ -3357,16 +3370,20 @@ setoption(opt, val, safe, sticky, e) break; # endif /* SASL >= 20101 */ # endif /* _FFR_SASL_OPT_M */ + case 'p': SASLOpts |= SASL_SEC_NOPLAINTEXT; break; + case 'y': SASLOpts |= SASL_SEC_NOANONYMOUS; break; + case ' ': /* ignore */ case '\t': /* ignore */ case ',': /* ignore */ break; + default: (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "Warning: Option: %s unknown parameter '%c'\n", @@ -3382,6 +3399,7 @@ setoption(opt, val, safe, sticky, e) ++val; } break; + case O_SASLBITS: MaxSLBits = atoi(val); break; @@ -3399,17 +3417,17 @@ setoption(opt, val, safe, sticky, e) #if STARTTLS case O_SRVCERTFILE: - SET_STRING_EXP(SrvCERTfile); + SET_STRING_EXP(SrvCertFile); case O_SRVKEYFILE: - SET_STRING_EXP(Srvkeyfile); + SET_STRING_EXP(SrvKeyFile); case O_CLTCERTFILE: - SET_STRING_EXP(CltCERTfile); + SET_STRING_EXP(CltCertFile); case O_CLTKEYFILE: - SET_STRING_EXP(Cltkeyfile); + SET_STRING_EXP(CltKeyFile); case O_CACERTFILE: - SET_STRING_EXP(CACERTfile); + SET_STRING_EXP(CACertFile); case O_CACERTPATH: - SET_STRING_EXP(CACERTpath); + SET_STRING_EXP(CACertPath); case O_DHPARAMS: SET_STRING_EXP(DHParams); # if _FFR_TLS_1 @@ -3574,6 +3592,22 @@ setoption(opt, val, safe, sticky, e) break; #endif /* _FFR_SOFT_BOUNCE */ +#if _FFR_REJECT_LOG + case O_REJECTLOGINTERVAL: /* time btwn log msgs while refusing */ + RejectLogInterval = convtime(val, 'h'); + break; +#endif /* _FFR_REJECT_LOG */ + +#if _FFR_REQ_DIR_FSYNC_OPT + case O_REQUIRES_DIR_FSYNC: +# if REQUIRES_DIR_FSYNC + RequiresDirfsync = atobool(val); +# else /* REQUIRES_DIR_FSYNC */ + /* silently ignored... required for cf file option */ +# endif /* REQUIRES_DIR_FSYNC */ + break; +#endif /* _FFR_REQ_DIR_FSYNC_OPT */ + default: if (tTd(37, 1)) { diff --git a/contrib/sendmail/src/recipient.c b/contrib/sendmail/src/recipient.c index 22b83774a09e..186c8b6ae34d 100644 --- a/contrib/sendmail/src/recipient.c +++ b/contrib/sendmail/src/recipient.c @@ -13,7 +13,7 @@ #include -SM_RCSID("@(#)$Id: recipient.c,v 8.330 2002/05/29 18:20:03 gshapiro Exp $") +SM_RCSID("@(#)$Id: recipient.c,v 8.330.2.1 2002/08/27 20:21:02 gshapiro Exp $") static void includetimeout __P((void)); static ADDRESS *self_reference __P((ADDRESS *)); @@ -679,7 +679,7 @@ recipient(new, sendq, aliaslevel, e) ** the current recipient is marked expensive. */ - if (WILL_BE_QUEUED(e->e_sendmode) || + if (UseMSP || WILL_BE_QUEUED(e->e_sendmode) || (!bitset(EF_SPLIT, e->e_flags) && e->e_ntries == 0 && FastSplit > 0)) sortfn = sorthost; diff --git a/contrib/sendmail/src/sasl.c b/contrib/sendmail/src/sasl.c index b172677c5149..4b30f4748793 100644 --- a/contrib/sendmail/src/sasl.c +++ b/contrib/sendmail/src/sasl.c @@ -9,7 +9,7 @@ */ #include -SM_RCSID("@(#)$Id: sasl.c,v 8.19.2.1 2002/07/13 18:04:56 ca Exp $") +SM_RCSID("@(#)$Id: sasl.c,v 8.19.2.2 2002/09/26 23:03:40 gshapiro Exp $") #if SASL # include @@ -208,7 +208,7 @@ intersect(s1, s2, rpool) # if SASL >= 20000 /* ** IPTOSTRING -- create string for SASL_IP*PORT property -** (borrowed from lib/iptostring.c in Cyrus-IMAP) +** (borrowed from lib/iptostring.c in Cyrus-IMAP) ** ** Parameters: ** addr -- (pointer to) socket address diff --git a/contrib/sendmail/src/savemail.c b/contrib/sendmail/src/savemail.c index b28a70d9249d..073c31ff3e61 100644 --- a/contrib/sendmail/src/savemail.c +++ b/contrib/sendmail/src/savemail.c @@ -13,7 +13,7 @@ #include -SM_RCSID("@(#)$Id: savemail.c,v 8.299 2002/05/24 20:50:17 gshapiro Exp $") +SM_RCSID("@(#)$Id: savemail.c,v 8.299.2.1 2002/10/23 15:08:47 ca Exp $") static void errbody __P((MCI *, ENVELOPE *, char *)); static bool pruneroute __P((char *)); @@ -545,25 +545,7 @@ returntosender(msg, returnq, flags, e) macdefine(&ee->e_macro, A_PERM, 'r', ""); macdefine(&ee->e_macro, A_PERM, 's', "localhost"); macdefine(&ee->e_macro, A_PERM, '_', "localhost"); -#if SASL - macdefine(&ee->e_macro, A_PERM, macid("{auth_type}"), ""); - macdefine(&ee->e_macro, A_PERM, macid("{auth_authen}"), ""); - macdefine(&ee->e_macro, A_PERM, macid("{auth_author}"), ""); - macdefine(&ee->e_macro, A_PERM, macid("{auth_ssf}"), ""); -#endif /* SASL */ -#if STARTTLS - macdefine(&ee->e_macro, A_PERM, macid("{cert_issuer}"), ""); - macdefine(&ee->e_macro, A_PERM, macid("{cert_subject}"), ""); - macdefine(&ee->e_macro, A_PERM, macid("{cipher_bits}"), ""); - macdefine(&ee->e_macro, A_PERM, macid("{cipher}"), ""); - macdefine(&ee->e_macro, A_PERM, macid("{tls_version}"), ""); - macdefine(&ee->e_macro, A_PERM, macid("{verify}"), ""); -# if _FFR_TLS_1 - macdefine(&ee->e_macro, A_PERM, macid("{alg_bits}"), ""); - macdefine(&ee->e_macro, A_PERM, macid("{cn_issuer}"), ""); - macdefine(&ee->e_macro, A_PERM, macid("{cn_subject}"), ""); -# endif /* _FFR_TLS_1 */ -#endif /* STARTTLS */ + clrsessenvelope(ee); ee->e_puthdr = putheader; ee->e_putbody = errbody; diff --git a/contrib/sendmail/src/sendmail.h b/contrib/sendmail/src/sendmail.h index 7dc34fa4903c..61b0d13af76f 100644 --- a/contrib/sendmail/src/sendmail.h +++ b/contrib/sendmail/src/sendmail.h @@ -48,7 +48,7 @@ #ifdef _DEFINE # ifndef lint -SM_UNUSED(static char SmailId[]) = "@(#)$Id: sendmail.h,v 8.919.2.4 2002/08/16 14:56:01 ca Exp $"; +SM_UNUSED(static char SmailId[]) = "@(#)$Id: sendmail.h,v 8.919.2.15 2002/12/12 22:46:35 ca Exp $"; # endif /* ! lint */ #endif /* _DEFINE */ @@ -392,6 +392,9 @@ struct mailer #define M_ESMTP 'a' /* run Extended SMTP */ #define M_ALIASABLE 'A' /* user can be LHS of an alias */ #define M_BLANKEND 'b' /* ensure blank line at end of message */ +#if _FFR_STRIPBACKSL +# define M_STRIPBACKSL 'B' /* strip leading backslash from user */ +#endif /* _FFR_STRIPBACKSL */ #define M_NOCOMMENT 'c' /* don't include comment part of address */ #define M_CANONICAL 'C' /* make addresses canonical "u@dom" */ #define M_NOBRACKET 'd' /* never angle bracket envelope route-addrs */ @@ -581,7 +584,7 @@ extern bool filesys_free __P((long)); ERROR: change SASL_SEC_MASK_ notify sendmail.org! # endif /* SASL_SEC_NOPLAINTEXT & SASL_SEC_MASK) == 0 ... */ # endif /* SASL >= 20101 */ -# define MAXOUTLEN 1024 /* length of output buffer */ +# define MAXOUTLEN 8192 /* length of output buffer */ /* functions */ extern char *intersect __P((char *, char *, SM_RPOOL_T *)); @@ -690,6 +693,7 @@ MCI #define MCIF_AUTHACT 0x00010000 /* SASL (AUTH) active */ #define MCIF_ENHSTAT 0x00020000 /* ENHANCEDSTATUSCODES supported */ #define MCIF_PIPELINED 0x00040000 /* PIPELINING supported */ +#define MCIF_VERB 0x00080000 /* VERB supported */ #if STARTTLS #define MCIF_TLS 0x00100000 /* STARTTLS supported */ #define MCIF_TLSACT 0x00200000 /* STARTTLS active */ @@ -955,6 +959,7 @@ extern ENVELOPE BlankEnvelope; extern void clearenvelope __P((ENVELOPE *, bool, SM_RPOOL_T *)); extern void dropenvelope __P((ENVELOPE *, bool, bool)); extern ENVELOPE *newenvelope __P((ENVELOPE *, ENVELOPE *, SM_RPOOL_T *)); +extern void clrsessenvelope __P((ENVELOPE *)); extern void printenvflags __P((ENVELOPE *)); extern void putbody __P((MCI *, ENVELOPE *, char *)); extern void putheader __P((MCI *, HDR *, ENVELOPE *, int)); @@ -1567,7 +1572,7 @@ EXTERN unsigned long PrivacyFlags; /* privacy flags */ ** Flags passed to rscheck */ -#define RSF_RMCOMM 0x0001 /* strip comments */ +#define RSF_RMCOMM 0x0001 /* strip comments */ #define RSF_UNSTRUCTURED 0x0002 /* unstructured, ignore syntax errors */ #define RSF_COUNT 0x0004 /* count rejections (statistics)? */ @@ -1769,14 +1774,14 @@ struct termescape /* what to do in the TLS initialization */ #define TLS_I_NONE 0x00000000 /* no requirements... */ -#define TLS_I_CERT_EX 0x00000001 /* CERT must exist */ -#define TLS_I_CERT_UNR 0x00000002 /* CERT must be g/o unreadable */ -#define TLS_I_KEY_EX 0x00000004 /* KEY must exist */ -#define TLS_I_KEY_UNR 0x00000008 /* KEY must be g/o unreadable */ -#define TLS_I_CERTP_EX 0x00000010 /* CA CERT PATH must exist */ -#define TLS_I_CERTP_UNR 0x00000020 /* CA CERT PATH must be g/o unreadable */ -#define TLS_I_CERTF_EX 0x00000040 /* CA CERT FILE must exist */ -#define TLS_I_CERTF_UNR 0x00000080 /* CA CERT FILE must be g/o unreadable */ +#define TLS_I_CERT_EX 0x00000001 /* cert must exist */ +#define TLS_I_CERT_UNR 0x00000002 /* cert must be g/o unreadable */ +#define TLS_I_KEY_EX 0x00000004 /* key must exist */ +#define TLS_I_KEY_UNR 0x00000008 /* key must be g/o unreadable */ +#define TLS_I_CERTP_EX 0x00000010 /* CA cert path must exist */ +#define TLS_I_CERTP_UNR 0x00000020 /* CA cert path must be g/o unreadable */ +#define TLS_I_CERTF_EX 0x00000040 /* CA cert file must exist */ +#define TLS_I_CERTF_UNR 0x00000080 /* CA cert file must be g/o unreadable */ #define TLS_I_RSA_TMP 0x00000100 /* RSA TMP must be generated */ #define TLS_I_USE_KEY 0x00000200 /* private key must usable */ #define TLS_I_USE_CERT 0x00000400 /* certificate must be usable */ @@ -1791,7 +1796,7 @@ struct termescape #define TLS_I_DH1024 0x00080000 /* generate 1024bit DH param */ #define TLS_I_DH2048 0x00100000 /* generate 2048bit DH param */ #define TLS_I_NO_VRFY 0x00200000 /* do not require authentication */ -#define TLS_I_KEY_OUNR 0x00400000 /* KEY must be o unreadable */ +#define TLS_I_KEY_OUNR 0x00400000 /* Key must be other unreadable */ /* require server cert */ #define TLS_I_SRV_CERT (TLS_I_CERT_EX | TLS_I_KEY_EX | \ @@ -1821,18 +1826,18 @@ extern int endtls __P((SSL *, char *)); extern void tlslogerr __P((char *)); -EXTERN char *CACERTpath; /* path to CA certificates (dir. with hashes) */ -EXTERN char *CACERTfile; /* file with CA certificate */ -EXTERN char *CltCERTfile; /* file with client certificate */ -EXTERN char *Cltkeyfile; /* file with client private key */ +EXTERN char *CACertPath; /* path to CA certificates (dir. with hashes) */ +EXTERN char *CACertFile; /* file with CA certificate */ +EXTERN char *CltCertFile; /* file with client certificate */ +EXTERN char *CltKeyFile; /* file with client private key */ # if _FFR_TLS_1 EXTERN char *CipherList; /* list of ciphers */ EXTERN char *DHParams5; /* file with DH parameters (512) */ # endif /* _FFR_TLS_1 */ EXTERN char *DHParams; /* file with DH parameters */ EXTERN char *RandFile; /* source of random data */ -EXTERN char *SrvCERTfile; /* file with server certificate */ -EXTERN char *Srvkeyfile; /* file with server private key */ +EXTERN char *SrvCertFile; /* file with server certificate */ +EXTERN char *SrvKeyFile; /* file with server private key */ EXTERN unsigned long TLS_Srv_Opts; /* TLS server options */ #endif /* STARTTLS */ @@ -1904,6 +1909,14 @@ struct queue_char struct queue_char *queue_next; }; +/* run_work_group() flags */ +#define RWG_NONE 0x0000 +#define RWG_FORK 0x0001 +#define RWG_VERBOSE 0x0002 +#define RWG_PERSISTENT 0x0004 +#define RWG_FORCE 0x0008 +#define RWG_RUNALL 0x0010 + typedef struct queue_char QUEUE_CHAR; EXTERN int volatile CurRunners; /* current number of runner children */ @@ -1949,7 +1962,7 @@ extern void quarantine_queue __P((char *, int)); extern char *queuename __P((ENVELOPE *, int)); extern void queueup __P((ENVELOPE *, bool, bool)); extern bool runqueue __P((bool, bool, bool, bool)); -extern int run_work_group __P((int, bool, bool, bool, bool)); +extern int run_work_group __P((int, int)); extern void set_def_queueval __P((QUEUEGRP *, bool)); extern void setup_queues __P((bool)); extern bool setnewqueue __P((ENVELOPE *)); @@ -2134,6 +2147,9 @@ EXTERN bool NoAlias; /* suppress aliasing */ EXTERN bool NoConnect; /* don't connect to non-local mailers */ EXTERN bool OnlyOneError; /* .... or only want to give one SMTP reply */ EXTERN bool QuickAbort; /* .... but only if we want a quick abort */ +#if _FFR_REQ_DIR_FSYNC_OPT +EXTERN bool RequiresDirfsync; /* requires fsync() for directory */ +#endif /* _FFR_REQ_DIR_FSYNC_OPT */ EXTERN bool ResNoAliases; /* don't use $HOSTALIASES */ EXTERN bool volatile RestartWorkGroup; /* daemon needs to restart some work groups */ EXTERN bool RrtImpliesDsn; /* turn Return-Receipt-To: into DSN */ @@ -2194,6 +2210,9 @@ EXTERN int NumFileSys; /* number of queue file systems */ EXTERN int QueueLA; /* load average starting forced queueing */ EXTERN int RefuseLA; /* load average refusing connections */ +#if _FFR_REJECT_LOG +EXTERN time_t RejectLogInterval; /* time btwn log msgs while refusing */ +#endif /* _FFR_REJECT_LOG */ EXTERN int SuperSafe; /* be extra careful, even if expensive */ EXTERN int VendorCode; /* vendor-specific operation enhancements */ EXTERN int Verbose; /* set if blow-by-blow desired */ @@ -2459,7 +2478,9 @@ extern void makeworkgroups __P((void)); extern void mark_work_group_restart __P((int, int)); extern char * munchstring __P((char *, char **, int)); extern struct hostent *myhostname __P((char *, int)); +#if NISPLUS extern char *nisplus_default_domain __P((void)); /* extern for Sun */ +#endif /* NISPLUS */ extern bool path_is_dir __P((char *, bool)); extern int pickqdir __P((QUEUEGRP *qg, long fsize, ENVELOPE *e)); extern char *pintvl __P((time_t, bool)); @@ -2508,6 +2529,9 @@ extern pid_t sm_wait __P((int *)); extern bool split_by_recipient __P((ENVELOPE *e)); extern void stop_sendmail __P((void)); extern char *str2prt __P((char *)); +#if _FFR_STRIPBACKSL +extern void stripbackslash __P((char *)); +#endif /* _FFR_STRIPBACKSL */ extern bool strreplnonprt __P((char *, int)); extern bool strcontainedin __P((bool, char *, char *)); extern int switch_map_find __P((char *, char *[], short [])); diff --git a/contrib/sendmail/src/sfsasl.c b/contrib/sendmail/src/sfsasl.c index dc8742913f56..030ce74e62c5 100644 --- a/contrib/sendmail/src/sfsasl.c +++ b/contrib/sendmail/src/sfsasl.c @@ -9,7 +9,7 @@ */ #include -SM_RCSID("@(#)$Id: sfsasl.c,v 8.91.2.1 2002/08/27 01:35:17 ca Exp $") +SM_RCSID("@(#)$Id: sfsasl.c,v 8.91.2.2 2002/09/12 21:07:50 ca Exp $") #include #include #include @@ -177,7 +177,7 @@ sasl_read(fp, buf, size) int result; ssize_t len; # if SASL >= 20000 - const char *outbuf = NULL; + static const char *outbuf = NULL; # else /* SASL >= 20000 */ static char *outbuf = NULL; # endif /* SASL >= 20000 */ @@ -194,7 +194,11 @@ sasl_read(fp, buf, size) ** if necessary. */ +# if SASL >= 20000 + while (outlen == 0) +# else /* SASL >= 20000 */ while (outbuf == NULL && outlen == 0) +# endif /* SASL >= 20000 */ { len = sm_io_read(so->fp, SM_TIME_DEFAULT, buf, size); if (len <= 0) diff --git a/contrib/sendmail/src/srvrsmtp.c b/contrib/sendmail/src/srvrsmtp.c index 8bbc02987e17..12ad2e7e45a4 100644 --- a/contrib/sendmail/src/srvrsmtp.c +++ b/contrib/sendmail/src/srvrsmtp.c @@ -16,7 +16,7 @@ # include #endif /* MILTER */ -SM_RCSID("@(#)$Id: srvrsmtp.c,v 8.829.2.4 2002/08/16 14:56:01 ca Exp $") +SM_RCSID("@(#)$Id: srvrsmtp.c,v 8.829.2.17 2002/12/09 16:46:18 ca Exp $") #if SASL || STARTTLS # include @@ -218,6 +218,18 @@ static void smtp_data __P((SMTP_T *, ENVELOPE *)); #if MILTER # define MILTER_ABORT(e) milter_abort((e)) + +#if _FFR_MILTER_421 +# define MILTER_SHUTDOWN \ + if (strncmp(response, "421 ", 4) == 0) \ + { \ + e->e_sendqueue = NULL; \ + goto doquit; \ + } +#else /* _FFR_MILTER_421 */ +# define MILTER_SHUTDOWN +#endif /* _FFR_MILTER_421 */ + # define MILTER_REPLY(str) \ { \ int savelogusrerrs = LogUsrErrs; \ @@ -233,6 +245,7 @@ static void smtp_data __P((SMTP_T *, ENVELOPE *)); LogUsrErrs = false; \ } \ usrerr(response); \ + MILTER_SHUTDOWN \ break; \ \ case SMFIR_REJECT: \ @@ -355,9 +368,9 @@ smtp(nullserver, d_flags, e) volatile unsigned int n_noop = 0; /* count of NOOP/VERB/etc */ volatile unsigned int n_helo = 0; /* count of HELO/EHLO */ bool ok; -#if _FFR_ADAPTIVE_EOL +#if _FFR_BLOCK_PROXIES || _FFR_ADAPTIVE_EOL volatile bool first; -#endif /* _FFR_ADAPTIVE_EOL */ +#endif /* _FFR_BLOCK_PROXIES || _FFR_ADAPTIVE_EOL */ volatile bool tempfail = false; volatile time_t wt; /* timeout after too many commands */ volatile time_t previous; /* time after checksmtpattack() */ @@ -726,6 +739,23 @@ smtp(nullserver, d_flags, e) tempfail = true; smtp.sm_milterize = false; break; + +#if _FFR_MILTER_421 + case SMFIR_SHUTDOWN: + if (MilterLogLevel > 3) + sm_syslog(LOG_INFO, e->e_id, + "Milter: connect: host=%s, addr=%s, shutdown", + peerhostname, + anynet_ntoa(&RealHostAddr)); + tempfail = true; + smtp.sm_milterize = false; + message("421 4.7.0 %s closing connection", + MyHostName); + + /* arrange to ignore send list */ + e->e_sendqueue = NULL; + goto doquit; +#endif /* _FFR_MILTER_421 */ } if (response != NULL) @@ -797,9 +827,9 @@ smtp(nullserver, d_flags, e) /* sendinghost's storage must outlive the current envelope */ if (sendinghost != NULL) sendinghost = sm_strdup_x(sendinghost); -#if _FFR_ADAPTIVE_EOL +#if _FFR_BLOCK_PROXIES || _FFR_ADAPTIVE_EOL first = true; -#endif /* _FFR_ADAPTIVE_EOL */ +#endif /* _FFR_BLOCK_PROXIES || _FFR_ADAPTIVE_EOL */ gothello = false; smtp.sm_gotmail = false; for (;;) @@ -851,7 +881,7 @@ smtp(nullserver, d_flags, e) MyHostName, CurSmtpClient); if (LogLevel > (smtp.sm_gotmail ? 1 : 19)) sm_syslog(LOG_NOTICE, e->e_id, - "lost input channel from %.100s to %s after %s", + "lost input channel from %s to %s after %s", CurSmtpClient, d, (c == NULL || c->cmd_name == NULL) ? "startup" : c->cmd_name); /* @@ -864,9 +894,36 @@ smtp(nullserver, d_flags, e) goto doquit; } -#if _FFR_ADAPTIVE_EOL +#if _FFR_BLOCK_PROXIES || _FFR_ADAPTIVE_EOL if (first) { +#if _FFR_BLOCK_PROXIES + size_t inplen, cmdlen; + int idx; + char *http_cmd; + static char *http_cmds[] = { "GET", "POST", + "CONNECT", "USER", NULL }; + + inplen = strlen(inp); + for (idx = 0; (http_cmd = http_cmds[idx]) != NULL; + idx++) + { + cmdlen = strlen(http_cmd); + if (cmdlen < inplen && + sm_strncasecmp(inp, http_cmd, cmdlen) == 0 && + isascii(inp[cmdlen]) && isspace(inp[cmdlen])) + { + /* Open proxy, drop it */ + message("421 4.7.0 %s Rejecting open proxy %s", + MyHostName, CurSmtpClient); + sm_syslog(LOG_INFO, e->e_id, + "%s: probable open proxy: command=%.40s", + CurSmtpClient, inp); + goto doquit; + } + } +#endif /* _FFR_BLOCK_PROXIES */ +#if _FFR_ADAPTIVE_EOL char *p; smtp.sm_crlf = true; @@ -878,13 +935,14 @@ smtp(nullserver, d_flags, e) { /* how many bad guys are there? */ sm_syslog(LOG_INFO, NOQID, - "%.100s did not use CRLF", + "%s did not use CRLF", CurSmtpClient); } } +#endif /* _FFR_ADAPTIVE_EOL */ first = false; } -#endif /* _FFR_ADAPTIVE_EOL */ +#endif /* _FFR_BLOCK_PROXIES || _FFR_ADAPTIVE_EOL */ /* clean up end of line */ fixcrlf(inp, true); @@ -900,7 +958,7 @@ smtp(nullserver, d_flags, e) */ if (bitset(SRV_NO_PIPE, features) && - sm_io_getinfo(InChannel, SM_IO_IS_READABLE, NULL)) + sm_io_getinfo(InChannel, SM_IO_IS_READABLE, NULL) > 0) { if (++np_log < 3) sm_syslog(LOG_INFO, NOQID, @@ -1054,7 +1112,7 @@ smtp(nullserver, d_flags, e) /* NULL pointer ok since it's our function */ if (LogLevel > 8) sm_syslog(LOG_INFO, NOQID, - "AUTH=server, relay=%.100s, authid=%.128s, mech=%.16s, bits=%d", + "AUTH=server, relay=%s, authid=%.128s, mech=%.16s, bits=%d", CurSmtpClient, shortenstring(user, 128), auth_type, *ssf); @@ -1250,7 +1308,7 @@ smtp(nullserver, d_flags, e) { if (LogLevel > 9) sm_syslog(LOG_INFO, e->e_id, - "SMTP AUTH command (%.100s) from %.100s tempfailed (due to previous checks)", + "SMTP AUTH command (%.100s) from %s tempfailed (due to previous checks)", p, CurSmtpClient); usrerr("454 4.7.1 Please try again later"); break; @@ -1419,7 +1477,7 @@ smtp(nullserver, d_flags, e) { if (LogLevel > 9) sm_syslog(LOG_INFO, e->e_id, - "SMTP STARTTLS command (%.100s) from %.100s tempfailed (due to previous checks)", + "SMTP STARTTLS command (%.100s) from %s tempfailed (due to previous checks)", p, CurSmtpClient); usrerr("454 4.7.1 Please try again later"); break; @@ -1533,6 +1591,22 @@ smtp(nullserver, d_flags, e) tv.tv_usec = 0; } + if (!timedout && FD_SETSIZE > 0 && + (rfd >= FD_SETSIZE || + (i == SSL_ERROR_WANT_WRITE && + wfd >= FD_SETSIZE))) + { + if (LogLevel > 5) + { + sm_syslog(LOG_ERR, NOQID, + "STARTTLS=server, error: fd %d/%d too large", + rfd, wfd); + if (LogLevel > 8) + tlslogerr("server"); + } + goto tlsfail; + } + /* XXX what about SSL_pending() ? */ if (!timedout && i == SSL_ERROR_WANT_READ) { @@ -1566,6 +1640,7 @@ smtp(nullserver, d_flags, e) if (LogLevel > 8) tlslogerr("server"); } +tlsfail: tls_ok_srv = false; SSL_free(srv_ssl); srv_ssl = NULL; @@ -1723,7 +1798,7 @@ smtp(nullserver, d_flags, e) usrerr("501 Invalid domain name"); if (LogLevel > 9) sm_syslog(LOG_INFO, CurEnv->e_id, - "invalid domain name (too long) from %.100s", + "invalid domain name (too long) from %s", CurSmtpClient); break; } @@ -1757,7 +1832,7 @@ smtp(nullserver, d_flags, e) usrerr("501 Invalid domain name"); if (LogLevel > 9) sm_syslog(LOG_INFO, CurEnv->e_id, - "invalid domain name (%.100s) from %.100s", + "invalid domain name (%s) from %.100s", p, CurSmtpClient); break; } @@ -1943,7 +2018,7 @@ smtp(nullserver, d_flags, e) { if (LogLevel > 9) sm_syslog(LOG_INFO, e->e_id, - "SMTP MAIL command (%.100s) from %.100s tempfailed (due to previous checks)", + "SMTP MAIL command (%.100s) from %s tempfailed (due to previous checks)", p, CurSmtpClient); usrerr(MSG_TEMPFAIL); break; @@ -2267,7 +2342,7 @@ smtp(nullserver, d_flags, e) n_badrcpts == BadRcptThrottle) { sm_syslog(LOG_INFO, e->e_id, - "%.100s: Possible SMTP RCPT flood, throttling.", + "%s: Possible SMTP RCPT flood, throttling.", CurSmtpClient); /* To avoid duplicated message */ @@ -2479,7 +2554,7 @@ smtp(nullserver, d_flags, e) { if (LogLevel > 9) sm_syslog(LOG_INFO, e->e_id, - "SMTP %s command (%.100s) from %.100s tempfailed (due to previous checks)", + "SMTP %s command (%.100s) from %s tempfailed (due to previous checks)", vrfy ? "VRFY" : "EXPN", p, CurSmtpClient); @@ -2490,8 +2565,8 @@ smtp(nullserver, d_flags, e) wt = checksmtpattack(&n_verifies, MAXVRFYCOMMANDS, false, vrfy ? "VRFY" : "EXPN", e); previous = curtime(); - if (bitset(vrfy ? PRIV_NOVRFY : PRIV_NOEXPN, - PrivacyFlags)) + if ((vrfy && bitset(PRIV_NOVRFY, PrivacyFlags)) || + (!vrfy && !bitset(SRV_OFFER_EXPN, features))) { if (vrfy) message("252 2.5.2 Cannot VRFY user; try RCPT to attempt delivery (or try finger)"); @@ -2499,7 +2574,7 @@ smtp(nullserver, d_flags, e) message("502 5.7.0 Sorry, we do not allow this operation"); if (LogLevel > 5) sm_syslog(LOG_INFO, e->e_id, - "%.100s: %s [rejected]", + "%s: %s [rejected]", CurSmtpClient, shortenstring(inp, MAXSHORTSTR)); break; @@ -2514,7 +2589,7 @@ smtp(nullserver, d_flags, e) if (Errors > 0) break; if (LogLevel > 5) - sm_syslog(LOG_INFO, e->e_id, "%.100s: %s", + sm_syslog(LOG_INFO, e->e_id, "%s: %s", CurSmtpClient, shortenstring(inp, MAXSHORTSTR)); SM_TRY @@ -2594,7 +2669,7 @@ smtp(nullserver, d_flags, e) message("502 5.7.0 Sorry, we do not allow this operation"); if (LogLevel > 5) sm_syslog(LOG_INFO, e->e_id, - "%.100s: %s [rejected]", + "%s: %s [rejected]", CurSmtpClient, shortenstring(inp, MAXSHORTSTR)); break; @@ -2603,7 +2678,7 @@ smtp(nullserver, d_flags, e) { if (LogLevel > 9) sm_syslog(LOG_INFO, e->e_id, - "SMTP ETRN command (%.100s) from %.100s tempfailed (due to previous checks)", + "SMTP ETRN command (%.100s) from %s tempfailed (due to previous checks)", p, CurSmtpClient); usrerr(MSG_TEMPFAIL); break; @@ -2636,7 +2711,7 @@ smtp(nullserver, d_flags, e) if (LogLevel > 5) sm_syslog(LOG_INFO, e->e_id, - "%.100s: ETRN %s", CurSmtpClient, + "%s: ETRN %s", CurSmtpClient, shortenstring(p, MAXSHORTSTR)); id = p; @@ -2652,8 +2727,7 @@ smtp(nullserver, d_flags, e) id); break; } - ok = run_work_group(wgrp, true, false, - false, true); + ok = run_work_group(wgrp, RWG_FORK|RWG_RUNALL); if (ok && Errors == 0) message("250 2.0.0 Queuing for queue group %s started", id); break; @@ -2751,20 +2825,21 @@ smtp(nullserver, d_flags, e) */ sm_syslog(LOG_INFO, e->e_id, - "%.100s did not issue MAIL/EXPN/VRFY/ETRN during connection to %s", + "%s did not issue MAIL/EXPN/VRFY/ETRN during connection to %s", CurSmtpClient, d); } -#if PROFILING - return; -#endif /* PROFILING */ + if (tTd(93, 100)) + { + /* return to handle next connection */ + return; + } finis(true, true, ExitStat); /* NOTREACHED */ case CMDVERB: /* set verbose mode */ DELAY_CONN("VERB"); - if (bitset(PRIV_NOEXPN, PrivacyFlags) || - !bitset(SRV_OFFER_VERB, features) || - bitset(PRIV_NOVERB, PrivacyFlags)) + if (!bitset(SRV_OFFER_EXPN, features) || + !bitset(SRV_OFFER_VERB, features)) { /* this would give out the same info */ message("502 5.7.0 Verbose unavailable"); @@ -2798,7 +2873,7 @@ smtp(nullserver, d_flags, e) DELAY_CONN("Bogus"); if (LogLevel > 0) sm_syslog(LOG_CRIT, e->e_id, - "\"%s\" command from %.100s (%.100s)", + "\"%s\" command from %s (%.100s)", c->cmd_name, CurSmtpClient, anynet_ntoa(&RealHostAddr)); /* FALLTHROUGH */ @@ -3289,7 +3364,7 @@ checksmtpattack(pcounter, maxcount, waitnow, cname, e) if (*pcounter == maxcount && LogLevel > 5) { sm_syslog(LOG_INFO, e->e_id, - "%.100s: possible SMTP attack: command=%.40s, count=%u", + "%s: possible SMTP attack: command=%.40s, count=%u", CurSmtpClient, cname, *pcounter); } s = 1 << (*pcounter - maxcount); @@ -4014,8 +4089,8 @@ initsrvtls(tls_ok) return false; /* do NOT remove assignment */ - tls_ok_srv = inittls(&srv_ctx, TLS_Srv_Opts, true, SrvCERTfile, - Srvkeyfile, CACERTpath, CACERTfile, DHParams); + tls_ok_srv = inittls(&srv_ctx, TLS_Srv_Opts, true, SrvCertFile, + SrvKeyFile, CACertPath, CACertFile, DHParams); return tls_ok_srv; } #endif /* STARTTLS */ @@ -4039,21 +4114,21 @@ static struct } srv_feat_table[] = { { 'A', SRV_OFFER_AUTH }, - { 'B', SRV_OFFER_VERB }, - { 'D', SRV_OFFER_DSN }, - { 'E', SRV_OFFER_ETRN }, - { 'L', SRV_REQ_AUTH }, /* not documented in 8.12 */ + { 'B', SRV_OFFER_VERB }, /* FFR; not documented in 8.12 */ + { 'D', SRV_OFFER_DSN }, /* FFR; not documented in 8.12 */ + { 'E', SRV_OFFER_ETRN }, /* FFR; not documented in 8.12 */ + { 'L', SRV_REQ_AUTH }, /* FFR; not documented in 8.12 */ #if PIPELINING # if _FFR_NO_PIPE { 'N', SRV_NO_PIPE }, # endif /* _FFR_NO_PIPE */ { 'P', SRV_OFFER_PIPE }, #endif /* PIPELINING */ - { 'R', SRV_VRFY_CLT }, + { 'R', SRV_VRFY_CLT }, /* FFR; not documented in 8.12 */ { 'S', SRV_OFFER_TLS }, /* { 'T', SRV_TMP_FAIL }, */ { 'V', SRV_VRFY_CLT }, - { 'X', SRV_OFFER_EXPN }, + { 'X', SRV_OFFER_EXPN }, /* FFR; not documented in 8.12 */ /* { 'Y', SRV_OFFER_VRFY }, */ { '\0', SRV_NONE } }; diff --git a/contrib/sendmail/src/sysexits.c b/contrib/sendmail/src/sysexits.c index 5cce2b718f51..2781b0751eb5 100644 --- a/contrib/sendmail/src/sysexits.c +++ b/contrib/sendmail/src/sysexits.c @@ -13,7 +13,7 @@ #include -SM_RCSID("@(#)$Id: sysexits.c,v 8.33 2001/09/11 04:05:17 gshapiro Exp $") +SM_RCSID("@(#)$Id: sysexits.c,v 8.33.4.1 2002/09/09 02:42:37 gshapiro Exp $") /* ** DSNTOEXITSTAT -- convert DSN-style error code to EX_ style. @@ -37,6 +37,10 @@ dsntoexitstat(dsncode) if (*dsncode == '4') return EX_TEMPFAIL; + /* reject other illegal values */ + if (*dsncode != '5') + return EX_CONFIG; + /* now decode the other two field parts */ if (*++dsncode == '.') dsncode++; @@ -75,7 +79,8 @@ dsntoexitstat(dsncode) return EX_UNAVAILABLE; case 5: /* Destination address valid */ - return EX_OK; + /* According to RFC1893, this can't happen */ + return EX_CONFIG; } break; @@ -130,7 +135,7 @@ dsntoexitstat(dsncode) case 7: /* Security Status */ return EX_DATAERR; } - return EX_CONFIG; + return EX_UNAVAILABLE; } /* ** EXITSTAT -- convert EX_ value to error text. diff --git a/contrib/sendmail/src/tls.c b/contrib/sendmail/src/tls.c index e2b1b1467504..8a7fa9f48275 100644 --- a/contrib/sendmail/src/tls.c +++ b/contrib/sendmail/src/tls.c @@ -10,7 +10,7 @@ #include -SM_RCSID("@(#)$Id: tls.c,v 8.79 2002/03/21 22:24:13 gshapiro Exp $") +SM_RCSID("@(#)$Id: tls.c,v 8.79.4.1 2002/09/03 17:31:45 gshapiro Exp $") #if STARTTLS # include @@ -326,21 +326,21 @@ tls_set_verify(ctx, ssl, vrfy) ** [due to permissions] */ -# define TLS_S_NONE 0x00000000 /* none yet */ -# define TLS_S_CERT_EX 0x00000001 /* CERT file exists */ -# define TLS_S_CERT_OK 0x00000002 /* CERT file is ok */ -# define TLS_S_KEY_EX 0x00000004 /* KEY file exists */ -# define TLS_S_KEY_OK 0x00000008 /* KEY file is ok */ -# define TLS_S_CERTP_EX 0x00000010 /* CA CERT PATH exists */ -# define TLS_S_CERTP_OK 0x00000020 /* CA CERT PATH is ok */ -# define TLS_S_CERTF_EX 0x00000040 /* CA CERT FILE exists */ -# define TLS_S_CERTF_OK 0x00000080 /* CA CERT FILE is ok */ +# define TLS_S_NONE 0x00000000 /* none yet */ +# define TLS_S_CERT_EX 0x00000001 /* cert file exists */ +# define TLS_S_CERT_OK 0x00000002 /* cert file is ok */ +# define TLS_S_KEY_EX 0x00000004 /* key file exists */ +# define TLS_S_KEY_OK 0x00000008 /* key file is ok */ +# define TLS_S_CERTP_EX 0x00000010 /* CA cert path exists */ +# define TLS_S_CERTP_OK 0x00000020 /* CA cert path is ok */ +# define TLS_S_CERTF_EX 0x00000040 /* CA cert file exists */ +# define TLS_S_CERTF_OK 0x00000080 /* CA cert file is ok */ # if _FFR_TLS_1 -# define TLS_S_CERT2_EX 0x00001000 /* 2nd CERT file exists */ -# define TLS_S_CERT2_OK 0x00002000 /* 2nd CERT file is ok */ -# define TLS_S_KEY2_EX 0x00004000 /* 2nd KEY file exists */ -# define TLS_S_KEY2_OK 0x00008000 /* 2nd KEY file is ok */ +# define TLS_S_CERT2_EX 0x00001000 /* 2nd cert file exists */ +# define TLS_S_CERT2_OK 0x00002000 /* 2nd cert file is ok */ +# define TLS_S_KEY2_EX 0x00004000 /* 2nd key file exists */ +# define TLS_S_KEY2_OK 0x00008000 /* 2nd key file is ok */ # endif /* _FFR_TLS_1 */ # define TLS_S_DH_OK 0x00200000 /* DH cert is ok */ @@ -545,9 +545,9 @@ inittls(ctx, req, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) TLS_S_CERT_EX, srv); TLS_OK_F(keyfile, "KeyFile", bitset(TLS_I_KEY_EX, req), TLS_S_KEY_EX, srv); - TLS_OK_F(cacertpath, "CACERTPath", bitset(TLS_I_CERTP_EX, req), + TLS_OK_F(cacertpath, "CACertPath", bitset(TLS_I_CERTP_EX, req), TLS_S_CERTP_EX, srv); - TLS_OK_F(cacertfile, "CACERTFile", bitset(TLS_I_CERTF_EX, req), + TLS_OK_F(cacertfile, "CACertFile", bitset(TLS_I_CERTF_EX, req), TLS_S_CERTF_EX, srv); # if _FFR_TLS_1 diff --git a/contrib/sendmail/src/trace.c b/contrib/sendmail/src/trace.c index 701a949d9676..a10b9f172f4f 100644 --- a/contrib/sendmail/src/trace.c +++ b/contrib/sendmail/src/trace.c @@ -15,7 +15,7 @@ #include #include -SM_RCSID("@(#)$Id: trace.c,v 8.37 2001/09/11 04:05:17 gshapiro Exp $") +SM_RCSID("@(#)$Id: trace.c,v 8.37.4.1 2002/12/05 17:28:05 ca Exp $") static char *tTnewflag __P((char *)); static char *tToldflag __P((char *)); @@ -204,7 +204,7 @@ void tTflag(s) register char *s; { - if (*s == '\0') + if (s == NULL || *s == '\0') s = DefFlags; for (;;) diff --git a/contrib/sendmail/src/udb.c b/contrib/sendmail/src/udb.c index 1091cf228cd8..b5ca7242a441 100644 --- a/contrib/sendmail/src/udb.c +++ b/contrib/sendmail/src/udb.c @@ -14,18 +14,15 @@ #include #if USERDB -SM_RCSID("@(#)$Id: udb.c,v 8.153 2001/09/11 04:05:17 gshapiro Exp $ (with USERDB)") +SM_RCSID("@(#)$Id: udb.c,v 8.153.4.4 2002/12/03 17:57:41 gshapiro Exp $ (with USERDB)") #else /* USERDB */ -SM_RCSID("@(#)$Id: udb.c,v 8.153 2001/09/11 04:05:17 gshapiro Exp $ (without USERDB)") +SM_RCSID("@(#)$Id: udb.c,v 8.153.4.4 2002/12/03 17:57:41 gshapiro Exp $ (without USERDB)") #endif /* USERDB */ #if USERDB # if NEWDB -# include -# ifndef DB_VERSION_MAJOR -# define DB_VERSION_MAJOR 1 -# endif /* ! DB_VERSION_MAJOR */ +# include "sm/bdb.h" # else /* NEWDB */ # define DBT struct _data_base_thang_ DBT @@ -190,9 +187,9 @@ udbexpand(a, sendq, aliaslevel, e) int usersize; int userleft; char userbuf[MEMCHUNKSIZE]; -# if defined(HESIOD) && defined(HES_GETMAILHOST) +# if HESIOD && HES_GETMAILHOST char pobuf[MAXNAME]; -# endif /* defined(HESIOD) && defined(HES_GETMAILHOST) */ +# endif /* HESIOD && HES_GETMAILHOST */ # if defined(NEWDB) && DB_VERSION_MAJOR > 1 DBC *dbc = NULL; # endif /* defined(NEWDB) && DB_VERSION_MAJOR > 1 */ @@ -996,12 +993,8 @@ _udbx_init(e) int ret; # endif /* DB_VERSION_MAJOR > 2 */ -# if !HASFLOCK && defined(DB_FCNTL_LOCKING) - flags |= DB_FCNTL_LOCKING; -# endif /* !HASFLOCK && defined(DB_FCNTL_LOCKING) */ - + SM_DB_FLAG_ADD(flags); up->udb_dbp = NULL; - # if DB_VERSION_MAJOR > 2 ret = db_create(&up->udb_dbp, NULL, 0); if (ret != 0) @@ -1013,6 +1006,7 @@ _udbx_init(e) else { ret = up->udb_dbp->open(up->udb_dbp, + DBTXN up->udb_dbname, NULL, DB_BTREE, diff --git a/contrib/sendmail/src/usersmtp.c b/contrib/sendmail/src/usersmtp.c index 931e6b3408dc..3a7d54fdba3f 100644 --- a/contrib/sendmail/src/usersmtp.c +++ b/contrib/sendmail/src/usersmtp.c @@ -13,7 +13,7 @@ #include -SM_RCSID("@(#)$Id: usersmtp.c,v 8.437.2.5 2002/08/16 16:48:11 ca Exp $") +SM_RCSID("@(#)$Id: usersmtp.c,v 8.437.2.8 2002/12/12 17:40:07 ca Exp $") #include @@ -127,6 +127,7 @@ smtpinit(m, mci, e, onlyhelo) goto helo; mci->mci_state = MCIS_OPENING; + clrsessenvelope(e); /* ** Get the greeting message. @@ -222,13 +223,20 @@ smtpinit(m, mci, e, onlyhelo) return; } -#if !_FFR_DEPRECATE_MAILER_FLAG_I /* ** If this is expected to be another sendmail, send some internal ** commands. */ - if (bitnset(M_INTERNAL, m->m_flags)) + if (false +# if !_FFR_DEPRECATE_MAILER_FLAG_I + || bitnset(M_INTERNAL, m->m_flags) +# endif /* !_FFR_DEPRECATE_MAILER_FLAG_I */ +# if _FFR_MSP_VERBOSE + /* If we're running as MSP, "propagate" -v flag if possible. */ + || (UseMSP && Verbose && bitset(MCIF_VERB, mci->mci_flags)) +# endif /* _FFR_MSP_VERBOSE */ + ) { /* tell it to be verbose */ smtpmessage("VERB", m, mci); @@ -236,7 +244,6 @@ smtpinit(m, mci, e, onlyhelo) if (r < 0) goto tempfail1; } -#endif /* !_FFR_DEPRECATE_MAILER_FLAG_I */ if (mci->mci_state != MCIS_CLOSED) { @@ -453,6 +460,8 @@ helo_options(line, firstline, m, mci, e) mci->mci_flags |= MCIF_ENHSTAT; else if (sm_strcasecmp(line, "pipelining") == 0) mci->mci_flags |= MCIF_PIPELINED; + else if (sm_strcasecmp(line, "verb") == 0) + mci->mci_flags |= MCIF_VERB; #if STARTTLS else if (sm_strcasecmp(line, "starttls") == 0) mci->mci_flags |= MCIF_TLS; @@ -2261,7 +2270,7 @@ smtprcpt(to, m, mci, e, ctladdr, xstart) */ while (mci->mci_nextaddr != NULL && - sm_io_getinfo(mci->mci_in, SM_IO_IS_READABLE, NULL)) + sm_io_getinfo(mci->mci_in, SM_IO_IS_READABLE, NULL) > 0) { int r; @@ -2668,7 +2677,7 @@ smtpdata(m, mci, e, ctladdr, xstart) #endif /* PIPELINING */ #if _FFR_CATCH_BROKEN_MTAS - if (sm_io_getinfo(mci->mci_in, SM_IO_IS_READABLE, NULL)) + if (sm_io_getinfo(mci->mci_in, SM_IO_IS_READABLE, NULL) > 0) { /* terminate the message */ (void) sm_io_fprintf(mci->mci_out, SM_TIME_DEFAULT, ".%s", diff --git a/contrib/sendmail/src/util.c b/contrib/sendmail/src/util.c index 52b37ec53720..27db22f85380 100644 --- a/contrib/sendmail/src/util.c +++ b/contrib/sendmail/src/util.c @@ -13,7 +13,7 @@ #include -SM_RCSID("@(#)$Id: util.c,v 8.363.2.1 2002/06/21 20:25:25 ca Exp $") +SM_RCSID("@(#)$Id: util.c,v 8.363.2.5 2002/12/12 22:50:41 ca Exp $") #include #include @@ -67,6 +67,38 @@ addquotes(s, rpool) *q = '\0'; return r; } + +#if _FFR_STRIPBACKSL +/* +** STRIPBACKSLASH -- Strip leading backslash from a string. +** +** This is done in place. +** +** Parameters: +** s -- the string to strip. +** +** Returns: +** none. +*/ + +void +stripbackslash(s) + char *s; +{ + char *p, *q, c; + + if (s == NULL || *s == '\0') + return; + p = q = s; + while (*p == '\\' && (p[1] == '\\' || (isascii(p[1]) && isalnum(p[1])))) + p++; + do + { + c = *q++ = *p++; + } while (c != '\0'); +} +#endif /* _FFR_STRIPBACKSL */ + /* ** RFC822_STRING -- Checks string for proper RFC822 string quoting. ** diff --git a/contrib/sendmail/src/version.c b/contrib/sendmail/src/version.c index 882233357f83..2be1ca964f9c 100644 --- a/contrib/sendmail/src/version.c +++ b/contrib/sendmail/src/version.c @@ -13,6 +13,6 @@ #include -SM_RCSID("@(#)$Id: version.c,v 8.104.2.5 2002/08/24 16:27:21 ca Exp $") +SM_RCSID("@(#)$Id: version.c,v 8.104.2.11 2002/12/28 19:45:53 ca Exp $") -char Version[] = "8.12.6"; +char Version[] = "8.12.7"; diff --git a/contrib/sendmail/vacation/vacation.c b/contrib/sendmail/vacation/vacation.c index 4a7a4c15ce16..281119392bd2 100644 --- a/contrib/sendmail/vacation/vacation.c +++ b/contrib/sendmail/vacation/vacation.c @@ -20,7 +20,7 @@ SM_IDSTR(copyright, The Regents of the University of California. All rights reserved.\n\ Copyright (c) 1983 Eric P. Allman. All rights reserved.\n") -SM_IDSTR(id, "@(#)$Id: vacation.c,v 8.137.2.1 2002/08/15 16:23:08 gshapiro Exp $") +SM_IDSTR(id, "@(#)$Id: vacation.c,v 8.137.2.2 2002/11/01 16:48:55 ca Exp $") #include @@ -1095,7 +1095,7 @@ listdb() char *timestamp; /* skip magic VIT entry */ - if ((int)db_key.size - 1 == strlen(VIT) && + if (db_key.size == strlen(VIT) + 1 && strncmp((char *)db_key.data, VIT, (int)db_key.size - 1) == 0) continue;